Securely configure your Mac from the terminal.
Project description
stronghold
is the easiest way to securely configure your Mac.
Designed for MacOS Sierra and High Sierra.
Previously fortify
.
Featured On
- agarrharr/awesome-cli-apps
- jaywcjlove/awesome-mac
- smashism/awesome-macadmin-tools
- alebcay/awesome-shell
- drduh/macOS-Security-and-Privacy-Guide
- sb2nov/mac-setup
- serhii-londar/open-source-mac-os-apps
- ashishb/osx-and-ios-security-awesome
- timsutton/python-macadmin-tools
- zbetcheckin/Security_list
- morgant/tools-osx
Usage
Usage: stronghold.py [OPTIONS]
Securely configure your Mac.
Developed by Aaron Lichtman -> (Github: alichtman)
Options:
-lockdown Set secure configuration without user interaction.
-info Display version and author information and exit.
-help, -h Show this message and exit.
Installation Options
-
Install with
pip
$ pip install stronghold
$ stronghold
-
Download and run the
stronghold-script.sh
shell script.$ sudo ./stronghold-script.sh
-
Download the
stronghold
binary from Releases tab.
Configuration Options
-
Firewall
- Turn on Firewall?
- This helps protect your Mac from being attacked over the internet.
- Turn on logging?
- If there IS an infection, logs are useful for determining the source.
- Turn on stealth mode?
- Your Mac will not respond to ICMP ping requests or connection attempts from closed TCP and UDP networks.
- Turn on Firewall?
-
General System Protection
- Enable Gatekeeper?
- Defend against malware by enforcing code signing and verifying downloaded applications before allowing them to run.
- Prevent automatic software whitelisting?
- Both built-in and downloaded software will require user approval for whitelisting.
- Disable Captive Portal Assistant and force login through browser on untrusted networks?
- Captive Portal Assistant could be triggered and direct you to a malicious site WITHOUT any user interaction.
- Enable Gatekeeper?
-
User Metadata Storage
- Clear language modeling metadata?
- This includes user spelling, typing and suggestion data.
- Disable language modeling data collection?
- Clear QuickLook metadata?
- Clear Downloads metadata?
- Disable metadata collection from Downloads?
- Clear SiriAnalytics database?
- Clear language modeling metadata?
-
User Safety
- Lock Mac as soon as screen saver starts?
- Display all file extensions?
- This prevents malware from disguising itself as another file type.
- Disable saving documents to the cloud by default?
- This prevents sensitive documents from being unintentionally stored on the cloud.
- Show hidden files in Finder?
- This lets you see all files on the system without having to use the terminal.
- Disable printer sharing?
- Offers redundancy in case the Firewall was not configured.
How to Contribute
- Clone repo and create a new branch:
$ git checkout https://github.com/alichtman/stronghold -b name_for_new_branch
. - Make changes and test
- Submit Pull Request with comprehensive description of changes
Acknowledgements
- @shobrook for logo and UI design assistance.
- Base logo vector made by Freepik from Flaticon.
- drduh's macOS-Security-and-Privacy-Guide and Jonathan Levin's MacOS Security Guide were incredibly helpful while I was building
stronghold
.
Donations
This is free, open-source software. If you'd like to support the development of future projects, or say thanks for this one, you can donate BTC at 1FnJ8hRRNUtUavngswUD21dsFNezYLX5y9
. Everything is appreciated!
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
stronghold-1.3.tar.gz
(9.1 kB
view hashes)
Built Distribution
Close
Hashes for stronghold-1.3-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 445e11f8b53042d9e594e0728fdad867a2a4c9098333d41df57fb8439ad599f6 |
|
MD5 | 60965508bbe3dc344e08456822a01ef3 |
|
BLAKE2b-256 | 0a2a33107b7db81b5af17a6ba7d99e720d22039cdb7ac79077dc548c9f81c4e2 |