Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-25271 | OSX00155 M6 | SV-38523r1_rule | ECAR-1 ECAR-2 ECAR-3 | Medium |
Description |
---|
In addition to local logging, remote logging must also be enabled. Local logs can be altered if the computer is compromised. Remote logging mitigates the risk of having the logs altered. |
STIG | Date |
---|---|
MAC OSX 10.6 Workstation Security Technical Implementation Guide | 2013-04-09 |
Check Text ( C-37736r1_chk ) |
---|
Open a terminal session and enter the following command. more /etc/syslog.conf Ensure the name or IP address of the site's log server is listed as "your.log.server". If the name or IP address of the log server is not listed, this is a finding. |
Fix Text (F-32980r1_fix) |
---|
Open a terminal session and enter the following command. sudo pico /etc/syslog.conf Add the following line to the top of the file, replacing "your.log.server" with the name or IP address of the log server, and keeping all other lines intact. *.* @your.log.server Exit, saving changes. Reboot the system. |