UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The operating system must protect audit tools from unauthorized deletion.


Overview

Finding ID Version Rule ID IA Controls Severity
V-51431 OSX8-00-00390 SV-65641r1_rule Medium
Description
Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon the log format and application, system and application log tools may provide the only means to manipulate and manage application and system log data. If the tools are deleted, it would affect the administrator's ability to access and review log data.
STIG Date
Apple OS X 10.8 (Mountain Lion) Workstation STIG 2015-02-10

Details

Check Text ( C-53767r1_chk )
The audit tools (audit, auditd, auditreduce, praudit) are installed by the Essentials package of the OS X installer. To verify the permissions for the files installed as part of this package, run the following command:

sudo pkgutil --verify com.apple.pkg.Essentials

Any inconsistencies from the original install and the current state will be displayed.

If there are any inconsistencies, this is a finding.
Fix Text (F-56229r1_fix)
To repair permissions on files that are inconsistent with the original install state, run the following command:

sudo pkgutil --repair com.apple.pkg.Essentials

If ACLs are found on any of the files, run the command:

sudo chmod -N [full path to file]