[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 30192 Download | Alert*

Hide or display the sleep, restart, and shutdown buttons, as a group, in the login window. Fix: defaults write /Library/Preferences/com.apple.screensaver PowerOffDisabled -bool True

IP forwarding for IPv4 must not be enabled, unless the system is a router, as only authorized systems should be permitted to operate as routers. Fix: To configure the system to disable IP forwarding, add the following lines to /etc/sysctl.conf: net.inet.ip.forwarding=0 net.inet6.ip6.forwarding=0

It is important that a system has the newest updates downloaded so that they can be applied. Without updates available they may not be made in a timely manner and the system will be exposed to additional risk. Fix: sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticDownload -bool true

The audit service should shut down the computer if it is unable to audit system events. Once audit failure occurs, user and system activity is no longer recorded and malicious activity could go undetected. Audit processing failures include software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. Responses to audit failure depend on ...

The audit log files _MUST_ not contain access control lists (ACLs). Audit logs contain sensitive data about the system and users. This rule ensures that the audit service is configured to create log files that are readable and writable only by system administrators in order to prevent normal users from reading audit logs. Fix: /bin/chmod -RN $(/usr/bin/awk -F: '/^dir/{print $2}' /etc/security/a ...

Displaying a standardized and approved use notification before granting access to the operating system ensures that users are provided with privacy and security notification verbiage that is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. System use notifications are required only for access via login interfaces with human use ...

SSH _MUST_ be configured to limit the ciphers to algorithms that are FIPS 140 validated. FIPS 140-2 is the current standard for validating that mechanisms used to access cryptographic modules utilize authentication that meet federal requirements. Operating systems utilizing encryption _MUST_ use FIPS validated mechanisms for authenticating to cryptographic modules. NOTE: /etc/ssh/ssh_config wi ...

If the system does not require Trivial File Transfer Protocol (TFTP), support it is non-essential and _MUST_ be disabled. The information system _MUST_ be configured to provide only essential capabilities. Disabling TFTP helps prevent the unauthorized connection of devices and the unauthorized transfer of information. Fix: /bin/launchctl disable system/com.apple.tftpd

The sudo command must be configured to prompt for the administrator user's password at least once in each newly opened Terminal window or remote login session, as this prevents a malicious user from taking advantage of an unlocked computer or an abandoned login session to bypass the normal password prompt requirement. Without the tty_tickets option, all open local and remote login sessions would b ...

The permissions of csh init files must be 644. Fix: chmod 644 /etc/csh.cshrc /etc/csh.login /etc/csh.logout

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   3019

© SecPod Technologies