Macintosh OS X Workstation STIG, V1R1 

DISA Field Security Operations 

15 June 2004 

          Developed by DISA for the DOD 

APPENDIX C.  Procedures for Bringing a Mac OS X System Into STIG Compliance 

ADDING THE LOCK SCREEN FEATURE TO THE MENU BAR 

Lock Screen Menu Item, by hand. 

Open the Property List Editor. 

Open the /Library/Prefernces/com.apple.systemuiserver.plist file. 

Expand Root. 

Expand menuExtras. 

Highlight menuExtras and Select the New Child Button. 

Let it auto number the entry. 

Place /Applications/Utilities/Keychain 

Access.app/Contents/Resources/Keychain.menu in the Value Field. 

Save the plist file. 

Quit the application. 

Restart the System. 

Or 

Lock Screen Menu Item, Using Keychain Utility 

Open the Keychain Access Utility from the Utilities Folder. 

Click on the View Menu. 

Choose Show Status in Menu Bar. 

Quit out of the application. 

Restart the System. 

REMOVING APACHE FROM MAC OS X 

Apache 

chmod  rl 000 httpd from the /etc directory. 

rm  rf /System/Library/StartupItems/Apache 

REMOVING SENDMAIL FROM MAC OS X 

Sendmail 

rm /usr/sbin/sendmail 

rm  rf /usr/share/sendmail 

rm  rf /System/Library/StartupItems/Sendmail 

REMOVING BIND FROM MAC OS X 

DNS (BIND) or named 

rm  rf /Library/StartupItems/DNS (If it exists.) 

rm /usr/sbin/named  

rm /usr/sbin/ndc  

rm /usr/sbin/named bootconf.  

rm /etc/named.conf  

53

UNCLASSIFIED