From Apple OS X 10.10 (Yosemite) Workstation Security Technical Implementation Guide
Part of SRG-OS-000047
Associated with: CCI-000140
The audit service should shut down the computer if it is unable to audit system events. Once audit failure occurs, user and system activity is no longer recorded and malicious activity could go undetected. Audit processing failures include: software/hardware errors; failures in the audit capturing mechanisms; and audit storage capacity being reached or exceeded. Responses to audit failure depend upon the nature of the failure mode.
To view the setting for the audit control system, run the following command: sudo grep ^policy /etc/security/audit_control | grep ahlt If there is no result, this is a finding.
Edit the /etc/security/audit_control file, and change the value for policy to include the setting 'ahlt'. To programmatically do this, run the following command: sudo sed -i.bak '/^policy/ s/$/,ahlt/' /etc/security/audit_control; sudo audit -s
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer