usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-03-03 17:02:01 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

wording changes, reference update, manual tag added

Browse Source
This commit is contained in:
Bob Gendler
2021-07-13 12:36:45 -04:00
parent abdc8a1716
commit 167e943202
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
rules/os/os_filevault_authorized_users.yaml
View File

@@ -5,16 +5,21 @@ discussion: |
check: |
/usr/bin/fdesetup list | /usr/bin/awk -F',' '{print $1}'
result:
string: "a list containing usernames that can unlock FileVault"
string: "a list containing authorized users that can unlock FileVault"
fix: |
Remove the secure token from any account that is not authorized to unlock FileVault.
Remove the user that is not authorized to unlock FileVault using the fdesetup command.
[source,bash]
----
/usr/bin/fdesetup remove -user NOT_AUTHORIZED_USERNAME
----
references:
cce:
- CCE-85311-9
cci:
- CCI-002143
800-53r5:
- AU-2(11)
- AC-2(11)
800-53r4:
- N/A
srg:
@@ -26,6 +31,7 @@ macOS:
tags:
- 800-53r5_high
- stig
- manual
severity: "medium"
mobileconfig: false
mobileconfig_info: