The macOS system must configure audit_control to not contain access control lists (ACLs).
Overview
Finding ID
Version
Rule ID
IA Controls
Severity
V-269095
APPL-15-001140
SV-269095r1034760_rule
Medium
Description
/etc/security/audit_control must not contain ACLs.
/etc/security/audit_control contains sensitive configuration data about the audit service. This rule ensures that the audit service is configured to be readable and writable only by system administrators to prevent normal users from manipulating audit logs.
Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPOS-00029, SRG-OS-000063-GPOS-00032, SRG-OS-000256-GPOS-00097, SRG-OS-000257-GPOS-00098, SRG-OS-000258-GPOS-00099