Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

 

Apply Security Updates 

  1. Verify software update is set:
  2. Click Apple Menu
  3. Click System Preferences
  4. Select Software Updates
  5. Select Check for Updates and set the interval to Weekly or Daily
  6. There is no automatic installation; you must OK the installation of updates.

Note: If you have Microsoft Office installed, launch /Applications/Microsoft AutoUpdate.app, click Automatically if that is acceptable for your system, and set the interval to Weekly or Daily.

Enable and Configure Event Logging 

By default, OS X "should" be enabled for logging.  To enable logging:

For OS X:

  1. You must temporarily log in as an administrator or your current account must have sudo access
  2. In spotlight (upper right-hand corner), search for terminal and select it
  3. Type sudo launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist
  4. Enter administrative credentials
  5. If the system was already enabled for logging, you should receive the notification Already loaded in the terminal window

Note:  the log files are rotated often by time of day, days indicated, and/or exceeding the maximum file size. 

For advanced or custom log retention schedules:

  1. You must temporarily log in as an administrator or your current account must have sudo access
  2. In spotlight (upper right-hand corner), search for terminal and select it
  3. type cd /etc
  4. type sudo vi newsyslog.conf

A list of various log files with their retention schedule are displayed.  Notice the count and size options available to change.  You have the option to increase these amounts if desired.

Example:  To change the count (amount of back up logs) for the system.log file.  Continuing in the terminal window with the newsyslog.conf file open for editing:

  1. manually (using down arrow key) navigate to the system.log file
  2. navigate using the arrow key to the current count number (e.g. 7)
  3. verify the number is highlighted and press x to delete the current the number
  4. type i for the insert command and enter the new count number
  5. press the ESC key, followed by :wq! and press enter.  This will save your entry.

A system restart will make the permanent changes.

Enable Firewall 

For Mac OS X 10.7 - 10.9  and 10.6 (Snow Leopard):

  1. Click Apple menu
  2. Click System Preferences
  3. Click Security & Privacy (10.7) or Security (10.6)
  4. Click Firewall

Note: If the orange padlock icon in the lower left side of the window is closed, click it, and then authenticate with your Mac's administrator username and password.

  1. Click Turn On Firewall (10.7 and later) or Start (10.6) to enable the firewall
  2. To configure the firewall, click Firewall Options... (10.7 and later) or Advanced (10.6)
    1. In the options presented, select a suitable option

Operate with a standard OS X account 

Create a new administrative user account

  1. Open System Preferences via the Dock or Apple Menu
  2. Go to Users & Groups
  3. Click on the "+" to add a new account
    1. If the security lock is closed (lower left corner), click it and authenticate
  4. Enter an account name and password, and click on Create User
  5. Select the recently created User Account & Check Allow user to administer the computer

Demote the original user account to a standard user

  1. Select the current primary account listed under My Account or Current User
  2. Uncheck Allow user to administer the computer*
  3. Restart the computer for changes to take effect
  4. Login with the primary, standard user account

Password Complexity 

Secure unattended computers 

  1. Click Apple Menu
  2. Click System Preferences
  3. Selct Energy Saver
  4. Configure the time to place the system in sleep mode.
  5. Set a password to regain access to the system upon recovery:
    • Click on Apple Menu
    • Click System Preferences
    • Click Security & Privacy

Check Require password for sleep and screen saver (immediately).

  • No labels