[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255479

 
 

909

 
 

198938

 
 

282

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-95246-5

Platform: cpe:/o:apple:mac_os_11, cpe:/o:apple:mac_os_x:10.15Date: (C)2020-12-08   (M)2023-07-04



"Audit All Logon Events Remote access services, such as those providing remote access to network devices and information systems, increase risk and expose those systems to possible cyber attacks, so all remote access should be closely monitored and audited. Only authorized users should be permitted to remotely access DoD non-public information systems. An attacker might attempt to log in as an authorized user, through stolen credentials, unpatched exploits of the remote access service, or brute force attempts to guess a valid username and password. If a user is attempting to log in to a system from an unusual location or at an unusual time, or if there are many failed attempts, there is a possibility that the system is the target of a cyber attack. Auditing logon events mitigates this risk by recording all logon attempts, successful and unsuccessful, to the system."


Parameter:

[yes/no]


Technical Mechanism:

Fix:To make sure the appropriate flags are enabled for auditing, run the following command: sudo sed -i.bak '/^flags/ s/$/,lo/' /etc/security/audit_control; sudo audit -s You may also edit the /etc/security/audit_control file using a text editor to define the flags your organization requires for auditing.

CCSS Severity:CCSS Metrics:
CCSS Score : 7.3Attack Vector: NETWORK
Exploit Score: 3.9Attack Complexity: LOW
Impact Score: 3.4Privileges Required: NONE
Severity: HIGHUser Interaction: NONE
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LScope: UNCHANGED
 Confidentiality: LOW
 Integrity: LOW
 Availability: LOW
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:71690
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:67500


OVAL    2
oval:org.secpod.oval:def:71690
oval:org.secpod.oval:def:67500
XCCDF    2
xccdf_org.secpod_benchmark_general_Mac_OS_11
xccdf_org.secpod_benchmark_general_Mac_OS_X_10_15

© SecPod Technologies