The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.

An XCCDF Rule

Details
Profiles

Description

Administrator users must never log in directly as root. To assure individual accountability and prevent unauthorized access, logging in as root over a remote connection must be disabled. Administrators should only run commands as root after first authenticating with their individual user names and passwords.

ID: SV-252478r858511_rule
Version: APPL-12-001100
Severity: Medium
References: CCI-000770
Updated: 5 days ago

Remediation Templates

To ensure that "PermitRootLogin" is disabled by sshd, run the following command:

/usr/bin/sudo /usr/bin/sed -i.bak 's/^[\#]*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config

The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.

Description

Remediation Templates

A Manual Procedure