Securely configure your Mac from the terminal.
Project description
stronghold
is the easiest way to securely configure your Mac.
Designed for MacOS Sierra and High Sierra.
Previously fortify
.
Featured On
stronghold
is featured on these lists!
- awesome-cli-apps
- awesome-mac
- awesome-shell
- open-source-mac-os-apps
- osx-and-ios-security-awesome
- python-macadmin-tools
- tools-osx
Usage
Usage: stronghold.py [OPTIONS]
Securely configure your Mac.
Developed by Aaron Lichtman -> (Github: alichtman)
Options:
-lockdown Set secure configuration without user interaction.
-info Display version and author information and exit.
-help, -h Show this message and exit.
Installation Options
-
Install with
pip
$ pip install stronghold
$ stronghold
-
Download the
stronghold
binary from Releases tab.
Configuration Options
-
Firewall
- Enable Firewall?
- This helps protect your Mac from being attacked over the internet by viruses and worms.
- Enable Logging?
- If there is an infection, logs are helpful for determining the source.
- Enable Stealth Mode?
- If enabled, your Mac will not respond to network discovery attempts with ICMP ping requests, and will not answer connection attempts made from closed TCP and UDP networks.
- Enable Firewall?
-
System Protection
- Enable Gatekeeper?
- Protect against malware by enforcing code signing and verifying downloaded applications before letting them to run.
- Prevent automatic software whitelisting?
- Disable Captive Portal Assistant and force login through browser on untrusted networks?
- On an untrusted network, Captive Portal could be triggered and direct you to a malicious site WITHOUT any user interaction.
- Enable Gatekeeper?
-
User Metadata Storage
- Clear language modeling data?
- This includes user spelling and suggestion data.
- Disable language modeling data collection?
- Clear QuickLook metadata?
- Clear Downloads metadata?
- Disable metadata collection from Downloads?
- Clear SiriAnalytics database?
- Clear language modeling data?
-
User Safety
- Lock Mac as soon as screen saver starts?
- Display all file extensions?
- This prevents malware from disguising itself as another file type.
- Disable saving documents to the cloud by default?
- Show hidden files in Finder?
- This lets you see all files on the system without having to use the terminal.
How to Contribute
- Clone repo and create a new branch:
$ git checkout https://github.com/alichtman/stronghold -b name_for_new_branch
. - Make changes and test
- Submit Pull Request with comprehensive description of changes
Acknowledgements
- @shobrook for logo and UI design assistance
- Base logo vector made by Freepik from Flaticon
- drduh's macOS-Security-and-Privacy-Guide was incredibly helpful while I was building the firewall security options.
- http://newosxbook.com/files/moxii3/AppendixA.pdf
- https://pleiades.ucsc.edu/hyades/PF_on_Mac_OS_X
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distribution
Close
Hashes for stronghold-1.2-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 7d6791484e617698d131047f63d4310cf6b88acfba621725ec4288696b3ab197 |
|
MD5 | 9044d094e759dde894101cf4eddfec96 |
|
BLAKE2b-256 | 4b2beb003d69352b916ad0bda923c4a2c4225a756955c649e42fa0e31c2862e0 |