[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87888

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90326-0

Platform: macosx10.10Date: (C)2015-06-23   (M)2018-03-17



Ensure Audit Logs are Kept for 1 Week or Longer The audit service must be configured to require that records are kept for 7 days or longer before deletion when there is no central audit record storage facility. When expire-after is set to 7d, the audit service will not delete audit logs until the log data is at least 7 days old.


Parameter: Number of days


Technical Mechanism: The check displays the amount of time the audit system is configured to retain audit log files. The audit system will not delete logs until the specified condition has been met. To view the current setting, run the following command: sudo grep ^expire-after /etc/security/audit_control If this returns no results, or does not contain 7d or a larger value, this is a finding.

References:

Resource IdReference
NISTAU-4
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:25098


OVAL    1
oval:org.secpod.oval:def:25098
XCCDF    1
xccdf_org.secpod_benchmark_general_Mac_OS_X_10_10

© SecPod Technologies