[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 30192 Download | Alert*

The permissionbs of the /etc/services file must be 0644 or less. The services file contains information regarding the known services available in the DARPA Internet. For each service a single line should be present with the following information: official service name, port number, protocol name, aliases. Fix: chmod 544 /etc/services

When automatic logins are enabled, the default user account is automatically logged in at boot time without prompting the user for a password. Even if the screen is later locked, a malicious user would be able to reboot the computer in order to log in. Disabling automatic logins mitigates this risk. Fix: This setting is enforced using a configuration profile.

Bonjour is an auto-discovery mechanism for TCP/IP devices that enumerate devices and services within a local subnet. DNS on macOS is integrated with Bonjour and should not be turned off, but the Bonjour advertising service can be disabled. Fix: defaults write /Library/Preferences/com.apple.mDNSResponder.plist NoMulticastAdvertisements -bool true

The audit service _MUST_ be configured to create log files that are readable only by the root user and group wheel. To achieve this, audit log files _MUST_ be configured to mode 440 or less permissive; thereby preventing normal users from reading, modifying or deleting audit logs. Fix: /bin/chmod 440 $(/usr/bin/grep '^dir' /etc/security/audit_control \| /usr/bin/awk -F: '{print $2}')

SSH _MUST_ be configured with an Active Server Alive Maximum Count set to 900 or less. Setting the Active Server Alive Maximum Count to 900 (second) will log users out after a 15-minute interval of inactivity. NOTE: /etc/ssh/ssh_config will be automatically modified to its original state following any update or major upgrade to the operating system. Fix: /usr/bin/sed -i.bak 's/.*ServerAliveIn ...

This setting allows macOS updates to be installed automatically once they are available from Apple. Because patches need to be applied as soon as possible, allowing for automatic updates ensures that the user's device is updated in a timely manner rather than be left vulnerable to additional security risks. Fix: defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticallyInstallMacOS ...

The default global umask setting must be set to '027' for user applications. The setting '027' ensures that user created files and directories will be readable, but not writable, by users that share the same group id. Users with a different group id will not be able to read or write those files. This mitigates the risk that unauthorized users might be able to read and write files saved to the syst ...

Allowing guests to connect to shared folders lets users access such folders from different computers on a network. Not allowing guests to connect to shared folders mitigates the risk of an untrusted user doing basic reconnaissance and gaining unauthorized access to the system. Fix: defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowGuestAccess -bool false

The group of csh init files must be wheel. Fix: chown :0 /etc/csh.cshrc /etc/csh.login /etc/csh.logout

The owner of bash init files must be root. /etc/profile it is used to set system wide environmental variables on users shells. /etc/bashrc file is meant for setting command aliases and functions used by bash shell users. Fix: chown 0: /etc/bashrc /etc/profile

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   3019

© SecPod Technologies