Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-51631 | OSX8-00-00345 | SV-65841r1_rule | Medium |
Description |
---|
Audit log files should not contain ACLs. |
STIG | Date |
---|---|
Apple OS X 10.8 (Mountain Lion) Workstation STIG | 2015-02-10 |
Check Text ( C-53943r2_chk ) |
---|
To check for ACLs of the audit log files, run the following command: sudo ls -le `sudo grep "^dir" /etc/security/audit_control | awk -F: '{print $2 "/*"}'` | grep -v current The audit log files listed should not contain ACLs. ACLs will be listed under any file that may contain them (e.g., "0: group:admin allow list,readattr,reaadextattr,readsecurity" ). If any file contains this information, this is a finding. |
Fix Text (F-56433r1_fix) |
---|
For any log file that returns an ACL, run the following command: sudo chmod -N [audit log file] where [audit log file] is the full path to the log file in question. |