CCE-85251-7| Platform: cpe:/o:apple:mac_os_11 | Date: (C)2022-12-28 (M)2023-07-04 |
The audit log files _MUST_ not contain access control lists (ACLs).
Audit logs contain sensitive data about the system and users. This rule ensures that the audit service is configured to create log files that are readable and writable only by system administrators in order to prevent normal users from reading audit logs.
Fix:
/bin/chmod -RN $(/usr/bin/awk -F: '/^dir/{print $2}' /etc/security/audit_control)
Note:
Patching only possible with the default value, endpoint needs to be updated manually if there is any update made to the specified default value.
Parameter:
[yes/no]
Technical Mechanism:
/bin/chmod -RN $(/usr/bin/awk -F: '/^dir/{print $2}' /etc/security/audit_control)
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 7.8 | Attack Vector: LOCAL |
| Exploit Score: 1.8 | Attack Complexity: LOW |
| Impact Score: 5.9 | Privileges Required: LOW |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:80327 |
