[Forgot Password]
Login  Register Subscribe

30192

 
 

423868

 
 

233236

 
 

909

 
 

186272

 
 

207

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 30192 Download | Alert*

The rsyncd service can be used to synchronize files between systems over network links. Rationale: The rsyncd service presents a security risk as it uses unencrypted protocols for communication. Fix: Run the following command to disable rsync # systemctl --now disable rsync

Audit log files _MUST_ be owned by root. The audit service _MUST_ be configured to create log files with the correct ownership to prevent normal users from reading audit logs. Audit logs contain sensitive data about the system and users. If log files are set to only be readable and writable by system administrators, the risk is mitigated. Fix: /usr/sbin/chown -R root $(/usr/bin/grep '^dir' /et ...

Audit log files _MUST_ be owned by root. The audit service _MUST_ be configured to create log files with the correct ownership to prevent normal users from reading audit logs. Audit logs contain sensitive data about the system and users. If log files are set to only be readable and writable by system administrators, the risk is mitigated. Fix: /usr/sbin/chown root $(/usr/bin/awk -F : '/^dir/{p ...

The built-in web server is a non-essential service built into macOS and _MUST_ be disabled. Fix: /bin/launchctl disable system/org.apache.httpd

macOS has a privilege that can be granted to any user that will allow that user to unlock active users sessions. Disabling the admins and/or users ability to log into another users active and locked session prevents unauthorized persons from viewing potentially sensitive and/or personal information. While Fast user switching is a workaround for some lab environments especially where there is ev ...

By automatically installing app store updates in the background, the user safeguarded from potential vulnerabilities in the previous version of the App Store. Fix: defaults write /Library/Preferences/com.apple.commerce AutoUpdate -bool true

The owner of the /etc/syslog.conf file must be root. The syslog.conf file is the configuration file for the syslogd(8) program. It consists of lines with two fields: the selector field which specifies the types of messages and priorities to which the line applies, and an action field which specifies the action to be taken if a message syslogd receives matches the selection criteria. The selector f ...

The kernel extension for Wi-Fi network devices such as Airport must be removed to ensure that users will not be able to reactivate wireless networking at a later time. System updates will sometimes replace deleted kernel extensions. Administrator users may need to periodically check to ensure that the file remains deleted. Alternately, the wireless card hardware may be removed from the system. Fi ...

SSH should be configured to log users out after a 15 minute interval of inactivity and to only wait 30 seconds before timing out login attempts. Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminat ...

Audit log files _MUST_ have the group set to wheel. The audit service _MUST_ be configured to create log files with the correct group ownership to prevent normal users from reading audit logs. Audit logs contain sensitive data about the system and users. If log files are set to be readable and writable only by system administrators, the risk is mitigated. Fix: /usr/sbin/chgrp wheel $(/usr/bin ...


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   3019

© SecPod Technologies