Catalina - Configure Audit Log Files to Not Contain Access Control Lists

Details

The audit log files _MUST_ not contain access control lists (ACLs).



This rule ensures that audit information and audit files are configured to be readable and writable only by system administrators, thereby preventing unauthorized access, modification, and deletion of files.


Solution

Run the following bash code

/bin/chmod -RN $(/usr/bin/awk -F: '/^dir/{print $2}' /etc/security/audit_control)
----


Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability, System and Information Integrity.This control applies to the following type of system Unix.


References


Source