Free DISA STIG and SRG Library | Vaulted

V-76109

The OS X firewall must have logging enabled.

Finding ID
AOSX-12-000950
Rule ID
SV-90797r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-OS-000480-GPOS-00227
CCI
CCI-000366
Target Key
(None)
Documentable
No
Discussion

Firewall logging must be enabled. This ensures that malicious network activity will be logged to the system.

Fix Text

To enable the firewall logging, run the following command: /usr/bin/sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode on

Check Content

If HBSS is used, this is not applicable. To check if the OS X firewall has logging enabled, run the following command: /usr/libexec/ApplicationFirewall/socketfilterfw --getloggingmode | /usr/bin/grep on If the result does not show "on", this is a finding.