Wed Jun 4 20:17:58 UTC 2008

Lockdown OS X

--

Apple are now publishing a set of OS X Security Configuration Guides to help system administrators know how to get the most secure installations of OS X set up.

The Leopard (OS X 10.5) guide walks through things like :-

• how to disable the wireless and BlueTooth
• disabling the camera and microphone
• disabling USB and FireWire mass storage devices
• configuring OpenFirmware passwords (don't use the letter U in a password …)
• how to add policy advisory notices on the login screens
• setting time restrictions on login accounts
• switching on Password Assistant to help in selecting “better” passwords
• disabling CD autorun
• locking down all of the user Preference screens
• setting ACLs on filesystem objects
• enabling FaileVault to encrypt user home directories, and securing swap space
• selecting Secure Erase for your system
• secure options for Mail.app, Safari, iChat, .Mac, iTunes
• setting up the Application firewall, as well as ipfw
• securing the sharing applications, BTMM, Remote Disk, VNC, FTP, SMB, CUPS, HTTP, SSH, ARD, etc.
• how the Authorization Rights system works
• configuring syslog and auditing