Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/alichtman/stronghold

Easily configure macOS security settings from the terminal.
https://github.com/alichtman/stronghold

command-line command-line-tool hardening macos macos-setup osx security security-hardening

Last synced: 5 days ago
JSON representation

Easily configure macOS security settings from the terminal.

Host: GitHub
URL: https://github.com/alichtman/stronghold
Owner: alichtman
License: mit
Created: 2018-03-17T06:33:33.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2019-10-06T19:35:49.000Z (about 5 years ago)
Last Synced: 2024-11-30T07:09:40.023Z (12 days ago)
Topics: command-line, command-line-tool, hardening, macos, macos-setup, osx, security, security-hardening
Language: Python
Homepage:
Size: 15.2 MB
Stars: 1,103
Watchers: 30
Forks: 261
Open Issues: 11
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

awesome-cli-apps - stronghold - Configure security settings from the terminal. (Utilities / macOS)
fucking-awesome-readme - alichtman/stronghold - Project logo. Clear description of what the project does. GIF Demo. TOC for easy navigation. Badges. Links for further reading. Simple install instructions. (Examples)
awesome-starred-test - alichtman/stronghold - Easily configure macOS security settings from the terminal. (Python)
open-source-mac-os-apps - stronghold - Easily configure macOS security settings from the terminal. ![python_icon] (Applications / Security)
awesome-mac-privacy - Stronghold - Easily configure macOS security settings from the terminal. (Map of the content / Security)
awesome-readme - alichtman/stronghold - Project logo. Clear description of what the project does. GIF Demo. TOC for easy navigation. Badges. Links for further reading. Simple install instructions. (Examples)
awesome-macadmin-tools - https://github.com/alichtman/stronghold
fucking-awesome-cli-apps - stronghold - Configure security settings from the terminal. (Utilities / macOS)
open-source-mac-os-apps - stronghold - Easily configure macOS security settings from the terminal. ![python_icon] (Applications / Security)
awesome-readme - alichtman/stronghold - Project logo. Clear description of what the project does. GIF Demo. TOC for easy navigation. Badges. Links for further reading. Simple install instructions. (Examples)

README

![stronghold logo](img/stronghold-logo-left.png)

[![Downloads](http://pepy.tech/badge/stronghold)](http://pepy.tech/count/stronghold)

`stronghold` is the easiest way to securely configure your Mac.

![GIF demo](img/demo.gif)

Designed for macOS Sierra and High Sierra. *Not yet tested on macOS Mojave, but I'm working on updating it!*

**Usage**
---

```
Usage: stronghold.py [OPTIONS]

Securely configure your Mac.
Developed by Aaron Lichtman -> (Github: alichtman)

Options:
-lockdown Set secure configuration without user interaction.
-v Display version and author information and exit.
-help, -h Show this message and exit.
```

**Installation Options**
---

1. Install with [`pip`](https://pypi.org/project/stronghold/)
+ `$ pip install stronghold`
+ `$ stronghold`

2. Download the `stronghold` binary from Releases tab.

**Configuration Options**
---

1. Firewall

+ Turn on Firewall?
- This helps protect your Mac from being attacked over the internet.
+ Turn on logging?
- If there IS an infection, logs are useful for determining the source.
+ Turn on stealth mode?
- Your Mac will not respond to ICMP ping requests or connection attempts from closed TCP and UDP networks.

2. General System Protection

+ Enable Gatekeeper?
- Defend against malware by enforcing code signing and verifying downloaded applications before allowing them to run.
+ Prevent automatic software whitelisting?
- Both built-in and downloaded software will require user approval for whitelisting.
+ Disable Captive Portal Assistant and force login through browser on untrusted networks?
- Captive Portal Assistant could be triggered and direct you to a malicious site WITHOUT any user interaction.

3. User Metadata Storage

+ Clear language modeling metadata?
- This includes user spelling, typing and suggestion data.
+ Disable language modeling data collection?
+ Clear QuickLook metadata?
+ Clear Downloads metadata?
+ Disable metadata collection from Downloads?
+ Clear SiriAnalytics database?

4. User Safety

+ Lock Mac as soon as screen saver starts?
+ Display all file extensions?
- This prevents malware from disguising itself as another file type.
+ Disable saving documents to the cloud by default?
- This prevents sensitive documents from being unintentionally stored on the cloud.
+ Show hidden files in Finder?
- This lets you see all files on the system without having to use the terminal.
+ Disable printer sharing?
- Offers redundancy in case the Firewall was not configured.

**How to Contribute**
---

1. Clone repo and create a new branch: `$ git checkout https://github.com/alichtman/stronghold -b name_for_new_branch`.
2. Make changes and test
3. Submit Pull Request with comprehensive description of changes

**Acknowledgements**
---

+ [@shobrook](https://www.github.com/shobrook) for logo and UI design assistance.
+ Base logo vector made by [Freepik](https://www.freepik.com/) from [Flaticon](www.flaticon.com).
+ [drduh's macOS-Security-and-Privacy-Guide](https://github.com/drduh/macOS-Security-and-Privacy-Guide) and [Jonathan Levin's MacOS Security Guide](http://newosxbook.com/files/moxii3/AppendixA.pdf) were incredibly helpful while I was building `stronghold`.

**Donations**
---

This is free, open-source software. If you'd like to support the development of future projects, or say thanks for this one, you can donate BTC at `1FnJ8hRRNUtUavngswUD21dsFNezYLX5y9`.