Catalina - Configure Audit Log Files to Not Contain Access Control Lists

Information

The audit log files _MUST_ not contain access control lists (ACLs).

This rule ensures that audit information and audit files are configured to be readable and writable only by system administrators, thereby preventing unauthorized access, modification, and deletion of files.

Solution

[source,bash]
----
/bin/chmod -RN $(/usr/bin/awk -F: '/^dir/{print $2}' /etc/security/audit_control)
----

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AU-9, 800-53|SI-11, 800-53|SI-11b., CCE|CCE-84701-2, CCI|CCI-000162, CCI|CCI-001314, STIG-ID|AOSX-15-000030

Plugin: Unix

Control ID: c2ef1857ccd9352fdcdf43874fd20bd33c9794cf3275b5f06567e966f62ef6bd