SV-209555r610285_rule
V-209555
SRG-OS-000057-GPOS-00027
AOSX-14-001014
CAT II
10
For any log file that returns an incorrect group owner, run the following command:
/usr/bin/sudo chgrp wheel [audit log file]
[audit log file] is the full path to the log file in question.
To check the group ownership of the audit log files, run the following command:
/usr/bin/sudo ls -le $(/usr/bin/sudo /usr/bin/grep '^dir' /etc/security/audit_control | awk -F: '{print $2}') | /usr/bin/grep -v current
The results should show the group owner (fourth column) to be "wheel".
If they do not, this is a finding.
V-209555
False
AOSX-14-001014
To check the group ownership of the audit log files, run the following command:
/usr/bin/sudo ls -le $(/usr/bin/sudo /usr/bin/grep '^dir' /etc/security/audit_control | awk -F: '{print $2}') | /usr/bin/grep -v current
The results should show the group owner (fourth column) to be "wheel".
If they do not, this is a finding.
M
2930