macos_security/rules/sysprefs/sysprefs_ssh_enable.yaml

id: sysprefs_ssh_enable
title: "Enable SSH for Remote Access Sessions"
discussion: |
  SSH service _MUST_ be enabled for remote access.
  
  Remote access sessions _MUST_ use encrypted methods to protect unauthorized individuals from gaining access. 
check: |
  /bin/launchctl print-disabled system | /usr/bin/grep -c '"com.openssh.sshd" => false'
result:
  integer: 1
fix: |
  [source,bash]
  ----
  /bin/launchctl enable system/com.openssh.sshd
  ----
references:
  cce:
    - CCE-84845-7
  cci: 
    - CCI-001941
    - CCI-001942
    - CCI-002890
    - CCI-002420
    - CCI-002421
    - CCI-002422
    - CCI-003123
    - CCI-001453
    - CCI-000068
    - CCI-002418
  800-53r4: 
    - AC-17(2)
    - AC-17(4)
    - IA-2(8)
    - IA-2(9)
    - MA-4(6)
    - MA-4
    - SC-8
    - SC-8(1)
    - SC-8(2)
  srg: 
    - SRG-OS-000393-GPOS-00173
    - SRG-OS-000394-GPOS-00174
    - SRG-OS-000112-GPOS-00057
    - SRG-OS-000113-GPOS-00058
    - SRG-OS-000033-GPOS-00014
    - SRG-OS-000423-GPOS-00187
    - SRG-OS-000424-GPOS-00188
    - SRG-OS-000425-GPOS-00189
    - SRG-OS-000426-GPOS-00190
    - SRG-OS-000033-GPOS-00014
    - SRG-OS-000250-GPOS-00093
  disa_stig: 
    - AOSX-14-000040
    - AOSX-14-004011
    - AOSX-14-004010
    - AOSX-14-000011
    - AOSX-14-000010
  800-171r2:
    - 3.1.13
    - 3.1.15
    - 3.5.4
    - 3.7.5
    - 3.13.8
macOS:
  - "10.15"
tags:
  - 800-171
  - cnssi-1253
  - fisma-moderate
  - fisma-high
  - STIG
mobileconfig: false
mobileconfig_info: