The setting controls whether admin accounts are visible on the login window. In loginwindow.plist, set the HideAdminUsers key = true to hide admin accounts. If the key does not exist, admin accounts are displayed.
The setting controls whether local user accounts are visible in the login window. In loginwindow.plist, set the HideLocalUsers key = true to hide local user accounts. If the key does not exist, user accounts are displayed.
The setting controls whether mobile accounts, which synchronize home folders between clients and servers, are visible in the login window. In loginwindow.plist, set the HideMobileAccounts key = true to hide mobile accounts. If the key does not exist, mobile accounts are displayed.
Account creations and account modfications, such as disablement and termination, can all be signs of an intrusion and should be audited. Once an attacker establishes access to a system, the attacker may attempt to create an account to reestablish access at a later time. The attacker may also attempt to modify accounts in an attempt to change an existing account's privileges or disable or delete ac ...
The setting controls whether network users are listed in the login window. In loginwindow.plist, set the IncludeNetworkUser key = false to hide network users. If the key does not exist, network users are not displayed.
Remote access services, such as those providing remote access to network devices and information systems, increase risk and expose those systems to possible cyber attacks, so all remote access should be closely monitored and audited. Only authorized users should be permitted to remotely access DoD non-public information systems. An attacker might attempt to log in as an authorized user, through st ...
Kernel modules, called kernel extensions in Mac OS X, are compiled segments of code that are dynamically loaded into the kernel as required to support specific pieces of hardware or functionality. Privileged users are permitted to load or unload kernel extensions manually. An attacker might attempt to load a kernel extension that is known to be insecure to increase the attack surface of the system ...
Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse, and identify the risk from insider threats and the a ...
The permissions of bash 'init' files must be 444 or as appropriate. /etc/profile it is used to set system wide environmental variables on users shells. /etc/bashrc file is meant for setting command aliases and functions used by bash shell users.
The owner of 'csh init' files must be root or as appropriate. Use the command chown root /etc/csh.cshrc /etc/csh.login /etc/csh.logout to change the owner as appropriate.