AlmaLinux OS 9 must log username information when unsuccessful logon attempts occur.

An XCCDF Rule

Details
Profiles

Description

Without auditing of these events, it may be harder or impossible to identify what an attacker did after an attack. Satisfies: SRG-OS-000021-GPOS-00005, SRG-OS-000470-GPOS-00214

ID: SV-269152r1050034_rule
Version: ALMA-09-008050
Severity: Medium
References: CCI-000044 CCI-000172
Updated: about 2 months ago

Remediation Templates

Configure AlmaLinux OS 9 to log username information when unsuccessful logon attempts occur.

Add/modify the "/etc/security/faillock.conf" file to match the following line:

audit

AlmaLinux OS 9 must log username information when unsuccessful logon attempts occur.

Description

Remediation Templates

A Manual Procedure