Hardening macOS

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
#MacOS #Security #santa #Apple #configuration-profiles

Our great sponsors
  • Appwrite - The Open Source Firebase alternative introduces iOS support
  • SonarLint - Clean code begins in your IDE with SonarLint
  • InfluxDB - Access the most powerful time series database as a service
Our great sponsors

  • CIS-for-macOS-Catalina-CP

    CIS Benchmarks for macOS Catalina

    You can get most of the way to hardening to CIS level 1 picking more up-to-date fork of these https://github.com/jamf/CIS-for-macOS-Catalina-CP.

    FWIW, CIS level 1 will mean people get locked out of their machines very frequently. Complex 15 character passwords with 3 retries from memory. So you need a half-decent MDM to unlock quickly. There is no half-decent MDM out there. Only shit ones but workable like Jamf.

    Also you the username does't get auto-populated on login so the typo can be in username and user assumes it is with password. Very fast way to get lock outs.

    To pass a full security review you might want to play with Google Santa. But that is intense.

  • santa

    A binary authorization system for macOS

    > Install and configure Google’s Santa.

    Interesting, I'd never heard of this before. "A binary authorization system for macOS". Open source.

    https://github.com/google/santa

  • Appwrite

    Appwrite - The Open Source Firebase alternative introduces iOS support. Appwrite is an open source backend server that helps you build native iOS applications much faster with realtime APIs for authentication, databases, files storage, cloud functions and much more!

  • macos_security

    macOS Security Compliance Project

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts