如何使用osxlockdown保护和锁定Apple OS X 10.11(El Capitan)
时间:2020-01-09 10:39:40 来源:igfitidea点击:
有没有简便的方法来审核和锁定(安全)Apple OS X 10.11(El Capitan)Unix操作系统?
是的,您可以使用osxlockdown工具。
它旨在审核和修复OS X 10.11(El Capitan)上的安全配置设置。
但是,此工具可能会出于安全性的目的禁用功能。
确保事先备份Macbook/pro/min。
下载osxlockdown
打开终端应用程序,然后执行以下命令:
$ cd $ mkdir osxlockdown $ cd osxlockdown ## wget need to be installed using brew ## $ wget https://github.com/SummitRoute/osxlockdown/raw/master/osxlockdown $ wget https://github.com/SummitRoute/osxlockdown/raw/master/commands.json
输出示例:
--2014-12-31 00:12:33-- https://github.com/SummitRoute/osxlockdown/raw/master/commands.json Resolving github.com... 192.30.252.129 Connecting to github.com|192.30.252.129|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://raw.githubusercontent.com/SummitRoute/osxlockdown/master/commands.json [following] --2014-12-31 00:12:35-- https://raw.githubusercontent.com/SummitRoute/osxlockdown/master/commands.json Resolving raw.githubusercontent.com... 103.245.222.133 Connecting to raw.githubusercontent.com|103.245.222.133|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 12463 (12K) [text/plain] Saving to: 'commands.json' commands.json 100%[==========================================================================================>] 12.17K --.-KB/s in 0s 2014-12-31 00:12:36 (64.2 MB/s) - 'commands.json' saved [12463/12463]
如果在Mac上未安装wget命令,请尝试curl命令获取文件:
$ curl -LO https://github.com/SummitRoute/osxlockdown/raw/master/osxlockdown $ curl -LO https://github.com/SummitRoute/osxlockdown/raw/master/commands.json
设定权限
执行以下命令:
$ chmod +x osxlockdown
如何检查OS X的安全性设置?
执行以下命令:
$ sudo ./osxlockdown
输出示例:
osxlockdown命令输出
如何保护和修复失败的安全设置?
您需要运行以下命令(同样,这将保护系统安全,但将禁用许多功能,例如AirDrop,Bluetooth等):
$ sudo ./osxlockdown --remediate
再次验证:
$ sudo ./osxlockdown
其他选择
执行以下命令:
$ ./osxlockdown --help
Usage of ./osxlockdown:
-commands_file string
JSON file containing the commands and configuration (default "commands.json")
-hide_passes
Disables printing the rules that passed
-hide_summary
Disables printing the summary
-remediate
Implements fixes for failed checks. WARNING: Beware this may break things.
