Ensure nfs server is not running
Details File serving should not be done from a user desktop, dedicated servers should be used. Open ports make it...
- Home
- Security Hardening
- CIS Apple OSX 10.11 El Capitan L1 V1.1.0
CIS Apple OSX 10.11 El Capitan L1 V1.1.0
Ensure time set is within appropriate limits
Details Kerberos may not operate correctly if the time on the Mac is off by more than 5 minutes. This...Pair the remote control infrared receiver if enabled
Details An infrared remote can be used from a distance to circumvent physical security controls. A remote could also be...Pair the remote control infrared receiver if enabled – ‘DeviceEnabled = 1’
Details An infrared remote can be used from a distance to circumvent physical security controls. A remote could also be...Pair the remote control infrared receiver if enabled – ‘UIDFilter != none’
Details An infrared remote can be used from a distance to circumvent physical security controls. A remote could also be...Restrict NTP server to loopback interface – interface ignore wildcard
Details Mobile workstations on untrusted networks should not have open listening services available to other nodes on the network. Solution...Restrict NTP server to loopback interface – interface listen lo
Details Mobile workstations on untrusted networks should not have open listening services available to other nodes on the network. Solution...Restrict NTP server to loopback interface – restrict lo
Details Mobile workstations on untrusted networks should not have open listening services available to other nodes on the network. Solution...Retain appfirewall.log for 90 or more days
Details Archiving and retaining appfirewall.log for 90 or more days is beneficial in the event of an incident as it...Retain authd.log for 90 or more days
Details Archiving and retaining authd.log for 90 or more days is beneficial in the event of an incident as it...