SV-225142r610901_rule
V-225142
SRG-OS-000004-GPOS-00004
AOSX-15-001001
CAT II
10
To ensure the appropriate flags are enabled for auditing, run the following command:
/usr/bin/sudo /usr/bin/sed -i.bak '/^flags/ s/$/,ad/' /etc/security/audit_control; /usr/bin/sudo /usr/sbin/audit -s
A text editor may also be used to implement the required updates to the "/etc/security/audit_control" file.
To view the currently configured flags for the audit daemon, run the following command:
/usr/bin/sudo /usr/bin/grep ^flags /etc/security/audit_control
Administrative and Privileged access, including administrative use of the command line tools "kextload" and "kextunload" and changes to configuration settings are logged by way of the "ad" flag.
If "ad" is not listed in the result of the check, this is a finding.
V-225142
False
AOSX-15-001001
To view the currently configured flags for the audit daemon, run the following command:
/usr/bin/sudo /usr/bin/grep ^flags /etc/security/audit_control
Administrative and Privileged access, including administrative use of the command line tools "kextload" and "kextunload" and changes to configuration settings are logged by way of the "ad" flag.
If "ad" is not listed in the result of the check, this is a finding.
M
4212