Check: OSX8-00-00245
Apple OSX 10.8 STIG:
OSX8-00-00245
(in version v1 r2)
Title
The flags option must be set in /etc/security/audit_control. (Cat II impact)
Discussion
The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records (i.e., auditable events).
Check Content
The options to configure the audit daemon are located in the /etc/security/audit_contol file. To view the current settings, run the following command: sudo grep ^flags /etc/security/audit_control | sed 's/flags://' If the flags option is not set, this is a finding.
Fix Text
To set the audit flags to the recommended setting, run the following command: sed -i.bak 's/^flags.*$/flags:lo,ad,fr,fw,fc,fd,fm,pc,nt,aa/' /etc/security/audit_control You may also edit the /etc/security/audit_control file using a text editor to define the flags your organization requires for auditing.
Additional Identifiers
Rule ID: SV-65883r1_rule
Vulnerability ID: V-51673
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000172 |
The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3. |
Controls
Number | Title |
---|---|
AU-12 |
Audit Generation |