Check: OSX8-00-00045
Apple OSX 10.8 STIG:
OSX8-00-00045
(in version v1 r2)
Title
The operating system must ensure remote sessions for accessing an organization-defined list of security functions and security-relevant information are audited. (Cat II impact)
Discussion
Remote access is any access to an organizational operating system by a user (or an information system) communicating through an external, non-organization-controlled network. Remote access to security functions (e.g., user management, audit log management, etc.) and security-relevant information requires the activity be audited by the organization. Any operating system providing remote access must support organizational requirements to audit access or organization-defined security functions and security-relevant information.
Check Content
In order to view the currently configured flags for the audit daemon, run the following command: sudo grep ^flags /etc/security/audit_control | sed 's/flags://' | tr "," "\n" | grep nt The network are logged by way of the "nt" flag. If "nt" is not listed in the result of the check, this is a finding.
Fix Text
To make sure the appropriate flags are enabled for auditing, run the following command: sudo sed -i.bak '/^flags/ s/$/,nt/' /etc/security/audit_control
Additional Identifiers
Rule ID: SV-65635r1_rule
Vulnerability ID: V-51425
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001454 |
The organization ensures that remote sessions for accessing an organization-defined list of security functions and security-relevant information are audited. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |