Apple posted the second edition of its "Mac OS X Security Configuration for Version 10.5 Leopard" on Tuesday. The guide provides system administrators with detailed guidance on how to secure a Mac OS X system in order to comply with corporate or government security policies. However, it is also a useful -- and sobering -- introduction to hardening Mac OS X for the user who wants to take the next step in securing a Mac.
The new security guide is listed, along with other security guides for Leopard Server as well as Mac OS X Tiger and Panther. The 2nd edition for Leopard client is 260 pages.
One section that may be of interest is the security auditing process associated with the Common Criteria certification process. The Apple Security Guide introduces this in chapter 13. Essentially, the auditing process provides for extensive logs, which can be parsed, and which document a wide range of user activity in a controlled environment. For example, a sysadmin might want to know which users have tried to use the "sudo" command and when.
While the guide is aimed a UNIX sysadmins who are experts on the command line -- insofar as understanding the implications of the changes they make, the document is also interesting reading for those who want to learn more about Mac system security in general. One warning here, and Apple makes it clear, it's possible to really bork up a Mac OS X system by trying things on the command line without an understanding of UNIX fundamentals. In this regard, for novices, reading and learning are good, mucking around not so much.
Sample from Leopard Security Guide
One change discovered from the first edition was the procedure for setting the global umask. However, Apple hasn't published a list of changes from the 1st to the 2nd edition. This is something that's worth doing, and it's been suggested to Apple.