RHEL 9 must log username information when unsuccessful logon attempts occur.

An XCCDF Rule

Description

Without auditing of these events, it may be harder or impossible to identify what an attacker did after an attack.

ID: SV-258070r1045153_rule
Version: RHEL-09-412045
Severity: Medium
References: CCI-000044
Updated: about 2 months ago

Remediation Templates

Configure RHEL 9 to log username information when unsuccessful logon attempts occur.

Enable the feature using the following command:
 
$ sudo authselect enable-feature with-faillock 
 Add/modify the "/etc/security/faillock.conf" file to match the following line:

audit