Users to check (UNIX)

Module: Login Parameters

This option lets you specify name lists of users and user groups that will be excluded or included in all security checks executed by the module.

The following table lists the error messages for the check.

Table: Error messages for Users to check

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_FAILED_SU_EXCEED_LIMITS Category: Policy Compliance	UNIX (5268)	Title: Failed SU attempts exceed limits Description:The user has exceeded the number of allowed failed su attempts. SU failures might indicate an attempted break in. This is especially true if there have been a large number of failures on only a few accounts. Contact the system administrator if these attempts are coming from a site outside your organization. Also, verify that the reported users have secure passwords and network configurations.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [SU attempts: %s; Failed: %s; Limit: %s; Hours: %s]
String ID: STKU_SUCCESS_SU_EXCEED_LIMITS Category: Policy Compliance	UNIX (5269)	Title: Successful SU attempts exceed limits Description:The user has exceeded the number of allowed successful su attempts. SU to substitute users might indicate an attempted break in. This is especially true if the substitute users are privilege users. Contact the system administrator if these attempts are coming from a site outside your organization. Also, verify that the reported users have secure passwords and network configurations.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [SU attempts: %s; Succeed: %s; Limit: %s; Hours: %s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_FAILED_SU_EXCEED_LIMITS

Category: Policy Compliance

UNIX (5268)

Title: Failed SU attempts exceed limits

Description:The user has exceeded the number of allowed failed su attempts. SU failures might indicate an attempted break in. This is especially true if there have been a large number of failures on only a few accounts. Contact the system administrator if these attempts are coming from a site outside your organization. Also, verify that the reported users have secure passwords and network configurations.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [SU attempts: %s; Failed: %s; Limit: %s; Hours: %s]

String ID: STKU_SUCCESS_SU_EXCEED_LIMITS

Category: Policy Compliance

UNIX (5269)

Title: Successful SU attempts exceed limits

Description:The user has exceeded the number of allowed successful su attempts. SU to substitute users might indicate an attempted break in. This is especially true if the substitute users are privilege users. Contact the system administrator if these attempts are coming from a site outside your organization. Also, verify that the reported users have secure passwords and network configurations.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [SU attempts: %s; Succeed: %s; Limit: %s; Hours: %s]