Open ramonskie opened 2 months ago
Ubuntu STIG requires displaying the information last successful logon. For Jammy:
Group ID (Vulid): V-260551
Group Title: SRG-OS-000480-GPOS-00227
Rule ID: SV-260551r953466_rule
Severity: CAT III
Rule Version (STIG-ID): UBTU-22-412015
Rule Title: Ubuntu 22.04 LTS must display the date and time of the last successful account logon upon logon.
Check Content:
Verify users are provided with feedback on when account accesses
last occurred by using the following command:
$ grep pam_lastlog /etc/pam.d/login
session required pam_lastlog.so showfailed
If the line containing "pam_lastlog" is not set to "required", or the "silent" option
is present, the "showfailed" option is missing, the line is commented out,
or the line is missing , this is a finding.
CIS also has rules to audit login events For Jammy
4.1.3.12 Ensure login and logout events are collected (Automated)
Profile Applicability:
- Level 2 - Server
- Level 2 - Workstation
Description:
Monitor login and logout events. The parameters below track changes to files associated with login/logout events.
- /var/log/lastlog - maintain records of the last time a user successfully logged in.
- /var/run/faillock - directory maintains records of login failures via the pam_faillock module.
The benchmarks for Noble are not published yet, but usually mirrors the benchmarks of the previous version of the OS
so the verdict is to use the bloated util-linux
package so we continue to use pam_lastlog2
the util-linux
package provided for ubuntu noble is currently only 2.93.3
and lastlog2 is only packaged with util-linux => 2.40
in stemcell_builder/stages/password_policies/assests/common-passowrd.patch we reference pam_lastlog. but it seems that file does not exists anymore and is deprecated see release notes https://github.com/linux-pam/linux-pam/releases/tag/v1.5.3 or commit: https://github.com/linux-pam/linux-pam/commit/357a4ddbe9b4b10ebd805d2af3e32f3ead5b8816
pam_lastlog2 https://github.com/thkukuk/lastlog2 is the succsor and is now merged within the util-linux pacakge https://packages.ubuntu.com/noble/util-linux https://github.com/util-linux/util-linux https://github.com/util-linux/util-linux
the util-linux will add more libraries that we maby don't need this needs some investigation if its worth it. as we probably can also log this with one of our loggers
references: