diff --git a/Fedora/input/profiles/common.xml b/Fedora/input/profiles/common.xml index 61c7575ea44..c7f5bf3319f 100644 --- a/Fedora/input/profiles/common.xml +++ b/Fedora/input/profiles/common.xml @@ -28,6 +28,7 @@ diff --git a/Fedora/input/system/accounts/pam.xml b/Fedora/input/system/accounts/pam.xml index 3ca7a372b81..00f0a6a0b1f 100644 --- a/Fedora/input/system/accounts/pam.xml +++ b/Fedora/input/system/accounts/pam.xml @@ -58,13 +58,16 @@ frequently. Set Last Logon/Access Notification To configure the system to notify users of last logon/access -using pam_lastlog, add the following line immediately after session required pam_limits.so: -
session       required     pam_lastlog.so showfailed
+using pam_lastlog, add or correct the pam_lastlog settings in +/etc/pam.d/postlogin to read as follows: +
session     [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
+session     [default=1]   pam_lastlog.so nowtmp showfailed
+session     optional      pam_lastlog.so silent noupdate showfailed
 To ensure that last logon/access notification is configured correctly, run the following command: -
$ grep pam_lastlog.so /etc/pam.d/system-auth
+
$ grep pam_lastlog.so /etc/pam.d/postlogin
The output should show output showfailed. @@ -74,7 +77,7 @@ of unsuccessful attempts that were made to login to their account allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. - + diff --git a/RHEL/7/input/profiles/pci-dss.xml b/RHEL/7/input/profiles/pci-dss.xml index bc1d986eec7..d896ff899f7 100644 --- a/RHEL/7/input/profiles/pci-dss.xml +++ b/RHEL/7/input/profiles/pci-dss.xml @@ -73,7 +73,7 @@ - + diff --git a/RHEL/7/input/system/accounts/pam.xml b/RHEL/7/input/system/accounts/pam.xml index 9e54a00af4e..ab660afa8b3 100644 --- a/RHEL/7/input/system/accounts/pam.xml +++ b/RHEL/7/input/system/accounts/pam.xml @@ -59,13 +59,16 @@ frequently. Set Last Logon/Access Notification To configure the system to notify users of last logon/access -using pam_lastlog, add the following line immediately after session required pam_limits.so: -
session       required     pam_lastlog.so showfailed
+using pam_lastlog, add or correct the pam_lastlog settings in +/etc/pam.d/postlogin to read as follows: +
session     [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
+session     [default=1]   pam_lastlog.so nowtmp showfailed
+session     optional      pam_lastlog.so silent noupdate showfailed
 To ensure that last logon/access notification is configured correctly, run the following command: -
$ grep pam_lastlog.so /etc/pam.d/system-auth
+
$ grep pam_lastlog.so /etc/pam.d/postlogin
The output should show output showfailed. diff --git a/shared/oval/display_login_attempts.xml b/shared/oval/display_login_attempts.xml new file mode 100644 index 00000000000..fe64a49218b --- /dev/null +++ b/shared/oval/display_login_attempts.xml @@ -0,0 +1,31 @@ + + + + Set Last Login/Access Notification + + Red Hat Enterprise Linux 7 + multi_platform_fedora + + Configure the system to notify users of last login/access using pam_lastlog. + + + + + + + + + + + + + + + + /etc/pam.d/postlogin + [\n][\s]*session[\s]+\[default=1\][\s]+pam_lastlog.so[\s\w\d\=]+showfailed[\s\w\d\=]*\n[\s]*session[\s]+optional[\s]+pam_lastlog.so[\s\w\d\=]+showfailed[\s\w\d\=]*[\n] + 1 + + +