# backup
$ sudo launchctl bslist -j > default-launchctl-bslist.txt
# PRAM Clear
# $ sudo nvram -c -xp
0) Remove Extensions
# Bluetooth
$ sudo srm -rf /System/Library/Extensions/IOBluetooth*
# iSight
$ sudo srm -rf /System/Library/Extensions/Apple_iSight.kext/
$ sudo srm -rf /System/Library/Extensions/IOUSBFamily.kext/Contents/PlugIns/AppleUSBVideoSupport.kext/
# Touch
$ sudo touch /System/Library/Extensions/
# blued
$ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.blued.plist
$ sudo chmod 600 /usr/sbin/blued
$ sudo reboot
1) mDNSResponder.plist
$ ps aux | grep mDNS
# => ... /usr/sbin/mDNSResponder -launchd$ sudo vi /System/Library/com.apple.mDNSResponder.plist
$ sudo vi /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
<array>
<string>/usr/sbin/mDNSResponder</string>
<string>-launchd</string>
<string>-NoMulticastAdvertisements</string>
</array>
# Reload com.apple.mDNSResponder.plist
$ sudo launchctl unload /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
$ sudo launchctl load /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
$ ps aux | grep mDNS
# => .... /usr/sbin/mDNSResponder -launchd -NoMulticastAdvertisements
See: support.apple.com/kb/HT3789
2) change mode
$ man samba
$ apropos smbd
$ sudo chmod 600 /usr/sbin/nmbd
$ sudo chmod 600 /usr/sbin/smbd
$ sudo chmod 600 /usr/sbin/cupsaddsmb
$ sudo chmod 600 /usr/bin/smb*
$ sudo chmod 600 /usr/bin/nmblookup
$ sudo chmod 600 /etc/smb.conf
$ sudo chmod 600 /etc/smb.conf.template
# httpd
$ sudo chmod 600 /usr/sbin/httpd
# sshd
$ sudo chmod 600 /usr/sbin/sshd
# ftpd
# sudo chmod 600 /usr/libexec/ftpd
# nfsd
$ sudo chmod 600 /sbin/nfsd
# Apple FileServer
# $ ls -la /usr/sbin/AppleFileServer
$ sudo chmod 0 /System/Library/CoreServices/AppleFileServer.app/Contents/MacOS/AppleFileServer
# ae server (Apple Event)
# $ more /System/Library/LaunchDaemons/com.apple.eppc.plist
$ sudo chmod 0 /System/Library/Frameworks/CoreServices.framework/Frameworks/AE.framework/Versions/A/Support/AEServer
# Problem Reporter
$ sudo chmod 600 /System/Library/CoreServices/Problem\ Reporter.app/Contents/MacOS/Problem\ Reporter
See: http://www.macosxhints.com/
# Plug-Ins
$ ls -la /Library/Internet\ Plug-Ins/
$ sudo chmod 700 /System/Library/Frameworks/JavaVM.framework/Resources/JavaPluginCocoa.bundle
$ sudo chmod 700 /Library/Internet\ Plug-Ins/Flash Player.plugin
$ sudo chmod 700 /Library/Internet\ Plug-Ins/QuickTime Plugin.plugin
$ sudo chmod 0 /Library/Internet\ Plug-Ins/NP-PPC-Dir-Shockwave
$ ls -la /Library/Internet\ Plug-Ins/
3) launchctl unload
$ sudo launchctl unload -w /System/Library/LaunchDaemons/org.cups.cupsd.plist
$ sudo launchctl unload -w /System/Library/LaunchDaemons/org.x.privileged_startx.plist
$ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.webdavfs_load_kext.plist
# com.apple.smb.server.preferences.plist com.apple.smb.sharepoints.plist com.apple.smbfs_load_kext.plist
$ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.smb.sharepoints.plist
$ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.smb.server.preferences.plist
$ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.smbfs_load_kext.plist
$ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.RFBRegisterMDNS_ScreenSharing.plist
$ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.RFBRegisterMDNS_RemoteManagement.plist
$ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.printtool.plist
$ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.portmap.plist
$ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.nfsd.plist
$ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.RemoteDesktop.PrivilegeProxy.plist
$ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.IIDCAssistant.plist
# 2010-03-30
$ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.dashboard.advisory.fetch.plist
# /System/Library/Filesystems/AppleShare/check_afp.app/Contents/MacOS/check_afp
# $ more /System/Library/LaunchDaemons/com.apple.afpfs_checkafp.plist
# /System/Library/Filesystems/AppleShare/afpLoad
# $ more /System/Library/LaunchDaemons/com.apple.afpfs_afpLoad.plist
# /System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/suhelperd
# $ more /System/Library/LaunchDaemons/com.apple.suhelperd.plist
$ sudo launchctl bslist -j
$ sudo lsof -i
4) Spotlight
# as admin-user
$ sudo chmod 600 /System/Library/CoreServices/Search.bundle/Contents/MacOS/Search
$ sudo mdutil -i off /Volumes/abc
$ sudo mdutil -E /Volumes/abc
$ sudo mdutil -s /Volumes/abc
See: http://www.macosxhints.com/article.php?story=20091030173117381
5) fseventsd
$ sudo touch /Volumes/abc/.fseventsd/no_log
$ sudo touch /Users/foo/.fseventsd/no_log
$ sudo chmod 644 /Users/foo/.fseventsd/no_log
$ sudo chown -R foo:staff /Users/foo/.fseventsd/
See: ファイルシステムイベントストレージの防止
# default value "ttyskeepawake" of pmset is 1.
$ sudo pmset ttyskeepawake 0
See: http://forums.applenova.com/showthread.php?t=33172
$ sudo reboot
$ Login as admin-user
$ syslog -w 120 | more
# fseventsd[xx] <Critical>: Logging disabled completely for device:1: /Users/foo
6) Login as User foo
% rm ~/.fseventsd/000000*
% mdutil -i off /Users/foo
% mdutil -E /Users/foo
% mdutil -s /Users/foo
% pmset -g
% syslog -w 30
# What is this warning ?
# (com.apple.ReportCrash) <Warning>: Falling back to default Mach exception handler. Could not find: com.apple.ReportCrash.Self
% more /System/Library/LaunchAgents/com.apple.ReportCrash.Self.plist
% launchctl list | grep Repo
- 0 com.apple.ReportPanic
- 0 com.apple.ReportCrash.Self
- 0 com.apple.ReportCrash
See: http://www.insanelymac.com/forum/index.php?showtopic=192563
# User foo
% mkdir ~/Library/LaunchAgents
# if you did't set umask
# % chmod 700 ~/Library/LaunchAgents
% cd ~/Library/LaunchAgents
% cp /System/Library/LaunchAgents/com.apple.ReportCrash.Self.Plist .
# User admin
$ su admin-user
$ cd /path/to/backup-dir/
$ sudo mv /System/Library/LaunchAgents/com.apple.ReportCrash.Self.Plist .
# logout and login as User foo
% syslog -w
# not found, "... (com.apple.ReportCrash) <Warning>: (...) Could not find: com.apple.ReportCrash.Self"
[2010-02-11]
# RemotManagement
# $ sudo srm -rf /System/Library/CoreServices/RemoteManagement/
# or
# cd /path/to/backup-dir/
# $ sudo mv /System/Library/CoreServices/RemoteManagement/ .
[2010-02-12]
# User foo
# % launchctl list | grep Remote
# => exist.
# Admin user
# $ grep 'Remote' /System/Library/LaunchAgents/*
# $ sudo mv /System/Library/LaunchAgents/com.apple.RemoteDesktop.plist /path/to/backup-dir/
# $ sudo mv /System/Library/LaunchAgents/com.apple.ScreenSharing.plist /path/to/backup-dir/
# reboot
# User foo
# % launchctl list | grep Remote
# => not exist.
[2010-05-31]
Apple Releases Snow Leopard Security Configuration Guide
http://blog.intego.com/2010/05/26/apple-releases-snow-leopard-security-configuration-guide/
Apple has released their Snow Leopard Security Configuration Guide,
Mac OS X Security Configuration Guides
http://www.apple.com/support/security/guides/
0 件のコメント:
コメントを投稿