[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90271-8

Platform: cpe:/o:apple:mac_os_x:10.10Date: (C)2015-06-23   (M)2023-07-04



Audit Kernel Module Loading and Unloading Kernel modules, called kernel extensions in Mac OS X, are compiled segments of code that are dynamically loaded into the kernel as required to support specific pieces of hardware or functionality. Privileged users are permitted to load or unload kernel extensions manually. An attacker might attempt to load a kernel extension that is known to be insecure to increase the attack surface of the system, or a user might plug in an unauthorized device that then triggers a kernel extension to be loaded. Auditing administrative actions, which include the loading or unloading of kernel extensions, mitigates this risk.


Parameter:

[exists/does_not_exist]


Technical Mechanism:

In order to view the currently configured flags for the audit daemon, run the following command: sudo grep ^flags /etc/security/audit_control Privileged access, including administrative use of the command line tools kextload and kextunload, is logged via the 'ad' flag. If 'ad' is not listed in the result of the check, this is a finding.

CCSS Severity:CCSS Metrics:
CCSS Score : 5.1Attack Vector: LOCAL
Exploit Score: 2.5Attack Complexity: LOW
Impact Score: 2.5Privileges Required: NONE
Severity: MEDIUMUser Interaction: NONE
Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:LScope: UNCHANGED
 Confidentiality: LOW
 Integrity: NONE
 Availability: LOW
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:25048


OVAL    1
oval:org.secpod.oval:def:25048
XCCDF    1
xccdf_org.secpod_benchmark_general_Mac_OS_X_10_10

© SecPod Technologies