-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathbenchmark_section_4.sh
65 lines (60 loc) · 2.79 KB
/
benchmark_section_4.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/bin/bash
# Section 4.1: Disable Bonjour advertising service
echo "Section 4.1: Disable Bonjour advertising service"
echo "------------------------------------------------------------------------"
echo "Output:"
defaults read /Library/Preferences/com.apple.alf globalstate
echo "\nNotes:"
echo "Verify the value returned is 1 or 2"
echo "Perform the following to implement the prescribed state:"
echo "(Refer to the CIS Benchmark document, this involves editing DNS config.)"
echo "------------------------------------------------------------------------"
echo "\n"
# Section 4.2: Wifi status menu bar
echo "Section 4.2: Check Wi-Fi status in menu bar"
echo "------------------------------------------------------------------------"
echo "Output:"
defaults read com.apple.systemuiserver menuExtras | grep AirPort.menu
echo "\nNotes:"
echo "Verify the value returned is: /System/Library/CoreServices/Menu Extras/AirPort.menu"
echo "Perform the following to implement the prescribed state:"
echo "Edit \"Show Wi-Fi\" in System Preferences > Network"
echo "------------------------------------------------------------------------"
echo "\n"
# Section 4.4: Audit http server (Should not be running)
echo "Section 4.4: Audit http server (Should not be running)"
echo "------------------------------------------------------------------------"
echo "Output:"
ps -ef | grep -i httpd
echo "\nNotes:"
echo "There should be no results for /usr/sbin/httpd"
echo "Perform the following to implement the prescribed state:"
echo "\"sudo apachectl stop\""
echo "\"sudo defaults write /System/Library/LaunchDaemons/org.apache.httpd Disabled -bool true\""
echo "------------------------------------------------------------------------"
echo "\n"
# Section 4.5: Audit ftp server (should not be running)
echo "Section 4.5: Audit ftp server (should not be running)"
echo "------------------------------------------------------------------------"
echo "Output:"
sudo launchctl list | egrep ftp
echo "\nNotes:"
echo "There should be no results for com.apple.ftpd"
echo "Perform the following to implement the prescribed state:"
echo "\"sudo -s launchctl unload -w /System/Library/LaunchDaemons/ftp.plist\""
echo "------------------------------------------------------------------------"
echo "\n"
# Section 4.6: Audit nfs server (should not be running)
echo "Section 4.6: Audit nfs server (should not be running)"
echo "------------------------------------------------------------------------"
echo "Output:"
ps -ef | grep -i nfsd
echo "There should be no results for /sbin/nfsd"
cat /etc/exports
echo "Should return \"No such file or directory\""
echo "\nNotes:"
echo "Perform the following to implement the prescribed state:"
echo "\"sudo nfsd disable\""
echo "\"rm /etc/export\""
echo "------------------------------------------------------------------------"
echo "\n"