SV-209543r610285_rule
V-209543
SRG-OS-000057-GPOS-00027
AOSX-14-000031
CAT II
10
For any log folder that contains ACLs, run the following command:
/usr/bin/sudo chmod -N [audit log folder]
To check if a log folder contains ACLs, run the following commands:
/usr/bin/sudo ls -lde $(/usr/bin/sudo /usr/bin/grep '^dir' /etc/security/audit_control | awk -F: '{print $2}')
In the output from the above commands, ACLs will be listed under any folder that may contain them (e.g., "0: group:admin allow list,readattr,reaadextattr,readsecurity").
If any such line exists, this is a finding.
V-209543
False
AOSX-14-000031
To check if a log folder contains ACLs, run the following commands:
/usr/bin/sudo ls -lde $(/usr/bin/sudo /usr/bin/grep '^dir' /etc/security/audit_control | awk -F: '{print $2}')
In the output from the above commands, ACLs will be listed under any folder that may contain them (e.g., "0: group:admin allow list,readattr,reaadextattr,readsecurity").
If any such line exists, this is a finding.
M
2930