no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


centos7:4:1:8 [2017/05/04 18:07] (current) – created Piotr Kłoczewski
Line 1: Line 1:
 +======4.1.8 Ensure login and logout events are collected (Scored)======
 +=====Profile Applicability=====  
 +<code>
 +Level 2 - Server
 +Level 2 - Workstation 
 +</code>
 +
 +=====Description=====
 +Monitor login and logout events. The parameters below track changes to files associated with login/logout events. The file ''/var/log/lastlog'' maintain records of the last time a user successfully logged in. The ''/var/run/failock'' directory maintains records of login failures via the ''pam_faillock'' module.
 +
 +=====Rationale=====
 +Monitoring login/logout events could provide a system administrator with information associated with brute force attacks against user logins.
 +
 +=====Audit===== 
 +Run the following command and verify output matches:
 +<Code:bash>
 +# grep logins /etc/audit/audit.rules 
 +-w /var/log/lastlog -p wa -k logins 
 +-w /var/run/faillock/ -p wa -k logins
 +</Code>
 +
 +=====Remediation===== 
 +Add the following lines to the /etc/audit/audit.rules file:
 +<Code:bash>
 +-w /var/log/lastlog -p wa -k logins 
 +-w /var/run/faillock/ -p wa -k logins
 +</Code>
  
  • centos7/4/1/8.txt
  • Last modified: 2017/05/04 18:07
  • by Piotr Kłoczewski