Table of Contents
Originally written August 2020, updated December 2023
New stuff
I maintain this script here now:
https://github.com/yawnbox/macos_hardening/
Old stuff
To view disabled services, if any:
sudo launchctl print-disabled system
To disable UUCP, run the following command:
sudo launchctl disable system/com.apple.uucp
To disable Telnet, run the following command:
sudo launchctl disable system/com.apple.telnetd
To disable the Apple File (AFP) Sharing service, run the following command:
sudo launchctl disable system/com.apple.AppleFileServer
To disable FTP, run the following command:
sudo launchctl disable system/com.apple.ftpd
To disable RSH, run the following command:
sudo launchctl disable system/com.apple.rshd
To disable SMB, run the following command:
sudo launchctl disable system/com.apple.smbd
To disable tftp, run the following command:
sudo launchctl disable system/com.apple.tftpd
To disable the Bonjour service, run the following commands:
sudo launchctl disable system/com.apple.mDNSResponder
sudo launchctl disable system/com.apple.mDNSResponderHelper
To view disabled services again:
sudo launchctl print-disabled system
disabled services = {
"com.apple.AppleFileServer" => true
"com.apple.CSCSupportd" => true
"com.apple.uucp" => true
"com.apple.mDNSResponderHelper" => true
"com.apple.ftpd" => true
"com.apple.mdmclient.daemon.runatboot" => true
"com.apple.rshd" => true
"com.apple.smbd" => true
"com.apple.tftpd" => true
"com.apple.telnetd" => true
"com.apple.mDNSResponder" => true
}
Reboot and then rerun the above command to verify the services are still disabled.
View Networking Services
sudo /usr/sbin/networksetup -listallnetworkservices
To disable unwanted Networking Services:
sudo /usr/sbin/networksetup -setnetworkserviceenabled 'Bluetooth PAN' off
sudo /usr/sbin/networksetup -setnetworkserviceenabled 'USB ACM' off
sudo /usr/sbin/networksetup -setnetworkserviceenabled 'Thunderbolt Bridge' off
sudo /usr/sbin/networksetup -setnetworkserviceenabled 'Wi-Fi' off
yawnbox