Skip to main content

Securely configure your Mac from the terminal.

Project description

stronghold logo

Downloads

stronghold is the easiest way to securely configure your Mac.

GIF demo

Designed for MacOS Sierra and High Sierra. Previously fortify.

Featured On

Usage

Usage: stronghold.py [OPTIONS]

  Securely configure your Mac.
  Developed by Aaron Lichtman -> (Github: alichtman)


Options:
  -lockdown  Set secure configuration without user interaction.
  -v         Display version and author information and exit.
  -help, -h  Show this message and exit.

Installation Options

  1. Install with pip

    • $ pip install stronghold
    • $ stronghold
  2. Download and run the stronghold-script.sh shell script.

    • $ sudo ./stronghold-script.sh
  3. Download the stronghold binary from Releases tab.

Configuration Options

  1. Firewall

    • Turn on Firewall?
      • This helps protect your Mac from being attacked over the internet.
    • Turn on logging?
      • If there IS an infection, logs are useful for determining the source.
    • Turn on stealth mode?
      • Your Mac will not respond to ICMP ping requests or connection attempts from closed TCP and UDP networks.
  2. General System Protection

    • Enable Gatekeeper?
      • Defend against malware by enforcing code signing and verifying downloaded applications before allowing them to run.
    • Prevent automatic software whitelisting?
      • Both built-in and downloaded software will require user approval for whitelisting.
    • Disable Captive Portal Assistant and force login through browser on untrusted networks?
      • Captive Portal Assistant could be triggered and direct you to a malicious site WITHOUT any user interaction.
  3. User Metadata Storage

    • Clear language modeling metadata?
      • This includes user spelling, typing and suggestion data.
    • Disable language modeling data collection?
    • Clear QuickLook metadata?
    • Clear Downloads metadata?
    • Disable metadata collection from Downloads?
    • Clear SiriAnalytics database?
  4. User Safety

    • Lock Mac as soon as screen saver starts?
    • Display all file extensions?
      • This prevents malware from disguising itself as another file type.
    • Disable saving documents to the cloud by default?
      • This prevents sensitive documents from being unintentionally stored on the cloud.
    • Show hidden files in Finder?
      • This lets you see all files on the system without having to use the terminal.
    • Disable printer sharing?
      • Offers redundancy in case the Firewall was not configured.

How to Contribute

  1. Clone repo and create a new branch: $ git checkout https://github.com/alichtman/stronghold -b name_for_new_branch.
  2. Make changes and test
  3. Submit Pull Request with comprehensive description of changes

Acknowledgements

Donations

This is free, open-source software. If you'd like to support the development of future projects, or say thanks for this one, you can donate BTC at 1FnJ8hRRNUtUavngswUD21dsFNezYLX5y9. Everything is appreciated!

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

stronghold-1.5-py3-none-any.whl (8.6 kB view details)

Uploaded Python 3

File details

Details for the file stronghold-1.5-py3-none-any.whl.

File metadata

File hashes

Hashes for stronghold-1.5-py3-none-any.whl
Algorithm Hash digest
SHA256 bbe0e19bcac2a1795e017ca8996aed53a3531261eed958fc0ed586086e995769
MD5 7eef54b562b1025d1bcc2e087d845979
BLAKE2b-256 2e8389a3b26ca6523fd79db01e80a8f010f39e2c3e9e08ca8a96e91117895c49

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page