UCF STIG Viewer Logo

The operating system must employ automated mechanisms to facilitate the monitoring and control of remote access methods.


Overview

Finding ID Version Rule ID IA Controls Severity
V-51479 OSX8-00-00030 SV-65689r1_rule Medium
Description
Remote network access is accomplished by leveraging common communication protocols and establishing a remote connection. Remote access is any access to an organizational information system by a user (or an information system) communicating through an external, non-organization-controlled network (e.g., the Internet). Examples of remote access methods include dial-up, broadband, and wireless. Automated monitoring of remote access sessions allows organizations to audit user activities on a variety of information system components (e.g., servers, workstations, notebook/laptop computers) and to ensure compliance with remote access policy.
STIG Date
Apple OS X 10.8 (Mountain Lion) Workstation STIG 2015-02-10

Details

Check Text ( C-53819r1_chk )
To check to make sure the audit daemon is configured to log all login events, both local and remote, run the following command:

sudo grep ^flags /etc/security/audit_control | sed 's/flags://' | tr "," "\n" | grep lo

The flag "lo" should be included in the list of flags set. If it is not, this is a finding.
Fix Text (F-56281r3_fix)
To edit the configuration of the audit daemon flags, open the /etc/security/audit_control file and make sure "lo" is listed in the "flags:" parameter. To programmatically do this, run the following command:

sudo sed -i.bak '/^flags/ s/$/,lo/' /etc/security/audit_control; sudo audit -s