The macOS system must be configured so that log files do not contain access control lists (ACLs).

An XCCDF Rule

Description

<VulnDiscussion>The audit service must be configured to create log files with the correct permissions to prevent normal users from reading audit logs. Audit logs contain sensitive data about the system and users. If log files are set to be readable and writable only by root or administrative users with sudo, the risk is mitigated. Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000206-GPOS-00084</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-257158r905107_rule
Severity: Medium
References: CCI-000162 CCI-001314
Updated: 8 months ago

Configure the macOS system so that log files do not contain ACLs with the following command:

/usr/bin/sudo /bin/chmod -N [audit log file]

The macOS system must be configured so that log files do not contain access control lists (ACLs).

Description

Remediation - Manual Procedure