[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

243238

 
 

909

 
 

192833

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90666-9

Platform: rhel7,centos7Date: (C)2017-06-29   (M)2022-10-10



Record Attempts to Alter Logon and Logout Events The audit system already collects login info for all users and root. To watch for attempted manual edits of files involved in storing logon events, add the following to '/etc/audit/audit.rules': '-w /var/log/faillog -p wa -k logins -w /var/log/lastlog -p wa -k logins'


Parameter:


Technical Mechanism:

Manual editing of these files may indicate nefarious activity, such as an attacker attempting to remove evidence of an intrusion. Fix: No Remediation Info

CCSS Severity:CCSS Metrics:
CCSS Score : Attack Vector:
Exploit Score: Attack Complexity:
Impact Score: Privileges Required:
Severity: User Interaction:
Vector: Scope:
 Confidentiality:
 Integrity:
 Availability:
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:31080
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:30357
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:30357
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:31080


OVAL    2
oval:org.secpod.oval:def:31080
oval:org.secpod.oval:def:30357

© SecPod Technologies