Check: OSX8-00-00415
Apple OSX 10.8 STIG:
OSX8-00-00415
(in version v1 r2)
Title
The auditing tool, auditd, must be the one provided by Apple, Inc. (Cat II impact)
Discussion
The auditing tool, auditd, should be the one provided by Apple, Inc.
Check Content
Run the following command to ensure the audit tool, auditd has the correct signed hash value: sudo codesign -dvvv /usr/sbin/auditd 2>&1 | grep CDHash | sed 's/CDHash=//' The result should be "abad487143d9bb99e06d945f69f8fab6e49460f1". If it differs, this is a finding.
Fix Text
If the check fails, you will need to obtain the correct files from the original 10.8 installation media.
Additional Identifiers
Rule ID: SV-65671r1_rule
Vulnerability ID: V-51461
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
Number | Definition |
---|---|
CCI-001496 |
The information system implements cryptographic mechanisms to protect the integrity of audit tools. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
Number | Title |
---|---|
AU-9 (3) |
Cryptographic Protection |