You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The way the expire-after is being set is causing audit_control to ignore the line and not clear the log files. The issue is that the flags are case sensitive. Currently line 445 in the Security_Remediation.sh script reads
sed "s/${oldExpireAfter}/expire-after:60D OR 1G" /etc/security/audit_control_old > /etc/security/audit_control
but the time flag needs to be lowercase.
sed "s/${oldExpireAfter}/expire-after:60d OR 1G" /etc/security/audit_control_old > /etc/security/audit_control
The matching check in 2_Security_Audit_Compliance.sh has not been changed to match this issue so Macs will always fail the 3.3 check. Line 767 needs to be changed.
The way the expire-after is being set is causing audit_control to ignore the line and not clear the log files. The issue is that the flags are case sensitive. Currently line 445 in the Security_Remediation.sh script reads
sed "s/${oldExpireAfter}/expire-after:60D OR 1G" /etc/security/audit_control_old > /etc/security/audit_control
but the time flag needs to be lowercase.
sed "s/${oldExpireAfter}/expire-after:60d OR 1G" /etc/security/audit_control_old > /etc/security/audit_control
would be the correct syntax according to the man page for audit_control
The text was updated successfully, but these errors were encountered: