Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/alichtman/stronghold
Easily configure macOS security settings from the terminal.
https://github.com/alichtman/stronghold
command-line command-line-tool hardening macos macos-setup osx security security-hardening
Last synced: about 1 month ago
JSON representation
Easily configure macOS security settings from the terminal.
- Host: GitHub
- URL: https://github.com/alichtman/stronghold
- Owner: alichtman
- License: mit
- Created: 2018-03-17T06:33:33.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2019-10-06T19:35:49.000Z (over 4 years ago)
- Last Synced: 2024-04-22T18:27:25.048Z (about 1 month ago)
- Topics: command-line, command-line-tool, hardening, macos, macos-setup, osx, security, security-hardening
- Language: Python
- Homepage:
- Size: 15.2 MB
- Stars: 1,062
- Watchers: 30
- Forks: 258
- Open Issues: 10
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Lists
- open-source-mac-os-apps - stronghold - Easily configure macOS security settings from the terminal. ![python_icon] (Applications / Security)
- awesome-macadmin-tools - https://github.com/alichtman/stronghold
- osx-and-ios-security-awesome - stronghold - Easily configure macOS security settings from the terminal. (macOS Security)
- awesome-cli-apps - stronghold - Configure security settings from the terminal. (Utilities / macOS)
- awesome-shell - stronghold - Easily configure MacOS security settings from the terminal. (System Utilities / Directory Navigation)
- awesome-cybersecurity-blueteam - Stronghold - Easily configure macOS security settings from the terminal. (macOS-based defenses / Overlay and Virtual Private Networks (VPNs))
- awesome-readme - alichtman/stronghold - Project logo. Clear description of what the project does. GIF Demo. TOC for easy navigation. Badges. Links for further reading. Simple install instructions. (Examples)
- awesome-stars - alichtman/stronghold - Easily configure macOS security settings from the terminal. (Python)
- awesome-cli-apps-fork - stronghold - Configure security settings from the terminal. (Utilities / macOS)
- awesome-starred-test - alichtman/stronghold - Easily configure macOS security settings from the terminal. (Python)
- awesome-cybersecurity-blueteam - Stronghold - Easily configure macOS security settings from the terminal. (macOS-based defenses / Overlay and Virtual Private Networks (VPNs))
- awesome-stars - alichtman/stronghold - Easily configure macOS security settings from the terminal. (Python)
- awesome-stars - alichtman/stronghold - Easily configure macOS security settings from the terminal. (Python)
- awesome-stars - alichtman/stronghold - Easily configure macOS security settings from the terminal. (Python)
- awesome-stars - stronghold
- awesome-shell - stronghold - Easily configure MacOS security settings from the terminal. (System Utilities / Directory Navigation)
- awesome-readme - alichtman/stronghold - Project logo. Clear description of what the project does. GIF Demo. TOC for easy navigation. Badges. Links for further reading. Simple install instructions. (Examples)
- awesome-github-readme - alichtman/stronghold - Project logo. Clear description of what the project does. GIF Demo. TOC for easy navigation. Badges. Links for further reading. Simple install instructions. (Project Logo)
- awesome-blueteam - Stronghold - Easily configure macOS security settings from the terminal. (macOS-based defenses / Threat signature packages and collections)
- osx-and-ios-security-awesome - stronghold - Easily configure macOS security settings from the terminal. (macOS Security)
- fucking-awesome-readme - alichtman/stronghold - Project logo. Clear description of what the project does. GIF Demo. TOC for easy navigation. Badges. Links for further reading. Simple install instructions. (Examples)
- osx-and-ios-security-awesome - stronghold - Easily configure macOS security settings from the terminal. (macOS Security)
- awesome-stars - stronghold
- awesome-mac - stronghold - Easily configure MacOS security settings from the terminal. [![Open-Source Software][OSS Icon]](https://github.com/alichtman/stronghold) ![Freeware][Freeware Icon] (Security Tools)
- awesome-shell - stronghold - Easily configure MacOS security settings from the terminal. (System Utilities)
- awesome-stars - stronghold
- awesome-cybersecurity-blueteam-cn - Stronghold - 用于在终端轻松配置macOS安全设置 (基于macOS的防护 / 威胁狩猎)
- awesome-mac - stronghold - Easily configure MacOS security settings from the terminal. [![Open-Source Software][OSS Icon]](https://github.com/alichtman/stronghold) ![Freeware][Freeware Icon] (Security Tools / Audio Record and Process)
README
[](http://pepy.tech/count/stronghold)
`stronghold` is the easiest way to securely configure your Mac.
Designed for macOS Sierra and High Sierra. *Not yet tested on macOS Mojave, but I'm working on updating it!*
**Usage**
---
```
Usage: stronghold.py [OPTIONS]
Securely configure your Mac.
Developed by Aaron Lichtman -> (Github: alichtman)
Options:
-lockdown Set secure configuration without user interaction.
-v Display version and author information and exit.
-help, -h Show this message and exit.
```
**Installation Options**
---
1. Install with [`pip`](https://pypi.org/project/stronghold/)
+ `$ pip install stronghold`
+ `$ stronghold`
2. Download the `stronghold` binary from Releases tab.
**Configuration Options**
---
1. Firewall
+ Turn on Firewall?
- This helps protect your Mac from being attacked over the internet.
+ Turn on logging?
- If there IS an infection, logs are useful for determining the source.
+ Turn on stealth mode?
- Your Mac will not respond to ICMP ping requests or connection attempts from closed TCP and UDP networks.
2. General System Protection
+ Enable Gatekeeper?
- Defend against malware by enforcing code signing and verifying downloaded applications before allowing them to run.
+ Prevent automatic software whitelisting?
- Both built-in and downloaded software will require user approval for whitelisting.
+ Disable Captive Portal Assistant and force login through browser on untrusted networks?
- Captive Portal Assistant could be triggered and direct you to a malicious site WITHOUT any user interaction.
3. User Metadata Storage
+ Clear language modeling metadata?
- This includes user spelling, typing and suggestion data.
+ Disable language modeling data collection?
+ Clear QuickLook metadata?
+ Clear Downloads metadata?
+ Disable metadata collection from Downloads?
+ Clear SiriAnalytics database?
4. User Safety
+ Lock Mac as soon as screen saver starts?
+ Display all file extensions?
- This prevents malware from disguising itself as another file type.
+ Disable saving documents to the cloud by default?
- This prevents sensitive documents from being unintentionally stored on the cloud.
+ Show hidden files in Finder?
- This lets you see all files on the system without having to use the terminal.
+ Disable printer sharing?
- Offers redundancy in case the Firewall was not configured.
**How to Contribute**
---
1. Clone repo and create a new branch: `$ git checkout https://github.com/alichtman/stronghold -b name_for_new_branch`.
2. Make changes and test
3. Submit Pull Request with comprehensive description of changes
**Acknowledgements**
---
+ [@shobrook](https://www.github.com/shobrook) for logo and UI design assistance.
+ Base logo vector made by [Freepik](https://www.freepik.com/) from [Flaticon](www.flaticon.com).
+ [drduh's macOS-Security-and-Privacy-Guide](https://github.com/drduh/macOS-Security-and-Privacy-Guide) and [Jonathan Levin's MacOS Security Guide](http://newosxbook.com/files/moxii3/AppendixA.pdf) were incredibly helpful while I was building `stronghold`.
**Donations**
---
This is free, open-source software. If you'd like to support the development of future projects, or say thanks for this one, you can donate BTC at `1FnJ8hRRNUtUavngswUD21dsFNezYLX5y9`.