4.4 Ensure http server is not running


macOS used to have a graphical front-end to the embedded Apache web server in the Operating System. Personal web sharing could be enabled to allow someone on another computer to download files or information from the user's computer. Personal web sharing from a user endpoint has long been considered questionable and Apple has removed that capability from the GUI. Apache however is still part of the Operating System and can be easily turned on to share files and provide remote connectivity to an end user computer. Web sharing should only be done through hardened web servers and appropriate cloud services.


Web serving should not be done from a user desktop. Dedicated webservers or appropriate cloud storage should be used. Open ports make it easier to exploit the computer.


The web server is both a point of attack for the system and a means for unauthorized file transfers.


Run the following command to disable the http server services:

$ sudo apachectl stop

See Also


Item Details


References: 800-53|CM-7b.

Plugin: Unix

Control ID: adfbb57f55b2f12fbb7623056ac5dd8d70885cc499c1b8290dbc0fd71526f235