Check: AOSX-13-000553
Apple OS X 10.13 STIG:
AOSX-13-000553
(in versions v2 r5 through v1 r1)
Title
The macOS system must not have a root account. (Cat II impact)
Discussion
To assure individual accountability and prevent unauthorized access, organizational users must be individually identified and authenticated.
Check Content
To check if the root account is disabled, run the following command: defaults read /var/db/dslocal/nodes/Default/users/root.plist passwd ( "*" ) The output should be a single asterisk in quotes, as seen above. If the output is as follow, this is a finding: ( "********" )
Fix Text
Disable the root account with the following command: /usr/sbin/dsenableroot -d
Additional Identifiers
Rule ID: SV-214867r609363_rule
Vulnerability ID: V-214867
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
Number | Title |
---|---|
CM-6 |
Configuration Settings |