Configure Session Audit Rules

You are advised to audit and monitor the /var/run/utmp, /var/log/wtmp, and /var/log/btmp files. /var/run/utmp records all login events, /var/log/wtmp records all login, logout, shutdown, and restart events, and /var/log/btmp records login failure events. If session audit is not configured,...

SUSE CVE-2006-7108

login in util-linux-2.12a skips pamacctmgmt and chauthtok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pamacctmgmt and chauthtok...

The vulnerability of the Enterprise Resource Management System “Galaktika ERP” lies in the fact that it stores user accounting data in an open manner, allowing a malicious actor to access and disclose the accounting information of privileged users.

The vulnerability of the Galaktika ERP resource management system lies in the fact that information related to user account data is stored publicly. This information is privileged administrator-sensitive and used for configuring software. Exploiting this vulnerability could allow a malicious acto...

YASAT - Yet Another Stupid Audit Tool

YASAT Yet Another Stupid Audit Tool is a simple stupid audit tool. Its goal is to be as simple as possible with minimum binary dependencies only sed, grep and cut Second goal is to document each test with maximum information and links to official documentation. It do many tests for checking...

DEBIAN-CVE-2008-5394

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line aka utline field in a utmp entry...