Is there a way to enable reasonable security audit log retention via script to comply with CIS Level 1 requirements? Thank in advance
Solved
Is there a way to enable reasonable security audit log retention via script to comply with CIS Level
+4Best answer by YanW
I am login as a root user but still not able to edit.
For Ventura, try this
chflags nouchg /etc/security/audit_control; sleep 2; /usr/bin/sed -i.bak 's/^expire-after.*/expire-after:60d OR 1G/' /etc/security/audit_control; /usr/sbin/audit -s
+19Hey @deep786
Yes this can be achieve with the following where $ODV is the organisational defined value.
/usr/bin/sed -i.bak 's/^expire-after.*/expire-after:$ODV/' /etc/security/audit_control; /usr/sbin/audit -s
To check the current set value
/usr/bin/awk -F: '/expire-after/{print $2}' /etc/security/audit_control
Hopefully this is helpful!
Cheers,
Thijs
+4Hey @deep786
Yes this can be achieve with the following where $ODV is the organisational defined value.
/usr/bin/sed -i.bak 's/^expire-after.*/expire-after:$ODV/' /etc/security/audit_control; /usr/sbin/audit -s
To check the current set value
/usr/bin/awk -F: '/expire-after/{print $2}' /etc/security/audit_control
Hopefully this is helpful!
Cheers,
Thijs
not able to edit "audit_control" file , Error permission denied
+11I am login as a root user but still not able to edit.
For Ventura, try this
chflags nouchg /etc/security/audit_control; sleep 2; /usr/bin/sed -i.bak 's/^expire-after.*/expire-after:60d OR 1G/' /etc/security/audit_control; /usr/sbin/audit -s
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.