Last active
January 13, 2024 15:41
-
-
Save kbagher/31699296b94b76b0895044b0ed9f1e24 to your computer and use it in GitHub Desktop.
The script is a macOS security audit tool, checking vital features like System Integrity Protection, Gatekeeper, Firewall, and FileVault. It evaluates security settings, lists non-Apple kernel extensions, and logs failures for review, providing a quick, comprehensive security overview in an easily interpretable PASS/FAIL format.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
###### Tasks Requiring Manual Checking ###### | |
# Review Installed Applications: | |
# Steps: Open Applications folder and Launchpad. | |
# Signs of Compromise: Unfamiliar or unexpected applications installed. | |
# Check App Permissions: | |
# Steps: System Preferences → Security & Privacy → Privacy tab. | |
# Signs of Compromise: Unusual permissions granted to unknown applications. | |
# Audit Browser Extensions: | |
# Steps: Check extensions/add-ons in each browser’s settings. | |
# Signs of Compromise: Unrecognized extensions or add-ons installed. | |
# Check System Integrity Protection (SIP): | |
# Optimal: SIP is enabled. | |
# Suspicious: SIP is disabled. | |
# Verify Gatekeeper Status: | |
# Optimal: Gatekeeper is active. | |
# Suspicious: Gatekeeper is disabled. | |
# Check Firewall Status: | |
# Optimal: Firewall is enabled. | |
# Suspicious: Firewall is disabled. | |
# Verify FileVault Status: | |
# Optimal: FileVault is enabled. | |
# Suspicious: FileVault is disabled. | |
# Check for Non-standard Boot Arguments: | |
# Optimal: No non-standard boot arguments. | |
# Suspicious: Unusual boot arguments present. | |
# List Non-Apple Kernel Extensions: | |
# Optimal: No non-Apple kernel extensions. | |
# Suspicious: Non-Apple kernel extensions present. | |
# Define color codes | |
RED='\033[0;31m' | |
GREEN='\033[0;32m' | |
NC='\033[0m' # No Color | |
LOG_FILE="security_check_log.txt" | |
# Function to check status | |
check_status() { | |
if [ "$1" -eq 0 ]; then | |
echo -e "${GREEN}PASSED${NC}" | |
else | |
echo -e "${RED}FAILED${NC}" | |
echo "$2 test FAILED" >> "$LOG_FILE" | |
fi | |
} | |
# Start new log file | |
echo "Security Check Log - $(date)" > "$LOG_FILE" | |
# System Integrity Protection Status | |
echo -n "Checking System Integrity Protection (SIP) status... " | |
sip_status=$(csrutil status) | |
if [[ $sip_status == *"enabled"* ]]; then | |
check_status 0 | |
else | |
check_status 1 | |
fi | |
# Gatekeeper Status | |
echo -n "Checking Gatekeeper status... " | |
gatekeeper_status=$(spctl --status) | |
if [[ $gatekeeper_status == *"enabled"* ]]; then | |
check_status 0 | |
else | |
check_status 1 | |
fi | |
# Firewall Status | |
echo -n "Checking Firewall status... " | |
firewall_status=$(defaults read /Library/Preferences/com.apple.alf globalstate) | |
if [ "$firewall_status" -eq 1 ]; then | |
check_status 0 | |
else | |
check_status 1 | |
fi | |
# FileVault Status | |
echo -n "Checking FileVault status... " | |
filevault_status=$(sudo fdesetup status) | |
if [[ $filevault_status == *"On"* ]]; then | |
check_status 0 | |
else | |
check_status 1 | |
fi | |
# Check for non-standard boot arguments | |
echo -n "Checking for non-standard boot arguments... " | |
boot_args=$(nvram -p | grep 'boot-args') | |
if [ -z "$boot_args" ]; then | |
check_status 0 | |
else | |
check_status 1 | |
fi | |
# Check for non-Apple kernel extensions | |
echo "Checking for non-Apple kernel extensions... " | |
non_apple_kexts=$(kextstat | grep -v com.apple | sed '1,2d') | |
if [ -z "$non_apple_kexts" ]; then | |
echo -e "${GREEN}No non-Apple kernel extensions detected.${NC}" | |
else | |
echo -e "${RED}Non-Apple Kernel Extensions Detected:${NC}\n$non_apple_kexts" | |
fi | |
# Check for Automatic Updates | |
echo -n "Checking for Automatic Updates... " | |
auto_update_status=$(defaults read /Library/Preferences/com.apple.SoftwareUpdate AutomaticCheckEnabled 2>/dev/null) | |
if [ "$auto_update_status" == "1" ]; then | |
check_status 0 "Automatic Updates" | |
elif [ "$auto_update_status" == "0" ]; then | |
check_status 1 "Automatic Updates" | |
else | |
echo -e "${RED}Automatic Updates setting not found or not set.${NC}" | |
echo "Automatic Updates setting not found or not set." >> "$LOG_FILE" | |
fi | |
# Check for Downloaded File Quarantine | |
echo -n "Checking for Downloaded File Quarantine... " | |
quarantine_status=$(defaults read com.apple.LaunchServices LSQuarantine 2>/dev/null) | |
if [ "$quarantine_status" == "1" ]; then | |
check_status 0 "Downloaded File Quarantine" | |
elif [ "$quarantine_status" == "0" ]; then | |
check_status 1 "Downloaded File Quarantine" | |
else | |
echo -e "${RED}Downloaded File Quarantine setting not found or not set.${NC}" | |
echo "Downloaded File Quarantine setting not found or not set." >> "$LOG_FILE" | |
fi | |
# Check for Remote Login (SSH) Status | |
echo -n "Checking for Remote Login (SSH) status... " | |
remote_login_status=$(systemsetup -getremotelogin) | |
if [[ $remote_login_status == *"Off"* ]]; then | |
check_status 0 "Remote Login (SSH)" | |
else | |
check_status 1 "Remote Login (SSH)" | |
fi | |
echo -e "${GREEN}All security checks completed.${NC}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment