44r0n7/privacy.sexy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

win, linux, mac: fix typos and improve naming

Browse Source 
- Use instruction format such as "do this, do that" to provide clear,
  direct instructions. This format minimize confusion and is easy to
  follow. They are specific and leave no room for interpretation,
  stating precisely what needs to be done without ambiguity.
- Fix typos and grammar issues.
- Improve consistency in script and category names.
- Revise sentences for more natural English language flow.
- Change brand name casing to match official branding.
- Change title case (all words start capitalized) to sentence case.
- Prioritize consistency over variations.
- Add minor documentation to explain scripts where the names are not
  clear.
- Add naming guidelines.
This commit is contained in:
undergroundwires
2023-10-13 20:14:33 +02:00
parent bab6316e76
commit 67c3677621
4 changed files with 1503 additions and 1268 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docs/collection-files.md
View File

@@ -174,3 +174,19 @@
- `endCode:` *`string`* (**required**)
- Code that'll be inserted at the end of user created script.
- Global variables such as `$homepage`, `$version`, `$date` can be used using [parameter substitution](./templating.md#parameter-substitution) code syntax such as `Welcome to {{ $homepage }}!`
## Naming guidelines
- Prioritize consistency throughout all names.
- Use an instruction format like "do this, do that" for clear, direct guidance. This approach reduces potential confusion and offers easy-to-follow steps. It provides specific, unambiguous instructions.
- Ensure brand names adhere to their official casing.
- Choose clear and uncomplicated language.
- Favor the terms:
- "Disable" over "Turn off"
- "Configure" over "Set up"
- "Clear" over "Erase" or "Clean"
- "Minimize" over "Limit" or "Reduce" (when it enhances clarity)
- "Remove" over "Uninstall"
- Structure your phrases for clarity.
- For instance, "Disable XX telemetry" or "Clear XX data" are preferred over "Clear data from XX", "Disable telemetry in XX", or "Clear data of XX".
- Use sentence case rather than Title Case.

226
src/application/collections/linux.yaml
View File

@@ -1,4 +1,4 @@
# Structure documented in "docs/collection-files.md"
# Structure is documented in "docs/collection-files.md"
os: linux
scripting:
language: shellscript
@@ -135,7 +135,7 @@ actions:
It uses `~/.ash_history` as the history file [3].
[1]: https://web.archive.org/web/20221030142637/https://en.wikipedia.org/wiki/Almquist_shell#Embededed_Linux "Almquist shell - Wikipedia | wikipedia.org"
[1]: https://web.archive.org/web/20221030142637/https://en.wikipedia.org/wiki/Almquist_shell#Embedded_Linux "Almquist shell - Wikipedia | wikipedia.org"
[2]: https://web.archive.org/web/20221029135416/https://android.googlesource.com/platform/system/core/+/master/shell_and_utilities/README.md "Android's shell and utilities | android.googlesource.com"
[3]: https://web.archive.org/web/20221029135513/https://github.com/brgl/busybox/blob/abbf17abccbf832365d9acf1c280369ba7d5f8b2/shell/ash.c#L13626 "busybox/ash.c source code | github.com/brgl/busybox"
call:
@@ -223,8 +223,8 @@ actions:
1. Temporary Windows files. Wine saves temporary Windows files at `<wine folder>/drive_c/windows/temp/` [1] [2].
2. Temporary Wine application cache [3] that is not connected to inner Windows files.
[1]: https://web.archive.org/web/20180328090608/http://www.zdnet.com/article/keeping-temp-folders-clean/ "Keeping temp folders clean | ZDNet | dnet.com"
[2]: https://web.archive.org/web/20221029135944/https://ubuntuforums.org/showthread.php?t=1006132 "Why does Wine have its own temp folders? | UbuntuForums | ubuntuforums.org"
[1]: https://web.archive.org/web/20180328090608/http://www.zdnet.com/article/keeping-temp-folders-clean/ "Keeping temp folders clean | ZDNet | zdnet.com"
[2]: https://web.archive.org/web/20221029135944/https://ubuntuforums.org/showthread.php?t=1006132 "Why does Wine have its own temp folders? | UbuntuForums | ubuntuforums.org"
[3]: https://web.archive.org/web/20221029135955/https://wiki.debian.org/Wine#Mono_and_Gecko "Wine - Debian Wiki | wiki.debian.org"
code: |-
# Temporary Windows files for global prefix
@@ -232,7 +232,7 @@ actions:
# Wine cache:
rm -rfv ~/.cache/wine/
-
name: Clear Winetricks downloads cache
name: Clear Winetricks cache
recommend: standard
docs: |-
Winetricks is a helper script to download and install various redistributable runtime libraries
@@ -254,7 +254,7 @@ actions:
docs: |-
LibreOffice is a free and open-source office productivity software suite, a project of The Document Foundation (TDF) [1].
`registrymodifications.xcu` is an XML file that contains the user-specified settings [2].
`registrymodifications.xcu` is an XML file that contains the user-specified settings [2].
It is found inside the user settings directory (`~/.config/libreoffice/4/user`) [2].
It includes thumbnails generated [3], and a recent document list [4].
@@ -263,7 +263,7 @@ actions:
[1]: https://web.archive.org/web/20221029140306/https://en.wikipedia.org/wiki/LibreOffice "LibreOffice | Wikipedia | en.wikipedia.org"
[2]: https://web.archive.org/web/20221029140313/https://wiki.documentfoundation.org/images/b/b0/LibreOffice_config_extension_writing.pdf "Config specification | LibreOffice documentation | wiki.documentfoundation.org"
[3]: https://web.archive.org/web/20221029140438/https://askubuntu.com/questions/996397/where-are-libre-office-thumbnails-stored/996528 "Where are Libre Office thumbnails stored? | Ask Ubuntu Forums | askubuntu.com"
[4]: https://web.archive.org/web/20221029140501/https://forum.openoffice.org/en/forum/viewtopic.php?f=6&t=102020 "Restoring Recent documents list < Apache OpenOffice Community Forum | forum.openoffice.org"
[4]: https://web.archive.org/web/20221029140501/https://forum.openoffice.org/en/forum/viewtopic.php?f=6&t=102020 "Restoring Recent documents list | Apache OpenOffice Community Forum | forum.openoffice.org"
code: |-
# Global installation
rm -f ~/.config/libreoffice/4/user/registrymodifications.xcu
@@ -315,7 +315,7 @@ actions:
parameters:
file: cookies.sqlite-shm
-
name: Clear Thunderbird session restore (open windows and tabs)
name: Clear Thunderbird session restoration data (open windows and tabs)
docs: |-
The default window layout is saved in the session file (`session.json`) [1].
It includes data on what tabs are open [1].
@@ -326,7 +326,7 @@ actions:
parameters:
file: session.json
-
name: Clear Thunderbird accounts
name: Clear Thunderbird passwords
docs: |-
`logins.json` stores encrypted passwords [1].
It replaces `signons.sqlite`, which had replaced `signons.txt` [1].
@@ -397,7 +397,7 @@ actions:
-
function: DeleteFileFromThunderbirdProfiles
parameters:
file: abook.mab # Thunderbird < v78
file: abook.mab # < Thunderbird v78
-
name: Clear Thunderbird collected address book
docs: |-
@@ -419,9 +419,9 @@ actions:
-
function: DeleteFileFromThunderbirdProfiles
parameters:
file: history.mab # Thunderbird < v78
file: history.mab # < Thunderbird v78
-
name: Clear Thunderbird's history of clicked links
name: Clear clicked links history in Thunderbird
docs: |-
Thunderbird saves annotations, bookmarks, favorite icons, input history, keywords, and browsing history
(a list of pages visited) [1].
@@ -444,11 +444,11 @@ actions:
parameters:
file: places.sqlite.wal
-
category: Clear development tools data
category: Clear data from development tools
docs: |-
This category includes tools that are typically used by developers, also known as "developer tools".
These tools allow a developer to create, test, and debug software.
Their data may leak data about the developer, his/her usage patterns, the environment used for development or the developed project.
Their data may leak data about the developer, their usage patterns, the environment used for development or the developed project.
children:
-
name: Clear Python history
@@ -479,7 +479,7 @@ actions:
[1]: https://web.archive.org/web/20221029142001/https://en.wikipedia.org/wiki/Visual_Studio_Code "Visual Studio Code | Wikipedia | en.wikipedia.org"
children:
-
name: Clear Visual Studio Code Crash Reports
name: Clear Visual Studio Code crash reports
recommend: standard
docs: |-
Visual Studio Code stores crash reports that later on are uploaded to Microsoft servers by default [1].
@@ -559,7 +559,7 @@ actions:
[1]: https://web.archive.org/web/20221029142932/https://learn.microsoft.com/en-us/cli/azure/ "Azure Command-Line Interface (CLI) - Overview | Microsoft Learn | learn.microsoft.com"
children:
-
name: Clear Azure CLI telemetry
name: Clear Azure CLI telemetry data
recommend: standard
docs: |-
The Azure CLI stores telemetry in the `telemetry` directory and `telemetry.txt`, `logs/telemetry.txt` files [1].
@@ -591,7 +591,7 @@ actions:
command: az
code: az cache purge
-
name: Clear Azure login data (logs out of the current session)
name: Clear Azure login data (this will log you out of the current session)
recommend: strict
docs: |-
This script cleans the login data in three steps:
@@ -652,7 +652,7 @@ actions:
rm -rfv /.cache/epiphany/*
# Flatpak installation
rm -rfv ~/.var/app/org.gnome.Epiphany/cache/*
# Snap insallation
# Snap installation
rm -rfv ~/~/snap/epiphany/common/.cache/*
-
name: Clear GNOME Web browsing history
@@ -733,7 +733,7 @@ actions:
# Snap installation
rm -rfv ~/snap/firefox/common/.cache/*
-
name: Clear Firefox Crash Reports
name: Clear Firefox crash reports
recommend: standard
docs: |-
Firefox stores crash reports in `~/.mozilla/firefox/Crash Reports/` to submit them later [1].
@@ -769,7 +769,7 @@ actions:
parameters:
path: cookies.sqlite
-
name: Clear Firefox URL history (downloads, bookmarks, website visits, annotations, icons, inputs, keywords)
name: Clear Firefox browsing history (URLs, downloads, bookmarks, visits, etc.)
docs: |-
The file "places.sqlite" stores the annotations, bookmarks, favorite icons, input history, keywords, and browsing history (a record of visited pages) [1].
The tables include [1]:
@@ -777,7 +777,7 @@ actions:
- `moz_annos`: Annotations
- `moz_bookmarks`: Bookmarks
- `moz_bookmarks_roots`: Bookmark roots i.e. places, menu, toolbar, tags, unfiled
- `moz_favicons`: Favourite icons - including URL of icon
- `moz_favicons`: Favorite icons - including URL of icon
- `moz_historyvisits`: A history of the number of times a site has been visited
- `moz_inputhistory`: A history of URLs typed by the user
- `moz_items_annos`: Item annotations
@@ -860,7 +860,7 @@ actions:
parameters:
path: formhistory.sqlite
-
name: Clear Firefox multi-account containers data
name: Clear Firefox "Multi-Account Containers" data
docs: |-
The `containers.json` file stores the details of containers used by the [Container Tabs](https://web.archive.org/web/20221029214648/https://support.mozilla.org/en-US/kb/containers) feature [1].
@@ -882,7 +882,7 @@ actions:
parameters:
path: sessionstore.jsonlz4
-
category: Clear system and/or kernel data
category: Clear system and kernel usage data
docs: |-
Your system (operating system along with other software on it) and kernel store
data that may reveal your behavior and can be considered sensitive. These scripts clean
@@ -916,7 +916,7 @@ actions:
sudo rm -rfv /var/crash/*
sudo rm -rfv /var/lib/systemd/coredump/
-
name: Clear system (journald) logs
name: Clear system logs (`journald`)
docs: |-
journald is the part of systemd that captures, queries, and removes logs when needed [1].
It allows removing logs by setting `--vacuum-time` [2].
@@ -974,7 +974,7 @@ actions:
and acts like a database of all the recently used files [3].
GTK is used by many GUI software. GNOME uses the GTK+ library [2], while KDE uses the QT library [4].
`recently-used.xbel` is also used by other third-party GTK 3 based applications such as Firefox,
`recently-used.xbel` is used by other third-party GTK 3 based applications such as Firefox,
Visual Studio Code (and all other Electron applications [5]), Thunderbird…
See also: ["List of GTK applications | Wikipedia"](https://web.archive.org/web/20221029221112/https://en.wikipedia.org/wiki/List_of_GTK_applications).
@@ -995,7 +995,7 @@ actions:
name: Clear KDE-tracked recently used items list
recommend: strict
docs: |-
`.desktop` files are used by KDE to store recent documents and are exposed as an API [1].
`.desktop` files are used by KDE to store recent documents and are exposed through an API [1].
They are not only specific to the desktop environment, but also used by applications.
Likewise, they are used by the KDE implementation of QT components, such as [QFileDialog](https://web.archive.org/web/20221029221146/https://doc.qt.io/qt-5/qfiledialog.html)
@@ -1013,10 +1013,10 @@ actions:
# From Flatpak packages
rm -rfv ~/.var/app/*/data/*.desktop
-
name: Clear trash
name: Empty trash
docs: |-
The trash location is standardized by ["The FreeDesktop.org Trash specification"](https://web.archive.org/web/20221029151648/https://specifications.freedesktop.org/trash-spec/trashspec-latest.html) [1].
It uses the `$XDG_DATA_HOME/Trash` directory, [1] which defaults to `$HOME/.local/share/Trash` [2].
It uses the `$XDG_DATA_HOME/Trash` directory [1], which defaults to `$HOME/.local/share/Trash` [2].
Flatpak applications may use the same trash using special APIs [3]. However, Snap applications do not have an API to
use the global trash [4].
@@ -1104,7 +1104,7 @@ actions:
Snap is a software packaging and deployment system developed by Canonical [1].
The packages are called snaps, and the tool for using them is called snapd [1].
Snap is available on many distros and is supported out-of-the-box by distros
such as Ubuntu, Kubuntu, Xubuntu, Manjoro, Zorin OS, KDE Neon and Solus among
such as Ubuntu, Kubuntu, Xubuntu, Manjaro, Zorin OS, KDE Neon and Solus among
others [1].
[1]: https://web.archive.org/web/20221029152606/https://en.wikipedia.org/wiki/Snap_%28software%29 "Snap | Wikipedia | en.wikipedia.org"
@@ -1154,7 +1154,7 @@ actions:
[1]: https://web.archive.org/web/20221029153354/https://en.wikipedia.org/wiki/Flatpak "Flatpak - Wikipedia | en.wikipedia.org"
children:
-
name: Uninstall orphaned Flatpak runtimes
name: Remove orphaned Flatpak runtimes
recommend: standard
docs: |-
This script removes runtimes and extensions that are not used by installed
@@ -1199,8 +1199,8 @@ actions:
-
category: Clear APT data
docs: |-
Advanced Package Tool (or APT) is a free software user interface that works with
core libraries to handle the installation and removal of software on Debiana, and
Advanced Package Tool (APT) is a free software user interface that works with
core libraries to handle the installation and removal of software on Debian, and
Debian-based Linux distributions [1].
See also: ["APT | Debian Wiki"](https://web.archive.org/web/20221029221422/https://wiki.debian.org/Apt).
@@ -1222,7 +1222,7 @@ actions:
command: apt-get
code: sudo apt-get autoclean
-
name: Clear APT package list
name: Clear APT package file lists
docs: |-
This script removes package file lists. APT stores a copy of those files (in `/var/lib/apt/lists/`)
and searches are done within those local files to avoid going through the network for every search [1].
@@ -1250,7 +1250,7 @@ actions:
command: apt-get
code: sudo apt-get -y autoremove --purge
-
name: Clear APT package (.deb file) cache
name: Clear cache for APT packages
docs: |-
This script runs the `clean` command. It clears out the local repository of retrieved package files [1],
meaning that it deletes downloaded packages (`.deb`) already installed (and no longer needed) [2].
@@ -1266,7 +1266,7 @@ actions:
command: apt-get
code: sudo apt-get clean
-
category: Clear all cache
category: Clear shared caches
docs: |-
The scripts in this category bulk delete all cache entries for the given scope.
These scripts are designed to affect more than a single application and do a wide range of cleaning.
@@ -1303,13 +1303,13 @@ actions:
such as [2]:
- Locally-generated fonts (`/var/cache/fonts`)
- Locally-formatted manual pages (`/var/cache/man`)
- WWW proxy or cache data (`/var/cache/www`)
- WWW proxy or cache data (`/var/cache/www`)
[1]: https://web.archive.org/web/20130511220135/http://www.lindevdoc.org/wiki//var/cache "/var/cache - Linux Developer's Documentation"
[2]: https://web.archive.org/web/20221029154623/https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s05.html "5.5. /var/cache : Application cache data | refspecs.linuxfoundation.org"
code: rm -rf /var/cache/*
-
name: Clear cache from Flatpak applications
name: Clear Flatpak application cache
docs: |-
Non-essential user-specific data is stored in `~/.var/app/<app-id>/cache` by Flatpak applications [1].
This directory points to `XDG_CACHE_HOME` [1] from the XDG base directory specification [2].
@@ -1318,7 +1318,7 @@ actions:
[2]: https://web.archive.org/web/20221029151712/https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html "XDG Base Directory Specification | specifications.freedesktop.org"
code: rm -rfv ~/.var/app/*/cache/*
-
name: Clear cache from Snap applications
name: Clear Snap application cache
docs: |-
Application caches are isolated per application and stored in the `~/snaps/APP-NAME/VERSION/.cache`
folders for Snap applications [1].
@@ -1408,7 +1408,7 @@ actions:
[4]: https://web.archive.org/web/20221030133248/https://www.debian.org/legal/privacy "Debian -- Privacy Policy | www.debian.org"
children:
-
category: Disable sending package statistics (popcon)
category: Disable sending of package statistics (popcon)
docs: |-
Popularity Contest (or popcon) collects statistical data to determine which packages are the most popular [1].
It sends a list of packages installed and the access and change times of relevant files to the server via email
@@ -1433,11 +1433,11 @@ actions:
[4]: https://web.archive.org/web/20221029160841/https://popcon.debian.org/FAQ "FAQ | popcon | popcon.debian.org"
children:
-
name: Opt-out of the popularity contest
name: Disable participation in Popularity Contest
recommend: standard
docs: |-
`popularity-contest` checks `/etc/popularity-contest.conf` for the value of `PARTICIPATE` to send data [1].
Configuring this configuration allows you to opt-out of the submission of data [1].
Configuring this configuration allows you to opt out of the submission of data [1].
[1]: https://web.archive.org/web/20221029161047/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=172824 "#172824 - popularity-contest: dpkg-reconfigure popularity-contest does not include PARTICIPATE=yes - Debian Bug report logs | bugs.debian.org"
code: |-
@@ -1455,7 +1455,7 @@ actions:
echo "Skipping because configuration file ($config_file) is not found. Is popcon installed?"
fi
-
name: Uninstall Popularity Contest (popcon)
name: Remove Popularity Contest (`popcon`) package
recommend: strict
docs: |-
This script deletes the `popularity-contest` package.
@@ -1501,7 +1501,7 @@ actions:
[2]: https://web.archive.org/web/20221029161559/https://manpages.ubuntu.com/manpages/trusty/man1/reportbug.1.html "Ubuntu Manpage: reportbug - reports a bug to a debbugs server | manpages.ubuntu.com"
children:
-
name: Uninstall `reportbug` package
name: Remove `reportbug` package
recommend: strict
docs: |-
This script uninstalls `reportbug` package, which includes the tool itself.
@@ -1513,7 +1513,7 @@ actions:
parameters:
packageName: reportbug
-
name: Uninstall Python modules for reportbug
name: Remove Python modules for `reportbug`
recommend: strict
docs: |-
This script uninstalls `python3-reportbug`.
@@ -1526,7 +1526,7 @@ actions:
parameters:
packageName: python3-reportbug
-
name: Uninstall UI for reportbug (`reportbug-gtk` package)
name: Remove UI for reportbug (`reportbug-gtk` package)
recommend: strict
docs: |-
This script uninstalls `reportbug-gtk`. It consists of a desktop file and an icon, and it has dependencies to enable the
@@ -1559,7 +1559,7 @@ actions:
[2]: https://web.archive.org/web/20221029161821/https://pkgstats.archlinux.de/privacy-policy "Privacy policy | pkgstats | pkgstats.archlinux.de"
children:
-
name: Uninstall `pkgstats` package
name: Remove `pkgstats` package
recommend: strict
docs: |-
`pkgstats` package submits a list of installed packages to the Arch Linux project [1].
@@ -1573,7 +1573,7 @@ actions:
parameters:
packageName: pkgstats
-
name: Disable weekly pkgstats submission
name: Disable weekly `pkgstats` submission
recommend: standard
docs: |-
`pkgstats` is set up to automatically run every week using systemd/timers [1]. Once disabled,
@@ -1609,7 +1609,7 @@ actions:
parameters:
packageName: zorin-os-census
-
name: Remove the Zorin OS census unique ID
name: Remove Zorin OS census unique ID
docs: |-
Census submits a unique ID associated with the installation when pings are sent [1].
Removing the identifier reduces the risk of your computer being identified.
@@ -1634,7 +1634,7 @@ actions:
[2]: https://web.archive.org/web/20221029160241/https://en.wikipedia.org/wiki/List_of_Linux_distributions#Ubuntu-based "List of Linux distributions - Wikipedia | en.wikipedia.org"
children:
-
name: Disable online search results (collects queries)
name: Disable online search result collection (collects queries)
recommend: strict
docs: |-
Online search is introduced in Ubuntu Lens in Ubuntu 12.10 [1]. It has been known as "Shopping Lens",
@@ -1652,7 +1652,7 @@ actions:
code: gsettings set com.canonical.Unity.Lenses remote-content-search none
revertCode: gsettings set com.canonical.Unity.Lenses remote-content-search all
-
category: Disable Ubuntu reporting metrics
category: Disable metrics reporting in Ubuntu
docs: |-
`ubuntu-report` reports hardware and other collected metrics like installer or upgrade information [1].
@@ -1682,7 +1682,7 @@ actions:
[2]: https://web.archive.org/web/20221029162538/https://github.com/ubuntu/ubuntu-report/blob/8e6030ff9bbeacacf41a9b58ea638a5c9a6f864d/README.md "More diagnostics data from desktop | lists.ubuntu.com"
children:
-
name: Opt-out of Ubuntu reporting metrics
name: Disable participation in metrics reporting in Ubuntu
recommend: standard
docs: |-
This script uses the `ubuntu-report` CLI to opt you out of data submission [1].
@@ -1708,7 +1708,7 @@ actions:
>&2 echo 'Failed to opt in.'
fi
-
name: Uninstall Ubuntu Report tool (`ubuntu-report`)
name: Remove Ubuntu Report tool (`ubuntu-report`)
recommend: strict
docs: |-
`ubuntu-report` is installed as an apt package and can be uninstalled in this way [1].
@@ -1762,7 +1762,7 @@ actions:
[4]: https://web.archive.org/web/20221029150025/https://support.starlabs.systems/kb/guides/disable-program-problem-reports "Disable program problem reports - Star Labs | support.starlabs.systems"
children:
-
name: Uninstall `apport` package
name: Remove `apport` package
recommend: strict
docs: |-
The `apport` package is responsible for automatically generating crash reports for debugging [1].
@@ -1804,7 +1804,7 @@ actions:
parameters:
serviceName: apport
-
name: Opt-out of Apport error messaging system
name: Disable participation in Apport error messaging system
recommend: standard
docs: |-
Opting out of Apport prevents it from creating crash files after a crash [1].
@@ -1853,7 +1853,7 @@ actions:
[3]: https://web.archive.org/web/20221029162829/https://help.ubuntu.com/community/ReportingBugs#A4._Collect_information_about_the_bug "ReportingBugs - Community Help Wiki | help.ubuntu.com"
children:
-
name: Uninstall `whoopsie` package
name: Remove `whoopsie` package
docs: |-
This script uninstalls the `whoopsie` package.
This package is used for error tracker submission in Ubuntu [1].
@@ -1879,7 +1879,7 @@ actions:
parameters:
serviceName: whoopsie
-
name: Opt-out of reporting crashes
name: Disable crash report submissions
recommend: standard
docs: |-
Once opted-out Whoopsie disables the related service [1].
@@ -1897,7 +1897,7 @@ actions:
sudo sed -i 's/report_crashes=false/report_crashes=true/' /etc/default/whoopsie
fi
-
category: Disable Zeitgeist (activity logging framework)
category: Disable Zeitgeist activity logging
docs: |-
Zeitgeist logs files opened, websites visited, conversations, and emails and provides
this information over an API to applications [1].
@@ -1931,7 +1931,7 @@ actions:
[7]: https://web.archive.org/web/20221029164405/https://launchpad.net/synapse-project "Synapse in Launchpad | launchpad.net"
children:
-
name: Stop the Zeitgeist deamon
name: Kill Zeitgeist daemon process
docs: |-
`zeitgeist-daemon` is a daemon providing an activity log [1]. Activity logs consist of a central
database for events such as file usage, browser history, and calendar entries [1].
@@ -1957,7 +1957,7 @@ actions:
# > used, zeitgeist-daemon will refuse to start if another running instance is found.
revertCode: zeitgeist-daemon --replace
-
name: Prevent Zeitgeist from running on startup
name: Remove Zeitgeist startup entry
docs: |-
This script removes the Autostart entry that is used by the Zeitgeist package to start itself [1].
[The XDG Autostart specification](https://web.archive.org/web/20221029223114/https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html)
@@ -2001,7 +2001,7 @@ actions:
>&2 echo "Failed to restore access, file does not exist at $file."
fi
-
name: Uninstall the Zeitgeist package (can break integrated software)
name: Remove Zeitgeist package (can break integrated software)
docs: |-
The main functionality for Zeitgeist is provided by the `zeitgeist` package in Fedora [1] and Arch Linux [2],
and the `zeitgeist-core` package in Debian [3].
@@ -2026,7 +2026,7 @@ actions:
parameters:
packageName: zeitgeist-core
# Other related packages include (apt list *zeitgeist*):
# zeitgeist-core, zeitgeist-datahub, python3-zeitgeist among many others.
# zeitgeist-core, zeitgeist-datahub, python3-zeitgeist among many others.
# Packages that use it include e.g. activity-log-manager, activity-log-manager-control-center..
-
function: UninstallPacmanPackage
@@ -2073,11 +2073,11 @@ actions:
echo "Skipping, connectivity checks are already disabled through $file."
else
echo -n "$content" | sudo tee "$file" > /dev/null
echo 'Successfully disabled connectivity checks-'
echo 'Successfully disabled connectivity checks.'
fi
if command -v 'nmcli' &> /dev/null; then
sudo nmcli general reload
echo 'Successfuly reloaded configuration.'
echo 'Successfully reloaded configuration.'
else
echo 'It will take effect after reboot.'
fi
@@ -2086,11 +2086,11 @@ actions:
echo 'Skipping, connectivity checks are not disabled.'
else
sudo rm -fv "$file"
echo 'Successfuly restored connectivity checks.'
echo 'Successfully restored connectivity checks.'
fi
if command -v 'nmcli' &> /dev/null; then
sudo nmcli general reload
echo 'Successfuly reloaded configuration.'
echo 'Successfully reloaded configuration.'
else
echo 'It will take effect after reboot.'
fi
@@ -2197,7 +2197,7 @@ actions:
jsonValue: >-
false
-
name: Do not run Microsoft online experiments on Visual Studio Code
name: Disable online experiments by Microsoft in Visual Studio Code
recommend: standard
docs: |-
VS Code employs experiments to test new features or gradually roll them out [1].
@@ -2217,7 +2217,7 @@ actions:
jsonValue: >-
false
-
name: Choose manual Visual Studio Code updates over automatic updates
name: Disable Visual Studio Code automatic updates in favor of manual updates
docs: |-
By default, VS Code is configured to automatically update when new versions are released [1].
Automatic updates reduce your control over privacy by sending data to Microsoft servers.
@@ -2245,7 +2245,7 @@ actions:
jsonValue: >-
"none"
-
name: Prevent fetching Visual Studio Code release notes from Microsoft servers
name: Disable fetching release notes from Microsoft servers after an update
docs: |-
This script prevents Visual Studio Code from displaying release notes after an update [1].
@@ -2262,7 +2262,7 @@ actions:
jsonValue: >-
false
-
category: Configure auto-updates from Visual Studio Code extensions
category: Configure auto-update settings for Visual Studio Code extensions
docs: |-
These scripts control the automatic update behavior of extensions.
Updates are fetched from Microsoft servers [1] [2].
@@ -2273,7 +2273,7 @@ actions:
[2]: https://web.archive.org/web/20221029171719/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/editor/extension-marketplace.md#extension-auto-update "vscode-docs/extension-marketplace.md at 9a900b380e11530376104ffc83a004b82553728e · microsoft/vscode-docs · GitHub | github.com"
children:
-
name: Prevent auto-updates of Visual Studio Code extensions
name: Disable automatic Visual Studio Code extension updates
docs: |-
By default, Visual Studio Code automatically downloads and installs updates for all
extensions [1]. These updates are fetched from a Microsoft online service [1].
@@ -2290,7 +2290,7 @@ actions:
jsonValue: >-
false
-
name: Prevent automatically checking Visual Studio Code extension updates from Microsoft servers
name: Disable Visual Studio Code automatic extension update checks
docs: |-
By default, Visual Studio Code automatically checks extensions for updates [1].
If an update for an extension is available, it is marked as outdated in the Extensions view [1].
@@ -2308,7 +2308,7 @@ actions:
jsonValue: >-
false
-
name: Disable auto-fetching Microsoft recommendations in Visual Studio Code
name: Disable automatic fetching of Microsoft recommendations in Visual Studio Code
recommend: strict
docs: |-
Visual Studio Code, by default, fetches recommendations from online Microsoft servers [1].
@@ -2328,7 +2328,7 @@ actions:
jsonValue: >-
true
-
name: Disable automatic fetching remote repository in Visual Studio Code
name: Disable automatic fetching of remote repositories in Visual Studio Code
docs: |-
Visual Studio Code (VS Code) periodically fetches changes from remote repositories [1].
This feature lets VS Code display how many changes your local repository is ahead or behind the remote [1].
@@ -2353,7 +2353,7 @@ actions:
jsonValue: >-
false
-
name: Prevent fetching package information from NPM and Bower in Visual Studio Code
name: Disable fetching package information from NPM and Bower in Visual Studio Code
docs: |-
Visual Studio Code fetches data from NPM and Bower to provide autocompletion and hover information
for npm dependencies [1]. By default, this feature is enabled [2] and fetches data from
@@ -2445,7 +2445,7 @@ actions:
jsonValue: >-
false
-
category: Disable Visual Studio Code Settings Sync data sharing
category: Disable data sharing for Visual Studio Code "Settings Sync"
docs: |-
**Settings Sync** is a Visual Studio Code feature that synchronizes settings, keybindings,
and installed extensions across different machines [1]. This data is stored in the Microsoft
@@ -2454,7 +2454,7 @@ actions:
[1]: https://web.archive.org/web/20221029172856/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/editor/settings-sync.md "vscode-docs/settings-sync.md at main · microsoft/vscode-docs · GitHub | github.com"
children:
-
name: Disable synchronizing Visaul Studio Code keybindings
name: Disable synchronization of Visual Studio Code keybindings
docs: |-
By default [1], Keyboard Shortcuts are synchronized across platforms [2].
You can disable this by setting `settingsSync.keybindingsPerPlatform` to `false` [1] [2].
@@ -2468,7 +2468,7 @@ actions:
jsonValue: >-
false
-
name: Disable synchronizing Visual Studio Code extension
name: Disable synchronization of Visual Studio Code extensions
docs: |-
Visual Studio Code synchronizes all built-in and installed extensions, along with their
global enablement state, by default [1] [2].
@@ -2487,8 +2487,8 @@ actions:
jsonValue: >-
["*"]
-
name: Disable synchronizing Visual Studio Code settings
docs: |-
name: Disable synchronization of Visual Studio Code settings
docs: |-
By default, Visual Studio Code synchronizes all settings, except for machine settings
(those with machine or machine-overridable scopes), as these are specific to a given machine [1] [2].
@@ -2612,7 +2612,7 @@ actions:
recommend: standard
docs: |-
Dynamic First-Party Isolation, also known as dFPI, is an advanced privacy feature in Firefox. This feature commonly
referred as:
referred to as:
- Total Cookie Protection [1],
- dFPI (dynamic First-Party Isolation) [2],
@@ -2655,12 +2655,12 @@ actions:
isolated storage location, preventing it from accessing data from another website [1]. This limits the ability of websites to track
users across multiple sites [1].
Network Partitioning, formerly referred as *cache partitioning* [2], is a subset of state partitioning [1]. While state partitioning
Network Partitioning, formerly referred to as *cache partitioning* [2], is a subset of state partitioning [1]. While state partitioning
deals with data like cookies, network partitioning deals with networking-related components, such as caches and connection pools [1].
It ensures that these components are isolated to each website, further enhancing user privacy [1].
Firefox has enabled network partitioning by default since version 85 [1]. Once enabled, network partitioning becomes permanent,
meaning websites cannot bypass or relax its restrictions [1].
meaning websites cannot bypass or weaken its restrictions [1].
Network partitioning can be controlled with the `privacy.partition.network_state` preference [1].
@@ -2672,7 +2672,7 @@ actions:
prefName: privacy.partition.network_state
jsonValue: 'true'
-
name: Disable depreciated Firefox First-Party Isolation (FPI)
name: Disable outdated Firefox First-Party Isolation (FPI)
recommend: strict
docs: |-
First-party isolation (FPI) helps in preventing third parties from tracking users across multiple websites [1] [2]. This is sometimes
@@ -2682,7 +2682,7 @@ actions:
1. FPI and dFPI conflict with each other, and they cannot function simultaneously [3] [4]. Additionally, Mozilla doesn't plan to make
them compatible [5].
2. FPI has been marked as depreciated and is expected to be phased out [3], with dFPI set to become the standard in the future [6].
2. FPI has been marked as deprecated and is expected to be phased out [3], with dFPI set to become the standard in the future [6].
3. dFPI, when combined with network partitioning, offers broader and more effective privacy coverage than FPI, being essentially a
superset of FPI [3] [7].
@@ -2710,7 +2710,7 @@ actions:
This script enables the `privacy.resistFingerprinting` preference,
activating anti-fingerprinting [1][2].
Beyond privacy advantages, enabling tracking protection may reduce load time by 44% [3].
Beyond privacy advantages; enabling tracking protection may reduce load time by 44% [3].
Note: If you are already using an ad blocker with the correct lists, tracking protection might
be redundant.
@@ -2727,9 +2727,9 @@ actions:
name: Enable Firefox anti-fingerprinting (may break some websites)
recommend: strict
docs: |-
Fingerprinting Protection is a heavily developing experimental feature in Firefox [1].
As part of a project to integrate features from the Tor Browser, Mozilla has launched an
anti-fingerprinting project in Firefox [2].
Fingerprinting Protection is a heavily developed experimental feature in Firefox [1].
As part of a project to integrate features from the Tor Browser, Mozilla launched an
anti-fingerprinting project in Firefox [2].
This script enables the `privacy.resistFingerprinting` preference, activating
anti-fingerprinting [1][2].
@@ -2756,7 +2756,7 @@ actions:
WebRTC (Web Real-Time Communication) is a free and open-source project offering real-time
communication (RTC) via application programming interfaces (APIs) to web browsers and mobile
applications [2]. It enables audio and video communication to work inside web pages by facilitating
direct peer-to-peer communication, thereby eliminating the need for plugin installations or native
direct peer-to-peer communication, and thereby eliminating the need for plugin installations or native
app downloads [3]. Supported by Apple, Google, Microsoft, Mozilla, and Opera, WebRTC's
specifications have been published by the World Wide Web Consortium (W3C) and the Internet
Engineering Task Force (IETF) [2].
@@ -2776,7 +2776,7 @@ actions:
**interaction data** and **technical data** [1].
**Interaction data** includes metrics such as the number of open tabs and windows, the number of
webpages visited, the number and type of installed Firefox Add-ons, session length, and
webpages visited, the number and type of installed Firefox Add-ons, session length, and
interactions with features offered by Mozilla or third parties. These features may include
Firefox search features and search partner referrals [1].
@@ -2789,14 +2789,14 @@ actions:
[1]: https://web.archive.org/web/20220901045358/https://support.mozilla.org/en-US/kb/telemetry-clientid "Telemetry collection and deletion | Firefox Help | support.mozilla.org"
children:
-
name: Disable Firefox technical and interaction data collection
name: Disable collection of technical and interaction data in Firefox
recommend: standard
docs: |-
This script alters the `datareporting.healthreport.uploadEnabled` preference, effectively
disabling it. This preference regulates whether Firefox sends telemetry data [1].
The script halts all data transmitted from Firefox to Mozilla via Telemetry [2], preventing
Firefox from sending technical and interaction data to Mozilla [3].
Firefox from sending technical and interaction data to Mozilla [3].
For reasons of military security, it's recommended by the U.S. government (NIST 800-53) that
this data collection is disabled [4].
@@ -2811,7 +2811,7 @@ actions:
prefName: datareporting.healthreport.uploadEnabled
jsonValue: 'false'
-
name: Disable verbose Firefox telemetry collection
name: Disable detailed telemetry collection in Firefox
recommend: standard
docs: |-
This script disables the `toolkit.telemetry.enabled` preference, which controls whether the
@@ -2839,7 +2839,7 @@ actions:
prefName: toolkit.telemetry.enabled
jsonValue: 'false'
-
name: Disable Firefox telemetry archive
name: Disable archiving of Firefox telemetry
recommend: standard
docs: |-
This script configures the `toolkit.telemetry.archive.enabled` preference to be disabled, thus
@@ -2893,12 +2893,12 @@ actions:
docs: |-
This script sets the `toolkit.telemetry.log.level` preference to the least verbosity to minimize logs.
This preference adjusts the telemetry logging verbosity as per `Log.jsm` [1].
By default, logging is restricted to the console service [1]
By default, logging is restricted to the console service [1].
It displays telemetry information in the browser console [2] and can be used to monitor telemetry activity
in the JavaScript console [3]. This process is also referred to as telemetry tracing [4].
The output can be accessed via the DevTools console [4], navigable through the menu by selecting
"Tools" => "Developer Tools" => "Error Console" (CTRL+SHIFT+J).
"Tools" => "Developer Tools" => "Error Console" (CTRL+SHIFT+J).
The available verbosity levels, in descending order, are `Trace`, `Debug`, `Config`, `Info`, `Warn` (default),
`Error`, and `Fatal` [1].
@@ -2913,10 +2913,10 @@ actions:
prefName: toolkit.telemetry.log.level
jsonValue: 'Fatal'
-
name: Disable dumping Firefox Telemetry log messages to stdout
name: Disable Firefox telemetry log output
recommend: standard
docs: |-
This script deactivates `toolkit.telemetry.log.dump` as much as possible.
This script adjusts the `toolkit.telemetry.log.dump` setting to its most restricted value.
This preference controls whether to dump telemetry log messages to `stdout` [1].
[1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
@@ -2949,7 +2949,7 @@ actions:
[1]: https://web.archive.org/web/20221025163526/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/concepts/pings.html "Telemetry pings — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
children:
-
name: Disable pinging to Firefox telemetry server
name: Disable pings to Firefox telemetry server
recommend: standard
docs: |-
This script sets `toolkit.telemetry.server` to be empty.
@@ -3074,7 +3074,7 @@ actions:
name: Disable Firefox Pioneer study monitoring
recommend: standard
docs: |-
This script configures `toolkit.telemetry.pioneer-new-studies-available` to be disabled to opt-out from
This script configures `toolkit.telemetry.pioneer-new-studies-available` to be disabled to opt out.
Firefox Pioneer program.
This setting disables availability check for Firefox Pioneer studies [1].
@@ -3129,7 +3129,7 @@ actions:
prefName: network.captive-portal-service.enabled
jsonValue: 'false'
-
category: Disable Firefox Phishing Protection (decreases your security)
category: Disable Firefox Phishing Protection (Safe Browsing) (decreases security)
docs: |-
Firefox's Safe Browsing feature, now referred to as Phishing Protection, is still internally
recognized as "Safe Browsing" [1].
@@ -3153,12 +3153,22 @@ actions:
[3]: https://web.archive.org/web/20221025192516/https://www.usnews.com/opinion/articles/2016-06-22/google-is-the-worlds-biggest-censor-and-its-power-must-be-regulated "Google Is the World's Biggest Censor and Its Power Must Be Regulated | usnews.com"
children:
-
name: Disable Firefox plugin stability blocking
name: Disable blocking of unstable plugins in Firefox
docs: |-
This script sets `browser.safebrowsing.blockedURIs.enabled` to 'false', thereby disabling plugin
stability blocking [1].
Disabling this feature might have mixed implications:
- Disabling the blocking of unstable plugins can potentially expose the user to vulnerabilities associated with these plugins.
These plugins may include malware, which would compromise user privacy and data.
- It removes the need for data communication via Mozilla servers `addons.mozilla.org` for list retrieval [2]. This feature requires
frequent requests to download large amount of data.
If this blocking is removed, the user should be knowledgeable about the potential risks and will take precautions.
[1]: https://web.archive.org/web/20221025192643/https://wiki.mozilla.org/Security/Safe_Browsing#Prefs "Security/Safe Browsing - MozillaWiki | wiki.mozilla.org"
[2]: https://web.archive.org/web/20230811024650/https://blog.mozilla.org/addons/2020/08/24/introducing-a-scalable-add-ons-blocklist/ "Introducing a scalable add-ons blocklist | Mozilla Add-ons Community Blog"
call:
function: AddFirefoxPrefs
parameters:
@@ -3337,7 +3347,7 @@ functions:
target = json.loads('{{ $jsonValue }}')
home_dir = f'/home/{os.getenv("SUDO_USER", os.getenv("USER"))}'
settings_files = [
# Global installation (also snap that installs with "--classic" flag)
# Global installation (also Snap that installs with "--classic" flag)
f'{home_dir}/.config/Code/User/settings.json',
# Flatpak installation
f'{home_dir}/.var/app/com.visualstudio.code/config/Code/User/settings.json'
@@ -3451,11 +3461,11 @@ functions:
if ! sudo systemctl stop "$service"; then
>&2 echo "Could not stop $service."
else
echo 'Successfuly stopped'
echo 'Successfully stopped'
fi
fi
if sudo systemctl disable "$service"; then
echo "Successfuly disabled $service."
echo "Successfully disabled $service."
else
>&2 echo "Failed to disable $service."
fi
@@ -3472,7 +3482,7 @@ functions:
echo "Skipping, $service is already enabled."
else
if sudo systemctl enable "$service"; then
echo "Successfuly enabled $service, it may require reboot to start."
echo "Successfully enabled $service, it may require reboot to start."
else
>&2 echo "Failed to enable $service."
fi
@@ -3799,7 +3809,7 @@ functions:
echo "Succesfully restored."
else
>&2 echo "Failed to restore, backup file could not be found at $backup_file."
>&2 echo "Was it change initially applied by privacy.sexy?"
>&2 echo "Was the change initially applied by privacy.sexy?"
fi
-
name: ReplaceFileContent
@@ -3826,5 +3836,5 @@ functions:
else
sudo rm -fv "$file"
sudo mv "$file.backup" "$file"
echo "Successfuly restored from backup: $file"
echo "Successfully restored from backup: $file"
fi

305
src/application/collections/macos.yaml
View File

@@ -1,4 +1,4 @@
# Structure documented in "docs/collection-files.md"
# Structure is documented in "docs/collection-files.md"
os: macos
scripting:
language: shellscript
@@ -48,18 +48,18 @@ actions:
# on main HDD
sudo rm -rfv ~/.Trash/* &>/dev/null
-
name: Clear system cache files
name: Clear system cache
recommend: strict
code: |-
sudo rm -rfv /Library/Caches/* &>/dev/null
sudo rm -rfv /System/Library/Caches/* &>/dev/null
sudo rm -rfv ~/Library/Caches/* &>/dev/null
-
category: Clear OS logs
category: Clear operating system logs
recommend: strict
children:
-
category: Clear unified logs (diagnostics)
category: Clear unified diagnostic logs
docs: https://developer.apple.com/documentation/os/logging
children:
-
@@ -69,7 +69,7 @@ actions:
sudo rm -rfv /private/var/db/diagnostics/*
sudo rm -rfv /var/db/diagnostics/*
-
name: Clear shared-cache strings data
name: Clear shared cache strings data
docs:
- https://eclecticlight.co/2017/09/23/sierras-unified-log-evolves-more-persistent-and-a-valuable-log-log/
- https://github.com/privacysexy-forks/dtformats/blob/main/documentation/Apple%20Unified%20Logging%20and%20Activity%20Tracing%20formats.asciidoc
@@ -77,7 +77,7 @@ actions:
sudo rm -rfv /private/var/db/uuidtext/
sudo rm -rfv /var/db/uuidtext/
-
category: Clear system logs (/var/log/)
category: Clear system logs
children:
-
name: Clear Apple System Logs (ASL)
@@ -94,7 +94,7 @@ actions:
docs: https://discussions.apple.com/thread/1829842
code: sudo rm -fv /var/log/install.log
-
name: Clear all system logs
name: Clear all system logs in `/var/log/` directory
docs: https://www.howtogeek.com/356942/how-to-view-the-system-log-on-a-mac/
code: sudo rm -rfv /var/log/* # Clears including /var/log/system.log
-
@@ -105,7 +105,7 @@ actions:
name: Clear Mail logs
code: rm -rfv ~/Library/Containers/com.apple.mail/Data/Library/Logs/Mail/*
-
name: Clear audit logs (login, logout, authentication and other user activity)
name: Clear user activity audit logs (login, logout, authentication, etc.)
docs:
- https://papers.put.as/papers/macosx/2012/Mac_Log_Analysis_Sarah_Edwards_DFIRSummit2012.pdf
- http://macadmins.psu.edu/wp-content/uploads/sites/24696/2016/06/psumac2016-19-osxlogs_macadmins_2016.pdf
@@ -113,7 +113,7 @@ actions:
sudo rm -rfv /var/audit/*
sudo rm -rfv /private/var/audit/*
-
name: Clear user logs (user reports)
name: Clear user report logs
docs:
- https://www.howtogeek.com/356942/how-to-view-the-system-log-on-a-mac/
- https://apple.stackexchange.com/questions/272929/is-it-safe-to-delete-the-content-of-library-logs
@@ -134,15 +134,15 @@ actions:
category: Clear browser history
children:
-
category: Clear Google Chrome history
category: Clear Chrome history
children:
-
name: Clear Google Chrome browsing history
name: Clear Chrome browsing history
code: |-
rm -rfv ~/Library/Application\ Support/Google/Chrome/Default/History &>/dev/null
rm -rfv ~/Library/Application\ Support/Google/Chrome/Default/History-journal &>/dev/null
-
name: Google Chrome Cache Files
name: Clear Chrome cache
code: sudo rm -rfv ~/Library/Application\ Support/Google/Chrome/Default/Application\ Cache/* &>/dev/null
-
category: Clear Safari history
@@ -165,7 +165,7 @@ actions:
docs: https://blog.d204n6.com/2020/09/macos-safari-preferences-and-privacy.html
code: rm -f ~/Library/Safari/Downloads.plist
-
name: Clear Safari top sites
name: Clear Safari frequently visited sites
docs: https://davidkoepi.wordpress.com/2013/04/20/safariforensic/
code: rm -f ~/Library/Safari/TopSites.plist
-
@@ -182,7 +182,7 @@ actions:
docs: https://davidkoepi.wordpress.com/2013/04/20/safariforensic/
code: rm -f ~/Library/Caches/com.apple.Safari/Cache.db
-
name: Clear Safari web page icons displayed on URL bar
name: Clear Safari URL bar web page icons
docs:
- https://davidkoepi.wordpress.com/2013/04/20/safariforensic/
- https://lifehacker.com/safaris-private-browsing-mode-saves-urls-in-an-easily-a-1691944343
@@ -194,11 +194,11 @@ actions:
- https://www.reddit.com/r/apple/comments/18lp92/your_apple_computer_keeps_a_screen_shot_of_nearly/
code: rm -rfv ~/Library/Caches/com.apple.Safari/Webpage\ Previews
-
name: Clear copy of the Safari history
name: Clear Safari history copy
docs: https://forensicsfromthesausagefactory.blogspot.com/2010/06/safari-history-spotlight-webhistory.html
code: rm -rfv ~/Library/Caches/Metadata/Safari/History
-
name: Clear search history embedded in Safari preferences
name: Clear search term history embedded in Safari preferences
docs: https://krypted.com/tag/recentsearchstrings/
code: defaults write ~/Library/Preferences/com.apple.Safari RecentSearchStrings '( )'
-
@@ -215,11 +215,11 @@ actions:
docs: https://blog.d204n6.com/2020/09/macos-safari-preferences-and-privacy.html
code: rm -f ~/Library/Safari/PerSiteZoomPreferences.plist
-
name: Clear URLs that are allowed to display notifications in Safari
name: Clear allowed URLs for Safari notifications
docs: https://blog.d204n6.com/2020/09/macos-safari-preferences-and-privacy.html
code: rm -f ~/Library/Safari/UserNotificationPreferences.plist
-
name: Clear Safari per-site preferences for Downloads, Geolocation, PopUps, and Autoplays
name: Clear Safari preferences for downloads, geolocation, pop-ups, and autoplay per site
docs: https://blog.d204n6.com/2020/09/macos-safari-preferences-and-privacy.html
code: rm -f ~/Library/Safari/PerSitePreferences.db
-
@@ -231,15 +231,15 @@ actions:
sudo rm -rf ~/Library/Caches/Mozilla/
rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/netpredictions.sqlite
-
name: Delete Firefox form history
name: Clear Firefox form history
code: |-
rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/formhistory.sqlite
rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/formhistory.dat
-
name: Delete Firefox site preferences
name: Clear Firefox site preferences
code: rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/content-prefs.sqlite
-
name: Delete Firefox session restore data (loads after the browser closes or crashes)
name: Clear Firefox session restore data (loads after the browser closes or crashes)
code: |-
rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/sessionCheckpoints.json
rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/sessionstore*.js*
@@ -250,7 +250,7 @@ actions:
rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/sessionstore-backups/previous.bak*
rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/sessionstore-backups/upgrade.js*-20*
-
name: Delete Firefox passwords
name: Clear Firefox passwords
docs: https://web.archive.org/web/20210425202923/http://kb.mozillazine.org/Password_Manager
code: |-
rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/signons.txt
@@ -259,20 +259,20 @@ actions:
rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/signons.sqlite
rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/logins.json
-
name: Delete Firefox HTML5 cookies
name: Clear Firefox HTML5 cookies
code: rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/webappsstore.sqlite
-
name: Delete Firefox crash reports
name: Clear Firefox crash reports
code: |-
rm -rfv ~/Library/Application\ Support/Firefox/Crash\ Reports/
rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/minidumps/*.dmp
-
name: Delete Firefox backup files
name: Clear Firefox backup files
code: |-
rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/bookmarkbackups/*.json
rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/bookmarkbackups/*.jsonlz4
-
name: Delete Firefox cookies
name: Clear Firefox cookies
code: |-
rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/cookies.txt
rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/cookies.sqlite
@@ -280,7 +280,7 @@ actions:
rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/cookies.sqlite-wal
rm -rfv ~/Library/Application\ Support/Firefox/Profiles/*/storage/default/http*
-
category: Clear third party application data
category: Clear third-party application data
children:
-
name: Clear Adobe cache
@@ -290,18 +290,18 @@ actions:
name: Clear Gradle cache
recommend: strict
code: |-
if [ -d "/Users/${HOST}/.gradle/caches" ]; then
if [ -d "~/.gradle/caches" ]; then
rm -rfv ~/.gradle/caches/ &> /dev/null
fi
-
name: Clear Dropbox cache
recommend: standard
code: |-
if [ -d "/Users/${HOST}/Dropbox" ]; then
if [ -d "~/Dropbox/.dropbox.cache" ]; then
sudo rm -rfv ~/Dropbox/.dropbox.cache/* &>/dev/null
fi
-
name: Clear Google Drive file stream cache
name: Clear Google Drive File Stream cache
recommend: standard
code: |-
killall "Google Drive File Stream"
@@ -323,21 +323,54 @@ actions:
brew tap --repair &>/dev/null
fi
-
name: Clear any old versions of Ruby gems
name: Clear old Ruby gem versions
recommend: strict
code: |-
if type "gem" &> /dev/null; then
gem cleanup &>/dev/null
fi
-
name: Clear Docker
name: Clear unused Docker data
recommend: strict
docs: |-
This script frees up disk space, but also improves user privacy by:
1. **Removal of stopped containers**: Containers often run applications or services that might process sensitive
or personal data. Even if a container is stopped, its filesystem remains intact, and potentially sensitive data inside
it can be accessed. By removing stopped containers, we eliminate this potential privacy risk.
2. **Deletion of unused images**: Images can sometimes contain sensitive information, especially if they were built
from `Dockerfile`s that copied local files or were used in scenarios where sensitive data was processed. Deleting unused
images ensures that any inadvertent sensitive information embedded in those images is eradicated.
3. **Cleanup of network configurations**: Networks, especially custom ones, can contain configurations that reveal details
about system architecture, inter-container communication, or even hardcoded secrets. Removing unused networks mitigates
risks associated with lingering, outdated, or insecure configurations.
4. **Elimination of build cache**: The Docker build process uses a cache to speed up image creation. This cache can contain
remnants of previous builds, including potentially sensitive data or files. Pruning the build cache ensures that these remnants
are deleted, further safeguarding privacy.
5. **Footprint reduction**: By consistently pruning unused Docker objects, the overall footprint of Docker on the system is
reduced. This makes it harder for malicious actors to exploit any lingering or overlooked vulnerabilities in the system or Docker
itself.
This script runs `docker system prune -af` command to clean up unused Docker data [1].
Specifically, the command will [1]:
- Remove all stopped containers.
- Remove all networks not used by at least one container.
- Remove all images not used by any container.
- Remove all build cache.
[1]: https://web.archive.org/web/20230810171526/https://docs.docker.com/engine/reference/commandline/system_prune/ "docker system prune | Docker Documentation"
code: |-
if type "docker" &> /dev/null; then
docker system prune -af
fi
-
name: Clear Pyenv-VirtualEnv cache
name: Clear Pyenv-Virtualenv cache
recommend: strict
code: |-
if [ "$PYENV_VIRTUALENV_CACHE_PATH" ]; then
@@ -359,22 +392,22 @@ actions:
yarn cache clean --force
fi
-
category: iOS Cleanup
category: Clear iOS usage data
children:
-
name: Clear iOS applications
name: Clear iOS app copies from iTunes
recommend: strict
code: rm -rfv ~/Music/iTunes/iTunes\ Media/Mobile\ Applications/* &>/dev/null
-
name: Clear iOS photo caches
name: Clear iOS photo cache
recommend: standard
code: rm -rf ~/Pictures/iPhoto\ Library/iPod\ Photo\ Cache/*
-
name: Remove iOS Device Backups
name: Clear iOS Device Backups
recommend: strict
code: rm -rfv ~/Library/Application\ Support/MobileSync/Backup/* &>/dev/null
-
name: Clear iOS Simulators
name: Clear iOS simulators
recommend: strict
code: |-
if type "xcrun" &>/dev/null; then
@@ -385,7 +418,7 @@ actions:
xcrun simctl erase all
fi
-
name: Clear the list of iOS devices connected
name: Clear list of connected iOS devices
recommend: strict
code: |-
sudo defaults delete /Users/$USER/Library/Preferences/com.apple.iPod.plist "conn:128:Last Connect"
@@ -394,7 +427,7 @@ actions:
sudo defaults delete /Library/Preferences/com.apple.iPod.plist Devices
sudo rm -rfv /var/db/lockdown/*
-
name: Clear XCode Derived Data and Archives
name: Clear Xcode's derived data and archives
recommend: strict
code: |-
rm -rfv ~/Library/Developer/Xcode/DerivedData/* &>/dev/null
@@ -407,50 +440,50 @@ actions:
sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder
-
name: Purge inactive memory
name: Clear inactive memory
recommend: standard
code: sudo purge
-
category: Reset privacy permissions for all applications
category: Clear all privacy permissions for applications
children:
-
name: Reset camera permissions
name: Clear "camera" permissions
code: tccutil reset Camera
-
name: Reset microphone permissions
name: Clear "microphone" permissions
code: tccutil reset Microphone
-
name: Reset accessibility permissions
name: Clear "accessibility" permissions
code: tccutil reset Accessibility
-
name: Reset screen capture permissions
name: Clear "screen capture" permissions
code: tccutil reset ScreenCapture
-
name: Reset reminders permissions
name: Clear "reminders" permissions
code: tccutil reset Reminders
-
name: Reset photos permissions
name: Clear "photos" permissions
code: tccutil reset Photos
-
name: Reset calendar permissions
name: Clear "calendar" permissions
code: tccutil reset Calendar
-
name: Reset full disk access permissions
name: Clear "full disk access" permissions
code: tccutil reset SystemPolicyAllFiles
-
name: Reset contacts permissions
name: Clear "contacts" permissions
code: tccutil reset SystemPolicyAllFiles
-
name: Reset desktop folder permissions
name: Clear "desktop folder" permissions
code: tccutil reset SystemPolicyDesktopFolder
-
name: Reset documents folder permissions
name: Clear "documents folder" permissions
code: tccutil reset SystemPolicyDocumentsFolder
-
name: Reset downloads permissions
name: Clear "downloads" permissions
code: tccutil reset SystemPolicyDownloadsFolder
-
name: Reset all app permissions
name: Clear all app permissions
code: tccutil reset All
-
category: Configure programs
@@ -468,20 +501,20 @@ actions:
sudo defaults delete /Library/Preferences/org.mozilla.firefox EnterprisePoliciesEnabled
sudo defaults delete /Library/Preferences/org.mozilla.firefox DisableTelemetry
-
name: Disable Microsoft Office diagnostics data sending
name: Disable Microsoft Office telemetry
recommend: standard
code: defaults write com.microsoft.office DiagnosticDataTypePreference -string ZeroDiagnosticData
revertCode: defaults delete com.microsoft.office DiagnosticDataTypePreference
-
name: Uninstall Google update
name: Remove Google Software Update service
recommend: strict
code: |-
googleUpdateFile=~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/ksinstall
if [ -f "$googleUpdateFile" ]; then
$googleUpdateFile --nuke
echo Uninstalled google update
echo 'Uninstalled Google update'
else
echo Google update file does not exist
echo 'Google update file does not exist'
fi
-
name: Disable Homebrew user behavior analytics
@@ -514,12 +547,12 @@ actions:
docs: |-
Parallels Desktop for Mac is software providing hardware virtualization for macOS [1].
When you use it, it collects and share your personal data to third parties [2]. Personal
When you use it, it collects and shares your personal data to third parties [2]. Personal
data include IP address of your device, your broad geographical location (country, state
(if applicable), and city) and used product [2].
It includes third-party ads [3] and automatic check for updates [4] by default. Both of these
behaviors communicate with online services that reveal data about you.
It includes third-party advertisements [3] and automatic check for updates [4] by default.
Both of these behaviors communicate with online services that reveal personal data about you.
[1]: https://web.archive.org/web/20221012155943/https://en.wikipedia.org/wiki/Parallels_Desktop_for_Mac "Parallels Desktop for Mac - Wikipedia | en.wikipedia.org"
[2]: https://web.archive.org/web/20221012155829/https://www.parallels.com/about/legal/privacy/ "Privacy Statement | parallels.com"
@@ -527,7 +560,7 @@ actions:
[4]: https://web.archive.org/web/20221012151953/http://download.parallels.com/stm/docs/en/Parallels_Desktop_Users_Guide/22220.htm "Automatic Updating | Parallels Desktop Users Guide | download.parallels.com"
children:
-
name: Turn off ads in Parallels Desktop
name: Disable Parallels Desktop advertisements
recommend: standard
docs: |-
Parallels Desktop in-product notifications to show ads from Parallels or other third
@@ -544,7 +577,7 @@ actions:
default). It's undocumented but still kept disabled by this script.
[1]: https://web.archive.org/save/https://forum.parallels.com/threads/unable-to-process-the-upgrade-request.345603/ "Unable to process the upgrade request | Parallels Forums | forum.parallels.com"
[2]: https://web.archive.org/web/20221012151800/https://kb.parallels.com/114422 "How do I turn off notifications in Parallels Desktop and Parallels Access? | Knowledge Base | parallels.com"
[2]: https://web.archive.org/web/20221012151800/https://kb.parallels.com/114422 "How do I turn off notifications in Parallels Desktop and Parallels Access? | Knowledge Base | parallels.com"
code: |-
defaults write 'com.parallels.Parallels Desktop' 'ProductPromo.ForcePromoOff' -bool yes
defaults write 'com.parallels.Parallels Desktop' 'WelcomeScreenPromo.PromoOff' -bool yes
@@ -552,16 +585,16 @@ actions:
defaults write 'com.parallels.Parallels Desktop' 'ProductPromo.ForcePromoOff' -bool no
defaults write 'com.parallels.Parallels Desktop' 'WelcomeScreenPromo.PromoOff' -bool yes
-
category: Disable Parallels Desktop auto-updates
category: Disable Parallels Desktop automatic updates
docs: |-
Parallels Desktop by default checks for updates frequently and automatically downloads them [1].
This reveal personal data about [2] you without your control.
This reveal personal data about you [2] without your control.
[1]: https://web.archive.org/web/20221012151953/http://download.parallels.com/stm/docs/en/Parallels_Desktop_Users_Guide/22220.htm "Automatic Updating | Parallels Desktop Users Guide | download.parallels.com"
[2]: https://web.archive.org/web/20221012155829/https://www.parallels.com/about/legal/privacy/ "Privacy Statement | parallels.com"
children:
-
name: Disable automatically downloading Parallels Desktop updates
name: Disable automatic downloads for Parallels Desktop updates
docs: |-
Automatic downloads are enabled by default, and this script disables automatic downloads.
@@ -570,11 +603,11 @@ actions:
- Check: `defaults read 'com.parallels.Parallels Desktop' 'Application preferences.Download updates automatically'`
- Values: 0 - Disabled, 1 - Enabled (default)
[1]: https://web.archive.org/web/20221012153810/https://download.parallels.com/desktop/v18/docs/en_US/Parallels-Desktop-Business-Edition-Administrators-Guide/37744.htm "Parallels Desktop Business Edition Administrator's Guide v18 - Configuring individual Macs | download.parallels.com"
[1]: https://web.archive.org/web/20221012153810/https://download.parallels.com/desktop/v18/docs/en_US/Parallels-Desktop-Business-Edition-Administrators-Guide/37744.htm "Parallels Desktop Business Edition Administrator's Guide v18 - Configuring individual Macs | download.parallels.com"
code: defaults write 'com.parallels.Parallels Desktop' 'Application preferences.Download updates automatically' -bool no
revertCode: defaults write 'com.parallels.Parallels Desktop' 'Application preferences.Download updates automatically' -bool yes
-
name: Disable automatically checking for Parallels Desktop updates
name: Disable automatic checks for Parallels Desktop updates
docs: |-
Automatic checks are weekly by default, and this script disables the checks completely.
@@ -593,7 +626,7 @@ actions:
category: Configure Apple Remote Desktop
children:
-
name: Deactivate the Remote Management Service
name: Disable remote management service
recommend: strict
code: sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop
revertCode: sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -restart -agent -console
@@ -604,26 +637,26 @@ actions:
sudo rm -rf /var/db/RemoteManagement
sudo defaults delete /Library/Preferences/com.apple.RemoteDesktop.plist
defaults delete ~/Library/Preferences/com.apple.RemoteDesktop.plist
sudo rm -r /Library/Application\ Support/Apple/Remote\ Desktop/
sudo rm -rf /Library/Application\ Support/Apple/Remote\ Desktop/
rm -r ~/Library/Application\ Support/Remote\ Desktop/
rm -r ~/Library/Containers/com.apple.RemoteDesktop
-
name: Disable Internet based spell correction
name: Disable online spell correction
code: defaults write NSGlobalDomain WebAutomaticSpellingCorrectionEnabled -bool false
revertCode: defaults delete NSGlobalDomain WebAutomaticSpellingCorrectionEnabled
-
name: Disable Remote Apple Events
name: Disable remote Apple events
recommend: strict
code: sudo systemsetup -setremoteappleevents off
revertCode: sudo systemsetup -setremoteappleevents on
-
name: Do not store documents to iCloud Drive by default
name: Disable automatic storage of documents in iCloud Drive
docs: https://macos-defaults.com/finder/nsdocumentsavenewdocumentstocloud.html
recommend: standard
code: defaults write NSGlobalDomain NSDocumentSaveNewDocumentsToCloud -bool false
revertCode: defaults delete NSGlobalDomain NSDocumentSaveNewDocumentsToCloud
-
name: Do not show recent items on dock
name: Disable display of recent applications on Dock
docs: https://developer.apple.com/documentation/devicemanagement/dock
code: defaults write com.apple.dock show-recents -bool false
revertCode: defaults delete com.apple.dock show-recents
@@ -636,7 +669,7 @@ actions:
category: Configure Siri
children:
-
name: Opt-out from Siri data collection
name: Disable participation in Siri data collection
recommend: standard
code: defaults write com.apple.assistant.support 'Siri Data Sharing Opt-In Status' -int 2
revertCode: defaults delete com.apple.assistant.support 'Siri Data Sharing Opt-In Status'
@@ -683,7 +716,7 @@ actions:
launchctl enable "gui/$UID/com.apple.Siri.agent"
sudo launchctl enable 'system/com.apple.Siri.agent'
if [ $(/usr/bin/csrutil status | awk '/status/ {print $5}' | sed 's/\.$//') = "enabled" ]; then
>&2 echo 'This script requires SIP to be disabled. Read more: https://developer.apple.com/documentation/security/disabling_and_enabling_system_integrity_protection''
>&2 echo 'This script requires SIP to be disabled. Read more: https://developer.apple.com/documentation/security/disabling_and_enabling_system_integrity_protection'
fi
-
name: Disable "Do you want to enable Siri?" pop-up
@@ -694,15 +727,15 @@ actions:
code: defaults write com.apple.SetupAssistant 'DidSeeSiriSetup' -bool True
revertCode: defaults delete com.apple.SetupAssistant 'DidSeeSiriSetup'
-
category: Hide Siri
category: Remove Siri from user interface
children:
-
name: Hide Siri from menu bar
name: Remove Siri from menu bar
recommend: strict
code: defaults write com.apple.systemuiserver 'NSStatusItem Visible Siri' 0
revertCode: defaults write com.apple.systemuiserver 'NSStatusItem Visible Siri' 1
-
name: Hide Siri from status menu
name: Remove Siri from status menu
recommend: strict
docs: https://derflounder.wordpress.com/2016/09/20/blocking-siri-on-macos-sierra/
code: |-
@@ -716,7 +749,7 @@ actions:
code: sudo mdutil -i off -d /
revertCode: sudo mdutil -i on /
-
name: Disable Personalized advertisements and identifier collection
name: Disable personalized advertisements and identifier tracking
recommend: standard
docs: |-
This script enhances your privacy by deactivating Personalized Ads and disabling the collection
@@ -746,7 +779,7 @@ actions:
Please note: The `forceLimitAdTracking` key limits ad tracking [3] [4] and is found in CIS
benchmarks for macOS [4]. However, the official macOS documentation specifies that it is
applicable only to iOS 7 and later versions, not to macOS [3]. The key does not exist on the OS
applicable only to iOS 7 and newer versions, not to macOS [3]. The key does not exist on the OS
by default.
[1]: https://web.archive.org/web/20230731152633/https://www.apple.com/legal/privacy/data/en/apple-advertising/ "Legal - Apple Advertising & Privacy - Apple"
@@ -789,7 +822,7 @@ actions:
sudo defaults write /Library/Preferences/com.apple.alf globalstate -bool false
defaults write com.apple.security.firewall EnableFirewall -bool false
-
name: Turn on firewall logging
name: Enable firewall logging
recommend: standard
docs:
- https://www.stigviewer.com/stig/apple_os_x_10.13/2018-10-01/finding/V-81671
@@ -801,7 +834,7 @@ actions:
/usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode off
sudo defaults write /Library/Preferences/com.apple.alf loggingenabled -bool false
-
name: Turn on stealth mode
name: Enable stealth mode
recommend: standard
docs:
- https://www.stigviewer.com/stig/apple_os_x_10.8_mountain_lion_workstation/2015-02-10/finding/V-51327
@@ -816,16 +849,16 @@ actions:
sudo defaults write /Library/Preferences/com.apple.alf stealthenabled -bool false
defaults write com.apple.security.firewall EnableStealthMode -bool false
-
category: Disable auto-permitting incoming traffic for apps
category: Disable automatic permission for incoming traffic in applications
children:
-
name: Prevent automatically allowing incoming connections to signed apps
name: Disable automatic incoming connections for signed apps
docs: https://daiderd.com/nix-darwin/manual/index.html
recommend: strict
code: sudo defaults write /Library/Preferences/com.apple.alf allowsignedenabled -bool false
revertCode: sudo defaults write /Library/Preferences/com.apple.alf allowsignedenabled -bool true
-
name: Prevent automatically allowing incoming connections to downloaded signed apps
name: Disable automatic incoming connections for downloaded signed apps
docs: https://daiderd.com/nix-darwin/manual/index.html
recommend: strict
code: sudo defaults write /Library/Preferences/com.apple.alf allowdownloadsignedenabled -bool false
@@ -845,16 +878,16 @@ actions:
code: sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.captive.control.plist Active -bool false
revertCode: sudo defaults delete /Library/Preferences/SystemConfiguration/com.apple.captive.control.plist Active
-
category: Use screen saver for protection
category: Enable protective screen saver
children:
-
name: Require a password to wake the computer from sleep or screen saver
name: Enable password requirement for waking from sleep or screen saver
# The screen saver acts as a session lock and prevents unauthorized users from accessing the current user's account.
docs: https://www.stigviewer.com/stig/apple_macos_11_big_sur/2020-11-27/finding/V-230744
code: sudo defaults write /Library/Preferences/com.apple.screensaver askForPassword -bool true
revertCode: sudo defaults delete /Library/Preferences/com.apple.screensaver askForPassword
-
name: Initiate session lock five seconds after screen saver is started
name: Enable session lock five seconds after screen saver initiation
docs: https://www.stigviewer.com/stig/apple_macos_11_big_sur/2020-11-27/finding/V-230745
# An unattended system with an excessive grace period is vulnerable to a malicious user.
code: sudo defaults write /Library/Preferences/com.apple.screensaver 'askForPasswordDelay' -int 5
@@ -866,29 +899,29 @@ actions:
- https://www.stigviewer.com/stig/apple_os_x_10.13/2018-10-01/finding/V-81615
children:
-
name: Disables signing in as Guest from the login screen
name: Disable guest sign-in from login screen
code: sudo defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool NO
revetCode: sudo defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool YES
revertCode: sudo defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool YES
-
name: Disables Guest access to file shares over AF
name: Disable guest access to file shares over AF
code: sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowGuestAccess -bool NO
revetCode: sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowGuestAccess -bool YES
revertCode: sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowGuestAccess -bool YES
-
name: Disables Guest access to file shares over SMB
name: Disable guest access to file shares over SMB
code: sudo defaults write /Library/Preferences/com.apple.AppleFileServer guestAccess -bool NO
revetCode: sudo defaults write /Library/Preferences/com.apple.AppleFileServer guestAccess -bool YES
revertCode: sudo defaults write /Library/Preferences/com.apple.AppleFileServer guestAccess -bool YES
-
category: Prevent unauthorized connections
category: Disable unauthorized connections
children:
-
name: Disable remote login (incoming SSH and SFTP connections)
name: Disable incoming SSH and SFTP remote logins
recommend: standard
docs: https://osxdaily.com/2016/08/16/enable-ssh-mac-command-line/
# Check if enabled: sudo systemsetup -getremotelogin, returns "Remote Login: On" or "Off"
code: echo 'yes' | sudo systemsetup -setremotelogin off
revertCode: sudo systemsetup -setremotelogin on
-
name: Disable insecure TFTP service
name: Disable the insecure TFTP service
recommend: standard
# If the system does not require Trivial File Transfer Protocol (TFTP), then support for
# it is non-essential and should be disabled. The information system should be configured to
@@ -921,13 +954,13 @@ actions:
- https://www.cups.org/doc/security.html # Security risks
children:
-
name: Disable sharing of local printers with other computers
name: Disable local printer sharing with other computers
recommend: standard
docs: https://www.cups.org/doc/man-cupsctl.html
code: cupsctl --no-share-printers
revertCode: cupsctl --share-printers
-
name: Disable printing from any address including the Internet
name: Disable printing from external addresses, including the internet
recommend: standard
docs: https://www.cups.org/doc/man-cupsctl.html
code: cupsctl --no-remote-any
@@ -952,7 +985,7 @@ actions:
category: Clean File Quarantine from downloaded files
children:
-
name: Clear File Quarantine logs of all downloaded files
name: Clear logs of all downloaded files from File Quarantine
recommend: strict
docs:
- https://www.macobserver.com/tips/how-to/your-mac-remembers-everything-you-download-heres-how-to-clear-download-history/
@@ -969,7 +1002,7 @@ actions:
if ls -lO "$db_file" | grep --silent 'schg'; then
sudo chflags noschg "$db_file"
echo "Found and removed system immutable flag"
has_sytem_immutable_flag=true
has_system_immutable_flag=true
fi
if ls -lO "$db_file" | grep --silent 'uchg'; then
sudo chflags nouchg "$db_file"
@@ -978,7 +1011,7 @@ actions:
fi
sqlite3 "$db_file" "$db_query"
echo "Executed the query \"$db_query\""
if [ "$has_sytem_immutable_flag" = true ] ; then
if [ "$has_system_immutable_flag" = true ] ; then
sudo chflags schg "$db_file"
echo "Added system immutable flag back"
fi
@@ -1012,10 +1045,10 @@ actions:
' \
{} \;
-
category: Disable File Quarantine from tracking downloaded files
category: Disable macOS File Quarantine tracking for downloaded files
children:
-
name: Prevent quarantine from logging downloaded files
name: Disable downloaded file logging in quarantine
docs:
- https://eclecticlight.co/2019/04/25/%F0%9F%8E%97-quarantine-apps/
- https://eclecticlight.co/2017/12/11/xattr-com-apple-quarantine-the-quarantine-flag/
@@ -1038,7 +1071,7 @@ actions:
>&2 echo "Cannot revert immutability, file does not exist at\"$file_to_lock\""
fi
-
name: Disable using extended quarantine attribute on downloaded files (disables warning)
name: Disable extended quarantine attribute for downloaded files (disables warning)
# Disables dialogs shown when opening an application for the first time
# i.e. "Application Downloaded from Internet" quarantine warning.
docs:
@@ -1054,7 +1087,7 @@ actions:
# Can protect against unknown threats.
children:
-
name: Prevent Gatekeeper from automatically reactivating itself
name: Disable Gatekeeper's automatic reactivation
docs:
- https://osxdaily.com/2015/11/05/stop-gatekeeper-auto-rearm-mac-os-x/
- https://www.cnet.com/tech/computing/how-to-disable-gatekeeper-permanently-on-os-x/
@@ -1071,8 +1104,8 @@ actions:
code: |-
os_major_ver=$(sw_vers -productVersion | awk -F "." '{print $1}')
os_minor_ver=$(sw_vers -productVersion | awk -F "." '{print $2}')
if [[ $os_major_ver -le 10 \
|| ( $os_major_ver -eq 10 && $os_minor_ver -lt 7 ) \
if [[ $os_major_ver -le 10 \
|| ( $os_major_ver -eq 10 && $os_minor_ver -lt 7 ) \
]]; then
echo "No action needed, Gatekeeper is not available this OS version"
else
@@ -1090,8 +1123,8 @@ actions:
revertCode: |-
os_major_ver=$(sw_vers -productVersion | awk -F "." '{print $1}')
os_minor_ver=$(sw_vers -productVersion | awk -F "." '{print $2}')
if [[ $os_major_ver -le 10 \
|| ( $os_major_ver -eq 10 && $os_minor_ver -lt 7 ) \
if [[ $os_major_ver -le 10 \
|| ( $os_major_ver -eq 10 && $os_minor_ver -lt 7 ) \
]]; then
>&2 echo "Gatekeeper is not available in this OS version"
else
@@ -1107,7 +1140,7 @@ actions:
fi
fi
-
name: Disable Library Validation Entitlement (checks signature of libraries)
name: Disable library validation entitlement (library signature validation)
docs:
- https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_disable-library-validation
- https://www.macenhance.com/docs/general/sip-library-validation.html
@@ -1121,25 +1154,25 @@ actions:
- https://macadminsdoc.readthedocs.io/en/master/Profiles-and-Settings/OS-X-Updates.html
children:
-
name: Disable automatically checking for updates
name: Disable automatic checks for updates
docs: https://developer.apple.com/documentation/devicemanagement/softwareupdate
code: |-
# For OS X Yosemite and later (>= 10.10)
# For OS X Yosemite and newer (>= 10.10)
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'AutomaticCheckEnabled' -bool false
revertCode: |-
# For OS X Yosemite and later (>= 10.10)
# For OS X Yosemite and newer (>= 10.10)
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'AutomaticCheckEnabled' -bool true
-
name: Disable automatically downloading new updates when available
name: Disable automatic downloads for updates
docs: https://developer.apple.com/documentation/devicemanagement/softwareupdate
code: |-
# For OS X Yosemite and later (>= 10.10)
# For OS X Yosemite and newer (>= 10.10)
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'AutomaticDownload' -bool false
revertCode: |-
# For OS X Yosemite and later (>= 10.10)
# For OS X Yosemite and newer (>= 10.10)
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'AutomaticDownload' -bool true
-
name: Disable automatically installing macOS updates
name: Disable automatic installation of macOS updates
docs:
# References for AutoUpdateRestartRequired
- https://kb.vmware.com/s/article/2960635
@@ -1149,48 +1182,48 @@ actions:
code: |-
# For OS X Yosemite through macOS High Sierra (>= 10.10 && < 10.14)
sudo defaults write /Library/Preferences/com.apple.commerce 'AutoUpdateRestartRequired' -bool false
# For Mojave and later (>= 10.14)
# For Mojave and newer (>= 10.14)
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'AutomaticallyInstallMacOSUpdates' -bool false
revertCode: |-
# For OS X Yosemite through macOS High Sierra (>= 10.10 && < 10.14)
sudo defaults write /Library/Preferences/com.apple.commerce 'AutoUpdateRestartRequired' -bool true
# For Mojave and later (>= 10.14)
# For Mojave and newer (>= 10.14)
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'AutomaticallyInstallMacOSUpdates' -bool true
-
name: Disable automatically updating app from the App Store
name: Disable automatic app updates from the App Store
docs:
- https://kb.vmware.com/s/article/2960635
- https://derflounder.wordpress.com/2018/12/28/enabling-automatic-macos-software-updates-for-os-x-yosemite-through-macos-mojave/
code: |-
# For OS X Yosemite and later (>= 10.10)
# For OS X Yosemite and newer (>= 10.10)
sudo defaults write /Library/Preferences/com.apple.commerce 'AutoUpdate' -bool false
# For Mojave and later (>= 10.14)
# For Mojave and newer (>= 10.14)
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'AutomaticallyInstallAppUpdates' -bool false
revertCode: |-
# For OS X Yosemite and later
# For OS X Yosemite and newer
sudo defaults write /Library/Preferences/com.apple.commerce 'AutoUpdate' -bool true
# For Mojave and later (>= 10.14)
# For Mojave and newer (>= 10.14)
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'AutomaticallyInstallAppUpdates' -bool true
-
name: Disable installation of macOS beta releases
name: Disable macOS beta release installation
docs: https://support.apple.com/en-gb/HT203018
code: |-
# For OS X Yosemite and later (>= 10.10)
# For OS X Yosemite and newer (>= 10.10)
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'AllowPreReleaseInstallation' -bool false
revertCode: |-
# For OS X Yosemite and later (>= 10.10)
# For OS X Yosemite and newer (>= 10.10)
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'AllowPreReleaseInstallation' -bool true
-
name: Disable automatically installing configuration data (e.g. XProtect, Gatekeeper, MRT)
name: Disable automatic installation for configuration data (e.g. XProtect, Gatekeeper, MRT)
docs: https://derflounder.wordpress.com/2018/12/28/enabling-automatic-macos-software-updates-for-os-x-yosemite-through-macos-mojave/
code: |-
# For OS X Yosemite and later (>= 10.10)
# For OS X Yosemite and newer (>= 10.10)
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'ConfigDataInstall' -bool false
revertCode: |-
# For OS X Yosemite and later (>= 10.10)
# For OS X Yosemite and newer (>= 10.10)
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'ConfigDataInstall' -bool true
-
name: Disable automatically installing system data files and security updates
name: Disable automatic installation for system data files and security updates
docs:
# References for CriticalUpdateInstall
- https://derflounder.wordpress.com/2014/12/24/managing-os-xs-automatic-security-updates/
@@ -1198,10 +1231,10 @@ actions:
# References for softwareupdate --background-critical
- https://managingosx.wordpress.com/2013/04/30/undocumented-options/
code: |-
# For OS X Yosemite and later (>= 10.10)
# For OS X Yosemite and newer (>= 10.10)
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'CriticalUpdateInstall' -bool false
revertCode: |-
# For OS X Yosemite and later (>= 10.10)
# For OS X Yosemite and newer (>= 10.10)
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate 'CriticalUpdateInstall' -bool true
# Trigger background check with normal scan (critical updates only)
sudo softwareupdate --background-critical

1732
src/application/collections/windows.yaml
View File

File diff suppressed because it is too large Load Diff