Automatically starting a new Common Criteria audit log on a daily basis.
As a follow-up to my previous post on using Apple’s Common Criteria audit software on OS X, there’s a simple way to automatically have your current audit log ended properly and a new one started on a daily basis. Put the commands below into a script and save the script in /etc/periodic/daily/ on the Mac in question (make sure to make your script executable.)
sudo /usr/sbin/audit -s
audit -s is the command to tell the audit software to stop the current log and make a new one; putting it in /etc/periodic/daily/ means that it’ll do it every morning at 3:30 AM.