Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000038189 - Successful SSH login attempts are not logged in /var/log/messages in Authentication Manager prior to 8.4

Document created by RSA Customer Support

on Jan 3, 2020

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000038189
Applies To	RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.1.x, 8.2.x, 8.3.x
Issue	Only failed SSH authentication login attempts are logged in the RSA Authentication Manager /var/log/messages logs. Successful attempts are not logged.
Cause	RSA Authentication Manager 8.3 and earlier used older versions of SUSE Linux Enterprise Server as its operating system. The default behavior of older versions of SLES is to log only failed attempts.
Resolution	To enable logging of successful SSH logins apply the following changes: SSH into Authentication Manager. Change to root using the following command: sudo su - Edit the file /etc/pam.d/common-session using the following command: vim /etc/pam.d/common-session Press i to enter Insert mode. Add the following line to the end of the file: session required pam_warn.so Press ESC to exit Insert mode. Save and exit by typing :wq! Repeat steps 1 - 7 on each RSA Authentication Manager instance, whether it is a primary or a replica, to log successful SSH authentication attempts for the instance.

Attachments

Outcomes

0 Comments

Recommended Content