3.6 Ensure Firewall is configured to log

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The socketfilter firewall is what is used when the firewall is turned on in the Security PreferencePane. In order to appropriately monitor what access is allowed and denied logging must be enabled.

Rationale:

In order to troubleshoot the successes and failures of a firewall, logging should be enabled.

Impact:

Detailed logging may result in excessive storage.

Solution

Run the following command to enable logging of the firewall

$ sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode on

Turning on log mode

Additional Information:

More info http://krypted.com/tag/socketfilterfw/

See Also

https://workbench.cisecurity.org/files/3197

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12, CSCv7|6.2, CSCv7|6.3

Plugin: Unix

Control ID: 2bf952765ea7b98f7da19d39f305d1f0f536c75f33fbfb05a9094f55729e559e