VFX Computing, Inc.
Services Products Whitepapers Downloads Company Contact Us

Mac OS-X Audit Checks

A collection of useful shortcuts. There are many more that are not listed within this document, but these are most useful in determining boot sequences, screen captures, and other useful auditing techniques.

  • /etc/rc.boot -- modify for single user mode security
  • Activate Boot Password -- Command+Option+O+F
  • Autologin
  • System Daemons -- /etc/rc.common sources /etc/hostconfig
  • Disable Automounts -- /System/Library/StartupItems/NFS/NFS
  • Disable NFS -- /System/Library/StartupItems/NFS/NFS (checks /etc/exports) nidump exports
  • /etc/hostconfig

Enable root's Password

By default, there is no root password that is enabled. Of course, if you sudo or su, you still won't succeed. In order to set one, follow these steps:

  1. Applications -> Utilities -> Directory Utility (then unclick the lock so that it is open)
  2. Edit -> Enable Root Password
  3. In the popup window, type a new password and retype to confirm
  4. Click the padlock to relock the Directory Utility

sysctl options

  • kern.tfp.policy set to 2 or 3
  • kern.shreg_private set to 1
    Indicates whether shared memory regions can be privatized
  • kern.securelevel
    The system security level
  • kern.sugid_coredump set to 0
    Determines whether SUID and SGID files are allowed to dump core
  • kern.sugid_scripts set to 0
    Determines whether to permit SUID and SGID scripts

Cron (or Periodic) Review

Review all of the files in the /etc/periodic/*/* folders.

    Files associated with cron/periodic:
  • /etc/defaults/periodic.conf
  • /etc/periodic/daily/500.daily
  • /etc/periodic/weekly/999.local
  • /etc/periodic/monthly/999.local
  • /etc/security
  • /etc/daily.local
  • /etc/weekly.local
  • /etc/monthly.local

Logs to review

  • /var/log/secure.log
  • /var/log/system.log
  • /var/log/daily.out
  • /var/log/weekly.out
  • /var/log/monthly.out
  • /Library/Logs/Software Update.log
  • /Library/Logs/SingleSignOnTools.log
  • /Library/Logs/DirectoryService/DirectoryService.server.log
  • /var/log/OSInstall.custom

Software Updates

Review the softwareudpate settings to ensure that there are no files that are being ignored and that updates are being done automatically.

  • softwareupdate --ignore
  • softwareupdate --schedule

systemsetup and networksetup

Review components of the systemsetup and networksetup.

systemsetup is a command line configuration tool for certain machine settings that are available in the System Preferences.

networksetup is a command line configuration tool for certain network settings that are available in the System Preferences.

© Copyright 1997-2012; VFX Computing, Inc.. All rights reserved.
Questions, Comments, Suggestions: webmaster@vfxcomputing.com