STIGQter: STIG Summary: Apple OS X 10.15 (Catalina) Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 23 Apr 2021:

The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system via SSH.

DISA Rule

SV-225135r610901_rule

Vulnerability Number

V-225135

Group Title

SRG-OS-000023-GPOS-00006

Rule Version

AOSX-15-000024

Severity

CAT II

CCI(s)

• CCI-000048 - The information system displays an organization-defined system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
• CCI-000050 - The information system retains the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the information system.

Weight

10

Fix Recommendation

For systems that allow remote access through SSH, run the following command:

# /usr/bin/sudo /usr/bin/sed -i.bak 's/^#Banner.*/Banner \/etc\/banner/' /etc/ssh/sshd_config

Check Contents

For systems that allow remote access through SSH, run the following command to verify that "/etc/banner" is displayed before granting access:

# /usr/bin/grep Banner /etc/ssh/sshd_config

Banner /etc/banner

If the sshd Banner configuration option does not point to "/etc/banner", this is a finding.

Vulnerability Number

V-225135

Documentable

False

Rule Version

AOSX-15-000024

Severity Override Guidance

For systems that allow remote access through SSH, run the following command to verify that "/etc/banner" is displayed before granting access:

# /usr/bin/grep Banner /etc/ssh/sshd_config

Banner /etc/banner

If the sshd Banner configuration option does not point to "/etc/banner", this is a finding.

Check Content Reference

M

Target Key

4212

Comments