SV-225156r610901_rule
V-225156
SRG-OS-000470-GPOS-00214
AOSX-15-001044
CAT II
10
To ensure the appropriate flags are enabled for auditing, run the following command:
/usr/bin/sudo /usr/bin/sed -i.bak '/^flags/ s/$/,aa/' /etc/security/audit_control; /usr/bin/sudo /usr/sbin/audit -s
A text editor may also be used to implement the required updates to the "/etc/security/audit_control" file.
To view the currently configured flags for the audit daemon, run the following command:
/usr/bin/sudo /usr/bin/grep ^flags /etc/security/audit_control
Logon events are logged by way of the "aa" flag.
If "aa" is not listed in the result of the check, this is a finding.
V-225156
False
AOSX-15-001044
To view the currently configured flags for the audit daemon, run the following command:
/usr/bin/sudo /usr/bin/grep ^flags /etc/security/audit_control
Logon events are logged by way of the "aa" flag.
If "aa" is not listed in the result of the check, this is a finding.
M
4212