CCE-95279-6| Platform: cpe:/o:apple:mac_os_11 | Date: (C)2022-12-28 (M)2023-07-04 |
Archiving and retaining install.log for at least a year is beneficial in the event of an incident as it will allow the user to view the various changes to the system along with the date and time they occurred. Without log files system maintenance and security forensics cannot be properly performed.
Fix:
Perform the following to ensure that install logs are retained for at least 365 days:
Edit the /etc/asl/com.apple.install file and add or modify the ttl value to 365 or greater on the file line. Also, remove the all_max= setting and value from the file line.
Parameter:
[365 days]
Technical Mechanism:
Perform the following to ensure that install logs are retained for at least 365 days:
Edit the /etc/asl/com.apple.install file and add or modify the ttl value to 365 or greater on the file line. Also, remove the all_max= setting and value from the file line.
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 5.9 | Attack Vector: LOCAL |
| Exploit Score: 2.5 | Attack Complexity: LOW |
| Impact Score: 3.4 | Privileges Required: NONE |
| Severity: MEDIUM | User Interaction: NONE |
| Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | Scope: UNCHANGED |
| | Confidentiality: LOW |
| | Integrity: LOW |
| | Availability: LOW |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:80373 |
