mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-02-03 14:03:24 +00:00
65 lines
1.2 KiB
YAML
65 lines
1.2 KiB
YAML
id: system_settings_smbd_disable
|
|
title: Disable Server Message Block Sharing
|
|
discussion: |
|
|
Support for Server Message Block (SMB) file sharing is non-essential and _MUST_ be disabled.
|
|
|
|
The information system _MUST_ be configured to provide only essential capabilities.
|
|
check: |
|
|
/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.smbd" => disabled'
|
|
result:
|
|
integer: 1
|
|
fix: |
|
|
[source,bash]
|
|
----
|
|
/bin/launchctl disable system/com.apple.smbd
|
|
----
|
|
The system may need to be restarted for the update to take effect.
|
|
references:
|
|
cce:
|
|
- CCE-94394-4
|
|
cci:
|
|
- CCI-000213
|
|
800-53r5:
|
|
- AC-3
|
|
- AC-17
|
|
800-53r4:
|
|
- AC-3
|
|
srg:
|
|
- SRG-OS-000080-GPOS-00048
|
|
disa_stig:
|
|
- APPL-15-002001
|
|
800-171r3:
|
|
- 03.01.02
|
|
- 03.04.06
|
|
cis:
|
|
benchmark:
|
|
- 2.3.3.2 (level 1)
|
|
controls v8:
|
|
- 4.1
|
|
- 4.8
|
|
- 5.4
|
|
cmmc:
|
|
- AC.L1-3.1.1
|
|
macOS:
|
|
- '15.0'
|
|
tags:
|
|
- 800-53r5_low
|
|
- 800-53r5_moderate
|
|
- 800-53r5_high
|
|
- 800-53r4_low
|
|
- 800-53r4_moderate
|
|
- 800-53r4_high
|
|
- 800-171
|
|
- cis_lvl1
|
|
- cis_lvl2
|
|
- cisv8
|
|
- cnssi-1253_low
|
|
- cnssi-1253_high
|
|
- cmmc_lvl2
|
|
- cmmc_lvl1
|
|
- stig
|
|
- cnssi-1253_moderate
|
|
severity: medium
|
|
mobileconfig: false
|
|
mobileconfig_info:
|