Spec 6.2 Set the maximal number of logins.
Description: Setting the maximal number of logins can effectively prevent unauthorized users from connecting to the system by using accounts of other users. For example, if the maximum number of logins is set to 1, only one root user can connect to the system.
Implementation guide:
Modify the /etc/security/limits.conf file.
Set maxlogins to 3.
Security level: medium
Answer:
Sorry. I will confirm this.
Answer:
What I understand from the above explanation is: say I configure maxlogins to 3, and then it will allow only 3 users to connect to the system.
1. There is no policy in SEK which will configure the parameter "maxlogins" in the file /etc/security/limits.conf.
2. The policy "Reinforce system services> Xinetd Maximum number of instances" can be used to configure the above specification for only xinetd services. Ftp, telnet etc comes under xinetd services. Say if the user configures this policy to 3, then only 3 connections will be allowed through telnet. But if the user tries to connect using ssh then more than 3 connections will be allowed.
.
Spec 7.1 Record login error logs.
Description: Login error logs help us analyze the login status of users.
Implementation guide:
Modify the /etc/login.defs file, and add the following statement:
FAILLOG_ENAB yes
Location in the SEK tool: Logging and Auditing- > Login fail log.
Security level: medium.
Answer:
Login fail log:
This policy logs the login status of users who failed to login successfully. By default error will be logged in the file /var/log/btmp. If the user wants to configure it in different file, he can configure using the policy.
For the above spec, the appropriate policy will be Logging and Auditing > Login fail log.
Spec 7.2 Record AUTH logs.
Description: Login error logs help us analyze the system status.
Implementation guide:
Modify the /etc/syslog.conf file, and add the followings:
authpriv.*;auth.* /var/log/auth.log
Location in the SEK tool: Logging and Auditing- > Login authentication messages (SEC.LNX.ADT.001).
Security level: Medium.
Answer:
1. Logging and Auditing > Login Authentication messages: This policy will add the entry auth.* /var/log/auth.log in the file /etc/syslog.conf in SuSE9. In SuSE10, it will be configured as
filter f_logAuth {facility (auth);};
destination logAuth { file("/var/log/auth.log"); };
log { source(src); filter(f_logAuth); destination(logAuth); };
in the file /etc/syslog-ng/syslog-ng.conf
2. Reinforce System Services>Xinetd Set connection log type : This policy will configure the parameter "authpriv.* /var/log/authlog"
Note : The exact string "authpriv.*;auth.* /var/log/authlog" is not written in the file /etc/syslog.conf but the functionality remains the same.