mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-02-03 05:53:24 +00:00
34 lines
949 B
YAML
34 lines
949 B
YAML
id: audit_retention_one_week_configure
|
|
title: "Configure Audit Retention to a Minimum of 7 Days"
|
|
discussion: |
|
|
The audit service must be configured to require that records are kept for seven days or longer before deletion when there is no central audit record storage facility. When "expire-after" is set to "7d", the audit service will not delete audit logs until the log data is at least seven days old.
|
|
check: |
|
|
/usr/bin/awk -F: '/expire-after/{print $2}' /etc/security/audit_control
|
|
result:
|
|
string: 7d
|
|
fix: |
|
|
[source,bash]
|
|
----
|
|
/usr/bin/sed -i.bak 's/^expire-after.*/expire-after:7d/' /etc/security/audit_control; /usr/sbin/audit -s
|
|
----
|
|
references:
|
|
cce:
|
|
- CCE-84719-4
|
|
cci:
|
|
- CCI-001849
|
|
800-53r4:
|
|
- AU-4
|
|
srg:
|
|
- SRG-OS-000341-GPOS-00132
|
|
disa_stig:
|
|
- AOSX-14-001029
|
|
macOS:
|
|
- "10.15"
|
|
tags:
|
|
- cnssi-1253
|
|
- fisma-low
|
|
- fisma-moderate
|
|
- fisma-high
|
|
- STIG
|
|
mobileconfig: false
|
|
mobileconfig_info: |