From 5f9c3dbd332281a3e56c5c4ab6de81d010468e27 Mon Sep 17 00:00:00 2001
From: Marek Haicman <mhaicman@redhat.com>
Date: Wed, 31 Jul 2024 18:58:47 +0200
Subject: [PATCH] Consolidate ASCS RHEL profiles lastlog via sshd

As E8 and ISM O profiles were using different methods to print last
login information. This results in different timestamps in logs,
creating inconvenience. Using just one method is preferrable.
---
 controls/ism_o.yml                    | 4 ++--
 products/rhel8/profiles/ism_o.profile | 2 +-
 products/rhel9/profiles/ism_o.profile | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/controls/ism_o.yml b/controls/ism_o.yml
index 07c40879fa0..f034d8877fd 100644
--- a/controls/ism_o.yml
+++ b/controls/ism_o.yml
@@ -116,7 +116,7 @@ controls:
             - audit_rules_privileged_commands
             - audit_rules_session_events
             - audit_rules_unsuccessful_file_modification
-            - display_login_attempts
+            - sshd_print_last_log
             - sebool_auditadm_exec_content
         status: automated
 
@@ -134,7 +134,7 @@ controls:
             - audit_rules_privileged_commands
             - audit_rules_session_events
             - audit_rules_unsuccessful_file_modification
-            - display_login_attempts
+            - sshd_print_last_log
             - sebool_auditadm_exec_content
         status: automated
 
diff --git a/products/rhel8/profiles/ism_o.profile b/products/rhel8/profiles/ism_o.profile
index 141758c8a2f..985cd7992f6 100644
--- a/products/rhel8/profiles/ism_o.profile
+++ b/products/rhel8/profiles/ism_o.profile
@@ -101,7 +101,7 @@ selections:
 
   ## Events to be logged
   ## Identifiers 0580 / 0584 / 0582 / 0585 / 0586 / 0846 / 0957
-  - display_login_attempts
+  - sshd_print_last_log
   - sebool_auditadm_exec_content
   - audit_rules_privileged_commands
   - audit_rules_session_events
diff --git a/products/rhel9/profiles/ism_o.profile b/products/rhel9/profiles/ism_o.profile
index 3cd0db69142..3c2d85d26ef 100644
--- a/products/rhel9/profiles/ism_o.profile
+++ b/products/rhel9/profiles/ism_o.profile
@@ -101,7 +101,7 @@ selections:
 
   ## Events to be logged
   ## Identifiers 0580 / 0584 / 0582 / 0585 / 0586 / 0846 / 0957
-  - display_login_attempts
+  - sshd_print_last_log
   - sebool_auditadm_exec_content
   - audit_rules_privileged_commands
   - audit_rules_session_events