STIGQter: STIG Summary: Apple macOS 11 (Big Sur) Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Apple macOS 11 (Big Sur) Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:SV-230843r599842_rule
V-230843
SRG-OS-000206-GPOS-00084
APPL-11-004002
CAT II
10
For any log file that returns an incorrect permission value, run the following command:
/usr/bin/sudo chmod 640 [log file]
[log file] is the full path to the log file in question. If the file is managed by "newsyslog", find the configuration line in the directory "/etc/newsyslog.d/" or the file "/etc/newsyslog.conf" and edit the mode column to be "640" or less permissive.
If the file is managed by "aslmanager", find the configuration line in the directory "/etc/asl/" or the file "/etc/asl.conf" and add or edit the mode option to be "mode=0640" or less permissive.
The following commands check for log files that exist on the system and print the path to the log with the corresponding permissions. Run them from inside "/var/log":
/usr/bin/sudo stat -f '%A:%N' $(/usr/bin/grep -v '^#' /etc/newsyslog.conf | awk '{ print $1 }') 2> /dev/null
/usr/bin/sudo stat -f '%A:%N' $(/usr/bin/grep -e '^>' /etc/asl.conf /etc/asl/* | awk '{ print $2 }') 2> /dev/null
Each command may return zero or more files. If the permissions on log files are not "640" or less permissive, this is a finding.
V-230843
False
APPL-11-004002
The following commands check for log files that exist on the system and print the path to the log with the corresponding permissions. Run them from inside "/var/log":
/usr/bin/sudo stat -f '%A:%N' $(/usr/bin/grep -v '^#' /etc/newsyslog.conf | awk '{ print $1 }') 2> /dev/null
/usr/bin/sudo stat -f '%A:%N' $(/usr/bin/grep -e '^>' /etc/asl.conf /etc/asl/* | awk '{ print $2 }') 2> /dev/null
Each command may return zero or more files. If the permissions on log files are not "640" or less permissive, this is a finding.
M
5246