Detections
Analytics

1.55 APPL-14-001130

Information

The macOS system must configure audit_control to mode 440 or less permissive.

GROUP ID: V-259475RULE ID: SV-259475r958434

/etc/security/audit_control must be configured so that it is readable only by the root user and group wheel.

Satisfies: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000063-GPOS-00032,SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000258-GPOS-00099

Solution

Configure the macOS system with the audit_control to mode 440 with the following command:

/bin/chmod 440 /etc/security/audit_control

See Also

https://workbench.cisecurity.org/benchmarks/24070

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, 800-53|AU-12b., CAT|II, CCI|CCI-000162, CCI|CCI-000163, CCI|CCI-000164, CCI|CCI-000171, CCI|CCI-001493, CCI|CCI-001494, CCI|CCI-001495, Rule-ID|SV-259475r958434_rule, STIG-ID|APPL-14-001130, Vuln-ID|V-259475

Plugin: Unix

Control ID: d2103b28aa83d899948e8413d39ebdc16cdbfb617f62f79aecfa599a5c4c189d