SV-204541r603261_rule
V-204541
SRG-OS-000392-GPOS-00172
RHEL-07-030620
CAT II
10
Configure the operating system to generate audit records when successful account access events occur.
Add or update the following rule in "/etc/audit/rules.d/audit.rules":
-w /var/log/lastlog -p wa -k logins
The audit daemon must be restarted for the changes to take effect.
Verify the operating system generates audit records when successful account access events occur.
Check the file system rules in "/etc/audit/audit.rules" with the following commands:
# grep -i /var/log/lastlog /etc/audit/audit.rules
-w /var/log/lastlog -p wa -k logins
If the command does not return any output, this is a finding.
V-204541
False
RHEL-07-030620
Verify the operating system generates audit records when successful account access events occur.
Check the file system rules in "/etc/audit/audit.rules" with the following commands:
# grep -i /var/log/lastlog /etc/audit/audit.rules
-w /var/log/lastlog -p wa -k logins
If the command does not return any output, this is a finding.
M
2899