UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The OS X system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.


Overview

Finding ID Version Rule ID IA Controls Severity
V-76071 AOSX-12-000565 SV-90759r2_rule Medium
Description
Administrator users must never log in directly as root. To assure individual accountability and prevent unauthorized access, logging in as root over a remote connection must be disabled. Administrators should only run commands as root after first authenticating with their individual user names and passwords.
STIG Date
Apple OS X 10.12 Security Technical Implementation Guide 2018-01-04

Details

Check Text ( C-75755r1_chk )
To check if SSH has root logins enabled, run the following command:

/usr/bin/sudo /usr/bin/grep ^PermitRootLogin /etc/ssh/sshd_config

If there is no result, or the result is set to "yes", this is a finding.
Fix Text (F-82709r2_fix)
To ensure that "PermitRootLogin" is disabled by sshd, run the following command:

/usr/bin/sudo /usr/bin/sed -i.bak ‘' 's/^[\#]*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config