The operating system must ensure remote sessions for accessing an organization-defined list of security functions and security-relevant information are audited.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-51425	OSX8-00-00045	SV-65635r1_rule		Medium

Description
Remote access is any access to an organizational operating system by a user (or an information system) communicating through an external, non-organization-controlled network. Remote access to security functions (e.g., user management, audit log management, etc.) and security-relevant information requires the activity be audited by the organization. Any operating system providing remote access must support organizational requirements to audit access or organization-defined security functions and security-relevant information.

Description

Remote access is any access to an organizational operating system by a user (or an information system) communicating through an external, non-organization-controlled network. Remote access to security functions (e.g., user management, audit log management, etc.) and security-relevant information requires the activity be audited by the organization. Any operating system providing remote access must support organizational requirements to audit access or organization-defined security functions and security-relevant information.

STIG	Date
Apple OS X 10.8 (Mountain Lion) Workstation STIG	2015-02-10

Details

Check Text ( C-53761r2_chk )
In order to view the currently configured flags for the audit daemon, run the following command: sudo grep ^flags /etc/security/audit_control \| sed 's/flags://' \| tr "," "\n" \| grep nt The network are logged by way of the "nt" flag. If "nt" is not listed in the result of the check, this is a finding.

Fix Text (F-56223r1_fix)
To make sure the appropriate flags are enabled for auditing, run the following command: sudo sed -i.bak '/^flags/ s/$/,nt/' /etc/security/audit_control