Check System folder for world writable files
Details Software sometimes insists on being installed in the /System Directory and have inappropriate world writable permissions. Rationale: Folders in...
- Home
- Security Hardening
- CIS Apple MacOS 10.12 L1 V1.2.0
CIS Apple MacOS 10.12 L1 V1.2.0
Check System Wide Applications for appropriate permissions
Details Applications in the System Applications Directory (/Applications) should be world executable since that is their reason to be on...Configure account lockout threshold
Details The account lockout threshold specifies the amount of times a user can enter an incorrect password before a lockout...Control access to audit records – /etc/security/audit_control
Details The audit system on macOS writes important operational and security information that can be both useful for an attacker...Control access to audit records – /var/audit
Details The audit system on macOS writes important operational and security information that can be both useful for an attacker...Disable Bluetooth Sharing
Details Bluetooth Sharing allows files to be exchanged with Bluetooth enabled devices. Rationale: Disabling Bluetooth Sharing minimizes the risk of...Disable DVD or CD Sharing
Details DVD or CD Sharing allows users to remotely access the system’s optical drive. Rationale: Disabling DVD or CD Sharing...Disable File Sharing – AppleFileServer
Details Apple’s File Sharing uses a combination of SMB (Windows sharing) and AFP (Mac sharing) Two common ways to share...Disable File Sharing – SMB
Details Apple’s File Sharing uses a combination of SMB (Windows sharing) and AFP (Mac sharing) Two common ways to share...Disable Internet Sharing
Details Internet Sharing uses the open source natd process to share an internet connection with other computers and devices on...