Big Sur - Configure Audit Log Files to Mode 440 or Less Permissive

Gavin M. Dennis

22 April 2022 02:56

Details

The audit service _MUST_ be configured to create log files that are readable only by the root user and group wheel. To achieve this, audit log files _MUST_ be configured to mode 440 or less permissive; thereby preventing normal users from reading, modifying or deleting audit logs.

Solution

Run the following bash code

/bin/chmod 440 $(/usr/bin/grep '^dir' /etc/security/audit_control | /usr/bin/awk -F: '{print $2}')/*
----

Supportive Information

The following resource is also helpful.

https://github.com/usnistgov/macos_security

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.

References

800-53|AU-9
CCE|CCE-85259-0, CCI|CCI-000162
STIG-ID|APPL-11-001016

Source

Tenable.com/audits

PS. Before you go.

Request a quote to protect your organisation from cyber attacks and breaches.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section