• Stars
    star
    1,081
  • Rank 42,808 (Top 0.9 %)
  • Language
    Python
  • License
    MIT License
  • Created over 6 years ago
  • Updated about 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Easily configure macOS security settings from the terminal.

stronghold logo

Downloads

stronghold is the easiest way to securely configure your Mac.

GIF demo

Designed for macOS Sierra and High Sierra. Not yet tested on macOS Mojave, but I'm working on updating it!

Usage

Usage: stronghold.py [OPTIONS]

  Securely configure your Mac.
  Developed by Aaron Lichtman -> (Github: alichtman)


Options:
  -lockdown  Set secure configuration without user interaction.
  -v         Display version and author information and exit.
  -help, -h  Show this message and exit.

Installation Options

  1. Install with pip

    • $ pip install stronghold
    • $ stronghold
  2. Download the stronghold binary from Releases tab.

Configuration Options

  1. Firewall

    • Turn on Firewall?
      • This helps protect your Mac from being attacked over the internet.
    • Turn on logging?
      • If there IS an infection, logs are useful for determining the source.
    • Turn on stealth mode?
      • Your Mac will not respond to ICMP ping requests or connection attempts from closed TCP and UDP networks.
  2. General System Protection

    • Enable Gatekeeper?
      • Defend against malware by enforcing code signing and verifying downloaded applications before allowing them to run.
    • Prevent automatic software whitelisting?
      • Both built-in and downloaded software will require user approval for whitelisting.
    • Disable Captive Portal Assistant and force login through browser on untrusted networks?
      • Captive Portal Assistant could be triggered and direct you to a malicious site WITHOUT any user interaction.
  3. User Metadata Storage

    • Clear language modeling metadata?
      • This includes user spelling, typing and suggestion data.
    • Disable language modeling data collection?
    • Clear QuickLook metadata?
    • Clear Downloads metadata?
    • Disable metadata collection from Downloads?
    • Clear SiriAnalytics database?
  4. User Safety

    • Lock Mac as soon as screen saver starts?
    • Display all file extensions?
      • This prevents malware from disguising itself as another file type.
    • Disable saving documents to the cloud by default?
      • This prevents sensitive documents from being unintentionally stored on the cloud.
    • Show hidden files in Finder?
      • This lets you see all files on the system without having to use the terminal.
    • Disable printer sharing?
      • Offers redundancy in case the Firewall was not configured.

How to Contribute

  1. Clone repo and create a new branch: $ git checkout https://github.com/alichtman/stronghold -b name_for_new_branch.
  2. Make changes and test
  3. Submit Pull Request with comprehensive description of changes

Acknowledgements

Donations

This is free, open-source software. If you'd like to support the development of future projects, or say thanks for this one, you can donate BTC at 1FnJ8hRRNUtUavngswUD21dsFNezYLX5y9.

More Repositories

1

shallow-backup

Git-integrated backup tool for macOS and Linux devs.
Python
1,214
star
2

deadbolt

Dead-simple file encryption for any OS
JavaScript
333
star
3

malware-techniques

A collection of techniques commonly used in malware to accomplish core tasks.
Python
83
star
4

awesome-programming-humor

Awesome software, subreddits, websites, and other cool stuff that programmers would find funny.
41
star
5

i-made-this

Have you ever wanted to develop a project, but do like, none of the work? Save time with this tool!
Shell
37
star
6

fzf-notes

A bash script combining fzf and vim for quickly editing your notes.
Shell
27
star
7

dotfiles

Aaron's Dotfiles (macOS and Linux compatible)
Shell
25
star
8

scripts

Some scripts I've written, modified, or stolen for doing various things.
Shell
16
star
9

data-structures-cpp

Teaching data structures in C++. Great resource for students.
13
star
10

zsh-startify

Fancy start screen for zsh! Inspired by vim-startify.
Python
12
star
11

writeups

Writeups, scripts and solutions for CTFs, Hack the Box, Vulnhub, exploit challenges, pwnables, crackmes, etc. Anything goes.
Roff
7
star
12

alichtman

me
5
star
13

linux-notes

Linux configuration notes
Shell
4
star
14

veripypi

WIP: Verify the package installed from PyPi is the same as the code on Github
Python
3
star
15

startpage

Custom Firefox startpage
HTML
2
star
16

rofi-insect

Imitation `macOS Spotlight Calculator` for Linux
Shell
2
star
17

safety-razer

Always know when you're running as root. Make your keyboard reflect user privilege level.
Python
2
star
18

uiuc-cs225-grade-calc

CLI for CS225 final grade calculations at UIUC Fall 2017
C++
2
star
19

days_until

Count down to upcoming events.
Python
2
star
20

gopro-chaptered-video-assembler

GoPro breaks long videos into multiple files. This tool stitches them back together.
Rust
2
star
21

openrgb-on-freedesktop-login-systemd

Loads default OpenRGB profile on login
Shell
1
star
22

wumpus

A simple Wumpus recreation.
Python
1
star
23

alichtman.github.io

My personal site.
JavaScript
1
star
24

resume

▶️ Press play.
TeX
1
star
25

ourwid

Library of custom Urwid widgets
Python
1
star
26

clibrary

Examples and boilerplate code for CLIs in different languages.
JavaScript
1
star
27

gardening-starter-pack

Literally a rootkit. (LKM for Linux Kernels 4.14+)
C
1
star
28

open_tab_tracker

This tool tracks open Firefox tabs and plots them on a graph
Python
1
star
29

DecodeCaesar

Intelligent Caesar-Cipher Cracking
Java
1
star
30

stronghold-macos

GUI for stronghold
Swift
1
star
31

AaronChat

Android Messaging App
Java
1
star
32

github-templates

A variety of custom issue and pull request templates, and contributing guidelines.
1
star