STIGQter: STIG Summary: Apple macOS 11 (Big Sur) Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.

DISA Rule

SV-230786r599842_rule

Vulnerability Number

V-230786

Group Title

SRG-OS-000109-GPOS-00056

Rule Version

APPL-11-001100

Severity

CAT II

CCI(s)

• CCI-000770 - The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed.

Weight

10

Fix Recommendation

To ensure that "PermitRootLogin" is disabled by sshd, run the following command:

/usr/bin/sudo /usr/bin/sed -i.bak 's/^[\#]*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config

Check Contents

If SSH is not being used, this is Not Applicable.

To check if SSH has root logins enabled, run the following command:

/usr/bin/grep ^PermitRootLogin /etc/ssh/sshd_config

If there is no result, or the result is set to "yes", this is a finding.

Vulnerability Number

V-230786

Documentable

False

Rule Version

APPL-11-001100

Severity Override Guidance

If SSH is not being used, this is Not Applicable.

To check if SSH has root logins enabled, run the following command:

/usr/bin/grep ^PermitRootLogin /etc/ssh/sshd_config

If there is no result, or the result is set to "yes", this is a finding.

Check Content Reference

M

Target Key

5246

Comments