Detections
Analytics

Big Sur - Configure System Log Files Owned by Root and Group to Wheel

Information

The system log files _MUST_ be owned by root.

System logs contain sensitive data about the system and users. If log files are set to only be readable and writable by system administrators, the risk is mitigated.

Solution

[source,bash]
----
/usr/sbin/chown root:wheel $(/usr/bin/stat -f '%Su:%Sg:%N' $(/usr/bin/grep -v '^#' /etc/newsyslog.conf | /usr/bin/awk '{ print $1 }') 2> /dev/null | /usr/bin/awk -F":" '!/^root:wheel:/{print $3}')
----

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-11, 800-53|SI-11b., CCE|CCE-85469-5, CCI|CCI-001314, STIG-ID|APPL-11-004001

Plugin: Unix

Control ID: 289fcc95a48e520f0439214f60b8a33a4c8a809f288f5fc8dce52cfa45a9af3e