The macOS system must configure install.log retention to 365.

An XCCDF Rule

Details
Profiles

Description

The install.log must be configured to require that records be kept for an organizational-defined value before deletion, unless the system uses a central audit record storage facility. Proper audit storage capacity is crucial to ensuring the ongoing logging of critical events.

ID: SV-268554r1034602_rule
Version: APPL-15-004050
Severity: Low
References: CCI-001849
Updated: about 2 months ago

Remediation Templates

Configure the macOS system with install.log retention to 365 with the following command:

/usr/bin/sed -i '' "s/\* file \/var\/log\/install.log.*/\* file \/var\/log\/install.log format='\$\(\(Time\)\(JZ\)\) \$Host \$\(Sender\)\[\$\(PID\\)\]: \$Message' rotate=utc compress file_max=50M size_only ttl=365/g" /etc/asl/com.apple.install

NOTE: If multiple configuration files in /etc/asl are set to process the file /var/log/install.log, these files must be manually removed.

The macOS system must configure install.log retention to 365.

Description

Remediation Templates

A Manual Procedure