SV-209562r610285_rule
V-209562
SRG-OS-000344-GPOS-00135
AOSX-14-001031
CAT II
10
To make "auditd" log errors to standard error as well as "syslogd", run the following command:
/usr/bin/sudo /usr/bin/sed -i.bak 's/logger -p/logger -s -p/' /etc/security/audit_warn; /usr/bin/sudo /usr/sbin/audit -s
By default, "auditd" only logs errors to "syslog". To see if audit has been configured to print error messages to the console, run the following command:
/usr/bin/sudo /usr/bin/grep logger /etc/security/audit_warn
If the argument "-s" is missing, or if "audit_warn" has not been otherwise modified to print errors to the console or send email alerts to the SA and ISSO, this is a finding.
V-209562
False
AOSX-14-001031
By default, "auditd" only logs errors to "syslog". To see if audit has been configured to print error messages to the console, run the following command:
/usr/bin/sudo /usr/bin/grep logger /etc/security/audit_warn
If the argument "-s" is missing, or if "audit_warn" has not been otherwise modified to print errors to the console or send email alerts to the SA and ISSO, this is a finding.
M
2930