tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-26 07:05:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add description for 9.2.15

Browse Source
This commit is contained in:
samson 2018-10-27 04:23:34 +08:00
parent 72931d8844
commit a2bc67bfda
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd
View File

@ -645,6 +645,31 @@ If an account is configured for password authentication but does not have an ass
# sed -ie "s/nullok_secure//" /etc/pam.d/common-auth # sed -ie "s/nullok_secure//" /etc/pam.d/common-auth
``` ```
## 9.2.15 Set login display the date and time of last fail logon using pam_lastlog (scored)
### Profile Applicability
Level 3
### Description
The system must display the date and time of the last successful account logon upon logon.
### Rationale
Providing users with feedback on when account accesses last occurred facilitates user recognition and reporting of unauthorized account use.
### Aduit
Verify users are provided with feedback on when account accesses last occurred. Check that "pam_lastlog" is used and not silent with the following command:
```
# grep pam_lastlog /etc/pam.d/login
session optional pam_lastlog.so showfailed
```
If "pam_lastlog" is missing from "/etc/pam.d/login" file, this is a finding.
### Remediation
Configure the operating system to provide users with feedback on when account accesses last occurred by setting the required configuration options in "/etc/pam.d/login". Add the following line to the top of "/etc/pam.d/login":
```
session optional pam_lastlog.so showfailed
```
## 10.1.4 Set encrypt method (Scored) ## 10.1.4 Set encrypt method (Scored)
### Profile Applicability ### Profile Applicability