The macOS system must configure audit capacity warning.

STIG ID: APPL-14-001030  |  SRG: SRG-OS-000046-GPOS-00022 |  Severity: medium |  CCI: CCI-000139,CCI-001855 |  Vulnerability Id: V-259468

Vulnerability Discussion

The audit service must be configured to notify the system administrator
when the amount of free disk space remaining reaches an organization defined value.

This rule ensures that the system administrator is notified in advance that action is required to free
up more disk space for audit logs.

Satisfies: SRG-OS-000046-GPOS-00022,SRG-OS-000343-GPOS-00134

Check

Verify the macOS system is configured to require a minimum of 25 percent free disk space
for audit record storage with the following command:

/usr/bin/awk -F: '/^minfree/{print $2}' /etc/security/audit_control

If the result is not "25", this is a finding.

Fix

Configure the macOS system to require a minimum of 25 percent free disk
space for audit record storage with the following command:

/usr/bin/sed -i.bak 's/.*minfree.*/minfree:25/' /etc/security/audit_control; /usr/sbin/audit -s
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.