The auditing tool, praudit, must be the one provided by Apple, Inc.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-51451	OSX8-00-00400	SV-65661r1_rule		Medium

Description
Auditing and logging are key components of any security architecture. It is essential security personnel know what is being done, what was attempted to be done, where it was done, when it was done, and by whom in order to compile an accurate risk assessment. Cryptographic mechanisms must be used to protect the integrity of the audit tools used for audit reduction and reporting. The auditing tool, praudit, should be the one provided by Apple, Inc.

Description

Auditing and logging are key components of any security architecture. It is essential security personnel know what is being done, what was attempted to be done, where it was done, when it was done, and by whom in order to compile an accurate risk assessment. Cryptographic mechanisms must be used to protect the integrity of the audit tools used for audit reduction and reporting. The auditing tool, praudit, should be the one provided by Apple, Inc.

STIG	Date
Apple OS X 10.8 (Mountain Lion) Workstation STIG	2015-02-10

Details

Check Text ( C-53791r1_chk )
Run the following command to ensure the audit tool, praudit, has the correct signed hash value: sudo codesign -dvvv /usr/sbin/praudit 2>&1 \| grep CDHash \| sed 's/CDHash=//' The result should be "7972f0ead62fd6610d4453f842f9e22b5dc14732". If it differs, this is a finding.

Fix Text (F-56253r1_fix)
If the check fails, you will need to obtain the correct files from the original 10.8 installation media.