Title

The macOS system must disable Location Services. (Cat II impact)

Discussion

Location Services must be disabled. The information system must be configured to provide only essential capabilities. Disabling Location Services helps prevent unauthorized connection of devices, transfer of information, and tunneling.

Check Content

Verify the macOS system is configured to disable Location Services with the following command: /usr/bin/sudo -u _locationd /usr/bin/osascript -l JavaScript << EOS $.NSUserDefaults.alloc.initWithSuiteName('com.apple.locationd')\ .objectForKey('LocationServicesEnabled').js EOS If the result is not "false", this is a finding.

Fix Text

Configure the macOS system to disable Location Services with the following command: /usr/bin/defaults write /var/db/locationd/Library/Preferences/ByHost/com.apple.locationd LocationServicesEnabled -bool false; pid=$(/bin/launchctl list | /usr/bin/awk '/com.apple.locationd/ { print $1 }') kill -9 $pid

Additional Identifiers

Rule ID: SV-268480r1034380_rule

Vulnerability ID: V-268480

Group Title: SRG-OS-000095-GPOS-00049

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.