Title

The macOS system must be configured to disable SMB File Sharing unless it is required. (Cat II impact)

Discussion

File sharing is usually nonessential and must be disabled if not required. Enabling any service increases the attack surface for an intruder. By disabling unnecessary services, the attack surface is minimized.

Check Content

Verify the macOS system is configured to disable the SMB File Sharing service with the following command: /bin/launchctl print-disabled system | /usr/bin/grep com.apple.smbd "com.apple.smbd" => disabled If the results are not "com.apple.smbd => disabled" or SMB file sharing has not been documented with the ISSO as an operational requirement, this is a finding.

Fix Text

Configure the macOS system to disable the SMB File Sharing service with the following command: /usr/bin/sudo /bin/launchctl disable system/com.apple.smbd The system may need to be restarted for the update to take effect.

Additional Identifiers

Rule ID: SV-257185r905188_rule

Vulnerability ID: V-257185

Group Title: SRG-OS-000095-GPOS-00049

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.