Macintosh OS X Workstation STIG, V1R1 

DISA Field Security Operations 

15 June 2004 

          Developed by DISA for the DOD 

3.8  Default Accounts 

Mac OS X systems come configured with default accounts and, when software is installed, 

applications have default accounts.  These accounts usually have standard passwords.  Default 

system accounts are normally listed in NetInfo Manager and they have names such as 

mysql(even though it is not installed), nobody, smmsp(even thought it is not installed), sshd, 

unknown, www, and daemon.  The IAO will be responsible for inspecting NetInfo to ensure that 

default passwords are changed whenever new operating systems or applications are installed.  

The IAO will also ensure that system default accounts, other than root, are disabled.  The IAO 

will ensure that new passwords are assigned for applications, both internally  

Default accounts will be disabled by entering /dev/null as the default shell in NetInfo or by 

disabling the password in NetInfo as well.  It is preferable to do both but either will do.   It 

should be documented which was done on a given IS. 

(OSX1026GEN0092:  CAT II) The SA will ensure logon capability to accounts bin, lib, uucp, 

news, sys, guest, daemon, and any default account not normally logged onto is disabled by 

making the default shell /dev/null, or by disabling the password. 

(OSX1026GEN0091:  CAT I) The SA will ensure application passwords, internal to the 

application and at the system level, is changed after application implementation. 

3.9  Audit Requirements 

Auditing is not system logging and is not system accounting.  System logging is done via the 

syslog facility.  System accounting, when activated, collects data useful for charging timeshare 

customers and for system capacity planning.   

Due to Mac OS X not having a built in auditing system, auditing on a Mac OS X system needs to 

be accomplished by a third party program. 

(OSX1026AUD0001:  CAT II) The SA will ensure that auditing is implemented. 

Security requires monitoring of user and process activity almost to the keystroke level.  It records 

much more detail about what users are doing and records system actions.  Most systems provide 

system software for that purpose.  Each is configured differently and has unique utilities for 

reading audit data files.  Audit utilities can extract information about specific users and processes 

from the audit files.   

These flags will be implemented and all deviations will be justified and documented with the 

IAO.  The IAO and SA will ensure that audit files are only accessible to authorized personnel.  

All users, including root, will be audited.    In Mac OS X, not all of the auditing features other 

operating systems have are implemented in the OS at this time.  According to Apple Computer, 

this issue as it relates to NIAP compliance:    Our work so far indicates that Mac OS X meets the 

requirements except for the Auditing feature which we have under development.   Some features 

are implemented but others are not.  Because of this any auditing that can be done, will be done 

on the workstations and servers for now until stronger measures are put in place by Apple.   

31

UNCLASSIFIED