SV-225146r610901_rule
V-225146
SRG-OS-000057-GPOS-00027
AOSX-15-001012
CAT II
10
For any log file that returns an incorrect owner, run the following command:
/usr/bin/sudo chown root [audit log file]
[audit log file] is the full path to the log file in question.
To check the ownership of the audit log files, run the following command:
/usr/bin/sudo ls -le $(/usr/bin/sudo /usr/bin/grep '^dir' /etc/security/audit_control | awk -F: '{print $2}') | grep -v current
The results should show the owner (third column) to be "root".
If they do not, this is a finding.
V-225146
False
AOSX-15-001012
To check the ownership of the audit log files, run the following command:
/usr/bin/sudo ls -le $(/usr/bin/sudo /usr/bin/grep '^dir' /etc/security/audit_control | awk -F: '{print $2}') | grep -v current
The results should show the owner (third column) to be "root".
If they do not, this is a finding.
M
4212