V-76109
The OS X firewall must have logging enabled.
Finding ID
AOSX-12-000950
Rule ID
SV-90797r1_rule
Severity
CCE
(None)
Group Title
SRG-OS-000480-GPOS-00227
CCI
CCI-000366
Target Key
(None)
Documentable
No
Discussion
Firewall logging must be enabled. This ensures that malicious network activity will be logged to the system.
Fix Text
To enable the firewall logging, run the following command: /usr/bin/sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode on
Check Content
If HBSS is used, this is not applicable. To check if the OS X firewall has logging enabled, run the following command: /usr/libexec/ApplicationFirewall/socketfilterfw --getloggingmode | /usr/bin/grep on If the result does not show "on", this is a finding.