Comments (3)
You mean /var/run/faillog
, right?
from cnspec-policies.
What Debian are you on @tas50 ?
Could not reproduce the issue on vagrant/debian9:
root@stretch:/etc/audit/rules.d# /etc/init.d/auditd restart
[ ok ] Restarting auditd (via systemctl): auditd.service.
root@stretch:/etc/audit/rules.d# cd ..
root@stretch:/etc/audit# cat audit.rules
## This file is automatically generated from /etc/audit/rules.d
-D
-b 8192
-f 1
-w /var/log/lastlog -p wa -k logins
-w /var/log/tallylog -p wa -k logins
-w /var/log/faillog -p wa -k logins
--backlog_wait_time 0
Generally speaking this looks more like an OS issue to me.
When hardening my Ubuntu 22.04, I also ran into problems with configuring audit
correctly.
It is super finicky and I think having one wrong character in an unrelated rule led to failing to add and/or update other files from the rules.d/
folder when generating the audit.rules
. I ended up adding the rules in different files in the rules.d/
directory with a few blocks each in them and then regenerating the audit.rules
file until I found the file and subsequently the line that caused the issue.
Also there is another hardening control, that only allows changes to the audit.rules
when rebooting. So maybe that is why it's happening for you?
from cnspec-policies.
@mm-weber this is an openmediavault system which is Debian 11 + a few extra repos.
from cnspec-policies.
Related Issues (20)
- Windows Security policy has no impact scores HOT 1
- Google Workspace Security by Mondoo policy needs descriptions
- `Google Workspace Security by Mondoo` policy calls itself a query pack
- Wire up automation to fully promote to public registry upon release
- sudo log file not detected if in sudoers.d HOT 1
- Complete the TODO work in AWS Security
- Replace "Azure AD" with "Azure Entra ID"
- Improve GitLab Security policy
- terraform aws_iam_policy check fails when using a data source
- TLS/SSL Security Baseline missing impact scores
- Azure core policies fail to compile
- DKIM selector monitoring limitations
- Add DKIM selector variant check for domains that do not send mail
- Improve linux-security ssh PermitRootLogin test HOT 3
- Some devices are missing the 3 policies HOT 4
- Update powershell scripts in policies with subcategoryguid
- Don't run kernel checks on containers
- Remediation in Linux Policy's `Ensure secure permissions on /etc/passwd- are set` does not stick
- Linux policy's `Ensure NFS and RPC are stopped and not enabled` check needs to include rpcbind.socket
- Latest k8s policy changes include wired unicode characters
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cnspec-policies.