7.2.2 Audit History and Remove History Items

Information

Organizational management of user web browsing history is a challenge effected by multiple facets. Organizations should decide whether to manage browser history and how much history should be maintained.

Rationale:

There are conflicting concerns in the retention of browser history. Unlimited retention:

Consumes disk space

Preferred by on disk forensics teams

User searchable for old visited pages

User privacy concerns

Security concerns to retain old links that may be stale or lead to compromised pages or pages with changes or inappropriate content

Old browser history becomes stale and the use or misuse of the data can lead to unwanted outcomes. Search engine results are maintained and often provide much more relevant current information than old website visit information.

Impact:

If old browsing history is not available it will not be available to authorized or unauthorized users. Some users may find old and even stale information useful.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Graphical Method:
Perform the following steps to set Safari to remove history after a set amount of days:

Open Safari

Select Safari from the menu bar

Select Preferences

Select General

Set Remove history items to your organization's requirements

Terminal Method:
Run the following command to set when Safari will remove history items:

$ /usr/bin/sudo -u <username> /usr/bin/defaults write /Users/<username>/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari HistoryAgeInDaysLimit -int <1,7,14,31,365,36500>

example:

$ /usr/bin/sudo -u firstuser /usr/bin/defaults write /Users/firstuser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari HistoryAgeInDaysLimit -int 36500

$ /usr/bin/sudo -u seconduser /usr/bin/defaults write /Users/seconduser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari HistoryAgeInDaysLimit -int 365

$ /usr/bin/sudo -u thirduser /usr/bin/defaults write /Users/thirduser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari HistoryAgeInDaysLimit -int 31

$ /usr/bin/sudo -u fourthuser /usr/bin/defaults write /Users/fourthuser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari HistoryAgeInDaysLimit -int 14

$ /usr/bin/sudo -u fifthuser /usr/bin/defaults write /Users/fifthuser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari HistoryAgeInDaysLimit -int 7

$ /usr/bin/sudo -u sixthuser /usr/bin/defaults write /Users/sixthuser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari HistoryAgeInDaysLimit -int 1

Note: Setting the plist key to a value that is not represented by the GUI could cause issues.
Note: To run the Terminal commands, Terminal must be granted Full Disk Access in the Security & Privacy pane in System Preferences.

Profile Method:
Create or edit a configuration profile with the following information:

The PayloadType string is com.apple.Safari

The key to include is HistoryAgeInDaysLimit

The key must be set to: <integer><1,7,14,31,365,36500></integer>

Note: Setting the plist key to a value that is not represented by the GUI could cause issues.
Note: Since the profile method sets a system-wide setting and not a user-level one, the profile method is the preferred method. It is always better to set system-wide than per user.

See Also

https://workbench.cisecurity.org/files/4176

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-10, 800-53|SC-18, CSCv7|7.1

Plugin: Unix

Control ID: 1d1a726df3204c4bca0be7801178c504fc9d75ce0943a8f64e37b68071320b1b