2.4.5 Disable Remote Login

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Remote Login allows an interactive terminal connection to a computer.

Rationale:

Disabling Remote Login mitigates the risk of an unauthorized person gaining access to the system via Secure Shell (SSH). While SSH is an industry standard to connect to posix servers, the scope of the benchmark is for Apple macOS clients, not servers.

macOS does have an IP based firewall available (pf, ipfw has been deprecated) that is not enabled or configured. There are more details and links in section 7.5. macOS no longer has TCP Wrappers support built-in and does not have strong Brute-Force password guessing mitigations, or frequent patching of openssh by Apple. Most macOS computers are mobile workstations, managing IP based firewall rules on mobile devices can be very resource intensive. All of these factors can be parts of running a hardened SSH server.

Solution

Perform the following to implement the prescribed state:

1. Run the following command in Terminal:

sudo systemsetup -setremotelogin off

See Also

https://workbench.cisecurity.org/files/2105

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17

Plugin: Unix

Control ID: b2d41752e5514b759e3870c8336cda67d1e46e113ecf8ad2cc7a4a7bd9bce819