DISA STIG Apple Mac OSX 10.6 v1r3

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Apple Mac OSX 10.6 v1r3

Updated: 4/2/2021

Authority: DISA STIG

Plugin: Unix

Revision: 1.33

Estimated Item Count: 306

Audit Items

Description	Categories
DISA_STIG_MacOSX_10.6_v1r3.audit
GEN000800 M6 - The system must prohibit the reuse of passwords to 15 iterations - 'Local usingHistory = 15'	IDENTIFICATION AND AUTHENTICATION
GEN000800 M6 - The system must prohibit the reuse of passwords to 15 iterations - 'Managed usingHistory = 15'	IDENTIFICATION AND AUTHENTICATION
GEN000880 M6 - The root account must be the only account having a UID of '0' - 'other users'	IDENTIFICATION AND AUTHENTICATION
GEN001140 M6 - System files and directories must not have uneven access permissions - '/bin'	CONFIGURATION MANAGEMENT
GEN001140 M6 - System files and directories must not have uneven access permissions - '/etc'	CONFIGURATION MANAGEMENT
GEN001140 M6 - System files and directories must not have uneven access permissions - '/sbin'	CONFIGURATION MANAGEMENT
GEN001140 M6 - System files and directories must not have uneven access permissions - '/usr/bin'	CONFIGURATION MANAGEMENT
GEN001140 M6 - System files and directories must not have uneven access permissions - '/usr/sbin'	CONFIGURATION MANAGEMENT
GEN001160 M6 - All files and directories must have a valid owner	ACCESS CONTROL
GEN001170 M6 - All files and directories must have a valid group owner	ACCESS CONTROL
GEN001180 M6 - All network services daemon files must have mode 0755 or less permissive - '/usr/sbin/*'	CONFIGURATION MANAGEMENT
GEN001190 M6 - All network services daemon files must not have extended ACLs - '/usr/sbin/*'	ACCESS CONTROL
GEN001200 M6 - All system command files must have mode 0755 or less permissive - '/bin'	CONFIGURATION MANAGEMENT
GEN001200 M6 - All system command files must have mode 0755 or less permissive - '/sbin'	CONFIGURATION MANAGEMENT
GEN001200 M6 - All system command files must have mode 0755 or less permissive - '/usr/bin'	CONFIGURATION MANAGEMENT
GEN001200 M6 - All system command files must have mode 0755 or less permissive - '/usr/sbin'	CONFIGURATION MANAGEMENT
GEN001210 M6 - System command files must not have extended ACLs - '/bin'	ACCESS CONTROL
GEN001210 M6 - System command files must not have extended ACLs - '/sbin'	ACCESS CONTROL
GEN001210 M6 - System command files must not have extended ACLs - '/usr/bin'	ACCESS CONTROL
GEN001210 M6 - System command files must not have extended ACLs - '/usr/sbin'	ACCESS CONTROL
GEN001220 M6 - All system files, programs, and directories must be owned by a system account - '/bin'	CONFIGURATION MANAGEMENT
GEN001220 M6 - All system files, programs, and directories must be owned by a system account - '/sbin'	CONFIGURATION MANAGEMENT
GEN001220 M6 - All system files, programs, and directories must be owned by a system account - '/usr/bin'	CONFIGURATION MANAGEMENT
GEN001220 M6 - All system files, programs, and directories must be owned by a system account - '/usr/sbin'	CONFIGURATION MANAGEMENT
GEN001240 M6 - System files, programs, and directories must be group-owned by a system group - '/bin'	CONFIGURATION MANAGEMENT
GEN001240 M6 - System files, programs, and directories must be group-owned by a system group - '/sbin'	CONFIGURATION MANAGEMENT
GEN001240 M6 - System files, programs, and directories must be group-owned by a system group - '/usr/bin'	CONFIGURATION MANAGEMENT
GEN001240 M6 - System files, programs, and directories must be group-owned by a system group - '/usr/sbin'	CONFIGURATION MANAGEMENT
GEN001260 M6 - System log files must have mode 644 or less permissive - '/var/audit'	AUDIT AND ACCOUNTABILITY
GEN001260 M6 - System log files must have mode 644 or less permissive - '/var/log'	CONFIGURATION MANAGEMENT
GEN001270 M6 - System log files must not have extended ACLs, except as needed to support authorized software - '/var/log/*'	ACCESS CONTROL
GEN001280 M6 - Manual page files must have mode 0644 or less permissive - '/usr/share/man/*'	CONFIGURATION MANAGEMENT
GEN001290 M6 - All manual page files must not have extended ACLs - '/usr/share/man/*'	ACCESS CONTROL
GEN001300 M6 - Library files must have mode 0755 or less permissive - '/Library/Frameworks'	CONFIGURATION MANAGEMENT
GEN001300 M6 - Library files must have mode 0755 or less permissive - '/System/Library/Frameworks'	CONFIGURATION MANAGEMENT
GEN001300 M6 - Library files must have mode 0755 or less permissive - '/usr/lib'	CONFIGURATION MANAGEMENT
GEN001300 M6 - Library files must have mode 0755 or less permissive - '/usr/local/lib'	CONFIGURATION MANAGEMENT
GEN001310 M6 - All library files must not have extended ACLs - '/Library/Frameworks'	ACCESS CONTROL
GEN001310 M6 - All library files must not have extended ACLs - '/System/Library/Frameworks'	ACCESS CONTROL
GEN001310 M6 - All library files must not have extended ACLs - '/usr/lib'	ACCESS CONTROL
GEN001310 M6 - All library files must not have extended ACLs - '/usr/local/lib'	ACCESS CONTROL
GEN001362 M6 - The /etc/hosts file must be owned by root	CONFIGURATION MANAGEMENT
GEN001362 M6 - The /etc/resolv.conf file must be owned by root	CONFIGURATION MANAGEMENT
GEN001363 M6 - The /etc/resolv.conf file must be group-owned by wheel	CONFIGURATION MANAGEMENT
GEN001364 M6 - The /etc/resolv.conf file must have mode 0644 or less permissive	CONFIGURATION MANAGEMENT
GEN001365 M6 - The /etc/resolv.conf file must not have an extended ACL	ACCESS CONTROL
GEN001367 M6 - The /etc/hosts file must be group-owned by wheel	CONFIGURATION MANAGEMENT
GEN001368 M6 - The /etc/hosts file must have mode 0644 or less permissive	CONFIGURATION MANAGEMENT
GEN001369 M6 - The /etc/hosts file must not have an extended ACL	ACCESS CONTROL

Detections

Analytics

DISA STIG Apple Mac OSX 10.6 v1r3

Warning! Audit Deprecated

Audit Details

Audit Items