Detections
Analytics

1.14 APPL-14-000031

Information

The macOS system must configure audit log folders to not contain access control lists.

GROUP ID: V-259433RULE ID: SV-259433r958434

The audit log folder must not contain access control lists (ACLs).

Audit logs contain sensitive data about the system and users. This rule ensures that the audit service is configured to create log folders that are readable and writable only by system administrators in order to prevent normal users from reading audit logs.

Satisfies: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000258-GPOS-00099

Solution

Configure the macOS system without ACLs applied to log folders with the following command:

/bin/chmod -N /var/audit

See Also

https://workbench.cisecurity.org/benchmarks/24070

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CAT|II, CCI|CCI-000162, CCI|CCI-000163, CCI|CCI-000164, CCI|CCI-001493, CCI|CCI-001494, CCI|CCI-001495, Rule-ID|SV-259433r958434_rule, STIG-ID|APPL-14-000031, Vuln-ID|V-259433

Plugin: Unix

Control ID: e8cfdaa431c2027cdac7d2f169edaa76608c449530ee882ec0e4ebd6a4e005c2