mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-03-04 09:13:19 +00:00
39 lines
906 B
YAML
39 lines
906 B
YAML
id: os_root_disable
|
|
title: "Disable Root Login"
|
|
discussion: |
|
|
To assure individual accountability and prevent unauthorized access, logging in as root at the login window _MUST_ be disabled.
|
|
|
|
The macOS system _MUST_ require individuals to be authenticated with an individual authenticator prior to using a group authenticator, and administrator users _MUST_ never log in directly as root.
|
|
check: |
|
|
/usr/bin/dscl . -read /Users/root UserShell 2>&1 | /usr/bin/grep -c "/usr/bin/false"
|
|
result:
|
|
integer: 1
|
|
fix: |
|
|
[source,bash]
|
|
----
|
|
/usr/bin/dscl . -create /Users/root UserShell /usr/bin/false
|
|
----
|
|
references:
|
|
cce:
|
|
- CCE-84783-0
|
|
800-53r4:
|
|
- IA-2
|
|
disa_stig:
|
|
- N/A
|
|
srg:
|
|
- N/A
|
|
cci:
|
|
- N/A
|
|
800-171r2:
|
|
- 3.5.1
|
|
- 3.5.2
|
|
macOS:
|
|
- "10.15"
|
|
tags:
|
|
- 800-171
|
|
- cnssi-1253
|
|
- fisma-low
|
|
- fisma-moderate
|
|
- fisma-high
|
|
mobileconfig: false
|
|
mobileconfig_info: |