Catalina - Configure Apple System Log Files Owned by Root and Group to Wheel

Information

The Apple System Logs (ASL) _MUST_ be owned by root.

ASL logs contain sensitive data about the system and users. If ASL log files are set to only be readable and writable by system administrators, the risk is mitigated.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

[source,bash]
----
/usr/sbin/chown root:wheel $(/usr/bin/stat -f '%Su:%Sg:%N' $(/usr/bin/grep -e '^>' /etc/asl.conf /etc/asl/* | /usr/bin/awk '{ print $2 }') 2> /dev/null | /usr/bin/awk '!/^root:wheel:/{print $1}' | /usr/bin/awk -F":" '!/^root:wheel:/{print $3}')
----

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AU-9(4), 800-53|SI-11, CCE|CCE-84928-1, STIG-ID|AOSX-15-004001

Plugin: Unix

Control ID: a5a8de35ac26471cd3e79022b6b0539da7f49f2e289055c0c9798cf8857d29b8