4.4 Ensure http server is not running

Information

macOS used to have a graphical front-end to the embedded Apache web server in the Operating System. Personal web sharing could be enabled to allow someone on another computer to download files or information from the user's computer. Personal web sharing from a user endpoint has long been considered questionable and Apple has removed that capability from the GUI. Apache however is still part of the Operating System and can be easily turned on to share files and provide remote connectivity to an end user computer. Web sharing should only be done through hardened web servers and appropriate cloud services.

Rationale:

Web serving should not be done from a user desktop. Dedicated webservers or appropriate cloud storage should be used. Open ports make it easier to exploit the computer.

Impact:

The web server is both a point of attack for the system and a means for unauthorized file transfers.

Solution

Ensure that the Web Server is not running and is not set to start at boot
Stop the Web Server

sudo apachectl stop

Ensure that the web server will not auto-start at boot

sudo defaults write /System/Library/LaunchDaemons/org.apache.httpd Disabled -bool true

See Also

https://workbench.cisecurity.org/files/3092

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Unix

Control ID: 8edc5517fa94ec89582d76e4c16df4107137ff5ec8fd5dcfd43a4148b1942544