SV-225150r610901_rule
V-225150
SRG-OS-000057-GPOS-00027
AOSX-15-001016
CAT II
10
For any log file that returns an incorrect permission value, run the following command:
/usr/bin/sudo chmod 440 [audit log file]
[audit log file] is the full path to the log file in question.
To check the permissions of the audit log files, run the following command:
/usr/bin/sudo ls -le $(/usr/bin/sudo /usr/bin/grep '^dir' /etc/security/audit_control | awk -F: '{print $2}') | /usr/bin/grep -v current
The results should show the permissions (first column) to be "440" or less permissive.
If they do not, this is a finding.
V-225150
False
AOSX-15-001016
To check the permissions of the audit log files, run the following command:
/usr/bin/sudo ls -le $(/usr/bin/sudo /usr/bin/grep '^dir' /etc/security/audit_control | awk -F: '{print $2}') | /usr/bin/grep -v current
The results should show the permissions (first column) to be "440" or less permissive.
If they do not, this is a finding.
M
4212