|Platform: macosx10.9||Date: (C)2015-06-11 (M)2017-11-21|
Ensure Only root has the UID 0
The built in root account is disabled by default and administrator users are required to use sudo to run a process with the UID '0'. If another account with UID '0' exists, this is a sign of a network intrusion or a malicious user that is attempting to circumvent security controls.
To list all of the accounts with a UID of '0', run this command:
sudo dscl . -list /Users UniqueID | grep -w 0 | wc -l
If the result is not '1', this is a finding.
|SCAP Repo OVAL Definition||oval:org.secpod.oval:def:24696|