mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-02-03 05:53:24 +00:00
61 lines
1.4 KiB
YAML
61 lines
1.4 KiB
YAML
id: os_home_folders_secure
|
|
title: "Secure User's Home Folders"
|
|
discussion: |
|
|
The system _MUST_ be configured to prevent access to other user's home folders.
|
|
|
|
The default behavior of macOS is to allow all valid users access to the the top level of every other user's home folder while restricting access only to the Apple default folders within.
|
|
check: |
|
|
/usr/bin/find /System/Volumes/Data/Users -mindepth 1 -maxdepth 1 -type d ! \( -perm 700 -o -perm 711 \) | /usr/bin/grep -v "Shared" | /usr/bin/grep -v "Guest" | /usr/bin/wc -l | /usr/bin/xargs
|
|
result:
|
|
integer: 0
|
|
fix: |
|
|
[source,bash]
|
|
----
|
|
IFS=$'\n'
|
|
for userDirs in $( /usr/bin/find /System/Volumes/Data/Users -mindepth 1 -maxdepth 1 -type d ! \( -perm 700 -o -perm 711 \) | /usr/bin/grep -v "Shared" | /usr/bin/grep -v "Guest" ); do
|
|
/bin/chmod og-rwx "$userDirs"
|
|
done
|
|
unset IFS
|
|
----
|
|
references:
|
|
cce:
|
|
- CCE-92804-4
|
|
cci:
|
|
- N/A
|
|
800-53r5:
|
|
- AC-6
|
|
800-53r4:
|
|
- AC-6
|
|
srg:
|
|
- N/A
|
|
disa_stig:
|
|
- N/A
|
|
800-171r2:
|
|
- 3.1.5
|
|
cis:
|
|
benchmark:
|
|
- 5.1.1 (level 1)
|
|
controls v8:
|
|
- 3.3
|
|
cmmc:
|
|
- AC.L1-3.1.1
|
|
- AC.L2-3.1.5
|
|
macOS:
|
|
- "14.0"
|
|
tags:
|
|
- 800-53r5_moderate
|
|
- 800-53r5_high
|
|
- 800-53r4_moderate
|
|
- 800-53r4_high
|
|
- 800-171
|
|
- cis_lvl1
|
|
- cis_lvl2
|
|
- cisv8
|
|
- cnssi-1253_moderate
|
|
- cnssi-1253_low
|
|
- cnssi-1253_high
|
|
- cmmc_lvl2
|
|
- cmmc_lvl1
|
|
severity: "medium"
|
|
mobileconfig: false
|
|
mobileconfig_info: |