Information
Archiving and retaining appfirewall.log for 90 or more days is beneficial in the event of an incident as it will allow the user to view the various changes to the system along with the date and time they occurred.
Solution
Perform the following to implement the prescribed state: Run the following command in Terminal: sudo vim /etc/asl.conf Replace or edit the current setting with a compliant setting > appfirewall.log mode=0640 format=bsd rotate=utc compress file_max=5M ttl=90 Impact: Without log files system maintenance and security forensics cannot be properly performed.