PCI DSS compliance
10.2.4 Invalid logical access attempts
10.2.4 Invalid logical access attempts
Brute force and logon attempts might be a first indication of a possible break-in. This is the reason such attempts should be properly logged and reviewed on a regular basis. On Linux this PCI DSS control might be configured by using the Linux audit system.
Linux systems have a great of auditing events, with the help of the Linux audit framework. The kernel has a built-in auditing mechanism, which allows system calls and file access to be monitored. Besides the access request to a resource itself, the success or failure is logged as well. Especially failed requests are interesting, as they might indicate a brute force attempt.
More resources
Related tools
- aureport
- ausearch
Commands
- aureport -l --failed
- ausearch --message USER_LOGIN --success no --interpret