STIGQter STIGQter: STIG Summary: Apple OS X 10.14 (Mojave) Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The macOS system must monitor remote access methods and generate audit records when successful/unsuccessful attempts to access/modify privileges occur.

DISA Rule

SV-209550r610285_rule

Vulnerability Number

V-209550

Group Title

SRG-OS-000032-GPOS-00013

Rule Version

AOSX-14-001002

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To ensure the appropriate flags are enabled for auditing, run the following command:

/usr/bin/sudo sed -i.bak '/^flags/ s/$/,lo/' /etc/security/audit_control; /usr/bin/sudo /usr/sbin/audit -s

A text editor may also be used to implement the required updates to the "/etc/security/audit_control" file.

Check Contents

To view the currently configured flags for the audit daemon, run the following command:

/usr/bin/sudo /usr/bin/grep ^flags /etc/security/audit_control

Attempts to log in as another user are logged by way of the "lo" flag.

If "lo" is not listed in the result of the check, this is a finding.

Vulnerability Number

V-209550

Documentable

False

Rule Version

AOSX-14-001002

Severity Override Guidance

To view the currently configured flags for the audit daemon, run the following command:

/usr/bin/sudo /usr/bin/grep ^flags /etc/security/audit_control

Attempts to log in as another user are logged by way of the "lo" flag.

If "lo" is not listed in the result of the check, this is a finding.

Check Content Reference

M

Target Key

2930

Comments