UCF STIG Viewer Logo

The audit log folder must not have ACLs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-51651 OSX8-00-00375 SV-65861r1_rule Medium
Description
The audit log folder should not have ACLs.
STIG Date
Apple OS X 10.8 (Mountain Lion) Workstation STIG 2015-02-10

Details

Check Text ( C-53959r1_chk )
To check for ACLs of the audit log folder run the following command:

ls -le `grep "^dir" /etc/security/audit_control | awk -F: '{print $2 "/"}'` | grep -v current

The audit log folder listed should not contain ACLs. ACLs will be listed under any file that may contain them (e.g., "0: group:admin allow list,readattr,reaadextattr,readsecurity"). If the folder contains this information, this is a finding.
Fix Text (F-56449r1_fix)
If the log folder has an ACL, run the following command:

chmod -N [audit log folder]

where [audit log folder] is the full path to the log folder in question.