APPL-14-000031 - The macOS system must configure audit log folders to not contain access control lists.

Information

The audit log folder must not contain access control lists (ACLs).

Audit logs contain sensitive data about the system and users. This rule ensures that the audit service is configured to create log folders that are readable and writable only by system administrators in order to prevent normal users from reading audit logs.

Satisfies: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000258-GPOS-00099

Solution

Configure the macOS system without ACLs applied to log folders with the following command:

/bin/chmod -N /var/audit

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_macOS_14_V2R2_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CAT|II, CCI|CCI-000162, CCI|CCI-000163, CCI|CCI-000164, CCI|CCI-001493, CCI|CCI-001494, CCI|CCI-001495, Rule-ID|SV-259433r958434_rule, STIG-ID|APPL-14-000031, Vuln-ID|V-259433

Plugin: Unix

Control ID: a180f68344516825432b2c0d67a7d64e8a1cfc287f8d2c1f689871a9c0f3b7fc