Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The operating system must generate audit records when successful/unsuccessful attempts to access privileges occur.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-58497 | AOSX-09-002100 | SV-72927r1_rule | Medium |
| Description |
|---|
| Frequently, an attacker that successfully gains access to a system has only gained access to an account with limited privileges, such as a guest account or a service account. The attacker must attempt to change to another user account with normal or elevated privileges in order to proceed. Auditing successful and unsuccessful attempts to elevate privileges mitigates this risk. |
| STIG | Date |
|---|---|
| Apple OS X 10.9 (Mavericks) Workstation Security Technical Implementation Guide | 2017-01-05 |
Details
| Check Text ( C-59347r1_chk ) |
|---|
| The options to configure the audit daemon are located in the /etc/security/audit_control file. To view the current settings, run the following command: sudo grep ^flags /etc/security/audit_control If the 'lo', 'ad', and 'aa' options are not set, this is a finding. |
| Fix Text (F-63835r1_fix) |
|---|
| To set the audit flags to the recommended setting, run the following command to add the flags 'lo', 'ad', and 'aa' all at once: sudo sed -i.bak '/^flags/ s/$/,lo,ad,aa/' /etc/security/audit_control; sudo audit -s A text editor may also be used to implement the required update to the /etc/security/audit_control file. |