kandi background
Explore Kits

macOS-Security-and-Privacy-Guide | Guide to securing and improving privacy on macOS | Privacy library

 by   drduh Python Version: Current License: MIT

 by   drduh Python Version: Current License: MIT

Download this library from

kandi X-RAY | macOS-Security-and-Privacy-Guide Summary

macOS-Security-and-Privacy-Guide is a Python library typically used in Financial Services, Banks, Payments, Security, Privacy applications. macOS-Security-and-Privacy-Guide has no bugs, it has no vulnerabilities, it has a Permissive License and it has medium support. However macOS-Security-and-Privacy-Guide build file is not available. You can download it from GitLab, GitHub.
This guide is a collection of techniques for improving the security and privacy of a modern Apple Macintosh computer ("MacBook") running a recent version of macOS (formerly known as "OS X"). This guide is targeted to power users who wish to adopt enterprise-standard security, but is also suitable for novice users with an interest in improving their privacy and security on a Mac. A system is only as secure as its administrator is capable of making it. There is no one single technology, software, nor technique to guarantee perfect computer security; a modern operating system and computer is very complex, and requires numerous incremental changes to meaningfully improve one's security and privacy posture. This guide is provided on an 'as is' basis without any warranties of any kind. Only you are responsible if you break anything or get in any sort of trouble by following this guide. To suggest an improvement, please send a pull request or open an issue. This guide is also available in 简体中文.

kandi-support Support

  • macOS-Security-and-Privacy-Guide has a medium active ecosystem.
  • It has 18109 star(s) with 1293 fork(s). There are 779 watchers for this library.
  • It had no major release in the last 12 months.
  • There are 9 open issues and 215 have been closed. On average issues are closed in 168 days. There are no pull requests.
  • It has a neutral sentiment in the developer community.
  • The latest version of macOS-Security-and-Privacy-Guide is current.
This Library - Support
Best in #Privacy
Average in #Privacy
This Library - Support
Best in #Privacy
Average in #Privacy

quality kandi Quality

  • macOS-Security-and-Privacy-Guide has 0 bugs and 0 code smells.
This Library - Quality
Best in #Privacy
Average in #Privacy
This Library - Quality
Best in #Privacy
Average in #Privacy


  • macOS-Security-and-Privacy-Guide has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
  • macOS-Security-and-Privacy-Guide code analysis shows 0 unresolved vulnerabilities.
  • There are 0 security hotspots that need review.
This Library - Security
Best in #Privacy
Average in #Privacy
This Library - Security
Best in #Privacy
Average in #Privacy

license License

  • macOS-Security-and-Privacy-Guide is licensed under the MIT License. This license is Permissive.
  • Permissive licenses have the least restrictions, and you can use them in most projects.
This Library - License
Best in #Privacy
Average in #Privacy
This Library - License
Best in #Privacy
Average in #Privacy


  • macOS-Security-and-Privacy-Guide releases are not available. You will need to build from source code and install.
  • macOS-Security-and-Privacy-Guide has no build file. You will be need to create the build yourself to build the component from source.
  • Installation instructions, examples and code snippets are available.
  • macOS-Security-and-Privacy-Guide saves you 26 person hours of effort in developing the same functionality from scratch.
  • It has 71 lines of code, 6 functions and 1 files.
  • It has low code complexity. Code complexity directly impacts maintainability of the code.
This Library - Reuse
Best in #Privacy
Average in #Privacy
This Library - Reuse
Best in #Privacy
Average in #Privacy
Top functions reviewed by kandi - BETA

kandi has reviewed macOS-Security-and-Privacy-Guide and discovered the below as its top functions. This is intended to give you an instant insight into macOS-Security-and-Privacy-Guide implemented functionality, and help decide if they suit your requirements.

  • Extract the program information from a plist
    • Compute the hash of a file
  • Load plist from file
    • Retrieve a comment from a plist
      • Retrieves a plist value from a plist

        Get all kandi verified functions for this library.

        Get all kandi verified functions for this library.

        macOS-Security-and-Privacy-Guide Key Features


        Preparing and installing macOS Verifying installation integrity Creating a bootable USB installer Creating an install image Manual way Target disk mode Creating a recovery partition Virtualization

        First boot

        System activation

        Admin and standard user accounts Caveats Setup

        Full disk encryption


        Firewall Application layer firewall Third party firewalls Kernel level packet filtering


        Spotlight Suggestions


        DNS Hosts file dnscrypt Dnsmasq Test DNSSEC validation

        Captive portal

        Certificate authorities



        Web Privoxy Browser Firefox Chrome Safari Other Web browsers Web browsers and privacy Plugins





        Viruses and malware

        System Integrity Protection

        Gatekeeper and XProtect

        Metadata and artifacts





        Physical access

        System monitoring OpenBSM audit DTrace Execution Network

        Binary Whitelisting


        Related software

        Additional resources

        Verifying installation integrity

        copy iconCopydownload iconDownload
        $ pkgutil --check-signature /Applications/Install\ macOS\ Catalina.app
        Package "Install macOS Catalina":
           Status: signed by a certificate trusted by Mac OS X
           Certificate Chain:
            1. Software Signing
               SHA1 fingerprint: 01 3E 27 87 74 8A 74 10 3D 62 D2 CD BF 77 A1 34 55 17 C4 82
            2. Apple Code Signing Certification Authority
               SHA1 fingerprint: 1D 01 00 78 A6 1F 4F A4 69 4A FF 4D B1 AC 26 6C E1 B4 59 46
            3. Apple Root CA
               SHA1 fingerprint: 61 1E 5B 66 2C 59 3A 08 FF 58 D1 4A E2 24 52 D1 98 DF 6C 60

        Creating a bootable USB installer

        copy iconCopydownload iconDownload
        $ diskutil list
        [Find disk matching correct size, usually the last disk, e.g. /dev/disk2]
        $ diskutil unmountDisk /dev/disk2
        $ diskutil partitionDisk /dev/disk2 1 JHFS+ Installer 100%
        $ cd /Applications/Install\ macOS\ Catalina.app
        $ sudo ./Contents/Resources/createinstallmedia --volume /Volumes/Installer --nointeraction
        Erasing disk: 0%... 10%... 20%... 30%... 100%
        Copying to disk: 0%... 10%... 20%... 30%... 40%... 50%... 60%... 70%... 80%... 90%... 100%
        Making disk bootable...
        Copying boot files...
        Install media now available at "/Volumes/Install macOS Catalina"

        Creating an install image

        copy iconCopydownload iconDownload
        $ shasum -a 256 InstallESD.dmg

        Target disk mode

        copy iconCopydownload iconDownload
        $ sudo diskutil secureErase freespace 1 /dev/disk3s2

        Creating a recovery partition

        copy iconCopydownload iconDownload
        $ shasum -a 256 RecoveryHDUpdate.dmg
        f6a4f8ac25eaa6163aa33ac46d40f223f40e58ec0b6b9bf6ad96bdbfc771e12c  RecoveryHDUpdate.dmg


        copy iconCopydownload iconDownload

        First boot

        copy iconCopydownload iconDownload
        $ sudo scutil --set ComputerName MacBook
        $ sudo scutil --set LocalHostName MacBook


        copy iconCopydownload iconDownload
        $ sudo dscl . -delete /Groups/admin GroupMembership <username>
        $ sudo dscl . -delete /Groups/admin GroupMembers <GeneratedUID>

        Full disk encryption

        copy iconCopydownload iconDownload
        $ sudo pmset -a destroyfvkeyonstandby 1
        $ sudo pmset -a hibernatemode 25


        copy iconCopydownload iconDownload
        $ sudo firmwarepasswd -setpasswd -setmode command

        Application layer firewall

        copy iconCopydownload iconDownload
        $ sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on
        Firewall is enabled. (State = 1)
        $ sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode on
        Turning on log mode
        $ sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on
        Stealth mode enabled

        Kernel level packet filtering

        copy iconCopydownload iconDownload
        wifi = "en0"
        ether = "en7"
        set block-policy drop
        set fingerprints "/etc/pf.os"
        set ruleset-optimization basic
        set skip on lo0
        scrub in all no-df
        table <blocklist> persist
        block in log
        block in log quick from no-route to any
        block log on $wifi from { <blocklist> } to any
        block log on $wifi from any to { <blocklist> }
        antispoof quick for { $wifi $ether }
        pass out proto tcp from { $wifi $ether } to any keep state
        pass out proto udp from { $wifi $ether } to any keep state
        pass out proto icmp from $wifi to any keep state


        copy iconCopydownload iconDownload
        $ defaults read /System/Library/LaunchDaemons/com.apple.apsd.plist


        copy iconCopydownload iconDownload
        $ mkdir homebrew && curl -L https://github.com/Homebrew/brew/tarball/master | tar xz --strip 1 -C homebrew


        copy iconCopydownload iconDownload
        0 example.com example.com example.com

        Captive portal

        copy iconCopydownload iconDownload
        $ sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.captive.control.plist Active -bool false


        copy iconCopydownload iconDownload
        $ ~/homebrew/bin/openssl version; echo | ~/homebrew/bin/openssl s_client -connect github.com:443 2>&1 | grep -A2 SSL-Session
        OpenSSL 1.0.2j  26 Sep 2016
            Protocol  : TLSv1.2
            Cipher    : ECDHE-RSA-AES128-GCM-SHA256
        $ /usr/bin/openssl version; echo | /usr/bin/openssl s_client -connect github.com:443 2>&1 | grep -A2 SSL-Session
        OpenSSL 0.9.8zh 14 Jan 2016
            Protocol  : TLSv1
            Cipher    : AES128-SHA


        copy iconCopydownload iconDownload
        $ curl -o ~/.curlrc https://raw.githubusercontent.com/drduh/config/master/curlrc


        copy iconCopydownload iconDownload
        $ brew install privoxy
        $ brew services start privoxy


        copy iconCopydownload iconDownload
        $ cd ~/Downloads
        $ file Tor*
        TorBrowser-8.0.4-osx64_en-US.dmg:     bzip2 compressed data, block size = 900k
        TorBrowser-8.0.4-osx64_en-US.dmg.asc: PGP signature Signature (old)
        $ gpg Tor*asc
        gpg: Can't check signature: No public key
        $ gpg --recv 0x4E2C6E8793298290
        gpg: key 0x4E2C6E8793298290: public key "Tor Browser Developers (signing key) <torbrowser@torproject.org>" imported
        gpg: no ultimately trusted keys found
        gpg: Total number processed: 1
        gpg:               imported: 1
        $ gpg --verify Tor*asc
        gpg: assuming signed data in 'TorBrowser-8.0.4-osx64_en-US.dmg'
        gpg: Signature made Mon Dec 10 07:16:22 2018 PST
        gpg:                using RSA key 0xEB774491D9FF06E2
        gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>" [unknown]
        gpg: WARNING: This key is not certified with a trusted signature!
        gpg:          There is no indication that the signature belongs to the owner.
        Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
             Subkey fingerprint: 1107 75B5 D101 FB36 BC6C  911B EB77 4491 D9FF 06E2


        copy iconCopydownload iconDownload
        $ curl -o ~/.gnupg/gpg.conf https://raw.githubusercontent.com/drduh/config/master/gpg.conf

        Gatekeeper and XProtect

        copy iconCopydownload iconDownload
        $ echo 'SELECT datetime(LSQuarantineTimeStamp + 978307200, "unixepoch") as LSQuarantineTimeStamp, ' \
          'LSQuarantineAgentName, LSQuarantineOriginURLString, LSQuarantineDataURLString from LSQuarantineEvent;' | \
          sqlite3 /Users/$USER/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2

        Metadata and artifacts

        copy iconCopydownload iconDownload
        $ ls -l@ ~/Downloads/TorBrowser-8.0.4-osx64_en-US.dmg
        -rw-r--r--@ 1 drduh staff 63M Jan 1 12:00 TorBrowser-8.0.4-osx64_en-US.dmg
        	com.apple.metadata:kMDItemWhereFroms	  46B
        	com.apple.quarantine	  57B
        $ mdls ~/Downloads/TorBrowser-8.0.4-osx64_en-US.dmg
        kMDItemContentCreationDate         = 2019-01-01 00:00:00 +0000
        kMDItemContentCreationDate_Ranking = 2019-01-01 00:00:00 +0000
        kMDItemContentModificationDate     = 2019-01-01 00:00:00 +0000
        kMDItemContentType                 = "com.apple.disk-image-udif"
        kMDItemContentTypeTree             = (
        kMDItemDateAdded                   = 2019-01-01 00:00:00 +0000
        kMDItemDateAdded_Ranking           = 2019-01-01 00:00:00 +0000
        kMDItemDisplayName                 = "TorBrowser-8.0.4-osx64_en-US.dmg"
        kMDItemFSContentChangeDate         = 2019-01-01 00:00:00 +0000
        kMDItemFSCreationDate              = 2019-01-01 00:00:00 +0000
        kMDItemFSCreatorCode               = ""
        kMDItemFSFinderFlags               = 0
        kMDItemFSHasCustomIcon             = (null)
        kMDItemFSInvisible                 = 0
        kMDItemFSIsExtensionHidden         = 0
        kMDItemFSIsStationery              = (null)
        kMDItemFSLabel                     = 0
        kMDItemFSName                      = "TorBrowser-8.0.4-osx64_en-US.dmg"
        kMDItemFSNodeCount                 = (null)
        kMDItemFSOwnerGroupID              = 5000
        kMDItemFSOwnerUserID               = 501
        kMDItemFSSize                      = 65840402
        kMDItemFSTypeCode                  = ""
        kMDItemInterestingDate_Ranking     = 2019-01-01 00:00:00 +0000
        kMDItemKind                        = "Disk Image"
        kMDItemWhereFroms                  = (
        $ xattr -l ~/Downloads/TorBrowser-8.0.4-osx64_en-US.dmg
        00000000  62 70 6C 69 73 74 30 30 A2 01 02 5F 10 4D 68 74  |bplist00..._.Mht|
        00000010  74 70 73 3A 2F 2F 64 69 73 74 2E 74 6F 72 70 72  |tps://dist.torpr|
        00000020  6F 6A 65 63 74 2E 6F 72 67 2F 74 6F 72 62 72 6F  |oject.org/torbro|
        com.apple.quarantine: 0081;58519ffa;Google Chrome.app;1F032CAB-F5A1-4D92-84EB-CBECA971B7BC


        copy iconCopydownload iconDownload
        $ openssl rand -base64 30
        $ gpg --gen-random -a 0 90 | fold -w 40
        $ LANG=C tr -dc 'A-F0-9' < /dev/urandom | fold -w 40 | head -n 5
        $ tr -dc '[:alnum:]' < /dev/urandom | fold -w 40 | head -n5
        $ tr -dc '[:lower:]' < /dev/urandom | fold -w 40 | head -n5
        $ tr -dc '[:upper:]' < /dev/urandom | fold -w 40 | head -n5
        $ tr -dc '[:graph:]' < /dev/urandom | fold -w 40 | head -n5


        copy iconCopydownload iconDownload
        $ tar zcvf - ~/Downloads | gpg -c > ~/Desktop/backup-$(date +%F-%H%M).tar.gz.gpg
        tar: Removing leading '/' from member names
        a Users/drduh/Downloads
        a Users/drduh/Downloads/.DS_Store
        a Users/drduh/Downloads/.localized
        a Users/drduh/Downloads/TorBrowser-8.0.4-osx64_en-US.dmg.asc
        a Users/drduh/Downloads/TorBrowser-8.0.4-osx64_en-US.dmg


        copy iconCopydownload iconDownload


        copy iconCopydownload iconDownload
        $ ssh -C -L 5555: you@remote-host.tld
        $ sudo networksetup -setwebproxy "Wi-Fi" 5555
        $ sudo networksetup -setsecurewebproxy "Wi-Fi" 5555

        OpenBSM audit

        copy iconCopydownload iconDownload
        $ sudo praudit -l /dev/auditpipe
        header,201,11,execve(2),0,Thu Sep  1 12:00:00 2015, + 195 msec,exec arg,/Applications/.evilapp/rootkit,path,/Applications/.evilapp/rootkit,path,/Applications/.evilapp/rootkit,attribute,100755,root,wheel,16777220,986535,0,subject,drduh,root,wheel,root,wheel,412,100005,50511731,,return,success,0,trailer,201,
        header,88,11,connect(2),0,Thu Sep  1 12:00:00 2015, + 238 msec,argument,1,0x5,fd,socket-inet,2,443,,subject,drduh,root,wheel,root,wheel,326,100005,50331650,,return,failure : Operation now in progress,4354967105,trailer,88
        header,111,11,OpenSSH login,0,Thu Sep  1 12:00:00 2015, + 16 msec,subject_ex,drduh,drduh,staff,drduh,staff,404,404,49271,::1,text,successful login drduh,return,success,0,trailer,111,


        copy iconCopydownload iconDownload
        $ sudo lsof -Pni

        Binary Whitelisting

        copy iconCopydownload iconDownload
        $ hdiutil mount ~/Downloads/santa-0.9.20.dmg
        $ sudo installer -pkg /Volumes/santa-0.9.20/santa-0.9.20.pkg -tgt /


        copy iconCopydownload iconDownload
        $ duti -s com.apple.Safari afp
        $ duti -s com.apple.Safari ftp
        $ duti -s com.apple.Safari nfs
        $ duti -s com.apple.Safari smb
        $ duti -s com.apple.TextEdit public.unix-executable

        Community Discussions

        Trending Discussions on Privacy
        • De-identifying survival or flexsurvreg objects in R
        • Client-side render some components when using Angular Universal
        • How can I strip an open source app of trackers?
        • How to hide ios app IP address from third party servers?
        • Unable to access HealthKit permissions for my app in Settings
        • What parts of a URL are protected by TLS?
        • Privacy Policy for the app on Google Play that doesn't collect any user data
        • App Tracking Transparency popup do not appear
        • Client level differential privacy in Tensorflow Federated (Local DP)
        • How to use privateRuntimeConfig .env inside nuxt.config.ts for the Cloudinary module?
        Trending Discussions on Privacy


        De-identifying survival or flexsurvreg objects in R

        Asked 2022-Mar-29 at 11:01

        Please consider the following:

        I need to provide some R code syntax to analyse data with the flexsurv package. I am not allowed to receive/analyse directly or on-site. I am however allowed to receive the analysis results.


        When we run the flexsurvreg() function on some data (here ovarian from the flexsurv package), the created object (here fitw) contains enough information to "re-create" or "back-engineer" the actual data. But then I would technically have access to the data I am not allowed to have.

        # Load package
        #> Loading required package: survival
        # Run flexsurvreg with data = ovarian
        fitw <- flexsurvreg(formula = Surv(futime, fustat) ~ factor(rx) + age,
                            data = ovarian, dist="weibull")
        # Look at first observation in ovarian
        ovarian[1, ]
        #>   futime fustat     age resid.ds rx ecog.ps
        #> 1     59      1 72.3315        2  1       1
        # With the following from the survival object, the data could be re-created
        fitw$data$Y[1, ]
        #>   time status  start   stop  time1  time2 
        #>     59      1      0     59     59    Inf
        fitw$data$m[1, ]
        #>   Surv(futime, fustat) factor(rx)     age (weights)
        #> 1                   59          1 72.3315         1

        Potential solution

        We could write the code so that it also sets all those data that might be used for this back-engineering to NA as follows:

        # Setting all survival object observation to NA
        fitw$data$Y <- NA
        fitw$data$m <- NA
        fitw$data$mml$scale <- NA
        fitw$data$mml$rate <- NA
        fitw$data$mml$mu <- NA

        Created on 2021-08-27 by the reprex package (v2.0.0)


        If I proceed as the above and set all these parameters to NA, could I then receive the fitw object (e.g. as an .RDS file) without ever being able to "back-engineer" the original data? Or is there any other way to share fitw without the attached data?



        Answered 2022-Mar-29 at 11:01

        Setting, e.g. fitw$data <- NULL will remove all the individual-level data from the fitted model object. Some of the output functions may not work with objects stripped of data however. In the current development version on github, printing the model object should work. Also summary and predict methods should work, as long as covariate values are supplied in newdata - omitting them won't work, since the default is to take the covariate values from the observed data.

        Source https://stackoverflow.com/questions/68955039

        Community Discussions, Code Snippets contain sources that include Stack Exchange Network


        No vulnerabilities reported

        Install macOS-Security-and-Privacy-Guide

        The macOS installation application is code signed, which should be verified to make sure you received a legitimate copy, using the pkgutil --check-signature or codesign -dvv commands.
        Note Apple's AutoDMG installer does not appear to work across OS versions. If you want to build a 10.14 image, for example, the following steps must be performed on macOS 10.14!. To create a custom install image which can be restored to a Mac (using a USB-C cable and target disk mode, for example), use MagerValp/AutoDMG. Note The following instructions appear to work only on macOS versions before 10.13. Find InstallESD.dmg which is inside the installation application. Locate it in Terminal or with Finder, right click on the application bundle, select Show Package Contents and navigate to Contents > SharedSupport to find the file InstallESD.dmg. Verify file integrity by comparing its SHA-256 hash with others found in InstallESD_Hashes.csv or notpeter/apple-installer-checksums. To determine which macOS versions and builds originally shipped with or are available for a Mac, see HT204319.
        Accounts can be created and managed in System Preferences. On settled systems, it is generally easier to create a second admin account and then demote the first account. This avoids data migration. Newly installed systems can also just add a standard account.


        For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

        DOWNLOAD this Library from

        Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
        over 430 million Knowledge Items
        Find more libraries
        Reuse Solution Kits and Libraries Curated by Popular Use Cases
        Explore Kits

        Save this library and start creating your kit

        Share this Page

        share link
        Consider Popular Privacy Libraries
        Try Top Libraries by drduh
        Compare Privacy Libraries with Highest Support
        Compare Privacy Libraries with Highest Quality
        Compare Privacy Libraries with Highest Security
        Compare Privacy Libraries with Permissive License
        Compare Privacy Libraries with Highest Reuse
        Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
        over 430 million Knowledge Items
        Find more libraries
        Reuse Solution Kits and Libraries Curated by Popular Use Cases
        Explore Kits

        Save this library and start creating your kit

        • © 2022 Open Weaver Inc.