mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-03-17 06:12:10 +00:00
2ab099bfcd
* chore[rules]: updated STIG tags Removed the stig tag from rules that weren't in the stig. Added 'srg' tag to rules that had SRG references, but not in stig Issue #356 * chore[baseline]: updated STIG baseline * chore[references]: updated CCI and SRG refs Updated severity where needed too * fix[rule]: yaml syntax for CCI * fix[rules]: added missing STIG ODVs --------- Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov> Co-authored-by: Dan Brodjieski <dbrodjieski@icloud.com>
70 lines
1.3 KiB
YAML
70 lines
1.3 KiB
YAML
id: system_settings_ssh_enable
|
|
title: Enable SSH Server for Remote Access Sessions
|
|
discussion: |
|
|
Remote access sessions _MUST_ use encrypted methods to protect unauthorized individuals from gaining access.
|
|
check: |
|
|
/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.openssh.sshd" => enabled'
|
|
result:
|
|
integer: 1
|
|
fix: |
|
|
[source,bash]
|
|
----
|
|
/bin/launchctl enable system/com.openssh.sshd
|
|
----
|
|
references:
|
|
cce:
|
|
- CCE-92995-0
|
|
cci:
|
|
- CCI-000213
|
|
- CCI-001942
|
|
- CCI-002420
|
|
- CCI-002422
|
|
800-53r5:
|
|
- IA-2(8)
|
|
- AC-3
|
|
- CM-7
|
|
- CM-7(1)
|
|
- AC-17
|
|
800-53r4:
|
|
- AC-3
|
|
- CM-7
|
|
- CM-7(1)
|
|
- IA-2(8)
|
|
- IA-2(9)
|
|
srg:
|
|
- SRG-OS-000080-GPOS-00048
|
|
- SRG-OS-000113-GPOS-00058
|
|
- SRG-OS-000425-GPOS-00189
|
|
- SRG-OS-000426-GPOS-00190
|
|
disa_stig:
|
|
- APPL-14-000080
|
|
800-171r2:
|
|
- 3.1.1
|
|
- 3.1.2
|
|
- 3.4.6
|
|
- 3.5.4
|
|
cmmc:
|
|
- AC.L1-3.1.1
|
|
- CM.L2-3.4.6
|
|
- CM.L2-3.4.7
|
|
- IA.L2-3.5.4
|
|
macOS:
|
|
- '14.0'
|
|
tags:
|
|
- 800-53r5_low
|
|
- 800-53r5_moderate
|
|
- 800-53r5_high
|
|
- 800-53r4_low
|
|
- 800-53r4_moderate
|
|
- 800-53r4_high
|
|
- 800-171
|
|
- cnssi-1253_moderate
|
|
- cnssi-1253_low
|
|
- cnssi-1253_high
|
|
- cmmc_lvl2
|
|
- cmmc_lvl1
|
|
- stig
|
|
severity: medium
|
|
mobileconfig: false
|
|
mobileconfig_info:
|