STIGQter: STIG Summary: Apple OS X 10.14 (Mojave) Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.

DISA Rule

SV-209565r610285_rule

Vulnerability Number

V-209565

Group Title

SRG-OS-000109-GPOS-00056

Rule Version

AOSX-14-001100

Severity

CAT II

CCI(s)

• CCI-000770 - The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed.

Weight

10

Fix Recommendation

To ensure that "PermitRootLogin" is disabled by sshd, run the following command:

/usr/bin/sudo /usr/bin/sed -i.bak 's/^[\#]*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config

Check Contents

To check if SSH has root logins enabled, run the following command:

/usr/bin/sudo /usr/bin/grep ^PermitRootLogin /etc/ssh/sshd_config

If there is no result, or the result is set to "yes", this is a finding.

Vulnerability Number

V-209565

Documentable

False

Rule Version

AOSX-14-001100

Severity Override Guidance

To check if SSH has root logins enabled, run the following command:

/usr/bin/sudo /usr/bin/grep ^PermitRootLogin /etc/ssh/sshd_config

If there is no result, or the result is set to "yes", this is a finding.

Check Content Reference

M

Target Key

2930

Comments