mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-03-05 01:23:18 +00:00
41 lines
1.0 KiB
YAML
41 lines
1.0 KiB
YAML
id: sysprefs_afp_disable
|
|
title: "Disable Apple Filing Protocol Sharing"
|
|
discussion: |
|
|
If the system does not require Apple Filing Protocol (AFP) Sharing, support it is non-essential and _MUST_ be disabled.
|
|
|
|
The information system _MUST_ be configured to provide only essential capabilities. Disabling AFP helps prevent the unauthorized connection of devices and the unauthorized transfer of information.
|
|
check: |
|
|
/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.AppleFileServer" => true'
|
|
result:
|
|
integer: 1
|
|
fix: |
|
|
[source,bash]
|
|
----
|
|
/bin/launchctl disable system/com.apple.AppleFileServer
|
|
----
|
|
The system may need to be restarted for the update to take effect.
|
|
references:
|
|
cce:
|
|
- CCE-84823-4
|
|
cci:
|
|
- CCI-000381
|
|
800-53r4:
|
|
- AC-3
|
|
srg:
|
|
- SRG-OS-000095-GPOS-00049
|
|
disa_stig:
|
|
- AOSX-14-002002
|
|
800-171r2:
|
|
- 3.1.1
|
|
- 3.1.2
|
|
macOS:
|
|
- "10.15"
|
|
tags:
|
|
- 800-171
|
|
- cnssi-1253
|
|
- fisma-low
|
|
- fisma-moderate
|
|
- fisma-high
|
|
- STIG
|
|
mobileconfig: false
|
|
mobileconfig_info: |