Ensure PAM Displays Last Logon/Access Notification

Classification:

compliance

Framework:

Control:

Description

To configure the system to notify users of last logon/access using pam_lastlog, add or correct the pam_lastlog settings in /etc/pam.d/postlogin to read as follows:

session     required pam_lastlog.so showfailed

And make sure that the silent option is not set for pam_lastlog module.

Rationale

Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the number of unsuccessful attempts that were made to login to their account allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators.