[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 30192 Download | Alert*

Archiving and retaining install.log for at least a year is beneficial in the event of an incident as it will allow the user to view the various changes to the system along with the date and time they occurred. Without log files system maintenance and security forensics cannot be properly performed. Fix: Perform the following to ensure that install logs are retained for at least 365 days: Edit the ...

The macOS system must enforce the limit of time for failed login reset after the account locked out by providing invalid logon attempts by the user. Fix: This setting may be enforced using the "Passcode Policy" configuration profile or by a directory service.

If remote login through SSH is enabled, smartcard authentication _MUST_ be enforced for user login. All users _MUST_ go through multifactor authentication to prevent unauthenticated access and potential compromise to the system. NOTE: /etc/ssh/sshd_config will be automatically modified to its original state following any update or major upgrade to the operating system. Setting the default value ...

Remote login service _MUST_ be configured to display a policy banner at login. Displaying a standardized and approved use notification before granting access to the operating system ensures that users are provided with privacy and security notification verbiage that is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. System u ...

When Printer Sharing is enabled, the computer is established as a print server to accept print jobs from other computers. Disabling Printer Sharing mitigates the risk of attackers attempting to exploit the print server to gain access to the system. Using dedicated print servers or direct IP printing should be used instead. Fix /usr/sbin/cupsctl --no-share-printers

The root account should be disabled on all macOS systems, and a separate administrator 2252 account should be established for each person who will be performing regular administrative tasks. Fix: dscl . -create /Users/root UserShell /usr/bin/false

The sudo command lets the user run programs as the root user, granting them high levels of configurability within the system. The sudo command stays logged in as the root user for five minutes before timing out and re-requesting a password. This five-minute window should be eliminated since it leaves the system extremely vulnerable. Fix: echo "Defaults timestamp_timeout=0" >> /etc ...

The audit service should shut down the computer if it is unable to audit system events. Once audit failure occurs, user and system activitity is no longer recorded and malicious activity could go undetected. Audit processing failures include: software/hardware errors; failures in the audit capturing mechanisms; and audit storage capacity being reached or exceeded. Responses to audit failure depend ...

Internet Protocol version 6 (IPv6) provides a new Internet layer of the TCP/IP protocol suite that replaces Internet Protocol version 4 (IPv4) and provides many benefits. If you are NOT using IPv6 disable it. Fix: networksetup -setv6off Ethernet networksetup -setv6off Wi-Fi

To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable or restrict unused or unnecessary physical and logical ports/protocols on information systems. Operating systems are capable of providing a wide variety of functions and services. Some of the functions and servi ...

Pages:      Start    2    3    4    5    6    7    8    9    10    11    12    13    14    15    ..   3019

© SecPod Technologies