Check: GEN002690 M6
MACOSX 10.6:
GEN002690 M6
(in version v1 r3)
Title
System audit logs must be group-owned by wheel. (Cat II impact)
Discussion
Sensitive system and user information could provide a malicious user with enough information to penetrate further into the system.
Check Content
Open a terminal session and enter the following command to verify group ownership of the files. ls -Ll /var/audit If any file is not group owned by wheel, this is a finding.
Fix Text
Open a terminal session and enter the following command to change group ownership of the file. chgrp wheel /var/audit/ <audit file>
Additional Identifiers
Rule ID: SV-38144r1_rule
Vulnerability ID: V-22702
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000162 |
The information system protects audit information from unauthorized access. |
| CCI-000163 |
The information system protects audit information from unauthorized modification. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| AU-9 |
Protection Of Audit Information |