Check: OSX8-00-00205
Apple OSX 10.8 STIG:
OSX8-00-00205
(in version v1 r2)
Title
The audit log folder must have correct permissions. (Cat II impact)
Discussion
Non-repudiation of actions taken is required in order to maintain integrity. To do this, we will prevent users from modifying the audit logs. Non-repudiation protects individuals against later claims by an author of not having updated a particular file, invoked a specific command, or copied a specific file.
Check Content
To check the permissions of the audit log files, run the following command: sudo -s stat -f "%A:%N" `sudo grep "^dir" /etc/security/audit_control | awk -F: '{print $2 "/*"}'` | grep -v current The results should show the permissions (first column) to be "440" or less permissive. If not, this is a finding.
Fix Text
For every log file that returns incorrect permissions, run the following command: sudo chmod 440 [audit log file] where [audit log file] is the full path of the log file that needs to be modified.
Additional Identifiers
Rule ID: SV-65863r1_rule
Vulnerability ID: V-51653
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000166 |
The information system protects against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation. |
Controls
Number | Title |
---|---|
AU-10 |
Non-Repudiation |