Check: OSX8-00-00355
Apple OSX 10.8 STIG:
OSX8-00-00355
(in version v1 r2)
Title
Audit log files must be owned by root:wheel. (Cat II impact)
Discussion
Audit log files should be owned by root:wheel.
Check Content
Prevent unauthorized users from reading or altering the audit logs. To check the permissions of the audit log files, run the following command: sudo -s ls -l `grep "^dir" /etc/security/audit_control | awk -F: '{print $2 "/*"}'` | grep -v current The audit log files listed should be owned by root:wheel. If not, this is a finding.
Fix Text
For any log file that returns an incorrect permission value, run the following command: sudo chown root:wheel [audit log file] where [audit log file] is the full path to the log file in question.
Additional Identifiers
Rule ID: SV-65851r1_rule
Vulnerability ID: V-51641
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000163 |
The information system protects audit information from unauthorized modification. |
Controls
Number | Title |
---|---|
AU-9 |
Protection Of Audit Information |