Catalina - Configure Audit Capacity Warning

Information

The audit service _MUST_ be configured to notify the system administrator when the amount of free disk space remaining reaches an organization defined value.

This rule ensures that the system administrator is notified in advance that action is required to free up more disk space for audit logs.

Solution

[source,bash]
----
/usr/bin/sed -i.bak 's/.*minfree.*/minfree:25/' /etc/security/audit_control; /usr/sbin/audit -s
----

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-5(1), CCE|CCE-84707-9, CCI|CCI-001855, STIG-ID|AOSX-15-001030

Plugin: Unix

Control ID: 017ce8aa0df89cdf21a509136ae55fa45e7d802b1fd4da6972c590973ccef8d0