Detections
Analytics
APPL-26-001120 - The macOS system must configure audit_control owner to root.
Information
/etc/security/audit_control must have the owner set to root.The audit service must be configured with the correct ownership to prevent normal users from manipulating audit log configurations.
Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPOS-00029, SRG-OS-000063-GPOS-00032, SRG-OS-000256-GPOS-00097, SRG-OS-000257-GPOS-00098, SRG-OS-000258-GPOS-00099
Solution
Configure the macOS system with the audit_control owner to root with the following command:/usr/sbin/chown root /etc/security/audit_control
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_macOS_26_V1R2_STIG.zip
Item Details
Audit Name: DISA Apple macOS 26 Tahoe STIG v1r2
Category: AUDIT AND ACCOUNTABILITY
References: 800-53|AU-9, 800-53|AU-12b., CAT|II, CCI|CCI-000162, CCI|CCI-000163, CCI|CCI-000164, CCI|CCI-000171, CCI|CCI-001493, CCI|CCI-001494, CCI|CCI-001495, Rule-ID|SV-277081r1148695_rule, STIG-ID|APPL-26-001120, Vuln-ID|V-277081
Plugin: Unix
Control ID: ccce2d6792836f53edc01e3fd538b348205f70703b20aedab717e3a08bc71fe1