Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CIS 3.3 Audit Retention expire-after set incorrectly #3

Closed
raydemay opened this issue Aug 6, 2019 · 1 comment
Closed

CIS 3.3 Audit Retention expire-after set incorrectly #3

raydemay opened this issue Aug 6, 2019 · 1 comment

Comments

@raydemay
Copy link

raydemay commented Aug 6, 2019

The way the expire-after is being set is causing audit_control to ignore the line and not clear the log files. The issue is that the flags are case sensitive. Currently line 445 in the Security_Remediation.sh script reads

sed "s/${oldExpireAfter}/expire-after:60D OR 1G" /etc/security/audit_control_old > /etc/security/audit_control

but the time flag needs to be lowercase.

sed "s/${oldExpireAfter}/expire-after:60d OR 1G" /etc/security/audit_control_old > /etc/security/audit_control

would be the correct syntax according to the man page for audit_control
@erinmc erinmc closed this as completed Aug 7, 2019
@Honestpuck
Copy link

The matching check in 2_Security_Audit_Compliance.sh has not been changed to match this issue so Macs will always fail the 3.3 check. Line 767 needs to be changed.

@Honestpuck Honestpuck mentioned this issue Dec 1, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@raydemay @Honestpuck @erinmc