[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 193795 Download | Alert*

The audit log folder _MUST_ not contain access control lists (ACLs). Audit logs contain sensitive data about the system and users. This rule ensures that the audit service is configured to create log folders that are readable and writable only by system administrators in order to prevent normal users from reading audit logs.

Ensure only strong MAC algorithms are used

The ability to log in to another users active or locked session _MUST_ be disabled. macOS has a privilege that can be granted to any user that will allow that user to unlock active users sessions. Disabling the admins and/or users ability to log into another users active and locked session prevents unauthorized persons from viewing potentially sensitive and/or personal information.

Limit the ciphers to those which are FIPS-approved and only use ciphers in counter (CTR) mode.

Audit log files _MUST_ have the group set to wheel. The audit service _MUST_ be configured to create log files with the correct group ownership to prevent normal users from reading audit logs. Audit logs contain sensitive data about the system and users. If log files are set to be readable and writable only by system administrators, the risk is mitigated.

The audit service _MUST_ be configured to create log files that are readable only by the root user and group wheel. To achieve this, audit log files _MUST_ be configured to mode 440 or less permissive; thereby preventing normal users from reading, modifying or deleting audit logs.

Audit log files _MUST_ be owned by root. The audit service _MUST_ be configured to create log files with the correct ownership to prevent normal users from reading audit logs. Audit logs contain sensitive data about the system and users. If log files are set to only be readable and writable by system administrators, the risk is mitigated.

The audit system _MUST_ be configured to record enforcement actions of access restrictions, including failed program execute (-ex) attempts.

Audit log Folders _MUST_ have the group set to wheel. The audit service _MUST_ be configured to create log files with the correct group ownership to prevent normal users from reading audit logs. Audit logs contain sensitive data about the system and users. If log files are set to be readable and writable only by system administrators, the risk is mitigated.

Audit log folders _MUST_ be owned by root. The audit service _MUST_ be configured to create log files with the correct ownership to prevent normal users from reading audit logs. Audit logs contain sensitive data about the system and users. If log files are set to only be readable and writable by system administrators, the risk is mitigated.


Pages:      Start    12081    12082    12083    12084    12085    12086    12087    12088    12089    12090    12091    12092    12093    12094    ..   19379

© SecPod Technologies