Detections
Analytics

CIS Apple OSX 10.6 Snow Leopard L2 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Apple OSX 10.6 Snow Leopard L2 v1.0.0

Updated: 4/2/2021

Authority: CIS

Plugin: Unix

Revision: 1.27

Estimated Item Count: 73

Audit Items

DescriptionCategories
1.1.1 Securely erase the Mac OS X partition before installation
1.1.2 Do not connect to the Internet when setting up a Mac
1.1.10 Update system software using verified packages
1.2.1 Use an EFI password

SYSTEM AND INFORMATION INTEGRITY

1.2.3 Create an access warning for the command line

ACCESS CONTROL

1.2.5 Disable Bluetooth

CONFIGURATION MANAGEMENT

1.2.6 Disable the iSight camera

CONFIGURATION MANAGEMENT

1.2.7 Reduce the sudo timeout period

ACCESS CONTROL

1.2.8 Remove unneeded QuickTime components
1.2.9 Disable Core Dumps

ACCESS CONTROL

1.3.4 Restrict sudo users to being able to access only required commands

ACCESS CONTROL

1.3.5 Securely configure LDAPv3 access
1.3.6 Securely configure Active Directory access
1.3.8 Set a strong password policy
1.3.10 Secure the login keychain
1.3.11 Secure individual keychain items
1.3.12 Create specialized keychains for different purposes
1.3.13 Use a portable drive to store keychains
1.4.2.5 Configure 'Allow network users to login to this computer'
1.4.2.6 Disable 'Enable fast user switching'

ACCESS CONTROL

1.4.4 CDs & DVDs Preferences Actions Items
1.4.5.2 Use an internal Software Update mechanism

SYSTEM AND INFORMATION INTEGRITY

1.4.5.3 Maintain a software asset inventory external to the computer
1.4.7.1 Disable sleeping the computer when connected to power

ACCESS CONTROL

1.4.8.1 Do not set any screen corner to Disable Screen Saver

ACCESS CONTROL

1.4.10.1 Create network specific locations
1.4.10.5 Disable IPv6

CONFIGURATION MANAGEMENT

1.4.13.9 Enable FileVault for every account
1.4.13.11 Enable Secure Keyboard Entry in terminal.app
1.4.14.1 Change the computer name

CONFIGURATION MANAGEMENT

1.4.14.4 Secure SMB

IDENTIFICATION AND AUTHENTICATION

1.4.14.7 Secure Web Sharing 'ServerSignature'

CONFIGURATION MANAGEMENT

1.4.14.7 Secure Web Sharing 'ServerTokens'

CONFIGURATION MANAGEMENT

1.4.14.7 Secure Web Sharing 'TraceEnable'

CONFIGURATION MANAGEMENT

1.4.14.7 Secure Web Sharing 'UserDir'

CONFIGURATION MANAGEMENT

1.4.14.8 Secure Remote Login 'AllowUsers/AllowGroups'

ACCESS CONTROL

1.4.14.8 Secure Remote Login 'ClientAliveCountMax'

ACCESS CONTROL

1.4.14.8 Secure Remote Login 'ClientAliveInterval'

ACCESS CONTROL

1.4.14.8 Secure Remote Login 'GSSAPIAuthentication yes'

IDENTIFICATION AND AUTHENTICATION

1.4.14.8 Secure Remote Login 'GSSAPICleanupCredentials'

IDENTIFICATION AND AUTHENTICATION

1.4.14.8 Secure Remote Login 'HostbasedAuthentication'

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

1.4.14.8 Secure Remote Login 'IgnoreRhosts'

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

1.4.14.8 Secure Remote Login 'LoginGraceTime'

ACCESS CONTROL

1.4.14.8 Secure Remote Login 'LogLevel'

AUDIT AND ACCOUNTABILITY

1.4.14.8 Secure Remote Login 'MaxAuthTries'

ACCESS CONTROL

1.4.14.8 Secure Remote Login 'PermitEmptyPasswords'

IDENTIFICATION AND AUTHENTICATION

1.4.14.8 Secure Remote Login 'PermitRootLogin'

ACCESS CONTROL

1.4.14.8 Secure Remote Login 'PermitUserEnvironment'

CONFIGURATION MANAGEMENT

1.4.14.8 Secure Remote Login 'Protocol'

CONFIGURATION MANAGEMENT

1.4.14.8 Secure Remote Login 'X11Forwarding'

ACCESS CONTROL, CONFIGURATION MANAGEMENT