Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-25262 | OSX00110 M6 | SV-38614r1_rule | ECSC-1 | High |
Description |
---|
Do not allow direct root login because the logs cannot identify which administrator logged in. Instead, log in using accounts with administrator privileges, and then use the sudo command to perform actions as root. These limit the use of the sudo command to a single command per authentication and also ensure, even if a timeout is activated, that later sudo commands are limited to the terminal in which authentication occurred. |
STIG | Date |
---|---|
MAC OSX 10.6 Workstation Security Technical Implementation Guide | 2012-01-30 |
Check Text ( C-37778r1_chk ) |
---|
Open a terminal session and use the following command to view the values. grep Defaults /etc/sudoers Ensure the following items exist: "Defaults tty_tickets" and "Defaults timestamp_timeout=0" If the values are not present, this is a finding. |
Fix Text (F-33025r1_fix) |
---|
Open a terminal session and enter the following commands to set the values in the /etc/sudoers file. VISUAL=pico visudo Enter the following two lines in the file. Defaults tty_tickets Defaults timestamp_timeout=0 Save and exit the file. |