The macOS system must disable root logon.

An XCCDF Rule

Details
Profiles

Description

To ensure individual accountability and prevent unauthorized access, logging in as root at the login window must be disabled. The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator, and administrator users must never log in directly as root. Satisfies: SRG-OS-000104-GPOS-00051,SRG-OS-000109-GPOS-00056,SRG-OS-000364-GPOS-00151

ID: SV-259444r1009580_rule
Version: APPL-14-000100
Severity: Medium
References: CCI-000764 CCI-000770 CCI-001813 CCI-004045
Updated: about 2 months ago

Remediation Templates

Configure the macOS system to disable root login with the following command:

/usr/bin/dscl . -create /Users/root UserShell /usr/bin/false

The macOS system must disable root logon.

Description

Remediation Templates

A Manual Procedure