[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 30477 Download | Alert*

Title: Ensure core dump backtraces are disabled Description: A core dump is the memory of an executable program. It is generally used to determine why a program aborted. It can also be used to glean confidential information from a core file. Rationale: A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain se ...

X Display Manager Control Protocol (XDMCP) is designed to provide authenticated access to display management services for remote displays. Rationale: XDMCP is inherently insecure. 1. XDMCP is not a ciphered protocol. This may allow an attacker to capture keystrokes entered by a user 2. XDMCP is vulnerable to man-in-the-middle attacks. This may allow an attacker to ...

The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /var/log filesystem is only intended for log files, set this option to ensure that users cannot run executable binaries from /var/log. Fix: Run the following command to remount /var/tmp: # mount -o remount,noexec /var/log Also add or edit entry for /va ...

Without reauthentication, users may access resources or perform tasks for which they do not have authorization.

Without reauthentication, users may access resources or perform tasks for which they do not have authorization.

Title: Ensure systemd-journal-remote is enabled Description: Journald (via systemd-journal-remote ) supports the ability to send log events it gathers to a remote log host or to receive messages from remote hosts, thus enabling centralized log management. Rationale: Storing log data on a remote host protects log integrity from local attacks. If an attacker gains root access on the l ...

The System Settings pane for Siri must be hidden. Hiding the System Settings pane prevents the users from configuring Siri. Audit: Verify the macOS system is configured to disable the system settings pane for Siri with the following command: /usr/bin/profiles show -output stdout-xml | /usr/bin/xmllint --xpath '//key[text()="DisabledSystemSettings"]/following-sibling::*[1]' - ...

The system must be configured to not display sensitive information at the LoginWindow. The key AdminHostInfo when configured will allow the HostName, IP Address, and operating system version and build to be displayed. Audit: Verify the macOS system is configured to prevent AdminHostInfo from being available at LoginWindow with the following command: /usr/bin/osascript -l JavaScript < ...

The system must not have the Unix-to-Unix Copy Protocol (UUCP) service active. UUCP, a set of programs that enable the sending of files between different Unix systems as well as sending commands to be executed on another system, is not essential and must be disabled in order to prevent the unauthorized connection of devices, transfer of information, and tunneling. Note:UUCP service is disabled at ...

The macOS built-in Reminders.app connection to Apple's iCloud service must be disabled. Apple's iCloud service does not provide an organization with enough control over the storage and access of data and, therefore, automated reminders synchronization must be controlled by an organization approved service. Audit: Verify the macOS system is configured to disable iCloud Reminders with the ...


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   3047

© SecPod Technologies