Details
The socketfilter firewall is what is used when the firewall is turned on in the Security PreferencePane. In order to appropriately monitor what access is allowed and denied logging must be enabled.
Rationale:
In order to troubleshoot the successes and failures of a firewall logging should be enabled.
Impact:
Detailed logging may result in excessive storage.
Solution
Run
/usr/libexec/ApplicationFirewall/socketfilterfw –setloggingmode on
Additional Information:
More info:
http://krypted.com/tag/socketfilterfw/
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.