Apple macOS 14 (Sonoma) Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The macOS system must require users to reauthenticate for privilege escalation when using the "sudo" command.
<VulnDiscussion>The file /etc/sudoers must include a timestamp_timout of 0. Without reauthentication, users may access resources or perform ...Rule Medium Severity -
SRG-OS-000205-GPOS-00083
<GroupDescription></GroupDescription>Group -
The macOS system must configure system log files to be owned by root and group to wheel.
<VulnDiscussion>The system log files must be owned by root. System logs contain sensitive data about the system and users. If log files are ...Rule Medium Severity -
SRG-OS-000205-GPOS-00083
<GroupDescription></GroupDescription>Group -
The macOS system must configure system log files to mode 640 or less permissive.
<VulnDiscussion>The system logs must be configured to be writable by root and readable only by the root user and group wheel. To achieve this...Rule Medium Severity -
SRG-OS-000341-GPOS-00132
<GroupDescription></GroupDescription>Group -
The macOS system must configure install.log retention to 365.
<VulnDiscussion>The install.log must be configured to require records be kept for an organizational-defined value before deletion, unless the...Rule Low Severity -
SRG-OS-000373-GPOS-00156
<GroupDescription></GroupDescription>Group -
The macOS system must configure sudoers timestamp type.
<VulnDiscussion>The file /etc/sudoers must be configured to not include a timestamp_type of global or ppid and be configured for timestamp re...Rule Medium Severity -
SRG-OS-000051-GPOS-00024
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.