Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-81613 | AOSX-13-000553 | SV-96327r1_rule | Medium |
Description |
---|
To assure individual accountability and prevent unauthorized access, organizational users must be individually identified and authenticated. |
STIG | Date |
---|---|
Apple OS X 10.13 Security Technical Implementation Guide | 2019-07-01 |
Check Text ( C-81389r1_chk ) |
---|
To check if the root account is disabled, run the following command: defaults read /var/db/dslocal/nodes/Default/users/root.plist passwd ( "*" ) The output should be a single asterisk in quotes, as seen above. If the output is as follow, this is a finding: ( "********" ) |
Fix Text (F-88461r1_fix) |
---|
Disable the root account with the following command: /usr/sbin/dsenableroot -d |