[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-50276-5

Platform: cpe:/o:apple:mac_os_14Date: (C)2023-11-28   (M)2023-11-28



By auditing access restriction enforcement, changes to application and OS configuration files can be audited. Without auditing the enforcement of access restrictions, it will be difficult to identify attempted attacks and an audit trail will not be available for forensic investigation. Enforcement actions are the methods or mechanisms used to prevent unauthorized changes to configuration settings. Enforcement action methods may be as simple as denying access to a file based on the application of file permissions (access restriction). Audit items may consist of lists of actions blocked by access restrictions or changes identified after the fact. Fix: To make sure the appropriate flags are enabled for auditing, run the following command to add 'fm', '-fr', and '-fw' at the same time: sudo sed -i.bak '/^flags/ s/$/,fm,fr,fw/' /etc/security/audit_control; sudo audit -s You may also edit the /etc/security/audit_control file using a text editor to define the flags your organization requires for auditing.


Parameter:

[exists/does_not_exist]


Technical Mechanism:

To make sure the appropriate flags are enabled for auditing, run the following command to add 'fm', '-fr', and '-fw' at the same time: sudo sed -i.bak '/^flags/ s/$/,fm,fr,fw/' /etc/security/audit_control; sudo audit -s You may also edit the /etc/security/audit_control file using a text editor to define the flags your organization requires for auditing.

CCSS Severity:CCSS Metrics:
CCSS Score : 5.9Attack Vector: LOCAL
Exploit Score: 2.5Attack Complexity: LOW
Impact Score: 3.4Privileges Required: NONE
Severity: MEDIUMUser Interaction: NONE
Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LScope: UNCHANGED
 Confidentiality: LOW
 Integrity: LOW
 Availability: LOW
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:94841


OVAL    1
oval:org.secpod.oval:def:94841
XCCDF    1
xccdf_org.secpod_benchmark_general_Mac_OS_14

© SecPod Technologies