1.5.0

Improvements

• Self verify Lockdown's signature with minisign before doing anything (192b6e5)

Bug Fixes

• disable_mail_remote_content: Use -bool instead of -int with defaults write (e6a41e8)
• check_efi_integrity: Specifically check Model Name field rather than whole output of system_profiler SPiBridgeDataType (ad8e315)

1.4.0

Improvements

• bash 4.x is no longer a requirement (061d158)
  • Lockdown will now run on stock macOS without needing to install bash via brew 🎉
  • The README.md Requirements section was removed as a result of this change (0fdc203)

1.3.1

Improvements

• Added ability to skip fix mode confirmation/ permission dialogue. Add force after the fix keyword e.g. ./Lockdown fix force (7d2194f)

1.3.0

Minor improvements

• Check if running on a Mac (04400e2)
• Extract macos_name from System Information.app (5cd91f5)
  • See #3
• Don't run eficheck on Macs with a T2 chip (490494c)
  • See #4

Bug Fixes

• check_firmware_password_set: Supress grep output (04168aa)

1.2.0

Verification

• Added the ability to verify the executable Lockdown file via Minisign
• Added Lockdown.minisig signature file (baf5047)
• See the README Verification section for more

Minor improvements

• Query fdesetup status for FileVault status instead of greping diskutil apfs list (79ede97)

1.1.1

Bug Fixes

• Update compatibility check to ignore patch version (cbd86b6)
• Increment variable used to track number of utility functions (d3e29da)

1.1.0

Minor improvements

• Added a check to ensure the script is only run on the supported OS version (dd0f91b)

Bug Fixes

• Fixed typo (6cdb10b)

1.0.1

Minor improvements and bug fixes

• Changed language from item(s) to setting(s) (4350a5e)
• When running fix mode the audit results are no longer also printed (822bd0f)
• Use sudo --prompt to get sudo privileges rather than waiting for the first command which uses sudo to prompt the user for their password (add16bb & d8ca512)
  • For enable_admin_password_preferences invoke the security write command with sudo to prevent the system password prompt appearing (dadcfe0)
• Update fix mode output messages (c36576f)
• main: Remove condition from final else case (b37561d)

Initial Release

Reached a good baseline of eighteen (18) settings to audit, can remediate thirteen (13).

All audit and fix commands are considered correct and stable.

Settings:

enable automatic updates
enable gatekeeper
enable firewall
enable admin password preferences
enable terminal secure entry
disable firewall builin software
disable firewall downloaded signed
disable ipv6
disable mail remote content
disable remote apple events
disable remote login
set airdrop contacts only
set appstore update check daily
check SIP
check kext loading consent
check EFI integrity
check filevault
check firmware password set