Disable unwanted services to reduce attack vectors
This is one of my articles on Internet Security.
Free content on Cybersecurity Jobs | Register at Broadcast list
In a previous article I explained how to disable IPv6 on a Mac.
But how can we make this change permanent? What if you want to disable or enable other services? I don’t know why MacOS makes this so difficult. It seems too complicated to understand how to do this. Maybe I’m just not looking in the right places, but here’s how to do it.
First, you need to create a script and store it somewhere only you can run it if you want your profile to only run it when the machine loads or in a shared file if you want anyone can execute it. I want the latter so I put the file in a shared folder. I set the permissions accordingly.
Now you might think you can add this script to your login items in preferences if you know it, but no. You will get errors on startup stating that you are not authorized to run the script. Now I’ve created a small application and am running it on startup, but it seems so complicated for what I’m trying to run.
After creating the script, you need to create a plist in the /Library/LaunchDaemons/ folder.
By the way, while you are in this and other startup folders, look for anything suspicious that should not run at startup. Don’t delete the items, but move them in case they are really needed and you need to restore them. Be careful not to delete required items that cause your machine to malfunction.
Here are the steps to create a setup script that runs on startup if you want to do what I did.
- Create this file at the following path.
/Users/Shared/2sl-startup-config.sh
2. Run this command so everyone can run the file:
sudo chmod 755 2sl-startup-config.sh
3. Modify the script to do what it needs to do. For example :