The audit log folder must have the correct permissions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-51647 | OSX8-00-00370 | SV-65857r1_rule | Medium |
| Description |
|---|
| The audit log folder should have correct permissions. |
| STIG | Date |
|---|---|
| Apple OS X 10.8 (Mountain Lion) Workstation STIG | 2015-02-10 |
Details
| Check Text ( C-53957r1_chk ) |
|---|
| To check the permissions of the audit log files, run the following command: stat -f "%A:%N" `grep "^dir" /etc/security/audit_control | awk -F: '{print $2}'` The results should show the permissions (first column) to be "700" or less permissive. If not, this is a finding. |
| Fix Text (F-56447r1_fix) |
|---|
| If the permissions on the audit log file are incorrect, run the following command: sudo chmod 700 /var/audit |