Last Hardening | macOS OPSec (MacBook/iMac)

Programming, Wireless, Physical Security, OS, Courses and More
User avatar
TheVikingsofDW
Posts: 283
Joined: Thu Feb 01, 2024 5:54 pm
Location: Budapest

Last Hardening | macOS OPSec (MacBook/iMac)

Postby TheVikingsofDW » Tue Feb 27, 2024 6:48 am

Engaging in the act of hacking and ciber crime to make *****ing chaos on cyberspace within MacBook or iMac systems is highly unconventional, primarily due to the inherent privacy concerns that arise from the close association of these devices with an Apple ID. This linkage facilitates data collection through the user interface, thereby posing a significant risk to personal information security. Nevertheless, it is noteworthy that macOS offers a relatively straightforward process for enhancing security measures and fortifying system defenses, even for individuals with average technical proficiency. The most recent iterations of macOS, Monterey and Sonoma, represent the pinnacle of security advancements, making them the most resilient releases to date. Their robust defenses render them notably challenging for malicious software to compromise, thereby ensuring a heightened level of protecting for users.

1. Apple ID
Upon the initial boot-up of a new or recently formatted macOS PC, you will be prompted to furnish an Apple ID or establish one that is associated with either yourself or an email address. While there exists an alternative to circumvent this prerequisite, it should be noted that access to the App Store will be restricted; however, the positive aspect is that you'll retain the ability to install and implement system updates. Imho, the presence of the Brew manager renders the App Store unnecessary.

2. Create Standard Account
Initially, it's unnecessary to operate under an admin account while utilizing your macOS personal PC. To establish a standard user profile, kindly adhere to the subsequent steps:
- Commence by selecting the Apple icon situated in the uppermost left corner of the display.
- Proceed to opt for System Preferences from the ensuing dropdown menu.
- Later, navigate to Users & Groups.
- To effectuate modifications, kindly engage the lock positioned in the lower left corner.
- Enter your Admin password as prompted.
- Click on Unlock to proceed.
- Direct your attention to the plus symbol located just beneath "Login Options" to introduce a new user.
Ensure that the account classification is designated as "Standard" and furnish any pertinent particulars before selecting "Create User". Then, utilize this account moving forward and reserve administrative tasks for the Admin account when necessary.

3. Change Password Option
When you lower the lid of your laptop or when the screensaver activates, it's imperative to ensure that unauthorized individuals are unable to physically access or utilize your notebook in your absence. This precaution is particularly crucial in the context of MacBook devices. When swiftly closing the laptop lid akin to a scenario where the feds are destroying your door, it's essential to prevent any potential unauthorized access to your device. To address this opsec, follow these steps:
- Initiate by accessing "System Preferences".
- Proceed to select "Security and Privacy".
- Unlock the padlock located in the lower left corner to enable modifications, and later adjust the setting for "Require Password" to "Immediately".

4. Disk Encryption
Users of macOS possess an integrated full disk encryption tool that employs AES-256 encryption; however, this feature is not activated by default. Upon enabling FileVault, a recovery key will be issued, which should be meticulously documented. With full disk encryption in place, unauthorized access to your PC and the mounting of your HD through forensic methods are effectively thwarted. To activate FileVault, follow these steps:
- Initiate "System Preferences".
- Navigate to "Security and Privacy".
- Access "FileVault" and activate it.
- Opt for "Create a recovery key and refrain from utilizing my iCloud account". Then, record the recovery key and securely store it.

5. Enable Firewall
To activate the Firewall, kindly proceed as follows:
- Initiate the "System Preferences".
- Navigate to and choose "Security and Privacy".
- Access the "Firewall" section and proceed to enable it.

6. Disable Sharing
To deactivate Sharing:
- Initiate the "System Preferences".
- Choose the "Sharing" option.
- Deselect all.

7. Erasing Terminal History
Executing the commands provided below will result in the deletion of your Terminal history and the prevention of any subsequent commands from being recorded in the history file. Upon each instance of opening the Terminal, a pristine state will be presented, devoid of any digital traces.

Code: Select all

unset HISTFILE; unset SAVEFILE
rm ~/.bash_history
ln -s /dev/null ~/.bash_history
rm ~/.zsh_history
ln -s /dev/null ~/.zsh_history
export HISTFILESIZE=0
export HISTSIZE=0
export HISTFILE=/dev/null
export SAVEFILE=/dev/null


8. Installation of Brew Manager
The Brew manager serves a multitude of purposes, particularly beneficial for individuals who have not established an iCloud account, an action which is advised against, In essence, the Brew manager bears striking resemblance to "apt-get".

Code: Select all

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"


9. Installation of OverSight
Ensure protection against unauthorized surveillance. OverSight diligently monitors the mic and camera of a Mac PC. It promptly notifies you of any activation of the internal mic or unauthorized access to the camera by a mother*****er fed or cracker.

Code: Select all

brew install oversight


10. Always Update the System

Code: Select all

brew update
brew upgrade
brew cleanup -s
brew autoremove


11. Delete All the Annoyed Logs

Code: Select all

sudo -i

Root

Code: Select all

sudo rm -rf /var/db/receipts/* /Library/Receipts/InstallHistory.plist /private/var/log /private/var/logs /var/log /var/logs /Library/Logs/
sudo log erase --all


12. Configure to Refrain from Retaining Records of Previously Accessed Wi-Fi Networks
For those who frequently utilize macOS, it's possible to review the catalog of saved Wi-Fi connections by examining the archived Wi-Fi logs on your PC. This practice holds significance as it enables one to ascertain any unauthorized access to alternative Wi-Fi networks, a matter that may be subject to scrutiny during forensic analysis for enhanced control over network connections. To effect this change, one may utilize the Terminal app for inputting this command.
Replace "en0" with your Wi-Fi card interface.

Code: Select all

networksetup -listpreferredwirelessnetworks en0 | grep -v "Preferred networks"


13. Clear All the Logs of Network Lists
- Navigate to "System Preferences".
- Then go to "Network".
- Later click on "Advanced".
Within these menus, you'll find a list of preferred Wi-Fi networks. It's advisable to deselect the option "Remember networks this computer has joined". By doing so, any network you connect to in the future will not be stored. This OPSec eliminates the necessity of retaining a digital record of all previously accessed Wi-Fi networks.

14. Purge Memory
In Terminal, type:

Code: Select all

sudo purge > /dev/null


15. Installing Knock Knock
This app facilitates the effortless identification of persistant installations on your PC, referring to programs that automatically initiate upon each boot-up.
Type in Terminal:

Code: Select all

brew install knockknock


16. Installing Block Block
This functionality will enable you to discern instances where a program endeavors to install enduring elements on your PC, affording you the choice to either grant or withhold permission.
https://objective-see.com/products.html

17. Installing LuLu
Provides the capability to manage all inbound and outbound network activities on your PC. While there may be a slight learning curve associated with utilizing these tools, mastery will grant you complete authority over your device.
Type in Terminal:

Code: Select all

brew install lulu


Last Tips:
- It's imperative to consistently maintain the currency of your PC by promptly applying all available updates.
- Ensure the secure storage of all your dark data by saving it onto an encrypted USB device.
- Refrain from storing data directly on the HD to enhance security measures.
- For heightened privacy and security, consider altering your MAC address with each system boot.
- Strengthen the security of your system by implmenting a robust BIOS password and configuring the system to disallow booting from external USB devices during startup, unless necessary for booting purposes.
- Safeguard your system against potential threats by installing a reputable AntiVirus/AntiMalware software suite.
- Deactivate Bluetooth.

Be safe as much as possible.

Code: Select all

___  _____      __
| _ )/ __\ \    / /
| _ \ (__ \ \/\/ /
|___/\___| \_/\_/

----- TheVikingsOfDW -----
A Proud Staff Member Of BCW

Return to “Others”