[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-92921-6

Platform: cpe:/o:ubuntu:ubuntu_linux:19.04Date: (C)2019-11-07   (M)2023-07-04



Collect Session Initiation Information "Monitor session initiation events. The parameters in this section track changes to the files associated with session events. The file /var/run/utmp file tracks all currently logged in users. The /var/log/wtmp file tracks logins, logouts, shutdown and reboot events. All audit records will be tagged with the identifier ""session."" The file /var/log/btmp keeps track of failed login attempts and can be read by entering the command /usr/bin/last -f /var/log/btmp. All audit records will be tagged with the identifier ""logins."""


Parameter:

[yes/no]


Technical Mechanism:

Monitoring these files for changes could alert a system administrator to logins occurring at unusual hours, which could indicate intruder activity (i.e. a user logging in at a time when they do not normally log in). Fix: "Add the following lines to the /etc/audit/audit.rules file. -w /var/run/utmp -p wa -k session -w /var/log/wtmp -p wa -k session -w /var/log/btmp -p wa -k session # Execute the following command to restart auditd # pkill -HUP -P 1 auditd"" Note: Use the last command to read /var/log/wtmp (last with no parameters) and /var/run/utmp (last -f /var/run/utmp)"

CCSS Severity:CCSS Metrics:
CCSS Score : 6.3Attack Vector: NETWORK
Exploit Score: 2.8Attack Complexity: LOW
Impact Score: 3.4Privileges Required: LOW
Severity: MEDIUMUser Interaction: NONE
Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LScope: UNCHANGED
 Confidentiality: LOW
 Integrity: LOW
 Availability: LOW
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:55134


OVAL    1
oval:org.secpod.oval:def:55134
XCCDF    1
xccdf_org.secpod_benchmark_general_Ubuntu_19_04

© SecPod Technologies