Detections
Analytics

CSCv6|5.5

Title

Configure systems to issue a log entry and alert on any unsuccessful login to an administrative account.

Description

Configure systems to issue a log entry and alert on any unsuccessful login to an administrative account.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
4.1.7 Ensure login and logout events are collected - /var/log/faillogUnixCIS Ubuntu Linux 18.04 LTS Server L2 v2.1.0
4.1.7 Ensure login and logout events are collected - /var/log/faillogUnixCIS Ubuntu Linux 18.04 LTS Workstation L2 v2.0.1
4.1.7 Ensure login and logout events are collected - /var/log/faillogUnixCIS Ubuntu Linux 20.04 LTS Server L2 v1.0.0
4.1.7 Ensure login and logout events are collected - /var/log/faillogUnixCIS Ubuntu Linux 18.04 LTS Workstation L2 v2.1.0
4.1.10 Ensure session initiation information is collected - auditctl btmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl btmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl utmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl utmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl wtmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - auditctl wtmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - btmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - btmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - utmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - utmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.10 Ensure session initiation information is collected - wtmpUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.10 Ensure session initiation information is collected - wtmpUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.16 Ensure system administrator actions (sudolog) are collectedUnixCIS Distribution Independent Linux Server L2 v1.1.0
4.1.16 Ensure system administrator actions (sudolog) are collectedUnixCIS CentOS 6 Server L2 v2.1.0
4.1.16 Ensure system administrator actions (sudolog) are collectedUnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.16 Ensure system administrator actions (sudolog) are collectedUnixHuawei EulerOS 2 Server L2 v1.0
4.1.16 Ensure system administrator actions (sudolog) are collectedUnixHuawei EulerOS 2 Workstation L2 v1.0
4.1.16 Ensure system administrator actions (sudolog) are collectedUnixCIS Distribution Independent Linux Workstation L2 v1.1.0
4.1.16 Ensure system administrator actions (sudolog) are collectedUnixCIS CentOS 6 Workstation L2 v2.1.0
4.1.16 Ensure system administrator actions (sudolog) are collectedUnixCIS Oracle Linux 6 Workstation L2 v1.1.0
4.1.16 Ensure system administrator actions (sudolog) are collectedUnixCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.0
4.1.16 Ensure system administrator actions (sudolog) are collectedUnixCIS Oracle Linux 6 Server L2 v1.1.0
4.1.16 Ensure system administrator actions (sudolog) are collectedUnixCIS Red Hat 6 Server L2 v2.1.0
4.1.16 Ensure system administrator actions (sudolog) are collectedUnixCIS Red Hat 6 Workstation L2 v2.1.0
4.1.16 Ensure system administrator actions (sudolog) are collectedUnixCIS SUSE Linux Enterprise Server 11 L2 v2.1.0
4.1.16 Ensure system administrator actions (sudolog) are collectedUnixCIS Amazon Linux v2.1.0 L2
4.1.16 Ensure system administrator actions (sudolog) are collectedUnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.16 Ensure system administrator actions (sudolog) are collected - /var/log/sudo.logUnixCIS Debian 8 Workstation L2 v2.0.1
4.1.16 Ensure system administrator actions (sudolog) are collected - /var/log/sudo.logUnixCIS Debian 8 Server L2 v2.0.2
4.1.16 Ensure system administrator actions (sudolog) are collected - /var/log/sudo.logUnixCIS Debian 8 Server L2 v2.0.1
4.1.16 Ensure system administrator actions (sudolog) are collected - /var/log/sudo.logUnixCIS Debian 8 Workstation L2 v2.0.2
4.1.16 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Amazon Linux v2.1.0 L2
4.1.16 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.16 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.16 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Distribution Independent Linux Workstation L2 v1.1.0
4.1.16 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Distribution Independent Linux Server L2 v1.1.0
4.1.16 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS SUSE Linux Enterprise Server 11 L2 v2.1.0
4.1.16 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.0
4.1.16 Ensure system administrator actions (sudolog) are collected - auditctl /var/log/sudo.logUnixCIS Debian 8 Server L2 v2.0.2
4.1.16 Ensure system administrator actions (sudolog) are collected - auditctl /var/log/sudo.logUnixCIS Debian 8 Workstation L2 v2.0.2
4.1.16 Ensure system administrator actions (sudolog) are collected - auditctl /var/log/sudo.logUnixCIS Debian 8 Workstation L2 v2.0.1
4.1.16 Ensure system administrator actions (sudolog) are collected - auditctl /var/log/sudo.logUnixCIS Debian 8 Server L2 v2.0.1
4.1.17 Ensure system administrator actions (sudolog) are collectedUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.17 Ensure system administrator actions (sudolog) are collectedUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.17 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.17 Ensure system administrator actions (sudolog) are collected - auditctlUnixCIS Distribution Independent Linux Workstation L2 v2.0.0