osx-config.json

[{"_comment": "DO NOT EDIT THIS FILE. THIS WAS AUTOMATICALLY GENERATED BY THE hjson_to_json.py SCRIPT. INSTEAD, EDIT THE osx-config.hjson FILE."}, {"description": "Homebrew is installed.", "confidence": "required", "tests": [{"type": "exact match", "command": "echo $(homebrew_is_installed)", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}], "fix": {"sudo_command": "/usr/bin/ruby ./scripts/homebrew_install_ed33f044812cc9c509a4d8e6997c44441b06dd4e1fc87f131ee9f319d77fcd50.rb", "manual": "Homebrew is a useful tool for installing and updating programs from the command line.\nThere are various things that can go wrong when attempting to install Homebrew.\nPlease review their installation guide here:\nhttps://github.com/Homebrew/brew/blob/master/share/doc/homebrew/Installation.md"}}, {"description": "Binaries installed to /usr/local/bin are preferred over those in /usr/bin (Note: If this check does not pass, other tests will fail)", "confidence": "required", "tests": [{"type": "exact match", "command": "bash ./scripts/check_usr_local_bin_pos.sh", "command_pass": 1, "command_fail": 0, "case_sensitive": false}], "fix": {"command": "python ./scripts/set_path_precedence.py \"/usr/local/bin\" \"/usr/bin\"", "manual": "1. Bring the Terminal application to the foreground if it is not already. You should see the word \"Terminal\" in the top left corner of your screen.\n2. Select Terminal->Quit\n3. Re-open the Terminal application and run the tool again; this check should now pass."}}, {"description": "Java Runtime Environment is up to date.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "java_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "exact match", "command": "java -version 2>&1 >/dev/null | grep 'java version'", "command_pass": "java version \"1.8.0_102\"", "case_sensitive": false}], "fix": {"manual": "1. Your installation of Java is not up to date. You can either update it or remove it.\n2. To update Java, see: https://www.java.com/en/download/faq/java_mac.xml\n3. To remove Java, see: https://www.java.com/en/download/help/mac_uninstall_java.xml"}}, {"description": "The System Preferences application is currently closed.", "confidence": "required", "reference": "https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/defaults.1.html", "tests": [{"type": "exact match", "command": "ps ax | grep -c '/Applications/System Preferences.app/Contents/MacOS/System Preferences'", "command_pass": "2", "case_sensitive": "false"}], "fix": {"command": "killall \"System Preferences\" ; sleep 1"}}, {"description": "Current user is a non-admin account.", "confidence": "required", "tests": [{"type": "exact match", "command": "id -Gn | grep -c -w admin", "command_pass": "0", "case_sensitive": "false"}], "fix": {"manual": "1. For most of your work, you should be logged into a non-administrator account. If you've already set this up and you're just logged into your admin account in order to run this tool as prescribed, you can ignore this failed test.\n2. To create a new, non-admin user for most of your work: Open System Preferences.\n3. Select \"Users & Groups\".\n4. If necessary, click the lock icon in the lower left corner and provide your administrator credentials.\n5. Click the \"+\" to create a new user. Make sure the \"Allow user to administer this computer\" checkbox is un-checked for that user.\n6. You may also want to add your non-administrator user to a list of users who can use the \"sudo\" command within the Terminal application to briefly gain administrator-like credentials for special circumstances. See: http://osxdaily.com/2014/02/06/add-user-sudoers-file-mac/"}}, {"description": "The OSX application firewall is enabled (system-wide).", "confidence": "required", "reference": "https://github.com/drduh/OS-X-Security-and-Privacy-Guide", "tests": [{"type": "exact match", "command": "little_snitch_is_installed", "command_pass": 1, "case_sensitive": false}, {"type": "exact match", "command": "defaults -currentHost read /Library/Preferences/com.apple.alf globalstate", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write /Library/Preferences/com.apple.alf globalstate -bool true", "sudo_command": "sudo defaults -currentHost write /Library/Preferences/com.apple.alf globalstate -bool true"}}, {"description": "The OSX application firewall is enabled (current user only).", "confidence": "required", "reference": "https://github.com/drduh/OS-X-Security-and-Privacy-Guide", "tests": [{"type": "exact match", "command": "little_snitch_is_installed", "command_pass": 1, "case_sensitive": false}, {"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.alf globalstate", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.alf globalstate -bool true", "sudo_command": "sudo defaults -currentHost write ~/Library/Preferences/com.apple.alf globalstate -bool true"}}, {"description": "A password is required to wake the computer from sleep or screen saver (system-wide).", "confidence": "required", "reference": "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml", "tests": [{"type": "exact match", "command": "defaults read /Library/Preferences/com.apple.screensaver askForPassword", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}, {"type": "exact match", "command": "sudo defaults read /Library/Preferences/com.apple.screensaver askForPassword", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}], "fix": {"command": "defaults write /Library/Preferences/com.apple.screensaver askForPassword -bool true", "sudo_command": "sudo defaults write /Library/Preferences/com.apple.screensaver askForPassword -bool true"}}, {"description": "A password is required to wake the computer from sleep or screen saver (current user only).", "confidence": "required", "reference": "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml", "tests": [{"type": "exact match", "command": "defaults read ~/Library/Preferences/com.apple.screensaver askForPassword", "command_pass": "1", "case_sensitive": "false"}], "fix": {"command": "defaults write ~/Library/Preferences/com.apple.screensaver askForPassword -bool true"}}, {"description": "There is no delay between starting the screen saver and locking the machine (system-wide).", "confidence": "required", "reference": "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml", "tests": [{"type": "exact match", "command": "defaults -currentHost read /Library/Preferences/com.apple.screensaver askForPasswordDelay", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}, {"type": "exact match", "command": "sudo defaults -currentHost read /Library/Preferences/com.apple.screensaver askForPasswordDelay", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write /Library/Preferences/com.apple.screensaver askForPasswordDelay -bool false", "sudo_command": "sudo defaults -currentHost write /Library/Preferences/com.apple.screensaver askForPasswordDelay -bool false"}, "undo": "defaults -currentHost write /Library/Preferences/com.apple.screensaver askForPasswordDelay -bool true"}, {"description": "There is no delay between starting the screen saver and locking the machine (current user only).", "confidence": "required", "reference": "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.screensaver askForPasswordDelay", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.screensaver askForPasswordDelay -bool false"}, "undo": "defaults -currentHost write ~/Library/Preferences/com.apple.screensaver askForPasswordDelay -bool true"}, {"description": "Logging is enabled for the operating system.", "confidence": "required", "reference": "https://github.com/drduh/OS-X-Security-and-Privacy-Guide", "tests": [{"type": "exact match", "command": "defaults -currentHost read /Library/Preferences/com.apple.alf loggingenabled", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write /Library/Preferences/com.apple.alf loggingenabled -bool true", "sudo_command": "sudo defaults -currentHost write /Library/Preferences/com.apple.alf loggingenabled -bool true"}}, {"description": "Homebrew analytics are disabled.", "confidence": "required", "reference": "https://github.com/Homebrew/brew/blob/master/share/doc/homebrew/Analytics.md", "tests": [{"type": "exact match", "command": "[[ -n $HOMEBREW_NO_ANALYTICS ]] && echo 1 || echo 0", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}], "fix": {"command": "grep -q 'export HOMEBREW_NO_ANALYTICS=1' ~/.profile || echo 'export HOMEBREW_NO_ANALYTICS=1' >> ~/.profile ; source ~/.profile", "manual": "1. Bring the Terminal application to the foreground if it is not already. You should see the word \"Terminal\" in the top left corner of your screen.\n2. Select Terminal->Quit\n3. Re-open the Terminal application and run the tool again; this check should now pass."}}, {"description": "Stealth mode is enabled for OSX: Computer does not respond to ICMP ping requests or connection attempts from a closed TCP/UDP port. (system-wide)", "confidence": "recommended", "reference": "https://github.com/drduh/OS-X-Security-and-Privacy-Guide", "tests": [{"type": "exact match", "command": "defaults -currentHost read /Library/Preferences/com.apple.alf stealthenabled", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}], "fix": {"command": "defaults write /Library/Preferences/com.apple.alf stealthenabled -bool true", "sudo_command": "sudo defaults write /Library/Preferences/com.apple.alf stealthenabled -bool true"}, "undo": "sudo defaults write /Library/Preferences/com.apple.alf stealthenabled -bool false"}, {"description": "Stealth mode is enabled for OSX: Computer does not respond to ICMP ping requests or connection attempts from a closed TCP/UDP port. (current user only)", "confidence": "recommended", "reference": "https://github.com/drduh/OS-X-Security-and-Privacy-Guide", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.alf stealthenabled", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}], "fix": {"command": "defaults write ~/Library/Preferences/com.apple.alf stealthenabled -bool true", "sudo_command": "sudo defaults write /Library/Preferences/com.apple.alf stealthenabled -bool true"}, "undo": "defaults write ~/Library/Preferences/com.apple.alf stealthenabled -bool false"}, {"description": "Automatic whitelisting of Apple-signed applications through the firewall is disabled (system-wide).", "confidence": "required", "reference": "https://github.com/drduh/OS-X-Security-and-Privacy-Guide", "tests": [{"type": "exact match", "command": "defaults -currentHost read /Library/Preferences/com.apple.alf allowsignedenabled", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write /Library/Preferences/com.apple.alf allowsignedenabled -bool false", "sudo_command": "sudo defaults -currentHost write /Library/Preferences/com.apple.alf allowsignedenabled -bool false"}, "undo": "sudo defaults -currentHost write /Library/Preferences/com.apple.alf allowsignedenabled -bool true"}, {"description": "Automatic whitelisting of Apple-signed applications through the firewall is disabled (current user only).", "confidence": "required", "reference": "https://github.com/drduh/OS-X-Security-and-Privacy-Guide", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.alf allowsignedenabled", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.alf allowsignedenabled -bool false"}, "undo": "sudo defaults -currentHost write /Library/Preferences/com.apple.alf allowsignedenabled -bool true"}, {"description": "Captive portal for connecting to new networks is disabled to prevent MITM attacks.", "confidence": "required", "reference": "https://github.com/drduh/OS-X-Security-and-Privacy-Guide", "tests": [{"type": "exact match", "command": "defaults -currentHost read /Library/Preferences/SystemConfiguration/com.apple.captive.control Active", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write /Library/Preferences/SystemConfiguration/com.apple.captive.control Active -bool false", "sudo_command": "sudo defaults -currentHost write /Library/Preferences/SystemConfiguration/com.apple.captive.control Active -bool false"}, "undo": "sudo defaults -currentHost write /Library/Preferences/SystemConfiguration/com.apple.captive.control Active -bool true"}, {"description": "OpenSSL is up to date.", "confidence": "required", "reference": "https://github.com/drduh/OS-X-Security-and-Privacy-Guide", "tests": [{"type": "exact match", "command": "openssl version", "command_pass": "OpenSSL 1.0.2h  3 May 2016", "case_sensitive": "false"}], "fix": {"command": "brew update ; brew install openssl ; brew upgrade openssl ; bash ./scripts/set_openssl_latest_path.sh", "manual": "1. Bring the Terminal application to the foreground if it is not already. You should see the word \"Terminal\" in the top left corner of your screen.\n2. Select Terminal->Quit\n3. Re-open the Terminal application and run the tool again; this check should now pass."}}, {"description": "Hidden files are displayed in Finder.", "confidence": "recommended", "reference": "http://lifehacker.com/the-best-hidden-settings-you-can-unlock-with-os-xs-ter-1476627111", "tests": [{"type": "exact match", "command": "defaults -currentHost read /Library/Preferences/SystemConfiguration/com.apple.finder AppleShowAllFiles", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write /Library/Preferences/SystemConfiguration/com.apple.finder AppleShowAllFiles -bool true && killall Dock", "sudo_command": "sudo defaults -currentHost write /Library/Preferences/SystemConfiguration/com.apple.finder AppleShowAllFiles -bool true && killall Dock"}, "undo": "defaults -currentHost write /Library/Preferences/SystemConfiguration/com.apple.finder AppleShowAllFiles -bool false && killall Dock"}, {"description": "All application software is currently up to date.", "confidence": "required", "reference": "https://github.com/SummitRoute/osxlockdown/", "tests": [{"type": "exact match", "command": "LASTUPDATE=$(defaults read /Library/Preferences/com.apple.SoftwareUpdate | grep LastSuccessfulDate | sed -e 's@^.* \"\\([0-9\\\\-]*\\) .*$@\\1@'); if [ \"$LASTUPDATE\" = \"$(date +%Y-%m-%d)\" ];then echo 1 && exit; fi; echo 0 && exit", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}], "fix": {"command": "softwareupdate -i -a", "sudo_command": "sudo softwareupdate -i -a"}}, {"description": "Automatic check for software updates is enabled.", "confidence": "required", "reference": "https://github.com/SummitRoute/osxlockdown/", "tests": [{"type": "exact match", "command": "sudo softwareupdate --schedule | grep -i 'Automatic check is on'", "command_pass": "Automatic check is on", "case_sensitive": "false"}], "fix": {"command": "softwareupdate --schedule on", "sudo_command": "sudo softwareupdate --schedule on"}}, {"description": "GateKeeper protection against untrusted applications is enabled.", "confidence": "required", "tests": [{"type": "exact match", "command": "spctl --status | grep -i 'assessments enabled'", "command_pass": "assessments enabled", "case_sensitive": "false"}], "fix": {"command": "spctl --master-enable", "sudo_command": "sudo spctl --master-enable"}, "undo": "sudo spctl --master-disable"}, {"description": "Bluetooth is disabled.", "confidence": "experimental", "tests": [{"type": "exact match", "command": "defaults read /Library/Preferences/com.apple.Bluetooth ControllerPowerState", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}, {"type": "exact match", "command": "sudo defaults read /Library/Preferences/com.apple.Bluetooth ControllerPowerState", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults write /Library/Preferences/com.apple.Bluetooth ControllerPowerState -bool false; killall -HUP blued", "sudo_command": "sudo defaults write /Library/Preferences/com.apple.Bluetooth ControllerPowerState -bool false; sudo killall -HUP blued"}, "undo": "defaults write /Library/Preferences/com.apple.Bluetooth ControllerPowerState -bool true; killall -HUP blued"}, {"description": "The infrared receiver is disabled.", "confidence": "required", "tests": [{"type": "exact match", "command": "defaults read /Library/Preferences/com.apple.driver.AppleIRController DeviceEnabled", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}, {"type": "exact match", "command": "sudo defaults read /Library/Preferences/com.apple.driver.AppleIRController DeviceEnabled", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults write /Library/Preferences/com.apple.driver.AppleIRController DeviceEnabled -bool false", "sudo_command": "sudo defaults write /Library/Preferences/com.apple.driver.AppleIRController DeviceEnabled -bool false"}, "undo": "defaults write /Library/Preferences/com.apple.driver.AppleIRController DeviceEnabled -bool true"}, {"description": "AirDrop file sharing is disabled.", "confidence": "required", "tests": [{"type": "exact match", "command": "defaults read com.apple.NetworkBrowser DisableAirDrop", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}, {"type": "exact match", "command": "sudo defaults read com.apple.NetworkBrowser DisableAirDrop", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}], "fix": {"command": "defaults_write_ignore_missing com.apple.NetworkBrowser DisableAirDrop -bool true"}, "undo": "defaults write com.apple.NetworkBrowser DisableAirDrop -bool false"}, {"description": "File sharing is disabled.", "confidence": "recommended", "reference": "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml", "tests": [{"type": "exact match", "command": "if [ -n \"$(launchctl list | egrep AppleFileServer)\" ]; then exit 1; fi; if [ -n \"$(grep -i array /Library/Preferences/SystemConfiguration/com.apple.smb.server.plist)\" ]; then echo 1; exit; fi; echo 0; exit", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "launchctl unload -w /System/Library/LaunchDaemons/com.apple.AppleFileServer.plist; launchctl unload -w /System/Library/LaunchDaemons/com.apple.smbd.plist"}}, {"description": "Printer sharing is disabled.", "confidence": "required", "reference": "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml", "tests": [{"type": "exact match", "command": "if [ -n \"$(system_profiler SPPrintersDataType | grep Shared | grep Yes)\" ]; then echo 1; exit; fi; if [ -n \"$(system_profiler SPPrintersDataType | grep 'System Printer Sharing: Yes')\" ]; then echo 1; exit; fi; echo 0; exit", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "cupsctl --no-share-printers"}}, {"description": "Remote login is disabled.", "confidence": "required", "tests": [{"type": "exact match", "command": "systemsetup -getremotelogin", "command_pass": "Remote Login: Off", "case_sensitive": "false"}, {"type": "exact match", "command": "sudo systemsetup -getremotelogin", "command_pass": "Remote Login: Off", "case_sensitive": "false"}], "fix": {"command": "systemsetup -f -setremotelogin off", "sudo_command": "sudo systemsetup -f -setremotelogin off"}, "undo": "sudo systemsetup -f -setremotelogin on"}, {"description": "Remote Management is disabled.", "confidence": "required", "tests": [{"type": "exact match", "command": "if [ -n \"$(ps -ef | egrep \"/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/[A]RDAgent\")\" ]; then echo 1; exit; fi; echo 0; exit", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop", "sudo_command": "sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop"}}, {"description": "Remote Apple events are disabled.", "confidence": "required", "reference": "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml", "tests": [{"type": "exact match", "command": "systemsetup -getremoteappleevents", "command_pass": "Remote Apple Events: Off", "case_sensitive": "false"}, {"type": "exact match", "command": "sudo systemsetup -getremoteappleevents", "command_pass": "Remote Apple Events: Off", "case_sensitive": "false"}], "fix": {"command": "systemsetup -setremoteappleevents off", "sudo_command": "systemsetup -setremoteappleevents off"}, "undo": "sudo systemsetup -setremoteappleevents on"}, {"description": "Internet Sharing is disabled on all network interfaces.", "confidence": "required", "reference": "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml", "tests": [{"type": "exact match", "command": "defaults read /Library/Preferences/SystemConfiguration/com.apple.nat NAT | grep -c 'Enabled = 1'", "command_pass": "0", "case_sensitive": "false"}], "fix": {"command": "defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict-add Enabled -bool false", "sudo_command": "sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict-add Enabled -bool false"}}, {"description": "Wake on Network Access feature is disabled.", "confidence": "required", "tests": [{"type": "exact match", "command": "systemsetup getwakeonnetworkaccess", "command_pass": "Wake On Network Access: Off", "case_sensitive": "false"}, {"type": "exact match", "command": "sudo systemsetup getwakeonnetworkaccess", "command_pass": "Wake On Network Access: Off", "case_sensitive": "false"}], "fix": {"command": "systemsetup -setwakeonnetworkaccess off", "sudo_command": "sudo systemsetup -setwakeonnetworkaccess off"}, "undo": "sudo systemsetup -setwakeonnetworkaccess on"}, {"description": "Automatic setting of time and date is disabled.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "systemsetup getusingnetworktime", "command_pass": "Network Time: Off", "command_fail": "Network Time: On", "case_sensitive": "false"}, {"type": "exact match", "command": "sudo systemsetup getusingnetworktime", "command_pass": "Network Time: Off", "command_fail": "Network Time: On", "case_sensitive": "false"}], "fix": {"command": "systemsetup setusingnetworktime off", "sudo_command": "sudo systemsetup setusingnetworktime off"}, "undo": "sudo systemsetup setusingnetworktime on"}, {"description": "IPv6 is disabled on all network interfaces.", "confidence": "recommended", "reference": "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml", "tests": [{"type": "exact match", "command": "networksetup -listallnetworkservices | while read i; do SUPPORT=$(networksetup -getinfo \"$i\" | grep \"IPv6: Automatic\") && if [ -n \"$SUPPORT\" ]; then echo 1; fi; done; echo 0; exit", "command_pass": "0", "case_sensitive": "false"}], "fix": {"command": "networksetup -listallnetworkservices | while read i; do SUPPORT=$(networksetup -getinfo \"$i\" | grep \"IPv6: Automatic\") && if [ -n \"$SUPPORT\" ]; then networksetup -setv6off \"$i\"; fi; done;"}}, {"description": "An administrator password is required to change system-wide preferences.", "confidence": "required", "reference": "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml", "tests": [{"type": "exact match", "command": "if [ -n \"$(security authorizationdb read system.preferences 2> /dev/null | grep -A1 shared | grep -E '(true|false)' | grep 'false')\" ]; then echo 0; else echo 1; fi", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "security authorizationdb read system.preferences > /tmp/system.preferences.plist &&/usr/libexec/PlistBuddy -c \"Set :shared false\" /tmp/system.preferences.plist && security authorizationdb write system.preferences < /tmp/system.preferences.plist"}}, {"description": "Documents are not stored to iCloud Drive by default. (May be mistaken if iCloud is disabled)", "confidence": "required", "reference": "http://mjtsai.com/blog/2014/10/26/yosemite-uploads-unsaved-documents-and-recent-addresses-to-icloud/", "tests": [{"type": "exact match", "command": "defaults read NSGlobalDomain NSDocumentSaveNewDocumentsToCloud", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults write NSGlobalDomain NSDocumentSaveNewDocumentsToCloud -bool false"}, "undo": "defaults write NSGlobalDomain NSDocumentSaveNewDocumentsToCloud -bool true"}, {"description": "The File Vault key is protected when going to standby mode.", "confidence": "experimental", "reference": "https://github.com/drduh/OS-X-Security-and-Privacy-Guide", "tests": [{"type": "exact match", "command": "bash ./scripts/DestroyFVKeyOnStandby_check.sh", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}], "fix": {"command": "pmset -a destroyfvkeyonstandby 1 ; pmset -a hibernatemode 25 ; pmset -a powernap 0 ; pmset -a standby 0 ; pmset -a standbydelay 0; pmset -a autopoweroff 0", "sudo_command": "sudo pmset -a destroyfvkeyonstandby 1 ; sudo pmset -a hibernatemode 25 ; sudo pmset -a powernap 0 ; sudo pmset -a standby 0 ; sudo pmset -a standbydelay 0; sudo pmset -a autopoweroff 0"}}, {"description": "The system will store a copy of memory to persistent storage, and will remove power to memory.", "confidence": "recommended", "reference": "https://github.com/drduh/OS-X-Security-and-Privacy-Guide", "tests": [{"type": "regex match", "command": "pmset -g", "command_pass": ".*hibernatemode\\s+25.*", "case_sensitive": "false"}], "fix": {"command": "pmset -a hibernatemode 25", "sudo_command": "sudo pmset -a hibernatemode 25"}}, {"description": "git is up to date or is not installed", "confidence": "required", "tests": [{"type": "regex match", "command": "git --version", "command_pass": ".*(command not found|2\\.9\\.3).*", "case_sensitive": "false"}], "fix": {"command": "brew update ; brew install git ; brew upgrade git ; python ./scripts/set_path_precedence.py \"/usr/local/bin\" \"/usr/bin\"", "manual": "1. Bring the Terminal application to the foreground if it is not already. You should see the word \"Terminal\" in the top left corner of your screen.\n2. Select Terminal->Quit\n3. Re-open the Terminal application and run the tool again; this check should now pass."}}, {"description": "Apple Push Notifications are disabled.", "confidence": "recommended", "reference": "https://github.com/drduh/OS-X-Security-and-Privacy-Guide", "tests": [{"type": "regex match", "command": "launchctl list", "command_pass": "^((?!com\\.apple\\.apsd).)*$", "case_sensitive": "false"}, {"type": "regex match", "command": "sudo launchctl list", "command_pass": "^((?!com\\.apple\\.apsd).)*$", "case_sensitive": "false"}], "fix": {"command": "launchctl unload -w /System/Library/LaunchDaemons/com.apple.apsd.plist", "sudo_command": "sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.apsd.plist"}, "undo": "sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.apsd.plist"}, {"description": "Google DNS servers are used by default on all network interfaces.", "confidence": "recommended", "tests": [{"type": "regex match", "command": "networksetup listallnetworkservices | grep -v 'An asterisk' | xargs -I{} networksetup -getdnsservers '{}' ", "command_pass": "^(8\\.8\\.8\\.8\\n8\\.8\\.4\\.4\n*)+$", "case_sensitive": "false"}], "fix": {"sudo_command": "sudo bash ./scripts/use_google_dns.sh"}}, {"description": "The curl utility is up to date or absent from the system.", "confidence": "required", "tests": [{"type": "regex match", "command": "curl --version", "command_pass": ".*(command not found|7\\.50\\.1).*", "case_sensitive": "false"}], "fix": {"command": "brew update ; brew install curl ; brew upgrade curl ; python ./scripts/set_path_precedence.py \"/usr/local/bin\" \"/usr/bin\""}, "undo": "brew unlink curl"}, {"description": "FileVault file system encryption is enabled.", "confidence": "required", "reference": "https://github.com/drduh/OS-X-Security-and-Privacy-Guide", "tests": [{"type": "regex match", "command": "fdesetup status -verbose", "command_pass": "^.*FileVault is On.*$", "case_sensitive": "false"}], "fix": {"manual": "1. Open System Preferences.\n2. Select \"Security & Privacy\"\n3. Select \"FileVault\".\n4. Click the \"Turn On FileVault\" button and follow the instructions.\n5. Decline to use iCloud or other Apple accounts for login. Instead, allow it to generate an offline decryption key. Store your decryption key somewhere safe so that you can decrypt your hard drive if something breaks, but prevent your enemies from acquiring yoru decryption key."}, "undo": ""}, {"description": "FileVault file system encryption is enabled at the root directory.", "confidence": "required", "reference": "https://github.com/drduh/OS-X-Security-and-Privacy-Guide", "tests": [{"type": "regex match", "command": "fdesetup status -verbose", "command_pass": "^.*device path \\=\\s+.*$", "case_sensitive": "false"}], "fix": {"manual": "Sorry, no instructions are currently available to remediate this issue."}}, {"description": "The idle timer for screen saver activation is set to 10 minutes or less.", "confidence": "recommended", "reference": "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml", "tests": [{"type": "regex match", "command": "UUID=`ioreg -rd1 -c IOPlatformExpertDevice | grep \"IOPlatformUUID\" | sed -e 's/^.*\"\\(.*\\)\"$/\\1/'`; for i in $(find /Users -type d -maxdepth 1); do PREF=$i/Library/Preferences/ByHost/com.apple.screensaver.$UUID; if [ -e $PREF.plist ]; then TIMEOUT=$(defaults read $PREF.plist idleTime) && if [ $TIMEOUT -eq 0 ] || [ $TIMEOUT -gt 600 ]; then echo 1; fi; else echo 0; fi; done;", "command_pass": "^(0\n*)+$", "case_sensitive": "false"}], "fix": {"command": "UUID=`ioreg -rd1 -c IOPlatformExpertDevice | grep \"IOPlatformUUID\" | sed -e 's/^.*\"\\(.*\\)\"$/\\1/'`; for i in $(find /Users -type d -maxdepth 1); do PREF=$i/Library/Preferences/ByHost/com.apple.screensaver.$UUID; if [ -e $PREF.plist ]; then defaults -currentHost write $PREF.plist idleTime -int 600; fi; done"}}, {"description": "System Integrity Protection (SIP) is enabled.", "confidence": "required", "reference": "https://github.com/drduh/OS-X-Security-and-Privacy-Guide#system-integrity-protection", "tests": [{"type": "exact match", "command": "is_el_capitan", "command_pass": 0, "case_sensitive": false}, {"type": "exact match", "command": "csrutil status", "command_pass": "System Integrity Protection status: enabled.", "case_sensitive": false}], "fix": {"manual": "1. SIP should be enabled by default on your El Capitan machine. You must boot into \"Recovery OS\" in order to use the \"csrutil enable\" command. See: https://derflounder.wordpress.com/2015/10/01/system-integrity-protection-adding-another-layer-to-apples-security-model/"}}, {"description": "The Safari application is currently closed.", "confidence": "required", "reference": "https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/defaults.1.html", "tests": [{"type": "exact match", "command": "ps ax | grep -c '/Applications/Safari.app/Contents/MacOS/Safari'", "command_pass": "2", "case_sensitive": "false"}], "fix": {"command": "killall \"Safari\" ; sleep 1"}}, {"description": "Safari will not auto-fill credit card data.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari AutoFillCreditCardData", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari AutoFillCreditCardData -bool false"}}, {"description": "Safari will not auto-fill your contact data.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari AutoFillFromAddressBook", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari AutoFillFromAddressBook -bool false"}}, {"description": "Safari will not auto-fill miscellaneous forms.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari AutoFillMiscellaneousForms", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari AutoFillMiscellaneousForms -bool false"}}, {"description": "Safari will not auto-fill usernames or passwords.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari AutoFillPasswords", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari AutoFillPasswords -bool false"}}, {"description": "Files downloaded in Safari are not automatically opened.", "confidence": "required", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari AutoOpenSafeDownloads", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari AutoOpenSafeDownloads -bool false"}}, {"description": "Cookies and local storage are always blocked in Safari.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari BlockStoragePolicy", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari BlockStoragePolicy -bool false"}}, {"description": "Safari extensions are disabled.", "confidence": "required", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari ExtensionsEnabled", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari ExtensionsEnabled -bool false"}}, {"description": "The Safari web browser will warn when visiting known fraudulent websites.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari WarnAboutFraudulentWebsites", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WarnAboutFraudulentWebsites -bool true"}, "undo": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WarnAboutFraudulentWebsites -bool false"}, {"description": "JavaScript is disabled in the Safari web browser.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptEnabled", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptEnabled -bool false"}, "undo": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptEnabled -bool true"}, {"description": "JavaScript is disabled in the Safari web browser (Legacy version).", "confidence": "recommended", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari WebKitJavaScriptEnabled", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WebKitJavaScriptEnabled -bool false"}, "undo": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WebKitJavaScriptEnabled -bool true"}, {"description": "Pop-up windows are blocked in the Safari web browser.", "confidence": "required", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptCanOpenWindowsAutomatically", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptCanOpenWindowsAutomatically -bool false"}, "undo": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptCanOpenWindowsAutomatically -bool true"}, {"description": "Pop-up windows are blocked in the Safari web browser (Legacy version).", "confidence": "required", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari WebKitJavaScriptCanOpenWindowsAutomatically", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WebKitJavaScriptCanOpenWindowsAutomatically -bool false"}, "undo": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WebKitJavaScriptCanOpenWindowsAutomatically -bool true"}, {"description": "The WebGL plug-in is disabled in the Safari web browser.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2WebGLEnabled", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2WebGLEnabled -bool false"}, "undo": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2WebGLEnabled -bool true"}, {"description": "Plug-ins are disabled in the Safari web browser.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2PluginsEnabled", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2PluginsEnabled -bool false"}, "undo": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2PluginsEnabled -bool true"}, {"description": "Plug-ins are disabled in the Safari web browser (Legacy version).", "confidence": "recommended", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari WebKitPluginsEnabled", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WebKitPluginsEnabled -bool false"}, "undo": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WebKitPluginsEnabled -bool true"}, {"description": "Plug-ins are blocked by default in the Safari web browser unless a site is explicitly added to a list of allowed sites.", "confidence": "required", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari PlugInFirstVisitPolicy", "command_pass": "PlugInPolicyBlock", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari PlugInFirstVisitPolicy PlugInPolicyBlock"}}, {"description": "The Java plug-in for Safari web browser is blocked unless a site is explicitly added to a list of allowed sites.", "confidence": "required", "tests": [{"type": "exact match", "command": "/usr/libexec/PlistBuddy -c \"Print :ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInFirstVisitPolicy\" ~/Library/Preferences/com.apple.Safari.plist", "command_pass": "PlugInPolicyBlock", "case_sensitive": "false"}], "fix": {"command": "/usr/libexec/PlistBuddy -c \"Add :ManagedPlugInPolicies dict\" ~/Library/Preferences/com.apple.Safari.plist ; /usr/libexec/PlistBuddy -c \"Add :ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin dict\" ~/Library/Preferences/com.apple.Safari.plist ; /usr/libexec/PlistBuddy -c \"Add :ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInFirstVisitPolicy string PlugInPolicyBlock\" ~/Library/Preferences/com.apple.Safari.plist; /usr/libexec/PlistBuddy -c \"Set :ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInFirstVisitPolicy PlugInPolicyBlock\" ~/Library/Preferences/com.apple.Safari.plist"}}, {"description": "The Java plug-in is disabled in the Safari web browser.", "confidence": "required", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaEnabled", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaEnabled -bool false"}, "undo": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaEnabled -bool true"}, {"description": "The Java plug-in is disabled in the Safari web browser (Legacy version).", "confidence": "required", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari WebKitJavaEnabled", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WebKitJavaEnabled -bool false"}, "undo": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WebKitJavaEnabled -bool true"}, {"description": "The Safari web browser is configured to treat SHA-1 certificates as insecure.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari TreatSHA1CertificatesAsInsecure", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari TreatSHA1CertificatesAsInsecure -bool true"}, "undo": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari TreatSHA1CertificatesAsInsecure -bool false"}, {"description": "The Safari web browser will not pre-load webpages that rank highly as search matches.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari PreloadTopHit", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari PreloadTopHit -bool false"}, "undo": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari PreloadTopHit -bool true"}, {"description": "The Safari web browser will not include search engine suggestions for text typed in the location bar.", "confidence": "required", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari SuppressSearchSuggestions", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari SuppressSearchSuggestions -bool true"}, "undo": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari SuppressSearchSuggestions -bool false"}, {"description": "The Safari web browser's search suggestions are disabled.", "confidence": "required", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari UniversalSearchEnabled", "command_pass": "0", "command_fail": "1", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari UniversalSearchEnabled -bool false"}, "undo": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari UniversalSearchEnabled -bool true"}, {"description": "The Safari web browser uses the Do-Not-Track HTTP header.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari SendDoNotTrackHTTPHeader", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari SendDoNotTrackHTTPHeader -bool true"}, "undo": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari SendDoNotTrackHTTPHeader -bool false"}, {"description": "PDF viewing is disabled in the Safari web browser.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari WebKitOmitPDFSupport", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WebKitOmitPDFSupport -bool true"}, "undo": ""}, {"description": "Full website addresses are displayed in the location bar of the Safari web browser.", "confidence": "required", "tests": [{"type": "exact match", "command": "defaults -currentHost read ~/Library/Preferences/com.apple.Safari ShowFullURLInSmartSearchField", "command_pass": "1", "command_fail": "0", "case_sensitive": "false"}], "fix": {"command": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari ShowFullURLInSmartSearchField -bool true"}, "undo": "defaults -currentHost write ~/Library/Preferences/com.apple.Safari ShowFullURLInSmartSearchField -bool false\""}, {"description": "The Mail application is currently closed.", "confidence": "required", "reference": "https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/defaults.1.html", "tests": [{"type": "exact match", "command": "ps ax | grep -c '/Applications/Mail.app/Contents/MacOS/Mail'", "command_pass": 2, "case_sensitive": false}], "fix": {"command": "killall \"Mail\" ; sleep 1"}}, {"description": "Apple Mail does not automatically load remote content in e-mails.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "apple_mail_in_use", "command_pass": 0, "case_sensitive": false}, {"type": "exact match", "command": "defaults read ~/Library/Preferences/com.apple.mail-shared DisableURLLoading", "command_pass": 1, "command_fail": 0, "case_sensitive": false}], "fix": {"command": "defaults write ~/Library/Preferences/com.apple.mail-shared DisableURLLoading -bool true"}, "undo": "defaults write ~/Library/Preferences/com.apple.mail-shared DisableURLLoading -bool false"}, {"description": "Mail identified by Apple Mail as junk is sent to the Junk mailbox.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "apple_mail_in_use", "command_pass": 0, "case_sensitive": false}, {"type": "exact match", "command": "defaults -currentHost read ~/Library/Containers/com.apple.mail/Data/Library/Preferences/com.apple.mail JunkMailBehavior", "command_pass": 2, "case_sensitive": false}], "fix": {"command": "defaults -currentHost write ~/Library/Containers/com.apple.mail/Data/Library/Preferences/com.apple.mail JunkMailBehavior -int 2"}}, {"description": "GPGMail is in use.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "gpg_mail_in_use", "command_pass": 1, "command_fail": 0, "case_sensitive": false}], "fix": {"manual": "1. Visit https://gpgtools.org/ and install GPG Suite. This tool can be used to encrypted and sign emails sent to other PGP users."}}, {"description": "New e-mails composed in Apple Mail are encrypted by GPGMail if the receiver's PGP is present in the keychain.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "apple_mail_in_use", "command_pass": 0, "case_sensitive": false}, {"type": "exact match", "command": "gpg_mail_in_use", "command_pass": 0, "case_sensitive": false}, {"type": "exact match", "command": "defaults read ~/Library/Preferences/org.gpgtools.gpgmail EncryptNewEmailsByDefault", "command_pass": 1, "command_fail": 0, "case_sensitive": false}], "fix": {"command": "defaults write ~/Library/Preferences/org.gpgtools.gpgmail.plist EncryptNewEmailsByDefault -bool true"}, "undo": "defaults write ~/Library/Preferences/org.gpgtools.gpgmail.plist EncryptNewEmailsByDefault -bool false"}, {"description": "New e-mails composed in Apple Mail and saved as drafts are encrypted by GPGMail.", "confidence": "required", "tests": [{"type": "exact match", "command": "apple_mail_in_use", "command_pass": 0, "case_sensitive": false}, {"type": "exact match", "command": "gpg_mail_in_use", "command_pass": 0, "case_sensitive": false}, {"type": "exact match", "command": "defaults read ~/Library/Preferences/org.gpgtools.gpgmail OptionallyEncryptDrafts", "command_pass": 1, "command_fail": 0, "case_sensitive": false}], "fix": {"command": "defaults write ~/Library/Preferences/org.gpgtools.gpgmail.plist OptionallyEncryptDrafts -bool true"}, "undo": "defaults write ~/Library/Preferences/org.gpgtools.gpgmail.plist OptionallyEncryptDrafts -bool false"}, {"description": "New e-mails composed in Apple Mail are signed by GPGMail.", "confidence": "required", "tests": [{"type": "exact match", "command": "apple_mail_in_use", "command_pass": 0, "case_sensitive": false}, {"type": "exact match", "command": "gpg_mail_in_use", "command_pass": 0, "case_sensitive": false}, {"type": "exact match", "command": "defaults read ~/Library/Preferences/org.gpgtools.gpgmail SignNewEmailsByDefault", "command_pass": 1, "command_fail": 0, "case_sensitive": false}], "fix": {"command": "defaults write ~/Library/Preferences/org.gpgtools.gpgmail.plist SignNewEmailsByDefault -bool true"}, "undo": "defaults write ~/Library/Preferences/org.gpgtools.gpgmail.plist SignNewEmailsByDefault -bool false"}, {"description": "Apple Mail automatically checks for updates to GPGMail.", "confidence": "required", "tests": [{"type": "exact match", "command": "apple_mail_in_use", "command_pass": 0, "case_sensitive": false}, {"type": "exact match", "command": "gpg_mail_in_use", "command_pass": 0, "case_sensitive": false}, {"type": "exact match", "command": "defaults read ~/Library/Preferences/org.gpgtools.gpgmail SUEnableAutomaticChecks", "command_pass": 1, "command_fail": 0, "case_sensitive": false}], "fix": {"command": "defaults write ~/Library/Preferences/org.gpgtools.gpgmail.plist SUEnableAutomaticChecks -bool true"}, "undo": "defaults write ~/Library/Preferences/org.gpgtools.gpgmail.plist SUEnableAutomaticChecks -bool false"}, {"description": "The Google Chrome browser is currently closed.", "confidence": "required", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "exact match", "command": "ps ax | grep -c 'Google Chrome.app'", "command_pass": 2, "case_sensitive": false}], "fix": {"command": "killall \"Google Chrome\" ; sleep 3"}}, {"description": "All Google Chrome web browser profiles prevent information leakage through navigation errors.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' alternate_error_pages.enabled", "command_pass": "^(False\n?)+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' alternate_error_pages.enabled -bool false"}}, {"description": "All Google Chrome web browser profiles prevent information leakage through URL suggestions.", "confidence": "required", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' search.suggest_enabled", "command_pass": "^(False\n?)+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python  ./scripts/chrome_defaults.py write '{}' search.suggest_enabled -bool false"}}, {"description": "All Google Chrome web browser profiles prevent information leakage through network prediction.", "confidence": "required", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' net.network_prediction_options", "command_pass": "^(2\n?)+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' net.network_prediction_options -int 2"}}, {"description": "All Google Chrome web browser profiles prevent information leakage by blocking security incidents reports to Google.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' safebrowsing.extended_reporting_enabled", "command_pass": "^(False\n?)+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' safebrowsing.extended_reporting_enabled -bool false"}}, {"description": "All Google Chrome web browser profiles have Google Safe Browsing enabled.", "confidence": "recommended", "reference": "https://en.wikipedia.org/wiki/Google_Safe_Browsing", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' safebrowsing.enabled", "command_pass": "^(True\n?)+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' safebrowsing.enabled -bool true"}}, {"description": "All Google Chrome web browser profiles prevent information leakage through spell-checking network services.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' spellcheck.use_spelling_service", "command_pass": "^(False\n?)+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' spellcheck.use_spelling_service -bool false"}}, {"description": "All Google Chrome web browser profiles prevent information leakage through reporting usage statistics to Google.", "confidence": "required", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "if [ -e \"$(ls ~/Library/Application\\ Support/Google/Chrome/Consent\\ To\\ Send\\ Stats)\" ]; then echo \"True\"; exit; fi ; echo $(python ./scripts/chrome_defaults.py read ~/Library/Application\\ Support/Google/Chrome/Local\\ State user_experience_metrics.reporting_enabled)", "command_pass": ".*False$", "case_sensitive": "false"}], "fix": {"command": "rm ~/Library/Application\\ Support/Google/Chrome/Consent\\ To\\ Send\\ Stats ; python ./scripts/chrome_defaults.py write \"$(ls ~/Library/Application\\ Support/Google/Chrome/Local\\ State)\" user_experience_metrics.reporting_enabled -bool false"}}, {"description": "All Google Chrome web browser profiles use the Do-Not-Track HTTP header.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' enable_do_not_track", "command_pass": "^(True\n?)+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' enable_do_not_track -bool true"}}, {"description": "All Google Chrome web browser profiles prevent pop-ups.", "confidence": "required", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' profile.default_content_setting_values.popups", "command_pass": "^((The attribute 'profile.default_content_setting_values.popups' does not exist in '[^']+'\\.\\n?)|(None\\n?))+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py delete '{}' profile.default_content_setting_values.popups"}}, {"description": "All Google Chrome web browser profiles prevent geolocation by websites.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' profile.default_content_setting_values.geolocation", "command_pass": "^(2\n?)+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' profile.default_content_setting_values.geolocation -int 2"}}, {"description": "All Google Chrome web browser profiles block unsandboxed plug-in software.", "confidence": "recommended", "reference": "http://superuser.com/questions/654595/adobe-flash-player-ppapi-vs-npapi-in-google-chrome", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' profile.default_content_setting_values.ppapi_broker", "command_pass": "^(2\n?)+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' profile.default_content_setting_values.ppapi_broker -int 2"}}, {"description": "All Google Chrome web browser profiles prevent filling personal information into forms automatically.", "confidence": "required", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' autofill.enabled", "command_pass": "^(False\n?)+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' autofill.enabled -bool false"}}, {"description": "All Google Chrome web browser profiles have disabled Password Manager.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' profile.password_manager_enabled", "command_pass": "^(False\n?)+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' profile.password_manager_enabled -bool false"}}, {"description": "All Google Chrome web browser profiles have disabled automatic sign-in for stored passwords.", "confidence": "required", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' credentials_enable_autosignin", "command_pass": "^(False\n?)+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' credentials_enable_autosignin -bool false"}}, {"description": "All Google Chrome web browser profiles have disabled Google CloudPrint.", "confidence": "required", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' local_discovery.notifications_enabled", "command_pass": "^(False\n?)+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' local_discovery.notifications_enabled -bool false"}}, {"description": "All Google Chrome web browser profiles block Flash cookies.", "confidence": "required", "reference": "https://en.wikipedia.org/wiki/Local_shared_object", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' browser.clear_lso_data_enabled", "command_pass": "^(False\n?)+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' browser.clear_lso_data_enabled -bool false"}}, {"description": "All Google Chrome web browser profiles have disabled the Chrome Pepper Flash Player plug-in.", "confidence": "required", "reference": "http://www.newtriks.com/2012/12/01/how-to-disable-the-chrome-pepper-flash-player/", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' browser.pepper_flash_settings_enabled", "command_pass": "^(False\n?)+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' browser.pepper_flash_settings_enabled -bool false"}}, {"description": "All Google Chrome web browser profiles have disabled the Adobe Shockwave Flash plug-in.", "confidence": "required", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' plugins.plugins_list", "command_pass": "^(\\[[^\\[]+'enabled': False, 'name': 'Shockwave Flash'[^\\]]+\\]\\n?)+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} ./scripts/chrome_flash.sh '{}'"}}, {"description": "All Google Chrome web browser profiles have disabled the Adobe Flash Player plug-in.", "confidence": "required", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' plugins.plugins_list", "command_pass": "^(\\[[^\\[]+'enabled': False, 'name': 'Adobe Flash Player'[^\\]]+\\]\\n?)+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} ./scripts/chrome_flash.sh '{}'"}}, {"description": "All Google Chrome web browser profiles have disabled the Native Client plug-in.", "confidence": "required", "reference": "https://developer.chrome.com/native-client", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' plugins.plugins_list", "command_pass": "^(\\[[^\\[]+'enabled': False, 'name': 'Native Client'[^\\]]+\\]\\n?)+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} bash ./scripts/chrome_nativeclient.sh '{}'"}}, {"description": "All Google Chrome web browser profiles have disabled the Widevine Content Decryption Module plug-in.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "regex match", "command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' plugins.plugins_list", "command_pass": "^(\\[[^\\[]+'enabled': False, 'name': 'Widevine Content Decryption Module'[^\\]]+\\]\\n?)+$", "case_sensitive": "false"}], "fix": {"command": "find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} bash ./scripts/chrome_widevine.sh '{}'"}}, {"description": "All Google Chrome web browser profiles have enabled the uBlock Origin extension.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "exact match", "command": "DISABLEREASONS=$(find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' extensions.settings.cjpalhdlnbpafiamejdnhcphjbkeiagm.disable_reasons | grep -v \"does not exist\" | grep -v \"not found\") ; if [[ -n $DISABLEREASONS ]] ; then echo \"False\" ; exit ; fi ; BADSTATE=$(find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | grep -v \"Guest Profile\" | grep -v \"System Profile\" | xargs -I{} python ./scripts/chrome_defaults.py read '{}' extensions.settings.cjpalhdlnbpafiamejdnhcphjbkeiagm.state | grep -v \"1\") ; if [[ -n $BADSTATE ]] ; then echo \"False\" ; fi ; echo \"True\" ;", "command_pass": "True", "case_sensitive": "false"}], "fix": {"manual": "1. For each of your Chrome profiles, visit https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm in Google Chrome.\n2. Select \"Add to Chrome\".\n3. Complete any required follow-up steps as instructed on the screen."}}, {"description": "All Google Chrome web browser profiles have enabled the Ghostery extension.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "exact match", "command": "DISABLEREASONS=$(find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' extensions.settings.mlomiejdfkolichcflejclcbmpeaniij.disable_reasons | grep -v \"does not exist\" | grep -v \"not found\") ; if [[ -n $DISABLEREASONS ]] ; then echo \"False\" ; exit ; fi ; BADSTATE=$(find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | grep -v \"Guest Profile\" | grep -v \"System Profile\" | xargs -I{} python ./scripts/chrome_defaults.py read '{}' extensions.settings.mlomiejdfkolichcflejclcbmpeaniij.state | grep -v \"1\") ; if [[ -n $BADSTATE ]] ; then echo \"False\" ; fi ; echo \"True\" ;", "command_pass": "True", "case_sensitive": "false"}], "fix": {"manual": "1. For each of your Chrome profiles, visit https://chrome.google.com/webstore/detail/ghostery/mlomiejdfkolichcflejclcbmpeaniij in Google Chrome.\n2. Select \"Add to Chrome\".\n3. Complete any required follow-up steps as instructed on the screen."}}, {"description": "All Google Chrome web browser profiles have enabled the ScriptSafe extension.", "confidence": "experimental", "tests": [{"type": "exact match", "command": "chrome_is_installed", "command_pass": 0, "case_sensitive": false}, {"type": "exact match", "command": "DISABLEREASONS=$(find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' extensions.settings.oiigbmnaadbkfbmpbfijlflahbdbdgdf.disable_reasons | grep -v \"does not exist\" | grep -v \"not found\") ; if [[ -n $DISABLEREASONS ]] ; then echo \"False\" ; exit ; fi ; BADSTATE=$(find ~/Library/Application\\ Support/Google/Chrome -name \"Preferences\" -maxdepth 2 | grep -v \"Guest Profile\" | grep -v \"System Profile\" | xargs -I{} python ./scripts/chrome_defaults.py read '{}' extensions.settings.oiigbmnaadbkfbmpbfijlflahbdbdgdf.state | grep -v \"1\") ; if [[ -n $BADSTATE ]] ; then echo \"False\" ; fi ; echo \"True\" ;", "command_pass": "True", "case_sensitive": "false"}], "fix": {"manual": "1. For each of your Chrome profiles, visit https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf in Google Chrome.\n2. Select \"Add to Chrome\".\n3. Complete any required follow-up steps as instructed on the screen."}}, {"description": "Google Chrome is the default web browser.", "confidence": "recommended", "tests": [{"type": "exact match", "command": "VERSIONER_PERL_PREFER_32_BIT=true perl -MMac::InternetConfig -le 'print +(GetICHelper \"http\")[1]'", "command_pass": "Google Chrome", "case_sensitive": "false"}], "fix": {"manual": "1. Install Google Chrome if not already installed.\n2. Open System Preferences.\n3. Select \"General\".\n4. Under \"Default web browser\", select \"Google Chrome\"."}}, {"description": "OSX/Keydnap malware is not present.", "confidence": "required", "reference": "http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/", "tests": [{"type": "exact match", "command": "if [ -e \"/Applications/Transmission.app/Contents/Resources/License.rtf\" ] ; then echo 1 ; else echo 0 ; fi", "command_fail": 1, "case_sensitive": false}, {"type": "exact match", "command": "if [ -e \"/Volumes/Transmission/Transmission.app/Contents/Resources/License.rtf\" ] ; then echo 1 ; else echo 0 ; fi", "command_fail": 1, "case_sensitive": false}, {"type": "exact match", "command": "if [ -e \"$HOME/Library/Application Support/com.apple.iCloud.sync.daemon/icloudsyncd\" ] ; then echo 1 ; else echo 0 ; fi", "command_fail": 1, "case_sensitive": false}, {"type": "exact match", "command": "if [ -e \"$HOME/Library/Application Support/com.apple.iCloud.sync.daemon/process.id\" ] ; then echo 1 ; else echo 0 ; fi", "command_fail": 1, "case_sensitive": false}, {"type": "exact match", "command": "if [ -e \"$HOME/Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist\" ] ; then echo 1 ; else echo 0 ; fi", "command_fail": 1, "case_sensitive": false}, {"type": "exact match", "command": "if [ -e \"/Library/Application Support/com.apple.iCloud.sync.daemon/\" ] ; then echo 1 ; else echo 0 ; fi", "command_fail": 1, "case_sensitive": false}, {"type": "exact match", "command": "if [ -e \"/Library/Application Support/com.apple.iCloud.sync.daemon/\" ] ; then echo 1 ; else echo 0 ; fi", "command_pass": 0, "command_fail": 1, "case_sensitive": false}], "fix": {"manual": "1. One or more of the files associated with the OSX/Keydnap malware was found. Please report this to the authors of osx-config-check via GitHub (https://github.com/kristovatlas/osx-config-check) or Twitter (https://twitter.com/kristovatlas).\n2. Refer to this link: http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/"}}]