Big Sur - Configure Audit Log Files to Not Contain Access Control Lists

Gavin M. Dennis

22 April 2022 02:59

Details

The audit log files _MUST_ not contain access control lists (ACLs).

This rule ensures that audit information and audit files are configured to be readable and writable only by system administrators, thereby preventing unauthorized access, modification, and deletion of files.

Solution

Run the following bash code

/bin/chmod -RN $(/usr/bin/awk -F: '/^dir/{print $2}' /etc/security/audit_control)
----

Supportive Information

The following resource is also helpful.

https://github.com/usnistgov/macos_security

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability, System and Information Integrity.This control applies to the following type of system Unix.

References

800-53|AU-9
800-53|SI-11
800-53|SI-11b.
CCE|CCE-85251-7, CCI|CCI-000162
CCI|CCI-001314
STIG-ID|APPL-11-000030

Source

Tenable.com/audits

PS. Before you go.

Request a quote to protect your organisation from cyber attacks and breaches.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section