- #Mac terminal commands security software#
- #Mac terminal commands security code#
- #Mac terminal commands security download#
His main focus lies in network routing, firewalling and log management.So here's a tip for you: Download CleanMyMac to quickly solve some of the issues mentioned in this article. Rocco Gagliardi has been working in IT since the 1980s and specialized in IT security in the 1990s. If you want to play with pf, be careful: Do not shutdown Gatekeeper, things can quickly go wrong, very quickly, very wrong. Summaryĭo you want to stay secure with you macOS? Follow the simple steps documented by Apple.ĭo you want to go deeper in the system or in the network? Use the command line tools, there are a lot already pre-installed. Just put your my-cheat-file in the directory and read it with cheat my-cheat-file – Very useful if you can’t ddgo. Basically, displays cheat-sheets – that you can create or update. Cheatsįinally, this is a little but very useful tool: cheat. If you look at the pf.lognav or pf.logsnoop aliases, you will notice that both aliases do not tail a logfile, but snoop pseudo-devices that make all packets visible logged by pf. Using pf requires you to go in OpenBSD user mode. Note that, even if rule 38 matches ( FS), the drop comes from rule 40 ( FR): pf is last match, if you don’t use special options. In the example, I used hping to generate a packet with flags FSR set. Here I don’t want explain how pf works, just show some results: As you can see in the middle terminal, I can surf the log to find incoming/outgoing, pass/blocked connections just executing the pf.logsnoop or pf.lognav alias. listen on suspisious/hand crafted packets.I use the pf as additional/ad-hoc firewall, for specific use cases: Consider also that we are dealing with a client (laptop) not with a server, so the policy will become complex if you want a user-friendly machine. If you want to use pf, consider to start without GUI tools once you manage the pf config, switch to the GUI. Pf provides a granular control over network traffic but it’s a programming language and requires some time.
I used Little Snitch, then macOS (Lion) introduced pf and I looked at tools to configure them, like IceFloor and Murus. This give me a quick overview of my system status even if not exhaustive, covers many important settings.ĪLF is a very easy to use firewall and quickly gives an idea of our exposure, but if you want more control over your traffic, you need to use another tool. Refer to the scripts comments for an explanation of the control. Results of rkhunter and Lynis scans (report is generated once a day, just results are grepped).Count of entries in /etc/hosts to block connections to blacklisted hosts.Changes in startup sequence during the last 10 days.Number of Applications allowed/blocked by ALF.
Kernel Extension to check how many extensions are installed.The small checks to execute at Bash start – or ad-hoc, using alias – are: Refer to my github repository for the code.
#Mac terminal commands security code#
So I copied/pasted/modified/wrote some pieces of code and putted in my. There are different possibilities, but since I fire frequently new terminals, I prefer to have the results as welcome screen.
#Mac terminal commands security software#
And even if Apple built a lot of software around it, is still somewhere there. A reason because I feel comfortable with macOS is because in addition to the shiny graphical Apps, there is a BSD::MachOS in the background. I still prefer my 15” retina, trackpad, and keyboard to the 30” Dell on my desktop.