[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 30192 Download | Alert*

Setting an inactivity interval for the screensaver prevents unauthorized persons from viewing a system left unattended for an extensive period of time. If the screensaver is not set users may leave the computer available for an unauthorized person to access information. Fix: sudo defaults -currentHost read com.apple.screensaver idleTime

Secure Keyboard Entry prevents other applications on the system and/or network from detecting and recording what is typed into Terminal. Enabling this feature can minimize the risk of a key logger identifying the keys entered into the Terminal. Fix: defaults write ~/Library/Preferences/com.apple.Terminal SecureKeyboardEntry -bool true

ICMP redirects are broadcast in order to reshape network traffic. A malicious user could use the system to send fake redirect packets and try to force all network traffic to pass through a network sniffer. Disabling ICMP redirect broadcasts mitigates this risk. Fix: To configure the system to not send ICMP redirects, add the following lines to /etc/sysctl.conf: net.inet.ip.redirect=0 net.inet6. ...

The audit service must be configured to require that records are kept for 7 days or longer before deletion when there is no central audit record storage facility. When expire-after is set to 7d, the audit service will not delete audit logs until the log data is at least 7 days old. Fix: Edit the /etc/security/audit_control file, and change the value for 'expire-after' to the amount of time audit ...

The default global umask setting must be set to '027' for user applications. The setting '027' ensures that user created files and directories will be readable, but not writable, by users that share the same group id. Users with a different group id will not be able to read or write those files. This mitigates the risk that unauthorized users might be able to read and write files saved to the syst ...

The group of the /etc/services file must be wheel. The services file contains information regarding the known services available in the DARPA Internet. For each service a single line should be present with the following information: official service name, port number, protocol name, aliases. Fix: chown :0 /etc/services

The group of bash init files must be wheel. /etc/profile it is used to set system wide environmental variables on users shells. /etc/bashrc file is meant for setting command aliases and functions used by bash shell users. Fix: chown :0 /etc/bashrc /etc/profile

Audit records should never be changed except by the system daemon posting events. Records may be viewed or extracts manipulated but the authoritative files should be protected from unauthorized changes. This control is only checking the default configuration to ensure that unwanted access to audit records is not available. Fix: $ sudo chown -R root:wheel /etc/security/audit_control $ sudo chmod - ...

A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence. The session lock is implemented at the point where session activity can be determined. Rather than be forced to wait for a period of time to expire before the user session can be ...

Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. Accordingly, software defined by the organization as critical must be signed with a certificate that is recognized and approved by the organization. Fix: To enable the Security assessment policy subsystem, r ...

Pages:      Start    3    4    5    6    7    8    9    10    11    12    13    14    15    16    ..   3019

© SecPod Technologies