Catalina - Configure Audit Log Folder to Not Contain Access Control Lists

Information

The audit log folder _MUST_ not contain access control lists (ACLs).

Audit logs contain sensitive data about the system and users. This rule ensures that the audit service is configured to create log folders that are readable and writable only by system administrators in order to prevent normal users from reading audit logs.

Solution

[source,bash]
----
/bin/chmod -N $(/usr/bin/grep '^dir' /etc/security/audit_control | /usr/bin/awk -F: '{print $2}')
----

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AU-9, 800-53|SI-11, CCE|CCE-84704-6, CCI|CCI-000162, STIG-ID|AOSX-15-000031

Plugin: Unix

Control ID: 61834d966697eed98c5851f9521a7ccb9de98c4bc31d74c0e62d07d9d125a844