1.1.9 Set 'aaa accounting exec'

Information

Runs accounting for the EXEC shell session.

Rationale:

Authentication, authorization and accounting (AAA) systems provide an authoritative source for managing and monitoring access for devices. Centralizing control improves consistency of access control, the services that may be accessed once authenticated and accountability by tracking services accessed. Additionally, centralizing access control simplifies and reduces administrative costs of account provisioning and de-provisioning, especially when managing a large number of devices. AAA Accounting provides a management and audit trail for user and administrative sessions through RADIUS and TACACS+.

Impact:

Enabling aaa accounting exec creates accounting records for the EXEC terminal sessions on the network access server. These records include start and stop times, usernames, and date information. Organizations should regularly monitor these records for exceptions, remediate issues, and report findings.

Solution

Configure AAA accounting for EXEC shell session.

hostname(config)#aaa accounting exec {default | list-name | guarantee-first}
{start-stop | stop-only | none} {radius | group group-name}

Default Value:

AAA accounting is not enabled.

See Also

https://workbench.cisecurity.org/files/3829

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-2, 800-53|AU-7, 800-53|AU-12, CSCv7|6

Plugin: Cisco

Control ID: 12f1bf8de5e6bff24b91ad743414a53e94bccc8ec63f0d33ff29310498c0d1b9