The vAMI must log all successful login events.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-240959	VRAU-VA-000610	SV-240959r879874_rule		Medium

Description
Logging the access to the application server allows the system administrators to monitor user accounts. By logging successful/unsuccessful logons, the system administrator can determine if an account is compromised (e.g., frequent logons) or is in the process of being compromised (e.g., frequent failed logons) and can take actions to thwart the attack. Logging successful logons can also be used to determine accounts that are no longer in use.

Description

Logging the access to the application server allows the system administrators to monitor user accounts. By logging successful/unsuccessful logons, the system administrator can determine if an account is compromised (e.g., frequent logons) or is in the process of being compromised (e.g., frequent failed logons) and can take actions to thwart the attack. Logging successful logons can also be used to determine accounts that are no longer in use.

STIG	Date
VMware vRealize Automation 7.x vAMI Security Technical Implementation Guide	2023-09-12

Details

Check Text ( C-44192r676042_chk )
At the command prompt, execute the following command: grep quiet_success /etc/pam.d/vami-sfcb If the command returns any output, this is a finding.

Fix Text (F-44151r676043_fix)
Navigate to and open /etc/pam.d/vami-sfcb. Comment out the line which contains quiet_success