SV-209630r610285_rule
V-209630
SRG-OS-000206-GPOS-00084
AOSX-14-004002
CAT II
10
For any log file that returns an incorrect permission value, run the following command:
/usr/bin/sudo chmod 640 [log file]
[log file] is the full path to the log file in question. If the file is managed by "newsyslog", find the configuration line in the directory "/etc/newsyslog.d/" or the file "/etc/newsyslog.conf" and edit the mode column to be "640" or less permissive.
If the file is managed by "aslmanager", find the configuration line in the directory "/etc/asl/" or the file "/etc/asl.conf" and add or edit the mode option to be "mode=0640" or less permissive.
These commands check for log files that exist on the system and print out the log with corresponding permissions. Run them from inside "/var/log":
/usr/bin/sudo stat -f '%A:%N' $(/usr/bin/grep -v '^#' /etc/newsyslog.conf | awk '{ print $1 }') 2> /dev/null
/usr/bin/sudo stat -f '%A:%N' $(/usr/bin/grep -e '^>' /etc/asl.conf /etc/asl/* | awk '{ print $2 }') 2> /dev/null
The correct permissions on log files should be "640" or less permissive for system logs.
Any file with more permissive settings is a finding.
V-209630
False
AOSX-14-004002
These commands check for log files that exist on the system and print out the log with corresponding permissions. Run them from inside "/var/log":
/usr/bin/sudo stat -f '%A:%N' $(/usr/bin/grep -v '^#' /etc/newsyslog.conf | awk '{ print $1 }') 2> /dev/null
/usr/bin/sudo stat -f '%A:%N' $(/usr/bin/grep -e '^>' /etc/asl.conf /etc/asl/* | awk '{ print $2 }') 2> /dev/null
The correct permissions on log files should be "640" or less permissive for system logs.
Any file with more permissive settings is a finding.
M
2930