Excessive successful su attempts for users (UNIX)

Module: Login Parameters

This check reports users that have exceeded the allowed number of successful su attempts. Use the name list to exclude or include substitute users to be checked. Specify the number of successful attempts followed by a slash and the time period in hours.

The following table lists the error messages for the check.

Table: Error messages for Excessive successful su attempts for users

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_SUCCESS_SU_EXCEED_LIMITS Category: Policy Compliance	UNIX (5269)	Title: Successful SU attempts exceed limits Description:The user has exceeded the number of allowed successful su attempts. SU to substitute users might indicate an attempted break in. This is especially true if the substitute users are privilege users. Contact the system administrator if these attempts are coming from a site outside your organization. Also, verify that the reported users have secure passwords and network configurations.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [SU attempts: %s; Succeed: %s; Limit: %s; Hours: %s]
String ID: STKU_INVALID_DATA Category: Policy Compliance	UNIX (5265)	Title: Invalid failed login parameters Description:Parameters for the Excessive failed logins on agent and Excessive failed logins for users checks must be expressed using numbers and separated by a forward slash (/). The first number indicates the number of allowed login failures. The second number indicates the time period (in hours). For example, 5/24 indicates that five login failures are allowed within a 24 hour period.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_SUCCESS_SU_EXCEED_LIMITS

Category: Policy Compliance

UNIX (5269)

Title: Successful SU attempts exceed limits

Description:The user has exceeded the number of allowed successful su attempts. SU to substitute users might indicate an attempted break in. This is especially true if the substitute users are privilege users. Contact the system administrator if these attempts are coming from a site outside your organization. Also, verify that the reported users have secure passwords and network configurations.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [SU attempts: %s; Succeed: %s; Limit: %s; Hours: %s]

String ID: STKU_INVALID_DATA

Category: Policy Compliance

UNIX (5265)

Title: Invalid failed login parameters

Description:Parameters for the Excessive failed logins on agent and Excessive failed logins for users checks must be expressed using numbers and separated by a forward slash (/). The first number indicates the number of allowed login failures. The second number indicates the time period (in hours). For example, 5/24 indicates that five login failures are allowed within a 24 hour period.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]