STIGQter STIGQter: STIG Summary: Apple OS X 10.14 (Mojave) Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.

DISA Rule

SV-209561r610285_rule

Vulnerability Number

V-209561

Group Title

SRG-OS-000343-GPOS-00134

Rule Version

AOSX-14-001030

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Edit the "/etc/security/audit_control" file and change the value for "minfree" to "25" using the following command:

/usr/bin/sudo /usr/bin/sed -i.bak 's/.*minfree.*/minfree:25/' /etc/security/audit_control; /usr/bin/sudo /usr/sbin/audit -s

A text editor may also be used to implement the required updates to the "/etc/security/audit_control file".

Check Contents

The check displays the "% free" to leave available for the system. The audit system will not write logs if the volume has less than this percentage of free disk space. To view the current setting, run the following command:

/usr/bin/sudo /usr/bin/grep ^minfree /etc/security/audit_control

If this returns no results, or does not contain "25", this is a finding.

Vulnerability Number

V-209561

Documentable

False

Rule Version

AOSX-14-001030

Severity Override Guidance

The check displays the "% free" to leave available for the system. The audit system will not write logs if the volume has less than this percentage of free disk space. To view the current setting, run the following command:

/usr/bin/sudo /usr/bin/grep ^minfree /etc/security/audit_control

If this returns no results, or does not contain "25", this is a finding.

Check Content Reference

M

Target Key

2930

Comments