Detections
Analytics
APPL-26-001110 - The macOS system must configure audit_control group to wheel.
Information
/etc/security/audit_control must have the group set to wheel.The audit service must be configured with the correct group ownership to prevent normal users from manipulating audit log configurations.
Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPOS-00029, SRG-OS-000063-GPOS-00032, SRG-OS-000256-GPOS-00097, SRG-OS-000257-GPOS-00098, SRG-OS-000258-GPOS-00099
Solution
Configure the macOS system with the audit_control group to wheel with the following command:/usr/bin/chgrp wheel /etc/security/audit_control
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_macOS_26_V1R2_STIG.zip
Item Details
Audit Name: DISA Apple macOS 26 Tahoe STIG v1r2
Category: AUDIT AND ACCOUNTABILITY
References: 800-53|AU-9, 800-53|AU-12b., CAT|II, CCI|CCI-000162, CCI|CCI-000163, CCI|CCI-000164, CCI|CCI-000171, CCI|CCI-001493, CCI|CCI-001494, CCI|CCI-001495, Rule-ID|SV-277080r1148692_rule, STIG-ID|APPL-26-001110, Vuln-ID|V-277080
Plugin: Unix
Control ID: d8e79ead1dc32a32ba7103c656a47ba20a889aea83f28a70b87e87cb59ebbd53