SV-209556r610285_rule
V-209556
SRG-OS-000057-GPOS-00027
AOSX-14-001015
CAT II
10
For any log folder that has an incorrect group, run the following command:
/usr/bin/sudo chgrp wheel [audit log folder]
To check the group ownership of the audit log folder, run the following command:
/usr/bin/sudo ls -lde $(/usr/bin/sudo /usr/bin/grep '^dir' /etc/security/audit_control | awk -F: '{print $2}')
The results should show the group (fourth column) to be "wheel".
If they do not, this is a finding.
V-209556
False
AOSX-14-001015
To check the group ownership of the audit log folder, run the following command:
/usr/bin/sudo ls -lde $(/usr/bin/sudo /usr/bin/grep '^dir' /etc/security/audit_control | awk -F: '{print $2}')
The results should show the group (fourth column) to be "wheel".
If they do not, this is a finding.
M
2930