The flags option must be set in /etc/security/audit_control.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-51673 | OSX8-00-00245 | SV-65883r1_rule | Medium |
| Description |
|---|
| The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records (i.e., auditable events). |
| STIG | Date |
|---|---|
| Apple OS X 10.8 (Mountain Lion) Workstation STIG | 2015-02-10 |
Details
| Check Text ( C-53979r1_chk ) |
|---|
| The options to configure the audit daemon are located in the /etc/security/audit_contol file. To view the current settings, run the following command: sudo grep ^flags /etc/security/audit_control | sed 's/flags://' If the flags option is not set, this is a finding. |
| Fix Text (F-56471r1_fix) |
|---|
| To set the audit flags to the recommended setting, run the following command: sed -i.bak 's/^flags.*$/flags:lo,ad,fr,fw,fc,fd,fm,pc,nt,aa/' /etc/security/audit_control You may also edit the /etc/security/audit_control file using a text editor to define the flags your organization requires for auditing. |