Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-51671 | OSX8-00-00240 | SV-65881r1_rule | Medium |
Description |
---|
The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records (i.e., auditable events) for example, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked. |
STIG | Date |
---|---|
Apple OS X 10.8 (Mountain Lion) Workstation STIG | 2015-02-10 |
Check Text ( C-53975r1_chk ) |
---|
The options to configure the audit daemon are located in the /etc/security/audit_contol file. To view the current settings, run the following command: sudo grep ^flags /etc/security/audit_control | sed 's/flags://' If the flags option is not set, this is a finding. |
Fix Text (F-56469r1_fix) |
---|
To set the audit flags to the recommended setting, run the following command: sed -i.bak 's/^flags.*$/flags:lo,ad,fr,fw,fc,fd,fm,pc,nt,aa/' /etc/security/audit_control You may also edit the /etc/security/audit_control file using a text editor to define the flags your organization requires for auditing. |