Check: APPL-14-001030
Apple macOS 14 (Sonoma) STIG:
APPL-14-001030
(in versions v1 r2 through v1 r1)
Title
The macOS system must configure audit capacity warning. (Cat II impact)
Discussion
The audit service must be configured to notify the system administrator when the amount of free disk space remaining reaches an organization defined value. This rule ensures that the system administrator is notified in advance that action is required to free up more disk space for audit logs. Satisfies: SRG-OS-000046-GPOS-00022,SRG-OS-000343-GPOS-00134
Check Content
Verify the macOS system is configured to require a minimum of 25 percent free disk space for audit record storage with the following command: /usr/bin/awk -F: '/^minfree/{print $2}' /etc/security/audit_control If the result is not "25", this is a finding.
Fix Text
Configure the macOS system to require a minimum of 25 percent free disk space for audit record storage with the following command: /usr/bin/sed -i.bak 's/.*minfree.*/minfree:25/' /etc/security/audit_control; /usr/sbin/audit -s
Additional Identifiers
Rule ID: SV-259468r941026_rule
Vulnerability ID: V-259468
Group Title: SRG-OS-000046-GPOS-00022
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000139 |
The information system alerts designated organization-defined personnel or roles in the event of an audit processing failure. |
| CCI-001855 |
The information system provides a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit record storage volume reaches an organization-defined percentage of repository maximum audit record storage capacity. |