UCF STIG Viewer Logo

The OS X firewall must have logging enabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-58407 AOSX-09-000950 SV-72837r1_rule Medium
Description
Firewall logging must be enabled. This ensures that malicious network activity will be logged to the system.
STIG Date
Apple OS X 10.9 (Mavericks) Workstation Security Technical Implementation Guide 2017-01-05

Details

Check Text ( C-59233r1_chk )
If HBSS is used, this is not applicable.

To check if the OS X firewall has logging enabled, run the following command:

/usr/libexec/ApplicationFirewall/socketfilterfw --getloggingmode | grep on

If the result does not show 'on', this is a finding.
Fix Text (F-63721r1_fix)
To enable the firewall logging, run the following command:

sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode on