I spend a lot of time working with MacOS and I have noticed that out of the box the operating system has some basic security settings that are not enabled by default so I have built a small script that automates configuring these.
It does the following:
- Requires Password Immediately After Sleep.
- Turns On Firewall.
- Enables Stealth Mode.
- Disables Remote Login.
- Installs Needed System Updates.
- Enables Automatic Updates
- Validates System Integrity Protection Is Enabled.
- Enables Full Disk Encryption.
MacOS-Security-Baseline is on GitHub here. If you have any improvements or suggestions, please submit a GitHub issue or pull request.
I have also built three other tools in the past that compliments this tool:
MacOS-Config configures a new install of MacOS the way I like it.
MacOS-Maid cleans up MacOS by deleting unneeded files, wireless SSID’s and wiping free space.
Blackhat-MacOS-Config does most of what this script does and was the base for it but I wanted to present it to a more general audience.
