[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-91411-9

Platform: cpe:/o:apple:mac_os_x:10.11Date: (C)2018-02-22   (M)2023-07-04



Notify when auditing fails The audit service should be configured to immediately print messages to the console or email administrator users when an auditing failure occurs. It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected.


Parameter:

[yes/no]


Technical Mechanism:

By default, auditd only logs errors to syslog. To verify if auditd has been configured to send immediate alerts to the SA or IAO, ask the SA if /etc/security/audit_warn has been configured to send emails or print alerts to the terminal window when audit errors occur. For example, to see if audit has been configured to print error messages to the console, run the following command: sudo grep logger /etc/security/audit_warn If the argument '-s' is missing, or if audit_warn has not been otherwise modified to print errors to the console or send email alerts to the SA and IAO, this is a finding.

CCSS Severity:CCSS Metrics:
CCSS Score : 5.1Attack Vector: LOCAL
Exploit Score: 2.5Attack Complexity: LOW
Impact Score: 2.5Privileges Required: NONE
Severity: MEDIUMUser Interaction: NONE
Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:LScope: UNCHANGED
 Confidentiality: LOW
 Integrity: NONE
 Availability: LOW
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:44025


OVAL    1
oval:org.secpod.oval:def:44025
XCCDF    1
xccdf_org.secpod_benchmark_general_Mac_OS_X_10_11

© SecPod Technologies