mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-02-03 05:53:24 +00:00
80 lines
1.7 KiB
YAML
80 lines
1.7 KiB
YAML
id: os_firewall_log_enable
|
|
title: "Enable Firewall Logging"
|
|
discussion: |
|
|
Firewall logging _MUST_ be enabled.
|
|
|
|
Firewall logging ensures that malicious network activity will be logged to the system.
|
|
|
|
NOTE: The firewall data is logged to Apple's Unified Logging with the subsystem `com.apple.alf` and the data is marked as private. In order to enable private data, review the `com.apple.alf.private_data.mobileconfig` file in the project's `includes` folder.
|
|
check: |
|
|
/usr/bin/osascript -l JavaScript << EOS
|
|
function run() {
|
|
let pref1 = $.NSUserDefaults.alloc.initWithSuiteName('com.apple.security.firewall')\
|
|
.objectForKey('EnableLogging').js
|
|
let pref2 = $.NSUserDefaults.alloc.initWithSuiteName('com.apple.security.firewall')\
|
|
.objectForKey('LoggingOption').js
|
|
if ( pref1 == true && pref2 == "detail" ){
|
|
return("true")
|
|
} else {
|
|
return("false")
|
|
}
|
|
}
|
|
EOS
|
|
result:
|
|
string: "true"
|
|
fix: |
|
|
This is implemented by a Configuration Profile.
|
|
references:
|
|
cce:
|
|
- CCE-92793-9
|
|
cci:
|
|
- N/A
|
|
800-53r5:
|
|
- AU-12
|
|
- SC-7
|
|
800-53r4:
|
|
- SC-7
|
|
- AU-12
|
|
srg:
|
|
- N/A
|
|
disa_stig:
|
|
- N/A
|
|
800-171r2:
|
|
- 3.3.1
|
|
- 3.3.2
|
|
- 3.13.1
|
|
- 3.13.2
|
|
- 3.13.5
|
|
cis:
|
|
benchmark:
|
|
- 3.6 (level 1)
|
|
controls v8:
|
|
- 4.5
|
|
- 8.2
|
|
- 8.5
|
|
cmmc:
|
|
- AU.L2-3.3.6
|
|
- SC.L1-3.13.1
|
|
macOS:
|
|
- "14.0"
|
|
tags:
|
|
- 800-53r5_low
|
|
- 800-53r5_moderate
|
|
- 800-53r5_high
|
|
- 800-53r4_low
|
|
- 800-53r4_moderate
|
|
- 800-53r4_high
|
|
- 800-171
|
|
- cis_lvl1
|
|
- cis_lvl2
|
|
- cisv8
|
|
- cnssi-1253_moderate
|
|
- cnssi-1253_low
|
|
- cnssi-1253_high
|
|
- cmmc_lvl2
|
|
- cmmc_lvl1
|
|
mobileconfig: true
|
|
mobileconfig_info:
|
|
com.apple.security.firewall:
|
|
EnableLogging: true
|
|
LoggingOption: detail |