CCE-50264-1Platform: cpe:/o:apple:mac_os_14 | Date: (C)2023-11-28 (M)2023-11-28 |
The audit service must be configured to require a minimum percentage of free disk space in order to run. This ensures that audit will notify the administrator that action is required to free up more disk space for audit logs.
When minfree is set to 25%, security personnel are notified immediately when the storage volume is 75% full and are able to plan for audit record storage capacity expansion.
Fix:
Edit the /etc/security/audit_control file, and change the value for 'minfree' to the percentage of free space you require to keep available for the system. You can use the following command to set the 'minfree' value to '25%':
sudo sed -i.bak 's/.*minfree.*/minfree:25/' /etc/security/audit_control; sudo audit -s
Parameter:
[Percentage]
Technical Mechanism:
Edit the /etc/security/audit_control file, and change the value for 'minfree' to the percentage of free space you require to keep available for the system. You can use the following command to set the 'minfree' value to '25%':
sudo sed -i.bak 's/.*minfree.*/minfree:25/' /etc/security/audit_control; sudo audit -s
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.3 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 3.4 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:94829 |