CCI|CCI-001314

Title

Reveal error messages only to organization-defined personnel or roles.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

Name	Plugin	Audit Name
4.1.4.1 Ensure Audit logs are owned by root and mode 0600 or less permissive	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-002070 - AIX log files must be owned by a system account.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-002071 - AIX log files must be owned by a system group.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-003006 - AIX log files must have mode 0640 or less permissive.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-003007 - AIX log files must not have extended ACLs, except as needed to support authorized software.	Unix	DISA STIG AIX 7.x v2r9
AOSX-13-002105 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - asl	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-002105 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - newsyslog	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-002106 - The macOS system must be configured with system log files set to mode 640 or less permissive - asl	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-002106 - The macOS system must be configured with system log files set to mode 640 or less permissive - newsyslog	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-002107 - The macOS system must be configured with access control lists (ACLs) for system log files to be set correctly - asl	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-002107 - The macOS system must be configured with access control lists (ACLs) for system log files to be set correctly - newsyslog	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000030 - The macOS system must be configured so that log files must not contain access control lists (ACLs).	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - ASL	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - Newsyslog	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-004002 - The macOS system must be configured with system log files set to mode 640 or less permissive - ASL	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-004002 - The macOS system must be configured with system log files set to mode 640 or less permissive - Newsyslog	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000030 - The macOS system must be configured so that log files must not contain access control lists (ACLs).	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - ASL	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - Newsyslog	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-004002 - The macOS system must be configured with system log files set to mode 640 or less permissive - ASL	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-004002 - The macOS system must be configured with system log files set to mode 640 or less permissive - Newsyslog	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-000030 - The macOS system must be configured so that log files must not contain access control lists (ACLs).	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-000030 - The macOS system must be configured so that log files must not contain access control lists (ACLs).	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - asl	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - asl	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - newsyslog	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - newsyslog	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-004002 - The macOS system must be configured with system log files set to mode 640 or less permissive - asl	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-004002 - The macOS system must be configured with system log files set to mode 640 or less permissive - asl	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-004002 - The macOS system must be configured with system log files set to mode 640 or less permissive - newsyslog	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-004002 - The macOS system must be configured with system log files set to mode 640 or less permissive - newsyslog	Unix	DISA STIG Apple macOS 11 v1r5
APPL-12-000030 - The macOS system must be configured so that log files must not contain access control lists (ACLs).	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-004002 - The macOS system must be configured with system log files set to mode 640 or less permissive.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-13-000030 - The macOS system must be configured so that log files do not contain access control lists (ACLs).	Unix	DISA STIG Apple macOS 13 v1r4
APPL-13-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-13-004002 - The macOS system must be configured with system log files set to mode 640 or less permissive.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-14-002021 - The macOS system must disable sending diagnostic and usage data to Apple.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-004001 - The macOS system must configure Apple System Log files to be owned by root and group to wheel.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-004002 - The macOS system must configure Apple System Log files to mode 640 or less permissive.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-004030 - The macOS system must configure system log files to be owned by root and group to wheel.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-004040 - The macOS system must configure system log files to mode 640 or less permissive.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-15-002021 - The macOS system must disable sending diagnostic and usage data to Apple.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-004001 - The macOS system must configure Apple System Log (ASL) files owned by root and group to wheel.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-004002 - The macOS system must configure Apple System Log (ASL) files to mode 640 or less permissive.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-004030 - The macOS system must configure system log files owned by root and group to wheel.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-004040 - The macOS system must configure system log files to mode 640 or less permissive.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
Big Sur - Configure Apple System Log Files Owned by Root and Group to Wheel	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure Apple System Log Files Owned by Root and Group to Wheel	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure Apple System Log Files Owned by Root and Group to Wheel	Unix	NIST macOS Big Sur v1.4.0 - All Profiles

Detections

Analytics

CCI|CCI-001314

Title

Reference Item Details

Audit Items