Git-Mirrors/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev.git synced 2024-10-01 01:35:53 -04:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Git-Mirrors:f730edb1a2feba42fc8d6357b7227e91edc386c5
Branches Tags
Git-Mirrors:main
Git-Mirrors:kernel-boot-params
Git-Mirrors:x86-CPU-Misinformation
Git-Mirrors:Laptop-Hardware-Security
Git-Mirrors:epic-ubuntu-zfs
...
compare: Git-Mirrors:a27042c48508c8fc9417e9b0ab840549226f3bf7
Branches Tags
Git-Mirrors:main
Git-Mirrors:kernel-boot-params
Git-Mirrors:x86-CPU-Misinformation
Git-Mirrors:Laptop-Hardware-Security
Git-Mirrors:epic-ubuntu-zfs

4 Commits
f730edb1a2 ... a27042c485

Author SHA1 Message Date
kimg45
a27042c485
make commands more consistent 2024-09-29 02:46:54 -05:00
kimg45
e9449268b9
add firewall command 2024-09-29 02:43:24 -05:00
kimg45
c51d834b02
add remote scripting 2024-09-29 02:35:55 -05:00
kimg45
c8e270ce70
add remote management 2024-09-29 02:33:14 -05:00
1 changed files with 15 additions and 3 deletions
Show Stats Expand all files Collapse all files

18
content/posts/macos/macOS Security Overview.md
View File

@ -32,7 +32,7 @@ You can check whether running processes are sandboxed in the Activity Monitor. R
You can check whether an app is sandboxed and what entitlements it has *before* running it by running the command
``` zsh
% codesign -dvvv --entitlements - <path to your app>
codesign -dvvv --entitlements - <path to your app>
```
If the app is sandboxed, you will see
@ -54,7 +54,7 @@ Unlike the App Sandbox, the Hardened Runtime is required in order for an app to
Check if an app is using the Hardened Runtime before running it with the command
``` zsh
codesign --display --verbose /path/to/bundle.app
codesign --display --verbose <path to your app>
```
You will see `flags=0x10000(runtime)` if it's enabled.
@ -169,6 +169,14 @@ macOS comes with a built-in [firewall](https://support.apple.com/guide/mac-help/
Avoid third-party firewalls like LittleSnitch or LuLu that require you to install a system extension. They don't cover DNS so data exfiltration is still possible.
To block an app from the Terminal, run the command
```zsh
/usr/libexec/ApplicationFirewall/socketfilterfw --blockapp <path to your app>
```
Some software might not allow you to block it in the UI, you can use this command to bypass it.
## Disable AirDrop and Handoff
You can disable [AirDrop and Handoff](https://support.apple.com/guide/mac-help/change-airdrop-handoff-settings-mchl6a407f99/mac) to better protect yourself against nearby threats. Turn off "Allow Handoff between this Mac and your iCloud devices," change "Airdrop" to "No one," turn off "AirPlay Receiver," and turn on "Require password."
@ -253,4 +261,8 @@ This adds a lot of attack surface to your machine, so it's best to avoid install
## Accessibility
Never give software [accessibility permissions](https://support.apple.com/en-my/guide/mac-help/mh43185/mac) unless you absolutely need them for genuine accessibility reasons. It's not uncommon for apps to ask for these permissions for eroneous things.
Never give software [accessibility permissions](https://support.apple.com/en-my/guide/mac-help/mh43185/mac) unless you absolutely need them for genuine accessibility reasons. It's not uncommon for apps to ask for these permissions for eroneous things.
## Remote Management
If you don't need ssh, [turn it off](https://support.apple.com/en-gb/guide/mac-help/mchlp1066/15.0/mac/15.0). The same goes for [remote desktop](https://support.apple.com/en-gb/guide/mac-help/mh11851/15.0/mac/15.0) and [remote application scripting](https://support.apple.com/en-mide/guide/mac-help/mchlp1398/mac).