Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The operating system must initiate session audits at system startup.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-58315 | AOSX-09-000230 | SV-72745r1_rule | Medium |
| Description |
|---|
| If auditing is enabled late in the startup process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created. |
| STIG | Date |
|---|---|
| Apple OS X 10.9 (Mavericks) Workstation Security Technical Implementation Guide | 2017-01-05 |
Details
| Check Text ( C-59141r1_chk ) |
|---|
| To check if the audit service is running, use the following command: sudo launchctl list | grep com.apple.auditd If nothing is returned, the audit service is not running and this is a finding. |
| Fix Text (F-63631r1_fix) |
|---|
| To enable the audit service, run the following command: sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.auditd.plist |