Check: APPL-15-001030
Apple macOS 15 (Sequoia) STIG:
APPL-15-001030
(in versions v1 r3 through v1 r1)
Title
The macOS system must configure audit capacity warning. (Cat II impact)
Discussion
The audit service must be configured to notify the system administrator when the amount of free disk space remaining reaches an organization-defined value. This rule ensures that the system administrator is notified in advance that action is required to free up more disk space for audit logs. Satisfies: SRG-OS-000046-GPOS-00022, SRG-OS-000343-GPOS-00134
Check Content
Verify the macOS system is configured to require a minimum of 25 percent free disk space for audit record storage with the following command: /usr/bin/awk -F: '/^minfree/{print $2}' /etc/security/audit_control If the result is not "25", this is a finding.
Fix Text
Configure the macOS system to require a minimum of 25 percent free disk space for audit record storage with the following command: /usr/bin/sed -i.bak 's/.*minfree.*/minfree:25/' /etc/security/audit_control; /usr/sbin/audit -s
Additional Identifiers
Rule ID: SV-268468r1034344_rule
Vulnerability ID: V-268468
Group Title: SRG-OS-000046-GPOS-00022
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000139 |
Alert organization-defined personnel or roles within an organization-defined time period in the event of an audit logging process failure. |
| CCI-001855 |
Provide a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit log storage volume reaches an organization-defined percentage of repository maximum audit log storage capacity. |