STIGQter: STIG Summary: Apple OS X 10.15 (Catalina) Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 23 Apr 2021:

The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).

DISA Rule

SV-225145r610901_rule

Vulnerability Number

V-225145

Group Title

SRG-OS-000047-GPOS-00023

Rule Version

AOSX-15-001010

Severity

CAT II

CCI(s)

• CCI-000140 - The information system takes organization-defined actions upon audit failure (e.g., shut down information system, overwrite oldest audit records, stop generating audit records).

Weight

10

Fix Recommendation

Edit the "/etc/security/audit_control file" and change the value for policy to include the setting "ahlt". To do this programmatically, run the following command:

sudo /usr/bin/sed -i.bak '/^policy/ s/$/,ahlt/' /etc/security/audit_control; sudo /usr/sbin/audit -s

Check Contents

Verify that the audit control system is configured shut down upon failure using the following command:

sudo /usr/bin/grep ^policy /etc/security/audit_control | /usr/bin/grep ahlt

If there is no result, this is a finding.

Vulnerability Number

V-225145

Documentable

False

Rule Version

AOSX-15-001010

Severity Override Guidance

Verify that the audit control system is configured shut down upon failure using the following command:

sudo /usr/bin/grep ^policy /etc/security/audit_control | /usr/bin/grep ahlt

If there is no result, this is a finding.

Check Content Reference

M

Target Key

4212

Comments