Title

SLEM 5 must display the date and time of the last successful account logon upon logon. (Cat II impact)

Discussion

Providing users with feedback on when account accesses last occurred facilitates user recognition and reporting of unauthorized account use.

Check Content

Verify SLEM 5 users are provided with feedback on when account accesses last occurred with the following command: > grep pam_lastlog /etc/pam.d/login session required pam_lastlog.so showfailed If "pam_lastlog" is missing from "/etc/pam.d/login" file, the "silent" option is present, the second column value different from "requisite", or the returned line is commented out, this is a finding.

Fix Text

Configure SLEM 5 to provide users with feedback on when account accesses last occurred by setting the required configuration options in "/etc/pam.d/login". Add the following line to the top of "/etc/pam.d/login": session required pam_lastlog.so showfailed

Additional Identifiers

Rule ID: SV-261362r996533_rule

Vulnerability ID: V-261362

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.