Securely configure your Mac from the terminal.
Project description
stronghold
is the easiest way to securely configure your Mac.
Designed for MacOS Sierra and High Sierra.
Previously fortify
.
Featured On
- agarrharr/awesome-cli-apps
- jaywcjlove/awesome-mac
- smashism/awesome-macadmin-tools
- alebcay/awesome-shell
- drduh/macOS-Security-and-Privacy-Guide
- sb2nov/mac-setup
- serhii-londar/open-source-mac-os-apps
- ashishb/osx-and-ios-security-awesome
- timsutton/python-macadmin-tools
- zbetcheckin/Security_list
- morgant/tools-osx
Usage
Usage: stronghold.py [OPTIONS]
Securely configure your Mac.
Developed by Aaron Lichtman -> (Github: alichtman)
Options:
-lockdown Set secure configuration without user interaction.
-v Display version and author information and exit.
-help, -h Show this message and exit.
Installation Options
-
Install with
pip
$ pip install stronghold
$ stronghold
-
Download and run the
stronghold-script.sh
shell script.$ sudo ./stronghold-script.sh
-
Download the
stronghold
binary from Releases tab.
Configuration Options
-
Firewall
- Turn on Firewall?
- This helps protect your Mac from being attacked over the internet.
- Turn on logging?
- If there IS an infection, logs are useful for determining the source.
- Turn on stealth mode?
- Your Mac will not respond to ICMP ping requests or connection attempts from closed TCP and UDP networks.
- Turn on Firewall?
-
General System Protection
- Enable Gatekeeper?
- Defend against malware by enforcing code signing and verifying downloaded applications before allowing them to run.
- Prevent automatic software whitelisting?
- Both built-in and downloaded software will require user approval for whitelisting.
- Disable Captive Portal Assistant and force login through browser on untrusted networks?
- Captive Portal Assistant could be triggered and direct you to a malicious site WITHOUT any user interaction.
- Enable Gatekeeper?
-
User Metadata Storage
- Clear language modeling metadata?
- This includes user spelling, typing and suggestion data.
- Disable language modeling data collection?
- Clear QuickLook metadata?
- Clear Downloads metadata?
- Disable metadata collection from Downloads?
- Clear SiriAnalytics database?
- Clear language modeling metadata?
-
User Safety
- Lock Mac as soon as screen saver starts?
- Display all file extensions?
- This prevents malware from disguising itself as another file type.
- Disable saving documents to the cloud by default?
- This prevents sensitive documents from being unintentionally stored on the cloud.
- Show hidden files in Finder?
- This lets you see all files on the system without having to use the terminal.
- Disable printer sharing?
- Offers redundancy in case the Firewall was not configured.
How to Contribute
- Clone repo and create a new branch:
$ git checkout https://github.com/alichtman/stronghold -b name_for_new_branch
. - Make changes and test
- Submit Pull Request with comprehensive description of changes
Acknowledgements
- @shobrook for logo and UI design assistance.
- Base logo vector made by Freepik from Flaticon.
- drduh's macOS-Security-and-Privacy-Guide and Jonathan Levin's MacOS Security Guide were incredibly helpful while I was building
stronghold
.
Donations
This is free, open-source software. If you'd like to support the development of future projects, or say thanks for this one, you can donate BTC at 1FnJ8hRRNUtUavngswUD21dsFNezYLX5y9
. Everything is appreciated!
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distribution
File details
Details for the file stronghold-1.5-py3-none-any.whl
.
File metadata
- Download URL: stronghold-1.5-py3-none-any.whl
- Upload date:
- Size: 8.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | bbe0e19bcac2a1795e017ca8996aed53a3531261eed958fc0ed586086e995769 |
|
MD5 | 7eef54b562b1025d1bcc2e087d845979 |
|
BLAKE2b-256 | 2e8389a3b26ca6523fd79db01e80a8f010f39e2c3e9e08ca8a96e91117895c49 |