Macbook_Harden.sh

1. #!/bin/bash
2.  
3. # Harden Macbook Air By Taylor Christian Newsome
4.  
5. # Enable FileVault (Full Disk Encryption)
6. sudo fdesetup enable
7.  
8. # Set a firmware password
9. sudo firmwarepasswd -setpasswd -mode command -setmode command
10.  
11. # Enable Firewall
12. sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on
13. sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on
14.  
15. # Disable remote login (SSH)
16. sudo systemsetup -f -setremotelogin off
17.  
18. # Disable automatic login
19. sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
20.  
21. # Enable Gatekeeper (Allow apps from the App Store and identified developers)
22. sudo spctl --master-enable
23.  
24. # Enable automatic updates
25. sudo softwareupdate --schedule on
26.  
27. # Set a screen lock with password (Note: This step must be done manually)
28. echo "Please go to System Preferences > Security & Privacy > General and enable 'Require password [time] after sleep or screen saver begins'"
29.  
30. # Disable guest user
31. sudo dscl . -create /Users/Guest UserShell /usr/bin/false
32. sudo dscl . -create /Users/Guest RealName "Guest User"
33. sudo dscl . -create /Users/Guest UniqueID 600
34. sudo dscl . -create /Users/Guest PrimaryGroupID 201
35. sudo dscl . -create /Users/Guest NFSHomeDirectory /Library/Guests
36. sudo dscl . -create /Users/Guest IsHidden 1
37.  
38. # Disable unnecessary services and ports (Manual review and disable if not needed)
39.  
40. # Review and adjust sharing settings (Manual review and enable only necessary services)
41. echo "Please go to System Preferences > Sharing and enable only necessary services."
42.  
43. echo "Security hardening complete. Please review each change to ensure it aligns with your requirements."
44.