Security auditing has led us to find that on older AIX systems, accessing the system via ssh does NOT result in /etc/security/lastlog being updated. We have about 40 systems where this is a problem; a typical one has levels:
iswhbfocd# ssh -V
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
(Also happens with OpenSSH_2.5.2p2, OpenSSH_3.4p1,OpenSSH_3.7.1p1)
Can anyone point me to where/how I can enable logging to
lastlog? In later systems I can see a stanza in sshd.config:
# Specifies whether sshd should print the date and time when the
# user last logged in. The default is ``yes''.
Is this relevant?
Any comments would be appreciated.