Check: GEN000000-HPUX0460
HP-UX 11.31 STIG:
GEN000000-HPUX0460
(in versions v1 r19 through v1 r13)
Title
The system must display the date and time of the last successful account login upon login by means other than SSH. (Cat II impact)
Discussion
Providing users with feedback on when account accesses last occurred facilitates user recognition and reporting of unauthorized account use.
Check Content
Protected password database files are maintained in the /tcb/files/auth hierarchy. This directory contains other directories each named with a single letter from the alphabet. User profiles are stored in these directories based on the first letter of the user account name. Check the user attributes for the time and source of the last (successful and unsuccessful) login. This information is presented during login. All attributes are generated by the system in an integer format (system time). See the example commands below: For successful logins: # egrep "u_succhg#[0-9]+:" /tcb/files/auth/[a-z,A-Z]/* For unsuccessful login attempts: # egrep "u_unsucchg#[0-9]+:" /tcb/files/auth/[a-z,A-Z]/* If any users are missing the above attributes or attribute integer data, this is a finding. For SMSE: Check for the following attribute and attribute value: DISPLAY_LAST_LOGIN=1 # grep "DISPLAY_LAST_LOGIN" /etc/default/security /var/adm/userdb/* If the DISPLAY_LAST_LOGIN attribute is set to 0, this is a finding.
Fix Text
For Trusted Mode: Use the SAM/SMH interface to ensure the attributes are added to all user /tcb profiles. For SMSE: Note: There may be additional package/bundle updates that must be installed to support attributes in the /etc/default/security file. Use the SAM/SMH interface (/etc/default/security file) and/or the userdbset command (/var/adm/userdb/* files) to update attribute. See the below example: DISPLAY_LAST_LOGIN=1 Note: Never use a text editor to modify any /var/adm/userdb database file. The database contains checksums and other binary data, and editors (vi included) do not follow the file locking conventions that are used to control access to the database. If manually editing the /etc/default/security file, save any change(s) before exiting the editor.
Additional Identifiers
Rule ID: SV-52482r3_rule
Vulnerability ID: V-40493
Group Title: GEN000000-HPUX0460
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |