APPL-14-001130 - The macOS system must configure audit_control to mode 440 or less permissive.

Information

/etc/security/audit_control must be configured so that it is readable only by the root user and group wheel.

Satisfies: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000063-GPOS-00032,SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000258-GPOS-00099

Solution

Configure the macOS system with the audit_control to mode 440 with the following command:

/bin/chmod 440 /etc/security/audit_control

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_macOS_14_V2R2_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, 800-53|AU-12b., CAT|II, CCI|CCI-000162, CCI|CCI-000163, CCI|CCI-000164, CCI|CCI-000171, CCI|CCI-001493, CCI|CCI-001494, CCI|CCI-001495, Rule-ID|SV-259475r958434_rule, STIG-ID|APPL-14-001130, Vuln-ID|V-259475

Plugin: Unix

Control ID: 002f6fb2089109a259e8ba10d4bf19af94f76c2af49d71b36127193b01cf056b