UCF STIG Viewer Logo

The operating system must initiate session audits at system startup.


Overview

Finding ID Version Rule ID IA Controls Severity
V-58315 AOSX-09-000230 SV-72745r1_rule Medium
Description
If auditing is enabled late in the startup process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.
STIG Date
Apple OS X 10.9 (Mavericks) Workstation Security Technical Implementation Guide 2017-01-05

Details

Check Text ( C-59141r1_chk )
To check if the audit service is running, use the following command:

sudo launchctl list | grep com.apple.auditd

If nothing is returned, the audit service is not running and this is a finding.
Fix Text (F-63631r1_fix)
To enable the audit service, run the following command:

sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.auditd.plist