UCF STIG Viewer Logo

System audit tool executables must not have extended ACLs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22373 GEN002718 M6 SV-38103r1_rule ECLP-1 Low
Description
To prevent unauthorized access or manipulation of system audit logs, the tools for manipulating those logs must be protected.
STIG Date
MAC OSX 10.6 Workstation Security Technical Implementation Guide 2013-04-09

Details

Check Text ( C-37640r1_chk )
Open a terminal session and enter the following command to view the ACLs of the audit tool.

ls -lL /usr/sbin/audit /usr/sbin/auditd /usr/sbin/auditreduce /usr/sbin/praudit

If the permissions include a '+', the file has an extended ACL, this is a finding.
Fix Text (F-32881r1_fix)
Open a terminal session and use the following command to remove the extended ACLs.

chmod -N