The macOS system must be configured so that log files must not contain access control lists (ACLs).

An XCCDF Rule

Details
Profiles

Description

The audit service must be configured to create log files with the correct permissions to prevent normal users from reading audit logs. Audit logs contain sensitive data about the system and users. If log files are set to be readable and writable only by root or administrative users with sudo, the risk is mitigated. Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000206-GPOS-00084

ID: SV-252452r816170_rule
Version: APPL-12-000030
Severity: Medium
References: CCI-000162 CCI-001314
Updated: 5 days ago

Remediation Templates

For any log file that contains ACLs, run the following command:

/usr/bin/sudo chmod -N [audit log file]

The macOS system must be configured so that log files must not contain access control lists (ACLs).

Description

Remediation Templates

A Manual Procedure