System log files must not contain ACLs.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-51387 | OSX8-00-00825 | SV-65597r1_rule | Medium |
| Description |
|---|
| System log files should not contain ACLs. |
| STIG | Date |
|---|---|
| Apple OS X 10.8 (Mountain Lion) Workstation STIG | 2015-02-10 |
Details
| Check Text ( C-53723r1_chk ) |
|---|
| This command checks for log files that exist on the system and prints out the list of ACLs if there are any. ls -le `grep -v "^#" /etc/newsyslog.conf | awk '{ print $1 }'` 2> /dev/null ACLs will be listed under any file that may contain them. i.e. "0: group:admin allow list,readattr,reaadextattr,readsecurity" If any file contains this information, this is a finding. |
| Fix Text (F-56185r1_fix) |
|---|
| For any log file that returns an ACL, run the following command: chmod -N [log file] where [log file] is the full path to the log file in question. |