Archive for September 19, 2007

Automatically starting a new Common Criteria audit log on a daily basis.

September 19, 2007 Leave a comment

As a follow-up to my previous post on using Apple’s Common Criteria audit software on OS X, there’s a simple way to automatically have your current audit log ended properly and a new one started on a daily basis. Put the commands below into a script and save the script in /etc/periodic/daily/ on the Mac in question (make sure to make your script executable.)

sudo /usr/sbin/audit -s

audit -s is the command to tell the audit software to stop the current log and make a new one; putting it in /etc/periodic/daily/ means that it’ll do it every morning at 3:30 AM.

%d bloggers like this: