3.2 Enable security auditing

Information

Logs generated by auditd may be useful when investigating a security incident as they may help reveal the vulnerable application and the actions taken by a malicious actor.

Solution

Perform the following to implement the prescribed state:
Run the following command in Terminal:
sudo /bin/launchctl load -w /System/Library/LaunchDaemons/com.apple.auditd.plist

See Also

https://workbench.cisecurity.org/files/301

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c.

Plugin: Unix

Control ID: e1986e7c204ddf7da90ca03a7fc9c69532b7924357f9aa80bc0a890f1ba8617f