3.2 Enable security auditing

Information

Logs generated by auditd may be useful when investigating a security incident as they may help reveal the vulnerable application and the actions taken by a malicious actor.

Solution

Perform the following to implement the prescribed state:
Run the following command in Terminal:
sudo /bin/launchctl load -w /System/Library/LaunchDaemons/com.apple.auditd.plist

See Also

https://workbench.cisecurity.org/files/300

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c.

Plugin: Unix

Control ID: fdcdf7729a136264b6b73d319f9dbe8333806751d0c496b425b74feb648b16e6