[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

254802

 
 

909

 
 

198617

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 197732 Download | Alert*

Audit log Folders _MUST_ have the group set to wheel. The audit service _MUST_ be configured to create log files with the correct group ownership to prevent normal users from reading audit logs. Audit logs contain sensitive data about the system and users. If log files are set to be readable and writable only by system administrators, the risk is mitigated.

The system _MUST_ be configured to prevent access to other users home folders. The default behavior of macOS is to allow all valid users access to the the top level of every other users home folder while restricting access only to the Apple default folders within.

SSH warning banner should be enabled (and dependencies are met).

Location Services _MUST_ be disabled. The information system _MUST_ be configured to provide only essential capabilities. Disabling Location Services helps prevent the unauthorized connection of devices, unauthorized transfer of information, and unauthorized tunneling.

Correct date and time settings are required for authentication protocols, file creation, modification dates, and log entries. If the time on the Mac is off by more than 5 minutes, Apples single sign-on feature and active directory logins may be affected. Setting date and time automatically

The audit service must be configured to require a minimum percentage of free disk space in order to run. This ensures that audit will notify the administrator that action is required to free up more disk space for audit logs. When minfree is set to 25%, security personnel are notified immediately when the storage volume is 75% full and are able to plan for audit record storage capacity expansion.

The Application Firewall is the built in firewall that comes with Mac OS X and must be enabled. Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Application firewalls limit which applications are allowed to communicate over the network.

By auditing access restriction enforcement, changes to application and OS configuration files can be audited. Without auditing the enforcement of access restrictions, it will be difficult to identify attempted attacks and an audit trail will not be available for forensic investigation. Enforcement actions are the methods or mechanisms used to prevent unauthorized changes to configuration settings. ...

Controls when, and if, a password hint is given the user, based on the number of failed login attempts. In loginwindow.plist, set the RetriesUntilHint key = X to show a hint after X login failures, or set the key = 0 to disable hints.

The operating system must enforce a minimum 15-character password length. The minimum password length must be set to 15 characters. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to determine strength and how long it takes to crack a password. The use of ...


Pages:      Start    8717    8718    8719    8720    8721    8722    8723    8724    8725    8726    8727    8728    8729    8730    ..   19773

© SecPod Technologies