Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-51409 | OSX8-00-00135 | SV-65619r1_rule | Medium |
Description |
---|
Accounts are utilized for identifying individual application users or for identifying the application processes themselves. When accounts are deleted, a Denial of Service could happen. The operating system must audit and notify, as required, to mitigate the Denial of Service risk. |
STIG | Date |
---|---|
Apple OS X 10.8 (Mountain Lion) Workstation STIG | 2015-02-10 |
Check Text ( C-53745r1_chk ) |
---|
In order to view the currently configured flags for the audit daemon, run the following command: sudo grep ^flags /etc/security/audit_control | sed 's/flags://' | tr "," "\n" | grep ad The account creation events are logged by way of the "ad" flag. If "ad" is not listed in the result of the check, this is a finding. |
Fix Text (F-56207r1_fix) |
---|
To make sure the appropriate flags are enabled for auditing, run the following command: sudo sed -i.bak '/^flags/ s/$/,ad/' /etc/security/audit_control |