Detections
Analytics

CIS Apple OSX 10.5 Leopard L2 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Apple OSX 10.5 Leopard L2 v1.0.0

Updated: 4/2/2021

Authority: CIS

Plugin: Unix

Revision: 1.24

Estimated Item Count: 70

Audit Items

DescriptionCategories
2.1.1 Securely erase the Mac OS X partition before installation
2.1.2 Do not connect to the Internet when setting up a Mac
2.1.9 Update system software using verified packages
2.2.1 Use an Open Firmware or EFI password

SYSTEM AND INFORMATION INTEGRITY

2.2.2 Create an Access Warning for the Login Window (com.apple.loginwindow)

ACCESS CONTROL

2.2.3 Create an Access Warning for the Command Line (/etc/motd for SSH)

ACCESS CONTROL

2.2.3 Create an Access Warning for the Command Line (FTP - 'Show banner message')

ACCESS CONTROL

2.2.3 Create an Access Warning for the Command Line (FTP - 'Show welcome message')

ACCESS CONTROL

2.2.4 Disable Bluetooth (launchctl check)

CONFIGURATION MANAGEMENT

2.2.4 Disable the Bluetooth Extension Driver (IOBluetoothHIDDriver.kext)

CONFIGURATION MANAGEMENT

2.2.4 Disable the Bluetooth Extension Driver (OBluetoothFamily.kext)

CONFIGURATION MANAGEMENT

2.2.5 Disable the iSight camera (Apple_iSight.kext)

CONFIGURATION MANAGEMENT

2.2.5 Disable the iSight camera (system_profiler check for iSight)

CONFIGURATION MANAGEMENT

2.2.6 Reduce the Sudo Timeout Period

ACCESS CONTROL

2.2.7 Remove unneeded QuickTime components
2.2.8 Disable Core Dumps

ACCESS CONTROL

2.3.4 Restrict Sudo Users to being able to Access Only Required Commands

ACCESS CONTROL

2.3.5 Securely configure LDAPv3 access
2.3.6 Securely configure Active Directory access
2.3.8 Set a strong password policy
2.3.9 Secure the login keychain
2.3.10 Secure individual keychain items
2.3.11 Create specialized keychains for different purposes
2.3.12 Use a portable drive to store keychains
2.4.1.2 Disable all Sync options

CONFIGURATION MANAGEMENT

2.4.1.3 Disable iDisk Syncing

CONFIGURATION MANAGEMENT

2.4.1.5 Do not register computers for synchronization
2.4.1.7 Disable the .Mac preference pane from System Preferences
2.4.2.6 Disable 'Enable fast user switching'
2.4.4.1 Disable Automatic Actions for Blank CDs for each User Account

CONFIGURATION MANAGEMENT

2.4.4.2 Disable Automatic Actions for Blank DVDs for each User Account

CONFIGURATION MANAGEMENT

2.4.4.3 Disable Automatic Actions for Music CDs for each User Account

CONFIGURATION MANAGEMENT

2.4.4.4 Disable automatic actions for picture CDs for each User Account

CONFIGURATION MANAGEMENT

2.4.4.5 Disable automatic actions for video DVDs for each User Account

CONFIGURATION MANAGEMENT

2.4.5.2 Use an Internal Software Update Server

SYSTEM AND INFORMATION INTEGRITY

2.4.7.1 Disable Sleeping the Computer when Connected to Power

ACCESS CONTROL

2.4.10.1 Create network specific locations
2.4.10.5 Disable IPv6
2.4.12.1 Disable 'Save movies in disk cache'
2.4.13.8 Enable FileVault for every account
2.4.14.1 Change the Computer Name

CONFIGURATION MANAGEMENT

2.4.14.4 Secure SMB (Do not allow any anonymous connections)

IDENTIFICATION AND AUTHENTICATION

2.4.14.4 Secure SMB (Do not allow guest)

IDENTIFICATION AND AUTHENTICATION

2.4.14.4 Secure SMB (Only allow NTLMv2 and LMv2 response)

IDENTIFICATION AND AUTHENTICATION

2.4.14.7 Secure Web Share (ServerSignature Off)

CONFIGURATION MANAGEMENT

2.4.14.7 Secure Web Share (ServerTokens Prod)

CONFIGURATION MANAGEMENT

2.4.14.7 Secure Web Share (TraceEnable Off)

CONFIGURATION MANAGEMENT

2.4.14.7 Secure Web Share (UserDir Disabled)

CONFIGURATION MANAGEMENT

2.4.14.14 Completely Disable Sharing Services (com.apple.AppleFileServer.plist)

CONFIGURATION MANAGEMENT

2.4.14.14 Completely Disable Sharing Services (com.apple.InternetSharing.plist)

CONFIGURATION MANAGEMENT