mirror of
https://github.com/PrivSec-dev/privsec.dev.git
synced 2024-12-17 19:54:43 -05:00
Compare commits
No commits in common. "a27042c48508c8fc9417e9b0ab840549226f3bf7" and "f730edb1a2feba42fc8d6357b7227e91edc386c5" have entirely different histories.
a27042c485
...
f730edb1a2
@ -32,7 +32,7 @@ You can check whether running processes are sandboxed in the Activity Monitor. R
|
||||
You can check whether an app is sandboxed and what entitlements it has *before* running it by running the command
|
||||
|
||||
``` zsh
|
||||
codesign -dvvv --entitlements - <path to your app>
|
||||
% codesign -dvvv --entitlements - <path to your app>
|
||||
```
|
||||
|
||||
If the app is sandboxed, you will see
|
||||
@ -54,7 +54,7 @@ Unlike the App Sandbox, the Hardened Runtime is required in order for an app to
|
||||
Check if an app is using the Hardened Runtime before running it with the command
|
||||
|
||||
``` zsh
|
||||
codesign --display --verbose <path to your app>
|
||||
codesign --display --verbose /path/to/bundle.app
|
||||
```
|
||||
|
||||
You will see `flags=0x10000(runtime)` if it's enabled.
|
||||
@ -169,14 +169,6 @@ macOS comes with a built-in [firewall](https://support.apple.com/guide/mac-help/
|
||||
|
||||
Avoid third-party firewalls like LittleSnitch or LuLu that require you to install a system extension. They don't cover DNS so data exfiltration is still possible.
|
||||
|
||||
To block an app from the Terminal, run the command
|
||||
|
||||
```zsh
|
||||
/usr/libexec/ApplicationFirewall/socketfilterfw --blockapp <path to your app>
|
||||
```
|
||||
|
||||
Some software might not allow you to block it in the UI, you can use this command to bypass it.
|
||||
|
||||
## Disable AirDrop and Handoff
|
||||
|
||||
You can disable [AirDrop and Handoff](https://support.apple.com/guide/mac-help/change-airdrop-handoff-settings-mchl6a407f99/mac) to better protect yourself against nearby threats. Turn off "Allow Handoff between this Mac and your iCloud devices," change "Airdrop" to "No one," turn off "AirPlay Receiver," and turn on "Require password."
|
||||
@ -261,8 +253,4 @@ This adds a lot of attack surface to your machine, so it's best to avoid install
|
||||
|
||||
## Accessibility
|
||||
|
||||
Never give software [accessibility permissions](https://support.apple.com/en-my/guide/mac-help/mh43185/mac) unless you absolutely need them for genuine accessibility reasons. It's not uncommon for apps to ask for these permissions for eroneous things.
|
||||
|
||||
## Remote Management
|
||||
|
||||
If you don't need ssh, [turn it off](https://support.apple.com/en-gb/guide/mac-help/mchlp1066/15.0/mac/15.0). The same goes for [remote desktop](https://support.apple.com/en-gb/guide/mac-help/mh11851/15.0/mac/15.0) and [remote application scripting](https://support.apple.com/en-mide/guide/mac-help/mchlp1398/mac).
|
||||
Never give software [accessibility permissions](https://support.apple.com/en-my/guide/mac-help/mh43185/mac) unless you absolutely need them for genuine accessibility reasons. It's not uncommon for apps to ask for these permissions for eroneous things.
|
Loading…
Reference in New Issue
Block a user