Configure Audit Log Folders to Mode 700 or Less PermissiveID: oval:org.secpod.oval:def:80339 | Date: (C)2022-05-30 (M)2023-07-04 |
Class: COMPLIANCE | Family: macos |
The audit log folder _MUST_ be configured to mode 700 or less permissive so that only the root user is able to read, write, and execute changes to folders. Because audit logs contain sensitive data about the system and users, the audit service _MUST_ be configured to mode 700 or less permissive; thereby preventing normal users from reading, modifying or deleting audit logs.