Advanced Mac users may wish to allow a third option, which is the ability to open and allow apps downloaded from anywhere in MacOS Catalina, macOS Sierra, macOS High Sierra, and MacOS Mojave. To be clear, the “Allow applications downloaded from anywhere” option is hidden by default in Gatekeeper for macOS from Sierra onward. MacOS comes by default with Python 2.7 which, at this point, receives only bug fixes and will be EOL by 2020. Python 3.x is the future and it is supported by all major Python libraries. In this tutorial, we’ll use the Python 3.8. Start by installing the Command Line Tools for macOS. There used to be an option to delete files securely in older versions of Mac OS X. However, I am unable to find the same in macOS High Sierra 10.13.5. Is the option removed? The latest version as of this writing is 8.3.3 and is designed to work with macOS Sierra. Xcode in Mac App Store 1.1 After you install Xcode, there will be an app in /Applications called Xcode.app.
According to Wikipedia Sierrais “(version 10.12) is the thirteenth major release of macOS (previously OS X),Apple Inc.’s desktop and server operating system for Macintosh computers.The successor to OS X El Capitan, it is the first version of the operating systemissued under the June 2016 rebranding as macOS. Sierra is named after California’sSierra Nevada mountain range. Its major new features concern Continuity, iCloud,and windowing, as well as support for Apple Pay and Siri.”.
It is suggested to keep the /Applications/ directory as clean as possible,having a separate Applications directory for your apps.Just create a folder named “Applications” in your home directory (or where youlike) and install (move) all applications there. Apps installed via App Store or somespecial apps cannot live in a custom Applications folder, so you have to keepthem in the original Applications.
It is suggested to never run untrusted code not signed with a proper key.To allow only apps signed by an authorized developer, go to:
Set “Allow apps download from” to “Mac App Store and identified developers” orif you want to be more strict and you install applications only via App Storeset it to “Mac App Store”.In OS X Sierra is now not possible to choose to run unsigned code, it was in OSX El Capitan.
OS X allows you to track all applications requesting access to some sort ofsensitive data, for example your location or your contacts.It is suggested to periodically check the list of applications requesting accessto sensitive data and review their permissions.To show the list of these applications go to:
By default File Vault keys are kept when system goes in standby mode.As suggested by man pmset:
- destroyfvkeyonstandby - Destroy File Vault Key when going to standby
- mode. By default File vault keys are retained even when system goes tostandby. If the keys are destroyed, user will be prompted to enter thepassword while coming out of standby mode.(value: 1 - Destroy, 0 -Retain)
It is suggested to configure your system to destroy File Vault keys when entergingin standy mode with the following command:
By default OS X creates metadata files in each directory to speed up browsing.These files could leak metadata, it is suggested to avoid creation of .DS_Storeand AppleDouble files.
Disable Creation of Metadata Files on Network Volumes with the following commandin a Terminal:
Disable Creation of Metadata Files on USB Volumes with the following commandin a Terminal:
It is suggested to disable diagnostic data and usage data to Apple.Go to:
Un-check “Send diagnostic & usage data to Apple”.Un-check “Share crash data with app developers”.
Mac OS X comes with a Guest user enabled by default, it permits the use ofyour device in a restricted environment to anyone.It is suggested to disable the Guest user, go to:
Un-check “Allow guests to log in to this computer”.
It is suggested to disable guest access to shared folders, if you are not usingit, go to:
Un-check “Allow guest users to connect to shared folders”.
Handoff is a great feature to keep your work in sync between Apple devices.Due to his implementation it needs to send some data to Apple iCloud to work, soin some way it is leaking your data.It is suggested to disable it.Go to:
Un-check “Allow Handoff between this Mac and your iCloud devices”.
Passwords hints are supposed to help an user to remember his password but couldalso help attackers.It is suggested to disable password hints, go to:
Code Blocks For Macos High Sierra 10.13
Un-check “Show password hints”.
Recent items are used to track your latest activity, it is also a featureused in forensics investigation to create the user activity timeline.It is suggested to not track last recently used items.Go to:
Set “Recent items” to “None”.
Code Blocks For Macos High Sierra Vista
By default Spotlight is allowed to use localization services to help youoffering localized results.Due to his implementation it needs to send your position to a remote service.It is suggested to disable this behavior.Go to:
Select “System Services” and click “Details…”.It is suggested to disable localization for all services, if not needed.
By default Spotlight shows suggestions from the Internet, it sends your searchto Apple services and provides results back.It is suggested to use Spotlight only locally to prevent leaking your search.To disable Spotlight Suggestions go to:
Un-check “Allow Spotlight Suggestions in Spotlight and Look Up”.
It is suggested to disable Spotlight Suggestions to avoid leaking your search toonline services used for suggestions, go to:
Un-check “Spotlight Suggestions” from the list of results categories.
It is suggested to enable FileVault to enable full disk encryption on yourdevice. It should be already enabled by default.Go to:
Enable FileVault.
It is suggested to enable the Firewall and have it always running.Go to:
Click on “Turn On Firewall”.
Now click on “Firewall options”, a new panel will appear.Click on “Block all incoming connections”.
Using “Block all incoming connections” will block all incoming connections toyour host. This will block also all sharing services, such as file sharing,screen sharing, Messages Bonjour, iTunes music sharing and other features.If your host is providing any kind of service, this option is not suggested;you should disable it.
It is suggested to enable the screen saver to automatically lock your screenafter a while.Go to:
Set “Start after” to “5 Minutes”.
When you delete a file, OS X only deletes the index entry for the file, whichtells the system the file’s contents are free to be overwritten; however, thedata still remains and may be recovered using a forensics software.It is a good practice to always empty your trash securely. Your data will besecurely wiped from disk in an irreversible way.In the previous OS X releases there was an option to enable safe delete, Applehas removed this feature in OS X El Capitan. However, you can use command linetools.
You can use the rm command from Terminal to delete files with the -P option,as stated in man rm this option is used to:
For example if you what to delete test.pdf you should open Terminal and use:
In some cases, you might want to run an overwrite task on the free space of agiven drive.You can use the diskutil command line utility, open Terminal and use:
In this command, change LEVEL to a number of 0 through 4, the available optionsare:
- 0 is a single-pass of zeros
- 1 is a single-pass of random numbers
- 2 is a 7-pass erase
- 3 is a 35-pass erase
- 4 is a 3-pass erase
Change DRIVE_NAME to the name of the mount point.
Homebrew is a quite common third party tool in OS X systems.
It is suggested to disable anonymous statics collections adding the followingvariable to your .bash_profile or .profile (or your shell configuration)file:
It is suggested to disable automatic updates to keep in control of brewupdates, add the following to your .bash_profile or .profile(or your shell configuration) file:
It is suggested to configure brew to do not leak your GitHub username. Whenchecking out a public repository, by default, your username is always sent.Add the following to your .bash_profile or .profile (or your shellconfiguration) file:
Is is suggested to configure brew to avoid protocol downgrades from HTTPSto HTTP via redirect.Add the following to your .bash_profile or .profile (or your shellconfiguration) file:
By default during stand-by memeory are kept powered on, this is prone toforensics acquisition of your memory.As stated in man pmset:
hibernatemode supports values of 0, 3, or 25. Whether or not a hiberna-tion image gets written is also dependent on the values of standby andautopoweroff
For example, on desktops that support standby a hibernation image will bewritten after the specified standbydelay time. To disable hibernationimages completely, ensure hibernatemode standby and autopoweroff are allset to 0.
hibernatemode = 0 by default on desktops. The system will not back memoryup to persistent storage. The system must wake from the contents of mem-ory; the system will lose context on power loss. This is, historically,plain old sleep.
hibernatemode = 3 by default on portables. The system will store a copyof memory to persistent storage (the disk), and will power memory duringsleep. The system will wake from memory, unless a power loss forces it torestore from hibernate image.
hibernatemode = 25 is only settable via pmset. The system will store acopy of memory to persistent storage (the disk), and will remove power tomemory. The system will restore from disk image. If you want “hiberna-tion” - slower sleeps, slower wakes, and better battery life, you shoulduse this setting.
It is suggested to power off memory at stand-by with the following command:
Always require an administration password to access system settings.Go to:
Check “Require an administrator password to access system-wide preferences”.
Requires password to un-lock from sleep or screen saver.Go to:
Set “Require password immediately after sleep or screen saver begins”.
Many applications bundled in OS X, i.e. Text, save by default new documents toiCloud.It is suggested to set default save target to be a local disk, not iCloud withthe following command, open Terminal and type:
Enabling an optional firmware password offers an increased level of protection.A firmware password is set on the actual Mac logicboards firmware, it is an EFIpassword which prevents your Mac from being booted from an external boot volume,single user mode, or target disk mode, and it also prevents resetting of PRAMand the ability to boot into Safe Mode.Years ago firmware passwords could be easily bypassed by removing memory.These days Mac’s firmware password isn’t easily reset. Apple only suggests tobring your Mac in to an authorized Apple Service Provider and have them do itthere.
It is suggested to set a firmware password:
- Power off your Mac and turn it on.
- Activate Recovery Mode (holding down the Command and R keys at boot).
- After a while OS X Utilities will appear.
- Click on the Utilities menu from the menu bar.
- Select Firmware Password Utility.
- Click on ‘Turn On Firmware Password’ and follow the wizard.
- When done, restart your Mac.
It is a good practice to always show file names extensions.Start Finder app.Go to:
Check “Show all filename extensions”.
System services could ask to use localization data.It is suggested to show location icon when localization data are requested.Go to:
Select “System Services” and click “Details…”.Check “Show location icon in the menu bar when System Services request yourlocation”.
It is suggested to use different accounts for administration and normal use.Create an account with admin privileges for special tasks and maintenance and aregular user for your normal use.Don’t use the same password for both.