Check: OSX8-00-00225
Apple OSX 10.8 STIG:
OSX8-00-00225
(in version v1 r2)
Title
The audit log files must not contain ACLs. (Cat II impact)
Discussion
The audit log files should not contain ACLs.
Check Content
To check for ACLs of the audit log files, run the following command: sudo ls -le `sudo grep "^dir" /etc/security/audit_control | awk -F: '{print $2 "/*"}'` | grep -v current The audit log files listed should not contain ACLs. ACLs will be listed under any file that may contain them. i.e. "0: group:admin allow list,readattr,reaadextattr,readsecurity". If any file contains this information, this is a finding.
Fix Text
For any log file that returns an ACL, run the following command: chmod -N [audit log file] where [audit log file] is the full path to the log file in question.
Additional Identifiers
Rule ID: SV-65877r1_rule
Vulnerability ID: V-51667
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000166 |
The information system protects against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation. |
Controls
Number | Title |
---|---|
AU-10 |
Non-Repudiation |