Big Sur - Configure Audit Log Files to Mode 440 or Less Permissive

Information

The audit service _MUST_ be configured to create log files that are readable only by the root user and group wheel. To achieve this, audit log files _MUST_ be configured to mode 440 or less permissive; thereby preventing normal users from reading, modifying or deleting audit logs.

Solution

[source,bash]
----
/bin/chmod 440 $(/usr/bin/grep '^dir' /etc/security/audit_control | /usr/bin/awk -F: '{print $2}')/*
----

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CCE|CCE-85259-0, CCI|CCI-000162, STIG-ID|APPL-11-001016

Plugin: Unix

Control ID: 08787b6f3e2b8fab4e7ca620bff3e2ffb4d6bec6dbf282c16162f01d5d1cc90b