Catalina - Disable Media Sharing - home-sharing-enabled

Information

Media sharing _MUST_ be disabled.

When Media Sharing is enabled, the computer starts a network listening service that shares the contents of the user's music collection with other users in the same subnet.

The information system _MUST_ be configured to provide only essential capabilities. Disabling Media Sharing helps prevent the unauthorized connection of devices and the unauthorized transfer of information. Disabling Media Sharing mitigates this risk.
[NOTE]
====
The check and fix are for the currently logged in user. To get the currently logged in user, run the following.
[source,bash]
----
CURRENT_USER=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
----
====

Solution

[source,bash]
----
/usr/bin/sudo -u "$CURRENT_USER" /usr/bin/defaults write com.apple.amp.mediasharingd public-sharing-enabled -int 0
/usr/bin/sudo -u "$CURRENT_USER" /usr/bin/defaults write com.apple.amp.mediasharingd home-sharing-enabled -int 0
/usr/bin/pkill -9 AMPLibraryAgent
/usr/bin/pkill -9 mediasharingd
----

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, 800-53|AC-17, CCE|CCE-84771-5

Plugin: Unix

Control ID: cc83a6591559d172b12feca38ae59d07174efc4a31eebbe0aaf7a44084822019