The macOS system must configure audit retention to seven days.

An XCCDF Rule

Details
Profiles

Description

The audit service must be configured to require that records be kept for an organizational-defined value before deletion unless the system uses a central audit record storage facility. When "expire-after" is set to "7d", the audit service will not delete audit logs until the log data criteria is met.

ID: SV-268467r1034341_rule
Version: APPL-15-001029
Severity: Low
References: CCI-001849
Updated: about 2 months ago

Remediation Templates

Configure the macOS system to set audit retention to seven days with the following command:

/usr/bin/sed -i.bak 's/^expire-after.*/expire-after:7d/' /etc/security/audit_control; /usr/sbin/audit -s

The macOS system must configure audit retention to seven days.

Description

Remediation Templates

A Manual Procedure