Login failures (UNIX)

Module: Login Parameters

This check reports failed login attempts to user accounts. The check is not supported on all operating systems. This may require the system either to be running in an enhanced security mode or to have special logging features enabled. Use the check's name list to exclude users that are not excluded by the Users to check option.

The following table lists the error messages for the check.

Table: Error messages for Login failures

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_NOLOGINLOG Category: Policy Compliance	UNIX (5230)	Title: Failed login attempts not logged Description:The loginlog file does not exist. Failed login attempts are not being logged by the login program. You should create this file immediately. Read the man page for the loginlog file for more information if necessary.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_LOGFAIL Category: Policy Compliance	UNIX (5231)	Title: Failed login attempt Description:The listed accounts have had login attempt failures. Login attempt failures could indicate an attempt to break into your system. This is especially true if there have been a large number of attempts on only a few accounts. You should contact the system administrator if these attempts are coming from a site outside your organization. You should also verify that the listed accounts have secure passwords and network configurations.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_NOLOGINLOG

Category: Policy Compliance

UNIX (5230)

Title: Failed login attempts not logged

Description:The loginlog file does not exist. Failed login attempts are not being logged by the login program. You should create this file immediately. Read the man page for the loginlog file for more information if necessary.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_LOGFAIL

Category: Policy Compliance

UNIX (5231)

Title: Failed login attempt

Description:The listed accounts have had login attempt failures. Login attempt failures could indicate an attempt to break into your system. This is especially true if there have been a large number of attempts on only a few accounts. You should contact the system administrator if these attempts are coming from a site outside your organization. You should also verify that the listed accounts have secure passwords and network configurations.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]