Audit log files must be owned by root:wheel.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-51641 | OSX8-00-00355 | SV-65851r1_rule | Medium |
| Description |
|---|
| Audit log files should be owned by root:wheel. |
| STIG | Date |
|---|---|
| Apple OS X 10.8 (Mountain Lion) Workstation STIG | 2015-02-10 |
Details
| Check Text ( C-53951r1_chk ) |
|---|
| Prevent unauthorized users from reading or altering the audit logs. To check the permissions of the audit log files, run the following command: sudo -s ls -l `grep "^dir" /etc/security/audit_control | awk -F: '{print $2 "/*"}'` | grep -v current The audit log files listed should be owned by root:wheel. If not, this is a finding. |
| Fix Text (F-56441r1_fix) |
|---|
| For any log file that returns an incorrect permission value, run the following command: sudo chown root:wheel [audit log file] where [audit log file] is the full path to the log file in question. |