mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-03-04 01:12:00 +00:00
50 lines
1.1 KiB
YAML
50 lines
1.1 KiB
YAML
id: sysprefs_firewall_enable
|
|
title: "Enable macOS Application Firewall"
|
|
discussion: |
|
|
The macOS Application Firewall is the built-in firewall that comes with macOS, and it _MUST_ be enabled.
|
|
|
|
When the macOS Application Firewall is enabled, the flow of information within the information system and between interconnected systems will be controlled by approved authorizations.
|
|
check: |
|
|
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate | /usr/bin/grep -c "Firewall is enabled"
|
|
result:
|
|
integer: 1
|
|
fix: |
|
|
[source,bash]
|
|
----
|
|
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on
|
|
----
|
|
references:
|
|
cce:
|
|
- CCE-84832-5
|
|
cci:
|
|
- CCI-000366
|
|
800-53r4:
|
|
- AC-4
|
|
- AC-6(1)
|
|
- AC-19
|
|
- SC-7
|
|
- CM-7
|
|
- SC-7(12)
|
|
srg:
|
|
- SRG-OS-000480-GPOS-00232
|
|
disa_stig:
|
|
- AOSX-14-005050
|
|
800-171r2:
|
|
- 3.1.3
|
|
- 3.1.5
|
|
- 3.1.18
|
|
- 3.4.6
|
|
- 3.13.1
|
|
- 3.13.2
|
|
- 3.13.5
|
|
macOS:
|
|
- "10.15"
|
|
tags:
|
|
- 800-171
|
|
- cnssi-1253
|
|
- fisma-low
|
|
- fisma-moderate
|
|
- fisma-high
|
|
- STIG
|
|
mobileconfig: false
|
|
mobileconfig_info: |