The TOSS 5 SSH daemon must display the date and time of the last successful account logon upon an SSH logon.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-282714TOSS-05-000260SV-282714r1201379_ruleCCI-000366medium
Description
Providing users feedback on when account accesses last occurred facilitates user recognition and reporting of unauthorized account use.
STIGDate
Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide2026-04-01

Details

Check Text (C-282714r1201379_chk)

Verify the SSH daemon provides users with feedback on when account accesses last occurred using the following command: $ sudo /usr/sbin/sshd -dd 2>&1 | awk '/filename/ {print $4}' | tr -d '\r' | tr '\n' ' ' | xargs sudo grep -iH '^\s*printlastlog' PrintLastLog yes If the "PrintLastLog" keyword is set to "no", the returned line is commented out, or no output is returned, this is a finding.

Fix Text (F-87180r1201378_fix)

Configure the SSH daemon to provide users with feedback on when account accesses last occurred. Add the following line in "/etc/ssh/sshd_config" or uncomment the line and set the value to "yes": PrintLastLog yes Restart the SSH service for changes to take effect: $ sudo systemctl restart sshd.service