Check: OSX8-00-00395
Apple OSX 10.8 STIG:
OSX8-00-00395
(in version v1 r2)
Title
The operating system must back up audit records on an organization-defined frequency onto a different system or media than the system being audited. (Cat II impact)
Discussion
Protection of log data includes assuring the log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an organizationally defined frequency helps to assure in the event of a catastrophic system failure, the audit records will be retained.
Check Content
To check the location of the audit log files, run the following command: sudo ls -ld `sudo grep "^dir" /etc/security/audit_control | sed 's/dir://'` The default location is /var/audit. If this is not defined or defined incorrectly, this is a finding.
Fix Text
Edit the /etc/security/audit_control file to define the directory for audit logs.
Additional Identifiers
Rule ID: SV-65603r1_rule
Vulnerability ID: V-51393
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001348 |
The information system backs up audit records on an organization-defined frequency onto a different system or system component than the system or component being audited. |
Controls
Number | Title |
---|---|
AU-9 (2) |
Audit Backup On Separate Physical Systems / Components |