usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 14:03:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

audit_flags_fm_configure #288

New Issue
Closed
opened 2026-01-19 18:29:56 +00:00 by michael · 3 comments
michael commented 2026-01-19 18:29:56 +00:00
Owner
Copy Link

Originally created by @robertgendler on GitHub.

We should change fm to -fm as no 800-53 rule actually requires auditing of all file modifications (successful or not).

This will also make audit far less busy.

Originally created by @robertgendler on GitHub. We should change fm to -fm as no 800-53 rule actually requires auditing of all file modifications (successful or not). This will also make audit far less busy.
michael commented 2026-01-19 18:29:57 +00:00
Author
Owner
Copy Link

@robertgendler commented on GitHub:

Updated with commit 78756b826b

@robertgendler commented on GitHub: Updated with commit https://github.com/usnistgov/macos_security/commit/78756b826bab44395f9c36cbfa20c62f33d3ae0f
michael commented 2026-01-19 18:29:57 +00:00
Author
Owner
Copy Link

@cipineda commented on GitHub:

I'm testing dev_sonoma and found that this issue is back:

The validation script is:
/usr/bin/awk -F':' '/^flags/ { print $NF }' /etc/security/audit_control | /usr/bin/tr ',' '\n' | /usr/bin/grep -Ec '^fm'
which returns a 0

if the '^fm' is changed to either 'fm' or '-fm' then it returns a 1

here are the flags in my /etc/security/audit_control' file flags:lo,aa,ad,-ex,-fd,-fm,-fr,-fw`

Should I open a new issue? or you follow up on this one?

@cipineda commented on GitHub: I'm testing dev_sonoma and found that this issue is back: The validation script is: `/usr/bin/awk -F':' '/^flags/ { print $NF }' /etc/security/audit_control | /usr/bin/tr ',' '\n' | /usr/bin/grep -Ec '^fm'` which returns a 0 if the `'^fm'` is changed to either `'fm'` or `'-fm'` then it returns a 1 here are the flags in my `/etc/security/audit_control' file `flags:lo,aa,ad,-ex,-fd,-fm,-fr,-fw` Should I open a new issue? or you follow up on this one?
michael commented 2026-01-19 18:29:57 +00:00
Author
Owner
Copy Link

@golbiga commented on GitHub:

merged with main

@golbiga commented on GitHub: merged with `main`
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
michael
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: usnistgov/macos_security#288
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?