Excessive failed logins for users (UNIX)

Module: Login Parameters

This check reports users that have exceeded the allowed number of failed logins. Use the name list to exclude or include users to be checked. Specify the number of failed logins followed by a slash and the time period in hours.

The following table lists the error messages for the check.

Table: Error messages for Excessive failed logins for users

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_INVALID_DATA Category: Policy Compliance	UNIX (5265)	Title: Invalid failed login parameters Description:Parameters for the Excessive failed logins on agent and Excessive failed logins for users checks must be expressed using numbers and separated by a forward slash (/). The first number indicates the number of allowed login failures. The second number indicates the time period (in hours). For example, 5/24 indicates that five login failures are allowed within a 24 hour period.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_USER_LIMIT Category: Policy Compliance	UNIX (5263)	Title: User failed login limit exceeded Description:The user has exceeded the number of allowed failed logins. Login failures might indicate an attempted break in. This is especially true if there have been a large number of failures on only a few accounts. Contact the system administrator if these attempts are coming from a site outside your organization. Also, verify that the reported users have secure passwords and network configurations.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [User: %s; Failed: %s; Limit: %s; Hours: %s]
String ID: STKU_NOLOGINLOG Category: Policy Compliance	UNIX (5230)	Title: Failed login attempts not logged Description:The loginlog file does not exist. Failed login attempts are not being logged by the login program. You should create this file immediately. Read the man page for the loginlog file for more information if necessary.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_INVALID_DATA

Category: Policy Compliance

UNIX (5265)

Title: Invalid failed login parameters

Description:Parameters for the Excessive failed logins on agent and Excessive failed logins for users checks must be expressed using numbers and separated by a forward slash (/). The first number indicates the number of allowed login failures. The second number indicates the time period (in hours). For example, 5/24 indicates that five login failures are allowed within a 24 hour period.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_USER_LIMIT

Category: Policy Compliance

UNIX (5263)

Title: User failed login limit exceeded

Description:The user has exceeded the number of allowed failed logins. Login failures might indicate an attempted break in. This is especially true if there have been a large number of failures on only a few accounts. Contact the system administrator if these attempts are coming from a site outside your organization. Also, verify that the reported users have secure passwords and network configurations.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [User: %s; Failed: %s; Limit: %s; Hours: %s]

String ID: STKU_NOLOGINLOG

Category: Policy Compliance

UNIX (5230)

Title: Failed login attempts not logged

Description:The loginlog file does not exist. Failed login attempts are not being logged by the login program. You should create this file immediately. Read the man page for the loginlog file for more information if necessary.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]