[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80130

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90326-0

Platform: macosx10.10Date: (C)2015-06-23   (M)2017-11-21



Ensure Audit Logs are Kept for 1 Week or Longer The audit service must be configured to require that records are kept for 7 days or longer before deletion when there is no central audit record storage facility. When expire-after is set to 7d, the audit service will not delete audit logs until the log data is at least 7 days old.


Parameter: Number of days


Technical Mechanism: The check displays the amount of time the audit system is configured to retain audit log files. The audit system will not delete logs until the specified condition has been met. To view the current setting, run the following command: sudo grep ^expire-after /etc/security/audit_control If this returns no results, or does not contain 7d or a larger value, this is a finding.

References:

Resource IdReference
NISTAU-4
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:25098


OVAL    1
oval:org.secpod.oval:def:25098
XCCDF    1
xccdf_org.secpod_benchmark_general_Mac_OS_X_10_10

© 2013 SecPod Technologies