Account Lockouts Must Be Logged

An XCCDF Rule

Details
Profiles
Prose

Description

PAM faillock locks an account due to excessive password failures, this event must be logged.

warning alert: Warning

This rule is deprecated in favor of the accounts_passwords_pam_faillock_audit rule.Please consider replacing this rule in your files as it is not expected to receive updates as of version 0.1.65.

Rationale

Without auditing of these events it may be harder or impossible to identify what an attacker did after an attack.

ID: xccdf_org.ssgproject.content_rule_account_passwords_pam_faillock_audit
Severity: Medium
References: CCI-000044

AC-7 (a)
Updated: about 1 year ago