SV-225143r610901_rule
V-225143
SRG-OS-000032-GPOS-00013
AOSX-15-001002
CAT II
10
To ensure the appropriate flags are enabled for auditing, run the following command:
/usr/bin/sudo sed -i.bak '/^flags/ s/$/,lo/' /etc/security/audit_control; /usr/bin/sudo /usr/sbin/audit -s
A text editor may also be used to implement the required updates to the "/etc/security/audit_control" file.
To view the currently configured flags for the audit daemon, run the following command:
/usr/bin/sudo /usr/bin/grep ^flags /etc/security/audit_control
Attempts to log in as another user are logged by way of the "lo" flag.
If "lo" is not listed in the result of the check, this is a finding.
V-225143
False
AOSX-15-001002
To view the currently configured flags for the audit daemon, run the following command:
/usr/bin/sudo /usr/bin/grep ^flags /etc/security/audit_control
Attempts to log in as another user are logged by way of the "lo" flag.
If "lo" is not listed in the result of the check, this is a finding.
M
4212