Monitor Login Activities
This option group section of the policy monitors the system access activity that may indicate illegitimate activity. Portions of this section also monitor the successful logon attempts of individuals through various means. These monitoring areas can be used for the following tasks:
- To acquire a timeline of when an individual logon to a specific system has occurred.
- To detect other suspicious system access activity.
- To alert on brute force password attempts.
Option | Description |
|---|---|
Monitor Successful Logins | This option detects successful logins to supported UNIX
systems via the local console and by remote access. It reports
attempts to login to services including local console sessions,
FTP, Telnet, SU, and SSH. It also notes successful
attempts to change identification through the use of the
su utility. It will report successful login attempts by users,
as well as the root administrative account. |
Monitor System Logoff Operation | This option detects successful logoff for SSH, SU, and local console. |
Detect System Login Failures | This option detects failed login attempts to supported UNIX
systems via the local console and by remote access. It reports
attempts to login to services including local console sessions,
FTP, Telnet, SU, and SSH. It also notes failed
attempts to change identification through the use of the
su utility. It will report failed login attempts by users,
as well as the root administrative account. |
The Unix_Baseline_Detection_Basic policy allows to specify only the high level options required for basic baseline monitoring. If you want to configure the granular options, use the Unix_Baseline_Detection_Advanced policy.
For example, the Unix_Baseline_Detection_Basic policy by default detects root logon and non-root logon for SSH remote logon. If you do not want the policy to detect a specific parameter such as non-root logon for SSH remote logon, you can use the Unix_Baseline_Detection_Advanced policy. The Unix_Baseline_Detection_Advanced policy allows you to configure each option individually.