Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-81615 | AOSX-13-000554 | SV-96329r1_rule | High |
Description |
---|
Only authorized individuals should be allowed to obtain access to operating system components. Permitting access via a guest account provides unauthenticated access to any person. |
STIG | Date |
---|---|
Apple OS X 10.13 Security Technical Implementation Guide | 2020-05-29 |
Check Text ( C-81391r1_chk ) |
---|
To check if the guest user exists, run the following command: dscl . list /Users | grep -i Guest To verify that Guest user cannot unlock volume, run the following command: fdesetup list To check if the system is configured to prohibit user installation of software, first check to ensure the Parental Controls are enabled with the following command: /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep -E '(DisableGuestAccount | EnableGuestAccount)’ If the result is null or not: DisableGuestAccount = 1; EnableGuestAccount = 0; This is a finding. |
Fix Text (F-88463r1_fix) |
---|
Remove the guest user with the following command: sudo dscl . delete /Users/Guest "This can also be managed with "Login Window Policy" configuration profile. |