UCF STIG Viewer Logo

The OS X firewall must have logging enabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-67701 AOSX-11-000950 SV-82191r1_rule Medium
Description
Firewall logging must be enabled. This ensures that malicious network activity will be logged to the system.
STIG Date
Apple OS X 10.11 Security Technical Implementation Guide 2018-01-04

Details

Check Text ( C-68267r1_chk )
If HBSS is used, this is not applicable.

To check if the OS X firewall has logging enabled, run the following command:

/usr/libexec/ApplicationFirewall/socketfilterfw --getloggingmode | /usr/bin/grep on

If the result does not show "on", this is a finding.
Fix Text (F-73815r1_fix)
To enable the firewall logging, run the following command:

/usr/bin/sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode on