Check: OSX8-00-00310
Apple OSX 10.8 STIG:
OSX8-00-00310
(in version v1 r2)
Title
The operating system must provide a real-time alert when organization-defined audit failure events occur. (Cat II impact)
Discussion
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Audit processing failures include, software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. Organizations must define audit failure events requiring an application to send an alarm. When those defined events occur, the application will provide a real-time alert to the appropriate personnel.
Check Content
To verify that the system log is writing audit failure or warnings run the following command: sudo grep logger /etc/security/audit_warn If this does not return: logger -p security.warning "audit warning: $@" this is a finding.
Fix Text
Edit the /etc/security/audit_warn file to include the line: logger -p security.warning "audit warning: $@"
Additional Identifiers
Rule ID: SV-65711r1_rule
Vulnerability ID: V-51501
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000144 |
The information system provides a real-time alert when organization-defined audit failure events occur. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |