stronghold: Easily configure macOS security settings

stronghold

stronghold is the easiest way to securely configure your Mac.

Featured On

• agarrharr/awesome-cli-apps
• jaywcjlove/awesome-mac
• smashism/awesome-macadmin-tools
• alebcay/awesome-shell
• drduh/macOS-Security-and-Privacy-Guide
• sb2nov/mac-setup
• serhii-londar/open-source-mac-os-apps
• ashishb/osx-and-ios-security-awesome
• timsutton/python-macadmin-tools
• zbetcheckin/Security_list
• morgant/tools-osx

Configuration Options

1. Firewall
   • Turn on the Firewall?
     • This helps protect your Mac from being attacked over the internet.
   • Turn on logging?
     • If there IS an infection, logs are useful for determining the source.
   • Turn on stealth mode?
     • Your Mac will not respond to ICMP ping requests or connection attempts from closed TCP and UDP networks.
2. General System Protection
   • Enable Gatekeeper?
     • Defend against malware by enforcing code signing and verifying downloaded applications before allowing them to run.
   • Prevent automatic software whitelisting?
     • Both built-in and downloaded software will require user approval for whitelisting.
   • Disable Captive Portal Assistant and force login through the browser on untrusted networks?
     • Captive Portal Assistant could be triggered and direct you to a malicious site WITHOUT any user interaction.
3. User Metadata Storage
   • Clear language modeling metadata?
     • This includes user spelling, typing and suggestion data.
   • Disable language modeling data collection?
   • Clear QuickLook metadata?
   • Clear Downloads metadata?
   • Disable metadata collection from Downloads?
   • Clear SiriAnalytics database?
4. User Safety
   • Lock Mac as soon as screensaver starts?
   • Display all file extensions?
     • This prevents malware from disguising itself as another file type.
   • Disable saving documents to the cloud by default?
     • This prevents sensitive documents from being unintentionally stored on the cloud.
   • Show hidden files in Finder?
     • This lets you see all files on the system without having to use the terminal.
   • Disable printer sharing?
     • Offers redundancy in case the Firewall was not configured.

Installation Options

1. Install with pip

   • $ pip install stronghold

   • $ stronghold

2. Download and run the stronghold-script.sh shell script.
   • git clone https://github.com/alichtman/stronghold.git
   • $ sudo ./stronghold-script.sh
3. Download the stronghold binary from Releases tab.

Demo

Copyright (c) 2018 Aaron Lichtman

Source: https://github.com/alichtman/