Information
macOS used to have a graphical front-end to the embedded Apache web server in the Operating System. Personal web sharing could be enabled to allow someone on another computer to download files or information from the user's computer. Personal web sharing from a user endpoint has long been considered questionable, and Apple has removed that capability from the GUI. Apache, however, is still part of the Operating System and can be easily turned on to share files and provide remote connectivity to an end-user computer. Web sharing should only be done through hardened web servers and appropriate cloud services.
Web serving should not be done from a user desktop. Dedicated webservers or appropriate cloud storage should be used. Open ports make it easier to exploit the computer.
Solution
Run the following command to disable the HTTP server services:
% /usr/bin/sudo /usr/sbin/apachectl stop
% /usr/bin/sudo /bin/launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist
Impact:
The web server is both a point of attack for the system and a means for unauthorized file transfers.
Item Details
Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1, CSCv7|9.2
Control ID: e2e35cc8f3b3307875f385c464c7d771e80e15642ccd281021424665489e2987