Check: AOSX-09-000230
Apple OS X 10.9 Workstation STIG:
AOSX-09-000230
(in version v1 r2)
Title
The operating system must initiate session audits at system startup. (Cat II impact)
Discussion
If auditing is enabled late in the startup process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.
Check Content
To check if the audit service is running, use the following command: sudo launchctl list | grep com.apple.auditd If nothing is returned, the audit service is not running and this is a finding.
Fix Text
To enable the audit service, run the following command: sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.auditd.plist
Additional Identifiers
Rule ID: SV-72745r1_rule
Vulnerability ID: V-58315
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001464 |
The information system initiates session audits at system start-up. |
Controls
Number | Title |
---|---|
AU-14 (1) |
System Start-Up |