[Forgot Password]
Login  Register Subscribe

25354

 
 

132805

 
 

139176

 
 

909

 
 

113006

 
 

156

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:25108
The operating system must enforce a minimum 15-character password length. The minimum password length must be set to 15 characters. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one fact ...

oval:org.secpod.oval:def:25109
SSH should be configured to log users out after a 15 minute interval of inactivity and to only wait 30 seconds before timing out login attempts. Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session ...

oval:org.secpod.oval:def:24978
Hide or display the sleep, restart, and shutdown buttons, in the login window. In loginwindow.plist, set the PowerOffDisabled key = true to hide the buttons. If the key does not exist, buttons are displayed.

oval:org.secpod.oval:def:24979
Hide or display the restart button in the login window. In loginwindow.plist, set the RestartDisabled key = true to hide the buttons. If the key does not exist, the button is displayed.

oval:org.secpod.oval:def:25056
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that deter ...

oval:org.secpod.oval:def:25058
Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. One method of minimizing this risk is to use complex passwords and periodically change them. If the operating system does not limit the lifetime of passwords and force users to chang ...

oval:org.secpod.oval:def:25059
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end re ...

oval:org.secpod.oval:def:25044
By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account. Setting a lockout expiration of 15 minutes is an effective deterrent against brute forcing that ...

oval:org.secpod.oval:def:25100
Emergency administrator accounts are privileged accounts which are established in response to crisis situations where the need for rapid account activation is required. Therefore, emergency account activation may bypass normal account authorization processes. If these accounts are automatically disa ...

oval:org.secpod.oval:def:25045
Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to create a new account. Auditing of account creation mitigates this risk. To address access requirements, many ...

oval:org.secpod.oval:def:24993
The owner of bash 'init' files must be root. /etc/profile it is used to set system wide environmental variables on users shells. /etc/bashrc file is meant for setting command aliases and functions used by bash shell users. Use chown root /etc/bashrc /etc/profile to to change the owner as appropriate ...

oval:org.secpod.oval:def:24994
The group of bash 'init' files must be wheel. /etc/profile it is used to set system wide environmental variables on users shells. /etc/bashrc file is meant for setting command aliases and functions used by bash shell users. Use the command chgrp wheel /etc/bashrc /etc/profile to change group owner a ...

oval:org.secpod.oval:def:25106
Administrator users must never log in directly as root. To assure individual accountability and prevent unauthorized access, logging in as root over a remote connection must be disabled. Administrators should only run commands as root after first authenticating with their individual user names and p ...

oval:org.secpod.oval:def:25086
The SSH Version should be explicitly set to Version 2. Version 2 supports strong crypto and was rewritten from scratch to resolve several weaknesses in Version 1 that make it extremely vulnerable to attackers. The weaker crypto in Version 1 is potentially susceptible to certain forms of replay attac ...

oval:org.secpod.oval:def:25021
The /etc/passwd file should not have an extended ACL. Use the chmod command to apply or remove the extended ACL permissions as appropriate.

CPE    1
cpe:/o:apple:mac_os_x:10.10
CCE    15
CCE-90217-1
CCE-90216-3
CCE-90337-7
CCE-90336-9
...
*XCCDF
xccdf_org.secpod_benchmark_SecPod_MAC_OS_X_10_10

© SecPod Technologies