CCE-91774-0Platform: cpe:/o:apple:mac_os_x:10.13 | Date: (C)2018-02-22 (M)2023-07-04 |
Audit Successful and Unsuccessful Attempts to Gain Privileged Access
Frequently, an attacker that successfully gains access to a system has only gained access to an account with limited privileges, such as a guest account or a service account. The attacker must attempt to change to another user account with normal or elevated privileges in order to proceed. Auditing successful and unsuccessful attempts to elevate privileges mitigates this risk.
Parameter:
[yes/no]
Technical Mechanism:
The options to configure the audit daemon are located in the /etc/security/audit_control file. To view the current settings, run the following command:
sudo grep ^flags /etc/security/audit_control
If the 'lo', 'ad', and 'aa' options are not set, this is a finding.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 6.8 | Attack Vector: LOCAL |
Exploit Score: 2.5 | Attack Complexity: LOW |
Impact Score: 4.2 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: NONE |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:44336 |