Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Apple macOS 14 (Sonoma) Security Technical Implementation Guide
SRG-OS-000057-GPOS-00027
The macOS system must configure audit log folders to be owned by root.
The macOS system must configure audit log folders to be owned by root.
An XCCDF Rule
Details
Profiles
Prose
The macOS system must configure audit log folders to be owned by root.
Medium Severity
<VulnDiscussion>Audit log folders must be owned by root. The audit service must be configured to create log folders with the correct ownership to prevent normal users from reading audit logs. Audit logs contain sensitive data about the system and users. If log folders are set to only be readable and writable by system administrators, the risk is mitigated. Satisfies: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000258-GPOS-00099</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>