UCF STIG Viewer Logo

The operating system must ensure remote sessions for accessing an organization-defined list of security functions and security-relevant information are audited.


Overview

Finding ID Version Rule ID IA Controls Severity
V-51425 OSX8-00-00045 SV-65635r1_rule Medium
Description
Remote access is any access to an organizational operating system by a user (or an information system) communicating through an external, non-organization-controlled network. Remote access to security functions (e.g., user management, audit log management, etc.) and security-relevant information requires the activity be audited by the organization. Any operating system providing remote access must support organizational requirements to audit access or organization-defined security functions and security-relevant information.
STIG Date
Apple OS X 10.8 (Mountain Lion) Workstation STIG 2015-02-10

Details

Check Text ( C-53761r2_chk )
In order to view the currently configured flags for the audit daemon, run the following command:

sudo grep ^flags /etc/security/audit_control | sed 's/flags://' | tr "," "\n" | grep nt

The network are logged by way of the "nt" flag. If "nt" is not listed in the result of the check, this is a finding.
Fix Text (F-56223r1_fix)
To make sure the appropriate flags are enabled for auditing, run the following command:

sudo sed -i.bak '/^flags/ s/$/,nt/' /etc/security/audit_control