Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The operating system must back up audit records on an organization-defined frequency onto a different system or media than the system being audited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-51393 | OSX8-00-00395 | SV-65603r1_rule | Medium |
| Description |
|---|
| Protection of log data includes assuring the log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an organizationally defined frequency helps to assure in the event of a catastrophic system failure, the audit records will be retained. |
| STIG | Date |
|---|---|
| Apple OS X 10.8 (Mountain Lion) Workstation STIG | 2015-02-10 |
Details
| Check Text ( C-53729r1_chk ) |
|---|
| To check the location of the audit log files, run the following command: sudo ls -ld `sudo grep "^dir" /etc/security/audit_control | sed 's/dir://'` The default location is /var/audit. If this is not defined or defined incorrectly, this is a finding. |
| Fix Text (F-56191r1_fix) |
|---|
| Edit the /etc/security/audit_control file to define the directory for audit logs. |