Git-Mirrors/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev.git synced 2024-12-18 04:04:40 -05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Git-Mirrors:a27042c48508c8fc9417e9b0ab840549226f3bf7
Branches Tags
Git-Mirrors:main
Git-Mirrors:kernel-boot-params
Git-Mirrors:x86-CPU-Misinformation
Git-Mirrors:Laptop-Hardware-Security
Git-Mirrors:epic-ubuntu-zfs
..
compare: Git-Mirrors:f730edb1a2feba42fc8d6357b7227e91edc386c5
Branches Tags
Git-Mirrors:main
Git-Mirrors:kernel-boot-params
Git-Mirrors:x86-CPU-Misinformation
Git-Mirrors:Laptop-Hardware-Security
Git-Mirrors:epic-ubuntu-zfs

No commits in common. "a27042c48508c8fc9417e9b0ab840549226f3bf7" and "f730edb1a2feba42fc8d6357b7227e91edc386c5" have entirely different histories.
a27042c485 ... f730edb1a2

1 changed files with 3 additions and 15 deletions
Show Stats Expand all files Collapse all files

16
content/posts/macos/macOS Security Overview.md
View File

@ -32,7 +32,7 @@ You can check whether running processes are sandboxed in the Activity Monitor. R
You can check whether an app is sandboxed and what entitlements it has *before* running it by running the command You can check whether an app is sandboxed and what entitlements it has *before* running it by running the command
``` zsh ``` zsh
codesign -dvvv --entitlements - <path to your app> % codesign -dvvv --entitlements - <path to your app>
``` ```
If the app is sandboxed, you will see If the app is sandboxed, you will see
@ -54,7 +54,7 @@ Unlike the App Sandbox, the Hardened Runtime is required in order for an app to
Check if an app is using the Hardened Runtime before running it with the command Check if an app is using the Hardened Runtime before running it with the command
``` zsh ``` zsh
codesign --display --verbose <path to your app> codesign --display --verbose /path/to/bundle.app
``` ```
You will see `flags=0x10000(runtime)` if it's enabled. You will see `flags=0x10000(runtime)` if it's enabled.
@ -169,14 +169,6 @@ macOS comes with a built-in [firewall](https://support.apple.com/guide/mac-help/
Avoid third-party firewalls like LittleSnitch or LuLu that require you to install a system extension. They don't cover DNS so data exfiltration is still possible. Avoid third-party firewalls like LittleSnitch or LuLu that require you to install a system extension. They don't cover DNS so data exfiltration is still possible.
To block an app from the Terminal, run the command
```zsh
/usr/libexec/ApplicationFirewall/socketfilterfw --blockapp <path to your app>
```
Some software might not allow you to block it in the UI, you can use this command to bypass it.
## Disable AirDrop and Handoff ## Disable AirDrop and Handoff
You can disable [AirDrop and Handoff](https://support.apple.com/guide/mac-help/change-airdrop-handoff-settings-mchl6a407f99/mac) to better protect yourself against nearby threats. Turn off "Allow Handoff between this Mac and your iCloud devices," change "Airdrop" to "No one," turn off "AirPlay Receiver," and turn on "Require password." You can disable [AirDrop and Handoff](https://support.apple.com/guide/mac-help/change-airdrop-handoff-settings-mchl6a407f99/mac) to better protect yourself against nearby threats. Turn off "Allow Handoff between this Mac and your iCloud devices," change "Airdrop" to "No one," turn off "AirPlay Receiver," and turn on "Require password."
@ -262,7 +254,3 @@ This adds a lot of attack surface to your machine, so it's best to avoid install
## Accessibility ## Accessibility
Never give software [accessibility permissions](https://support.apple.com/en-my/guide/mac-help/mh43185/mac) unless you absolutely need them for genuine accessibility reasons. It's not uncommon for apps to ask for these permissions for eroneous things. Never give software [accessibility permissions](https://support.apple.com/en-my/guide/mac-help/mh43185/mac) unless you absolutely need them for genuine accessibility reasons. It's not uncommon for apps to ask for these permissions for eroneous things.
## Remote Management
If you don't need ssh, [turn it off](https://support.apple.com/en-gb/guide/mac-help/mchlp1066/15.0/mac/15.0). The same goes for [remote desktop](https://support.apple.com/en-gb/guide/mac-help/mh11851/15.0/mac/15.0) and [remote application scripting](https://support.apple.com/en-mide/guide/mac-help/mchlp1398/mac).