Check: OSX8-00-00170
Apple OSX 10.8 STIG:
OSX8-00-00170
(in version v1 r2)
Title
The operating system must audit any use of privileged accounts, or roles, with access to organization-defined security functions or security-relevant information, when accessing other system functions. (Cat II impact)
Discussion
The auditing system must be configured to audit authentication and authorization events.
Check Content
In order to view the currently configured flags for the audit daemon, run the following command: sudo grep ^flags /etc/security/audit_control | sed 's/flags://' | tr "," "\n" | grep aa The authentication events are logged via the "aa" flag. If "aa" is not listed in the result of the check, this is a finding.
Fix Text
To make sure the appropriate flags are enabled for auditing, run the following command: sudo sed -i.bak '/^flags/ s/$/,aa/' /etc/security/audit_control
Additional Identifiers
Rule ID: SV-65653r1_rule
Vulnerability ID: V-51443
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000040 |
The organization audits any use of privileged accounts, or roles, with access to organization-defined security functions or security-relevant information, when accessing other system functions. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |