Check: OSX8-00-00345
Apple OSX 10.8 STIG:
OSX8-00-00345
(in version v1 r2)
Title
Audit log files must not contain ACLs. (Cat II impact)
Discussion
Audit log files should not contain ACLs.
Check Content
To check for ACLs of the audit log files, run the following command: sudo ls -le `sudo grep "^dir" /etc/security/audit_control | awk -F: '{print $2 "/*"}'` | grep -v current The audit log files listed should not contain ACLs. ACLs will be listed under any file that may contain them (e.g., "0: group:admin allow list,readattr,reaadextattr,readsecurity" ). If any file contains this information, this is a finding.
Fix Text
For any log file that returns an ACL, run the following command: sudo chmod -N [audit log file] where [audit log file] is the full path to the log file in question.
Additional Identifiers
Rule ID: SV-65841r1_rule
Vulnerability ID: V-51631
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000162 |
The information system protects audit information from unauthorized access. |
Controls
Number | Title |
---|---|
AU-9 |
Protection Of Audit Information |