Big Sur - Configure Audit Log Folder to Not Contain Access Control Lists

Gavin M. Dennis

22 April 2022 02:59

Details

The audit log folder _MUST_ not contain access control lists (ACLs).

Audit logs contain sensitive data about the system and users. This rule ensures that the audit service is configured to create log folders that are readable and writable only by system administrators in order to prevent normal users from reading audit logs.

Solution

Run the following bash code

/bin/chmod -N $(/usr/bin/grep '^dir' /etc/security/audit_control | /usr/bin/awk -F: '{print $2}')
----

Supportive Information

The following resource is also helpful.

https://github.com/usnistgov/macos_security

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.

References

800-53|AU-9
CCE|CCE-85252-5, CCI|CCI-000162
STIG-ID|APPL-11-000031

Source

Tenable.com/audits

PS. Before you go.

Request a quote to protect your organisation from cyber attacks and breaches.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section