[Forgot Password]
Login  Register Subscribe

24436

 
 

131815

 
 

115228

 
 

909

 
 

90132

 
 

140

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90270-0

Platform: macosx10.10Date: (C)2015-06-23   (M)2018-03-17



Audit All Logon Events Remote access services, such as those providing remote access to network devices and information systems, increase risk and expose those systems to possible cyber attacks, so all remote access should be closely monitored and audited. Only authorized users should be permitted to remotely access DoD non-public information systems. An attacker might attempt to log in as an authorized user, through stolen credentials, unpatched exploits of the remote access service, or brute force attempts to guess a valid username and password. If a user is attempting to log in to a system from an unusual location or at an unusual time, or if there are many failed attempts, there is a possibility that the system is the target of a cyber attack. Auditing logon events mitigates this risk by recording all logon attempts, successful and unsuccessful, to the system.


Parameter: EXISTS/DOES NOT EXIST


Technical Mechanism: To check to make sure the audit daemon is configured to log all login events, both local and remote, run the following command: sudo grep ^flags /etc/security/audit_control The flag 'lo' should be included in the list of flags set. If it is not, this is a finding.

References:

Resource IdReference
NISTAC-17 (1)
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:25047


OVAL    1
oval:org.secpod.oval:def:25047
XCCDF    1
xccdf_org.secpod_benchmark_general_Mac_OS_X_10_10

© SecPod Technologies