My good deed of the day – re-registering the family on the National Do Not Call list.

With the news that it was time to re-up my phone numbers on the National Do Not Call list today, I decided to go ahead and re-register my immediate family as well:

Everyone’s home and mobile phone should now be taken care of, God willing.

Automatically starting a new Common Criteria audit log on a daily basis.

As a follow-up to my previous post on using Apple’s Common Criteria audit software on OS X, there’s a simple way to automatically have your current audit log ended properly and a new one started on a daily basis. Put the commands below into a script and save the script in /etc/periodic/daily/ on the Mac in question (make sure to make your script executable.)

#!/bin/sh
sudo /usr/sbin/audit -s

audit -s is the command to tell the audit software to stop the current log and make a new one; putting it in /etc/periodic/daily/ means that it’ll do it every morning at 3:30 AM.

Clearing old Common Criteria audit logs.

One of the software packages that Apple makes available on its website is Apple’s Common Criteria Tools. This package is based off of Sun Microsystem’s Basic Security Module (BSM) auditing software and is a tool for creating an extremely detailed audit trail for all processes on the system. The level of auditing produced is at the level required by systems attempting to achieve the DoD “C2” level certification. The good side is that, by default, you get extensive information on *every* process and action that your system has running. The down side is that we’re obviously talking about enormous amounts of data being logged here, with large 100MB+ log files being common. I’ve found that BSM can generate truly enormous files, where log files can grow into gigabyte sizes, when you’re using them in conjunction with Retrospect. (To clarify, I’m getting the enormous gig-sized logs on servers where I’m running Retrospect to backup other machines; just having the Retrospect network backup client on your system will not cause BSM’s log files to get larger than normal.)

Since I need to run the auditing tools, but at the same time I need to conserve space on the servers, I wrote this script (based off another person’s script I found online; sadly, I can’t find the link to the original script) to clear logs older than 10 days old and put the script into /etc/periodic/daily, so that it would kick off with the daily maintenance scripts.

#!/bin/sh
AUDIT_EXPIRE=10
AUDIT_DIR=/var/audit
# Delete old log files
find $AUDIT_DIR/* -type f -mtime +$AUDIT_EXPIRE -exec rm -f {} \;

You can set the script to keep your audit logs longer by changing the value of the AUDIT_EXPIRE variable.