UCF STIG Viewer Logo

System audit logs must be owned by root.


Overview

Finding ID Version Rule ID IA Controls Severity
V-812 GEN002680 M6 SV-38619r1_rule ECTP-1 Medium
Description
Failure to give ownership of system audit log files to root provides the designated owner and unauthorized users with the potential to access sensitive information.
STIG Date
MAC OSX 10.6 Workstation Security Technical Implementation Guide Draft 2013-01-10

Details

Check Text ( C-37779r1_chk )
Open a terminal session and use the following command to verify the owner of audit logs in the /var/audit directory.

ls -lL /var/audit

If any file in the /var/audit directory is not owned by root, this is a finding.
Fix Text (F-33026r1_fix)
Open a terminal session and use the following command to change the owner of the file.

chown root /var/audit/