Stealth Mode must be enabled on the firewall.

From MAC OSX 10.6 Workstation Security Technical Implementation Guide

Part of OSX00465-Enable Stealth Mode on the firewall

Associated with IA controls: ECSC-1

SV-37266r1_rule Stealth Mode must be enabled on the firewall.

Vulnerability discussion

Enable Stealth Mode to prevent the computer from sending responses to uninvited traffic.

Check content

Open a terminal session and enter the following command. sudo ipfw print If no line contains "deny icmp from any to me in icmptypes 8" or a more restrictive rule, this is a finding.

Fix text

Open a terminal session and edit or create /Library/LaunchDaemons/org.freebsd.ipfw.plist and ensure it contains the following. Label org.freebsd.ipfw Program /sbin/ipfw ProgramArguments /sbin/ipfw /etc/ipfw.conf RunAtLoad Edit or create /etc/ipfw.conf and ensure it contains the following line (the first number, a line number, may need to be changed if another line already begins with that number). Add 20 deny icmp from any to me in icmptypes 8

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer