Ensure PAM Displays Last Logon/Access Notification
An XCCDF Rule
Description
To configure the system to notify users of last logon/access using pam_lastlog
,
add or correct the pam_lastlog
settings in /etc/pam.d/postlogin
to include showfailed
option, such as:
session required pam_lastlog.so showfailedAnd make sure that the
silent
option is not set for this specific line.
warning alert: Warning
If the system relies on
authselect
tool to manage PAM settings, the remediation
will also use authselect
tool. However, if any manual modification was made in
PAM files, the authselect
integrity check will fail and the remediation will be
aborted in order to preserve intentional changes. In this case, an informative message will
be shown in the remediation report.warning alert: Warning
authselect
contains an authselect feature to easily and properly enable Last Logon
notifications with pam_lastlog.so
module. If a custom profile was created and used
in the system before this authselect feature was available, the new feature can't be used
with this custom profile and the remediation will fail. In this case, the custom profile
should be recreated or manually updated.Rationale
Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the number of unsuccessful attempts that were made to login to their account allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators.
- ID
- xccdf_org.ssgproject.content_rule_display_login_attempts
- Severity
- Low
- References
- Updated