Check: OSX8-00-00035
Apple OSX 10.8 STIG:
OSX8-00-00035
(in version v1 r2)
Title
The rexec service must be disabled. (Cat I impact)
Discussion
Remote network access is accomplished by leveraging common communication protocols and establishing a remote connection. These connections will occur over the public Internet. Remote access is any access to an organizational information system by a user (or an information system) communicating through an external, non-organization-controlled network (e.g., the Internet). Examples of remote access methods include dial-up, broadband, and wireless. Using cryptography ensures confidentiality of the remote access connections.
Check Content
The service "rexec" should be disabled, to check the status of the service, run the following command: sudo defaults read /System/Library/LaunchDaemons/exec Disabled If the result is not "1", this is a finding.
Fix Text
To set the "rexec" service to disabled, run the following command: sudo defaults write /System/Library/LaunchDaemons/exec Disabled 1
Additional Identifiers
Rule ID: SV-65691r1_rule
Vulnerability ID: V-51481
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000068 |
The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions. |
Controls
Number | Title |
---|---|
AC-17 (2) |
Protection Of Confidentiality / Integrity Using Encryption |