The SUSE operating system must display the date and time of the last successful account logon upon an SSH logon.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-234881 | SLES-15-020120 | SV-234881r991589_rule | CCI-000052 | medium |
| Description | ||||
| Providing users with feedback on when account accesses via SSH last occurred facilitates user recognition and reporting of unauthorized account use. | ||||
| STIG | Date | |||
| SUSE Linux Enterprise Server 15 Security Technical Implementation Guide | 2025-05-14 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
AC-9
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-000052
1.00
- DISA · 2 · disa_xccdf · related
Details
Check Text (C-234881r991589_chk)
Verify all remote connections via SSH to the SUSE operating system display feedback on when account accesses last occurred.
Check that "PrintLastLog" keyword in the sshd daemon configuration file is used and set to "yes" with the following command:
> sudo /usr/sbin/sshd -dd 2>&1 | awk '/filename/ {print $4}' | tr -d '\r' | tr '\n' ' ' | xargs sudo grep -iH '^\s*printlastlog'
PrintLastLog yes
If the "PrintLastLog" keyword is set to "no", is missing, or is commented out, this is a finding.
Fix Text (F-38032r618913_fix)
Configure the SUSE operating system to provide users with feedback on when account accesses last occurred.
Add or edit the following lines in the "/etc/ssh/sshd_config" file:
PrintLastLog yes