Account Lockouts Must Be Logged

An XCCDF Rule

Description

PAM faillock locks an account due to excessive password failures, this event must be logged.

Rationale

Without auditing of these events it may be harder or impossible to identify what an attacker did after an attack.

ID: xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_audit
Severity: Medium
References: CCI-000044

AC-7 (a)

SRG-OS-000021-GPOS-00005
Updated: about 1 year ago