Title

The macOS system must be configured to disable SMB File Sharing unless it is required. (Cat II impact)

Discussion

File Sharing is usually non-essential and must be disabled if not required. Enabling any service increases the attack surface for an intruder. By disabling unnecessary services, the attack surface is minimized.

Check Content

If SMB File Sharing is required, this is not applicable. To check if the SMB File Sharing service is disabled, use the following command: /bin/launchctl print-disabled system | /usr/bin/grep com.apple.smbd If the results do not show the following, this is a finding: "com.apple.smbd" => true

Fix Text

To disable the SMB File Sharing service, run the following command: /usr/bin/sudo /bin/launchctl disable system/com.apple.smbd The system may need to be restarted for the update to take effect.

Additional Identifiers

Rule ID: SV-252479r958478_rule

Vulnerability ID: V-252479

Group Title: SRG-OS-000095-GPOS-00049

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.