Sample Guide - Traxes/Hardening GitHub Wiki
Beispieltext mit Referenz auf Referenz nummer
As no official hardening guide for Apple’s OS X Mountain Lion is available yet, ERNW has compiled the most relevant settings into this checklist. While there is a significant amount of controls that can be applied, this document is supposed to provide a solid base of hardening measures. Settings which might have severe impact on the functionality of the operating system and need a lot of further testing are not part of this checklist.
We have marked each recommended setting in this checklist either with “mandatory” or “optional” to make a clear statement, which setting is a MUST (mandatory) or a SHOULD (optional) from our point of view. “Optional” also means that we recommend to apply this setting, but there may be required functionality on the system that will become unavailable once the setting is applied.
Description of the control.
- Implementation step 1 → click here → then there
- Implementation step 2
command for copy & paste
! Note about potential side effect or warning
Disable access with locked screen.
- In /etc/authorization edit the section system.login.screensaver as follows:
<key>system.login.screensaver</key>
<dict>
Configuration file sample
</dict>
#3 Zitat von Einstein… etc
- Refer to the following screenshot:
The following table lists service files and the corresponding functionality that should be disabled/must not be enabled unless required.
Example for table:
| Filename | Functionality |
|---|---|
| ftp.plist | FTP |
| smbd.plist | SMB |
| org.apache.httpd.plist | HTTP Server |
| eppc.plist | Remote Apple Events |
| com.apple.xgridagentd.plist | Xgrid |
| com.apple.xgridcontrollerd.plist | Xgrid |
| com.apple.InternetSharing.plist | Iternet Sharing |
| com.apple.dashboard.advisory.fetch.plist | Dashboard Auto-Update |
| com.apple.UserNotificationCenter.plist | User notifications |
| com.apple.RemoteDesktop.PrivilegeProxy.plist | ARD |
| com.apple.RemoteDesktop.plist | ARD |
| com.apple.IIDCAssistant.plist | iSight |
| com.apple.blued.plist | Bluetooth |
| com.apple.RemoteUI.plist | Remote Control |
- In combination with the previous line, this option does not have any effect, yet we recommended it in case timestamp_timeout will be changed.
- This setting only enables automatic updates for the system and system software. Updates for 3rd party software must be installed manually/in another way.
Example for in-line html:
3: While IPv6 is not in use in many environments yet, we basically
recommend to gather operational and security requirements for future
deployments:
http://blog.ipspace.net/2013/05/the-dangers-of-ignoring-ipv6.html