UCF STIG Viewer Logo

Remote logging must be enabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-25271 OSX00155 M6 SV-38523r1_rule ECAR-1 ECAR-2 ECAR-3 Medium
Description
In addition to local logging, remote logging must also be enabled. Local logs can be altered if the computer is compromised. Remote logging mitigates the risk of having the logs altered.
STIG Date
MAC OSX 10.6 Workstation Security Technical Implementation Guide 2013-04-09

Details

Check Text ( C-37736r1_chk )
Open a terminal session and enter the following command.

more /etc/syslog.conf

Ensure the name or IP address of the site's log server is listed as "your.log.server".
If the name or IP address of the log server is not listed, this is a finding.
Fix Text (F-32980r1_fix)
Open a terminal session and enter the following command.

sudo pico /etc/syslog.conf

Add the following line to the top of the file, replacing "your.log.server" with the name or IP address of the log server, and keeping all other lines intact.
*.* @your.log.server
Exit, saving changes.
Reboot the system.