UCF STIG Viewer Logo

The operating system must audit any use of privileged accounts, or roles, with access to organization-defined security functions or security-relevant information, when accessing other system functions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-51443 OSX8-00-00170 SV-65653r1_rule Medium
Description
The auditing system must be configured to audit authentication and authorization events.
STIG Date
Apple OS X 10.8 (Mountain Lion) Workstation STIG 2015-02-10

Details

Check Text ( C-53779r2_chk )
In order to view the currently configured flags for the audit daemon, run the following command:

sudo grep ^flags /etc/security/audit_control | sed 's/flags://' | tr "," "\n" | grep aa

The authentication events are logged via the "aa" flag. If "aa" is not listed in the result of the check, this is a finding.
Fix Text (F-56241r1_fix)
To make sure the appropriate flags are enabled for auditing, run the following command:

sudo sed -i.bak '/^flags/ s/$/,aa/' /etc/security/audit_control