Monitor Login Activities

This option group section of the policy monitors the system access activity that may indicate illegitimate activity. Portions of this section also monitor the successful logon attempts of individuals through various means. These monitoring areas can be used for the following tasks:
  • To acquire a timeline of when an individual logon to a specific system has occurred.
  • To detect other suspicious system access activity.
  • To alert on brute force password attempts.
Monitor Login Activities
Option
Description
Monitor Successful Logins
This option detects successful logins to supported UNIX systems via the local console and by remote access. It reports attempts to login to services including local console sessions, FTP, Telnet, SU, and SSH. It also notes successful attempts to change identification through the use of the su utility. It will report successful login attempts by users, as well as the root administrative account.
Monitor System Logoff Operation
This option detects successful logoff for SSH, SU, and local console.
Detect System Login Failures
This option detects failed login attempts to supported UNIX systems via the local console and by remote access. It reports attempts to login to services including local console sessions, FTP, Telnet, SU, and SSH. It also notes failed attempts to change identification through the use of the su utility. It will report failed login attempts by users, as well as the root administrative account.
The Unix_Baseline_Detection_Basic policy allows to specify only the high level options required for basic baseline monitoring. If you want to configure the granular options, use the Unix_Baseline_Detection_Advanced policy.
For example, the Unix_Baseline_Detection_Basic policy by default detects root logon and non-root logon for SSH remote logon. If you do not want the policy to detect a specific parameter such as non-root logon for SSH remote logon, you can use the Unix_Baseline_Detection_Advanced policy. The Unix_Baseline_Detection_Advanced policy allows you to configure each option individually.