CCE-95228-3Platform: cpe:/o:apple:mac_os_11, cpe:/o:apple:mac_os_x:10.15 | Date: (C)2020-12-08 (M)2023-07-04 |
"Ensure Audit Logs are Kept for 1 Week or Longer
The audit service must be configured to require that records are kept for 7 days or longer before deletion when there is no central audit record storage facility. When expire-after is set to 7d, the audit service will not delete audit logs until the log data is at least 7 days old."
Parameter:
[7_Days]
Technical Mechanism:
Fix:Edit the /etc/security/audit_control file, and change the value for 'expire-after' to the amount of time audit logs should be kept for the system. Use the following command to set the 'expire-after' value to '7d':
sudo sed -i.bak 's/.*expire-after.*/expire-after:7d/' /etc/security/audit_control; sudo audit -s
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.3 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 3.4 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:67506 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:71696 |