Check: OSX8-00-00375
Apple OSX 10.8 STIG:
OSX8-00-00375
(in version v1 r2)
Title
The audit log folder must not have ACLs. (Cat II impact)
Discussion
The audit log folder should not have ACLs.
Check Content
To check for ACLs of the audit log folder run the following command: ls -le `grep "^dir" /etc/security/audit_control | awk -F: '{print $2 "/"}'` | grep -v current The audit log folder listed should not contain ACLs. ACLs will be listed under any file that may contain them (e.g., "0: group:admin allow list,readattr,reaadextattr,readsecurity"). If the folder contains this information, this is a finding.
Fix Text
If the log folder has an ACL, run the following command: chmod -N [audit log folder] where [audit log folder] is the full path to the log folder in question.
Additional Identifiers
Rule ID: SV-65861r1_rule
Vulnerability ID: V-51651
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000164 |
The information system protects audit information from unauthorized deletion. |
Controls
Number | Title |
---|---|
AU-9 |
Protection Of Audit Information |