usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-03-16 14:02:07 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
Files
103fa1ef293e7f34b9977352cb251b787fa975ce
macos_security/rules/system_settings/system_settings_ssh_disable.yaml
Dan Brodjieski fead101e4b refactor[rules]: removed STIG referencing 
Removed references to the STIG until it is released.
2022-10-18 18:57:37 -04:00

53 lines
1.1 KiB
YAML
Raw Blame History

id: system_settings_ssh_disable
title: "Disable SSH Server for Remote Access Sessions"
discussion: |
SSH service _MUST_ be disabled for remote access.
Remote access sessions _MUST_ use FIPS validated encrypted methods to protect unauthorized individuals from gaining access.
check: |
/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.openssh.sshd" => disabled'
result:
integer: 1
fix: |
[source,bash]
----
/usr/sbin/systemsetup -f -setremotelogin off >/dev/null
/bin/launchctl disable system/com.openssh.sshd
----
NOTE: Systemsetup with -setremotelogin flag will fail unless you grant Full Disk Access to systemsetup or it's parent process. Requires supervision.
references:
cce:
- CCE-91984-5
cci:
- N/A
800-53r5:
- CM-7
- CM-7(1)
- AC-17
800-53r4:
- AC-3
- CM-7
- CM-7(1)
srg:
- N/A
disa_stig:
- N/A
800-171r2:
- 3.1.1
- 3.1.2
- 3.4.6
cis:
benchmark:
- 2.3.3.5 (level 1)
controls v8:
- 4.1
- 4.8
macOS:
- "13.0"
tags:
- cis_lvl1
- cis_lvl2
- cisv8
severity: "medium"
mobileconfig: false
mobileconfig_info:
Reference in New Issue View Git Blame Copy Permalink