Big Sur - Disable Root Login

Information

To assure individual accountability and prevent unauthorized access, logging in as root at the login window _MUST_ be disabled.

The macOS system _MUST_ require individuals to be authenticated with an individual authenticator prior to using a group authenticator, and administrator users _MUST_ never log in directly as root.

Solution

[source,bash]
----
/usr/bin/dscl . -create /Users/root UserShell /usr/bin/false
----

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2, 800-53|IA-2(5), 800-53|IA-5, CCE|CCE-85374-7

Plugin: Unix

Control ID: 246e21190bbd6113b76bafd09a30c5356122496e53e513cb351ac80108eae7f0