Jump to content
Nytro

osx-config-check

By Nytro, in Programe securitate

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

osx-config-check

Checks your OSX machine against various hardened configuration settings.

You can specify your own preferred configuration baseline by supplying your own Hjson file instead of the provided one.

Disclaimer

The authors of this tool are not responsible if running it breaks stuff; disabling features of your operating system and applications may disrupt normal functionality.

Once applied, the security configurations do not not guarantee security. You will still need to make good decisions in order to stay secure. The configurations will generally not help you if your computer has been previously compromised.

Configurations come from sites like:

Usage

You should download and run this application once for each OS X user account you have on your machine. Each user may be configured differently, and so each should be audited.

Download this app using Git, GitHub Desktop, or the "download as zip" option offered by GitHub. If you choose the zip option, unarchive the zip file after.

In the Terminal application, navigate to the directory that contains this app. You can use the cd command (see example below) to change directories. If you've downloaded the file to your "Downloads" directory, you might find the app here: 

cd ~/Downloads/osx-config-check

If that directory doesn't exist because the folder you retrieved is named slightly different (such as 'osx-config-check-master' or 'osx-config-check-1.0.0'), you can always type in a portion of the directory name and hit the [TAB] key in Terminal to auto-complete the rest.

Next run the app as follows: 

python app.py

This will take you through a series of interactive steps that checks your machine's configuration, and offers to fix misconfigurations for you.

Intermediate users and advanced users can also invoke various command-line arguments: 

Usage: python app.py [OPTIONS]
OPTIONS:
	--debug-print        Enables verbose output for debugging the tool.
	--report-only        Only reports on compliance and does not offer to fix broken configurations.
	--disable-logs       Refrain from creating a log file with the results.
	--disable-prompt     Refrain from prompting user before applying fixes.
	--skip-sudo-checks   Do not perform checks that require sudo privileges.
	--help -h            Print this usage information.

Sursa: https://github.com/kristovatlas/osx-config-check

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...