The macOS system must configure audit capacity warning.

STIG ID: APPL-15-001030  |  SRG: SRG-OS-000046-GPOS-00022 |  Severity: medium |  CCI: CCI-000139,CCI-001855 |  Vulnerability Id: V-268468

Vulnerability Discussion

The audit service must be configured to notify the system administrator when the amount of free disk space remaining reaches an organization-defined value.

This rule ensures that the system administrator is notified in advance that action is required to free up more disk space for audit logs.

Satisfies: SRG-OS-000046-GPOS-00022, SRG-OS-000343-GPOS-00134

Check

Verify the macOS system is configured to require a minimum of 25 percent free disk space for audit record storage with the following command:

/usr/bin/awk -F: '/^minfree/{print $2}' /etc/security/audit_control

If the result is not "25", this is a finding.

Fix

Configure the macOS system to require a minimum of 25 percent free disk space for audit record storage with the following command:

/usr/bin/sed -i.bak 's/.*minfree.*/minfree:25/' /etc/security/audit_control; /usr/sbin/audit -s
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.