Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Noble pam_lastlog is deprecated its succesor is pam_lastlog2 #343

Open
Tracked by #892
ramonskie opened this issue Apr 25, 2024 · 5 comments
Open
Tracked by #892

Noble pam_lastlog is deprecated its succesor is pam_lastlog2 #343

ramonskie opened this issue Apr 25, 2024 · 5 comments
Labels
noble

Comments

@ramonskie
Copy link
Contributor

in stemcell_builder/stages/password_policies/assests/common-passowrd.patch
we reference pam_lastlog. but it seems that file does not exists anymore and is deprecated
see release notes https://github.com/linux-pam/linux-pam/releases/tag/v1.5.3
or commit: linux-pam/linux-pam@357a4dd

pam_lastlog2 https://github.com/thkukuk/lastlog2 is the succsor
and is now merged within the util-linux pacakge
https://packages.ubuntu.com/noble/util-linux https://github.com/util-linux/util-linux
https://github.com/util-linux/util-linux

the util-linux will add more libraries that we maby don't need
this needs some investigation if its worth it.
as we probably can also log this with one of our loggers

references:
@rkoster rkoster mentioned this issue Jun 12, 2024
Open
@xtreme-nitin-ravindran
Copy link
Member

Ubuntu STIG requires displaying the information last successful logon.
For Jammy:

Group ID (Vulid): V-260551
Group Title: SRG-OS-000480-GPOS-00227
Rule ID: SV-260551r953466_rule
Severity: CAT III
Rule Version (STIG-ID): UBTU-22-412015
Rule Title: Ubuntu 22.04 LTS must display the date and time of the last successful account logon upon logon. 
Check Content:    
Verify users are provided with feedback on when account accesses
last occurred by using the following command: 

$ grep pam_lastlog /etc/pam.d/login 
session required pam_lastlog.so showfailed 

If the line containing "pam_lastlog" is not set to "required", or the "silent" option
is present, the "showfailed" option is missing, the line is commented out,
or the line is missing , this is a finding.

CIS also has rules to audit login events
For Jammy

4.1.3.12 Ensure login and logout events are collected (Automated)
Profile Applicability:
 - Level 2 - Server
 - Level 2 - Workstation
Description:
Monitor login and logout events. The parameters below track changes to files associated with login/logout events.
  - /var/log/lastlog - maintain records of the last time a user successfully logged in.
  - /var/run/faillock - directory maintains records of login failures via the pam_faillock module.

The benchmarks for Noble are not published yet, but usually mirrors the benchmarks of the previous version of the OS

@ramonskie
Copy link
Contributor Author

so the verdict is to use the bloated util-linux package so we continue to use pam_lastlog2

ramonskie added a commit that referenced this issue Jun 13, 2024
@ramonskie
pam_lastlog is deprecated move to pam_lostlog2 #343
301e212
ramonskie added a commit that referenced this issue Jun 14, 2024
@ramonskie
pam_lastlog is deprecated move to pam_lostlog2 #343
1fc1fc2
@ramonskie ramonskie reopened this Jun 14, 2024
@ramonskie
Copy link
Contributor Author

the util-linux package provided for ubuntu noble is currently only 2.93.3
and lastlog2 is only packaged with util-linux => 2.40

@beyhan beyhan mentioned this issue Jul 30, 2024
Merged
@rkoster
Copy link
Contributor

rkoster commented Oct 3, 2024

@ramonskie is there any work left on this?

@ramonskie
Copy link
Contributor Author

Yes the package should be monitored of the util-linux packages has been updated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
noble
Projects
Foundational Infrastructure Working Group
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rkoster @ramonskie @xtreme-nitin-ravindran