Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The audit log files must not contain ACLs.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-51667 | OSX8-00-00225 | SV-65877r1_rule | Medium |
| Description |
|---|
| The audit log files should not contain ACLs. |
| STIG | Date |
|---|---|
| Apple OS X 10.8 (Mountain Lion) Workstation STIG | 2015-02-10 |
Details
| Check Text ( C-53973r3_chk ) |
|---|
| To check for ACLs of the audit log files, run the following command: sudo ls -le `sudo grep "^dir" /etc/security/audit_control | awk -F: '{print $2 "/*"}'` | grep -v current The audit log files listed should not contain ACLs. ACLs will be listed under any file that may contain them. i.e. "0: group:admin allow list,readattr,reaadextattr,readsecurity". If any file contains this information, this is a finding. |
| Fix Text (F-56467r1_fix) |
|---|
| For any log file that returns an ACL, run the following command: chmod -N [audit log file] where [audit log file] is the full path to the log file in question. |