← Back to Apple macOS 14 (Sonoma) Security Technical Implementation Guide

V-259556

CAT II (Medium)

The macOS system must configure system log files to be owned by root and group to wheel.

Rule ID

SV-259556r958564_rule

STIG

Apple macOS 14 (Sonoma) Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-001312

Discussion

The system log files must be owned by root. System logs contain sensitive data about the system and users. If log files are set to only be readable and writable by system administrators, the risk is mitigated. Satisfies: SRG-OS-000205-GPOS-00083,SRG-OS-000206-GPOS-00084

Check Content

Verify the macOS system is configured with system log files owned by root and group to wheel with the following command: 

/usr/bin/stat -f '%Su:%Sg:%N' $(/usr/bin/grep -v '^#' /etc/newsyslog.conf | /usr/bin/awk '{ print $1 }') 2> /dev/null | /usr/bin/awk '!/^root:wheel:/{print $1}' | /usr/bin/wc -l | /usr/bin/tr -d ' '

If the result is not "0", this is a finding.

Fix Text

Configure the macOS system with system log files owned by root and group to wheel with the following command: 

/usr/sbin/chown root:wheel $(/usr/bin/stat -f '%Su:%Sg:%N' $(/usr/bin/grep -v '^#' /etc/newsyslog.conf | /usr/bin/awk '{ print $1 }') 2> /dev/null | /usr/bin/awk -F":" '!/^root:wheel:/{print $3}')