Detections
Analytics

CIS Apple OSX 10.5 Leopard L1 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Apple OSX 10.5 Leopard L1 v1.0.0

Updated: 4/2/2021

Authority: CIS

Plugin: Unix

Revision: 1.24

Estimated Item Count: 76

Audit Items

DescriptionCategories
2.1.3 Install Mac OS X using Mac OS Extended Journaled disk format
2.1.4 Do not install any unnecessary packages
2.1.5 Do not transfer confidential information in Setup Assistant
2.1.6 Create administrator accounts with difficult-to-guess names
2.1.7 Create complex passwords for administrator accounts
2.1.8 Do not enter a password-related hint
2.3.1 Create an administrator account and a standard account for each administrator
2.3.2 Create a standard or managed account for each non-administrator
2.3.3 Set appropriate parental controls for managed accounts
2.3.7 Use Password Assistant to help generate complex passwords
2.3.13 Do Not Enable the 'root' Account

ACCESS CONTROL

2.4.1.1 Do not enable .Mac for administrator accounts
2.4.1.4 Enable Public Folder password protection
2.4.1.6 Sign out of .Mac if signed in
2.4.2.1 Change initial password for the system administrator account
2.4.2.2 Disable Automatic Login & 2.4.13.2 Disable Automatic Login

ACCESS CONTROL

2.4.2.3 Display Login Window as Name and Password

ACCESS CONTROL

2.4.2.4 Disable 'Show password hints'

IDENTIFICATION AND AUTHENTICATION

2.4.2.7 Disable 'Allow guest to log into this computer'

ACCESS CONTROL

2.4.2.8 Disable 'Allow guests to connect to shared folders' (AFP)

ACCESS CONTROL

2.4.2.8 Disable 'Allow guests to connect to shared folders' (SMB)

ACCESS CONTROL

2.4.3.1 Disable Bluetooth by using System Preferences for each User Account

CONFIGURATION MANAGEMENT

2.4.3.2 Disable Bluetooth Internet Connection Sharing

CONFIGURATION MANAGEMENT

2.4.3.3 If Bluetooth is used, turn off 'Discoverable' when not needed
2.4.3.4 Show Bluetooth status in menu bar
2.4.5.1 Enter Correct Time Settings - /etc/hostconfig check

CONFIGURATION MANAGEMENT

2.4.5.1 Enter Correct Time Settings - Network Time Protocol Check

AUDIT AND ACCOUNTABILITY

2.4.5.1 Enter Correct Time Settings - time server(s) check

AUDIT AND ACCOUNTABILITY

2.4.6.1 Set a Short Inactivity Interval for the Screen Saver

ACCESS CONTROL

2.4.7.2 Verify Display Sleep is set to a Value Larger than the Screen Saver

ACCESS CONTROL

2.4.7.3 Disable 'Wake when the Modem Detects a Ring' for All Power Settings

ACCESS CONTROL

2.4.7.4 Disable 'Wake for Ethernet network administrator access' for power adapter settings

ACCESS CONTROL

2.4.8.1 Do not set any Screen Corner to Disable Screen Saver (wvous-bl-corner keys)

ACCESS CONTROL

2.4.8.2 Set a screen corner to Start Screen Saver

ACCESS CONTROL

2.4.8.3 Do not set any Screen Corner to Sleep Display

ACCESS CONTROL

2.4.9.1 Disable 'Allow Bluetooth devices to wake this computer'

CONFIGURATION MANAGEMENT

2.4.10.2 Disable AirPort
2.4.10.3 Enable Show AirPort Status in Menu Bar
2.4.10.4 Disable Bluetooth
2.4.11.1 Only use known printers
2.4.11.2 Disable receiving faxes
2.4.12.2 Do not install third-party QuickTime software
2.4.12.3 Disable 'Play Movies automatically'
2.4.13.1 Require a Password to Wake the Computer from Sleep or Screen Saver

ACCESS CONTROL

2.4.13.2 Disable automatic login
2.4.13.3 Require a password to unlock each System Preferences pane
2.4.13.4 Disable 'automatic logout' After a Period of Inactivity

ACCESS CONTROL

2.4.13.5 Use Secure Virtual Memory

SYSTEM AND INFORMATION INTEGRITY

2.4.13.6 Disable Remote Control Infrared Receiver

ACCESS CONTROL

2.4.13.7 Pair the Remote Control Infrared Receiver

ACCESS CONTROL