[Forgot Password]
Login  Register Subscribe

30192

 
 

423868

 
 

233236

 
 

909

 
 

186272

 
 

207

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 30192 Download | Alert*

The system _MUST_ be configured to prevent access to other users home folders. The default behavior of macOS is to allow all valid users access to the the top level of every other users home folder while restricting access only to the Apple default folders within. Fix: IFS=$'\n' for userDirs in $( /usr/bin/find /System/Volumes/Data/Users -mindepth 1 -maxdepth 1 -type d -perm -1 \| /usr/bin/gr ...

SSH _MUST_ be configured to display a policy banner. Displaying a standardized and approved use notification before granting access to the operating system ensures that users are provided with privacy and security notification verbiage that is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. System use notifications are requi ...

Location Services _MUST_ be disabled. The information system _MUST_ be configured to provide only essential capabilities. Disabling Location Services helps prevent the unauthorized connection of devices, unauthorized transfer of information, and unauthorized tunneling. Fix: /usr/bin/defaults write /var/db/locationd/Library/Preferences/ByHost/com.apple.locationd LocationServicesEnabled -bool f ...

Correct date and time settings are required for authentication protocols, file creation, modification dates, and log entries. If the time on the Mac is off by more than 5 minutes, Apple's single sign-on feature and active directory logins may be affected. Fix: To set date and time automatically systemsetup -setusingnetworktime on

The audit service must be configured to require a minimum percentage of free disk space in order to run. This ensures that audit will notify the administrator that action is required to free up more disk space for audit logs. When minfree is set to 25%, security personnel are notified immediately when the storage volume is 75% full and are able to plan for audit record storage capacity expansion. ...

The Application Firewall is the built in firewall that comes with Mac OS X and must be enabled. Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Application firewalls limit which applications are allowed to communicate over the network. Fix: To enable the firewall run the following command: sudo /usr/libexec/ApplicationFirewall/socketfilterfw ...

By auditing access restriction enforcement, changes to application and OS configuration files can be audited. Without auditing the enforcement of access restrictions, it will be difficult to identify attempted attacks and an audit trail will not be available for forensic investigation. Enforcement actions are the methods or mechanisms used to prevent unauthorized changes to configuration settings ...

By default, Mac OS X obligingly displays the password hint for an account after three unsuccessful attempts at entering a password. Where security is an issue, this is like serving a hacker a piece of apple pie. Therefore, head to System Preferences, display the Accounts settings, click the Login Options button, and make sure that the Show Password Hints check box is empty. Fix: defaults write /L ...

The minimum password length must be set to 15 characters. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to determine strength and how long it takes to crack a password. The use of more characters in a password helps to exponentially increase the time an ...

Administrator users must never log in directly as root. To assure individual accountability and prevent unauthorized access, logging in as root over a remote connection must be disabled. Administrators should only run commands as root after first authenticating with their individual user names and passwords. Fix: In order to make sure that PermitRootLogin is disabled by sshd, run the following co ...


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   3019

© SecPod Technologies