stronghold 1.2

Securely configure your Mac from the terminal.

stronghold is the easiest way to securely configure your Mac.

Designed for MacOS Sierra and High Sierra. Previously fortify.

Featured On

stronghold is featured on these lists!

• awesome-cli-apps
• awesome-mac
• awesome-shell
• open-source-mac-os-apps
• osx-and-ios-security-awesome
• python-macadmin-tools
• tools-osx

Usage

Usage: stronghold.py [OPTIONS]

  Securely configure your Mac.
  Developed by Aaron Lichtman -> (Github: alichtman)


Options:
  -lockdown  Set secure configuration without user interaction.
  -info      Display version and author information and exit.
  -help, -h  Show this message and exit.

Installation Options

1. Install with pip

   • $ pip install stronghold
   • $ stronghold

2. Download the stronghold binary from Releases tab.

Configuration Options

1. Firewall

   • Enable Firewall?
     • This helps protect your Mac from being attacked over the internet by viruses and worms.
   • Enable Logging?
     • If there is an infection, logs are helpful for determining the source.
   • Enable Stealth Mode?
     • If enabled, your Mac will not respond to network discovery attempts with ICMP ping requests, and will not answer connection attempts made from closed TCP and UDP networks.

2. System Protection

   • Enable Gatekeeper?
     • Protect against malware by enforcing code signing and verifying downloaded applications before letting them to run.
   • Prevent automatic software whitelisting?
   • Disable Captive Portal Assistant and force login through browser on untrusted networks?
     • On an untrusted network, Captive Portal could be triggered and direct you to a malicious site WITHOUT any user interaction.

3. User Metadata Storage

   • Clear language modeling data?
     • This includes user spelling and suggestion data.
   • Disable language modeling data collection?
   • Clear QuickLook metadata?
   • Clear Downloads metadata?
   • Disable metadata collection from Downloads?
   • Clear SiriAnalytics database?

4. User Safety

   • Lock Mac as soon as screen saver starts?
   • Display all file extensions?
     • This prevents malware from disguising itself as another file type.
   • Disable saving documents to the cloud by default?
   • Show hidden files in Finder?
     • This lets you see all files on the system without having to use the terminal.

How to Contribute

1. Clone repo and create a new branch: $ git checkout https://github.com/alichtman/stronghold -b name_for_new_branch.
2. Make changes and test
3. Submit Pull Request with comprehensive description of changes

Acknowledgements

• @shobrook for logo and UI design assistance
• Base logo vector made by Freepik from Flaticon
• drduh's macOS-Security-and-Privacy-Guide was incredibly helpful while I was building the firewall security options.
• http://newosxbook.com/files/moxii3/AppendixA.pdf
• https://pleiades.ucsc.edu/hyades/PF_on_Mac_OS_X