Details
Archiving and retaining appfirewall.log for 90 or more days is beneficial in the event of an incident as it will allow the user to view the various changes to the system along with the date and time they occurred.
Solution
Perform the following to implement the prescribed state:
1. Run the following command in Terminal:
sudo vim /etc/asl.conf
2. Replace or edit the current setting with a compliant setting
> appfirewall.log mode=0640 format=bsd rotate=utc compress file_max=5M ttl=90
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.