Big Sur - Enable Firewall Logging

Information

Firewall logging _MUST_ be enabled.

Firewall logging ensures that malicious network activity will be logged to the system.

NOTE: The firewall data is logged to Apple's Unified Logging with the subsystem com.apple.alf and the data is marked as private.

Solution

[source,bash]
----
/usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode on
----

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AU-12, 800-53|SC-7, CCE|CCE-85313-5

Plugin: Unix

Control ID: dda131eaa5247ec185060c3f3ad906a9aa93d30586af6cc8fb7a4f3f0879baf1