#!/usr/bin/env bash # https://privacy.sexy โ€” v0.11.4 โ€” Sat, 25 Mar 2023 13:03:09 GMT if [ "$EUID" -ne 0 ]; then script_path=$([[ "$0" = /* ]] && echo "$0" || echo "$PWD/${0#./}") sudo "$script_path" || ( echo 'Administrator privileges are required.' exit 1 ) exit 0 fi # ---------------------------------------------------------- # --------------Clear system application logs--------------- # ---------------------------------------------------------- echo '--- Clear system application logs' sudo rm -rfv /Library/Logs/* # ---------------------------------------------------------- # ---------------------------------------------------------- # ---------------------Clear Mail logs---------------------- # ---------------------------------------------------------- echo '--- Clear Mail logs' rm -rfv ~/Library/Containers/com.apple.mail/Data/Library/Logs/Mail/* # ---------------------------------------------------------- # Clear audit logs (login, logout, authentication and other user activity) echo '--- Clear audit logs (login, logout, authentication and other user activity)' sudo rm -rfv /var/audit/* sudo rm -rfv /private/var/audit/* # ---------------------------------------------------------- # ---------------------------------------------------------- # --------------Clear user logs (user reports)-------------- # ---------------------------------------------------------- echo '--- Clear user logs (user reports)' sudo rm -rfv ~/Library/Logs/* # ---------------------------------------------------------- # ---------------------------------------------------------- # ---------------------Clear daily logs--------------------- # ---------------------------------------------------------- echo '--- Clear daily logs' sudo rm -fv /System/Library/LaunchDaemons/com.apple.periodic-*.plist # ---------------------------------------------------------- # ---------------------------------------------------------- # ------Clear receipt logs for installed packages/apps------ # ---------------------------------------------------------- echo '--- Clear receipt logs for installed packages/apps' sudo rm -rfv /var/db/receipts/* sudo rm -vf /Library/Receipts/InstallHistory.plist # ---------------------------------------------------------- # ---------------------------------------------------------- # ------------------Clear diagnostics logs------------------ # ---------------------------------------------------------- echo '--- Clear diagnostics logs' sudo rm -rfv /private/var/db/diagnostics/* sudo rm -rfv /var/db/diagnostics/* # ---------------------------------------------------------- # ---------------------------------------------------------- # -------------Clear shared-cache strings data-------------- # ---------------------------------------------------------- echo '--- Clear shared-cache strings data' sudo rm -rfv /private/var/db/uuidtext/ sudo rm -rfv /var/db/uuidtext/ # ---------------------------------------------------------- # ---------------------------------------------------------- # --------------Clear Apple System Logs (ASL)--------------- # ---------------------------------------------------------- echo '--- Clear Apple System Logs (ASL)' sudo rm -rfv /private/var/log/asl/* sudo rm -rfv /var/log/asl/* sudo rm -fv /var/log/asl.log # Legacy ASL (10.4) sudo rm -fv /var/log/asl.db # ---------------------------------------------------------- # ---------------------------------------------------------- # --------------------Clear install logs-------------------- # ---------------------------------------------------------- echo '--- Clear install logs' sudo rm -fv /var/log/install.log # ---------------------------------------------------------- # ---------------------------------------------------------- # ------------------Clear all system logs------------------- # ---------------------------------------------------------- echo '--- Clear all system logs' sudo rm -rfv /var/log/* # ---------------------------------------------------------- # ---------------------------------------------------------- # --------------------Clear bash history-------------------- # ---------------------------------------------------------- echo '--- Clear bash history' rm -f ~/.bash_history # ---------------------------------------------------------- # ---------------------------------------------------------- # --------------------Clear zsh history--------------------- # ---------------------------------------------------------- echo '--- Clear zsh history' rm -f ~/.zsh_history # ---------------------------------------------------------- # ---------------------------------------------------------- # -----------Clear Google Chrome browsing history----------- # ---------------------------------------------------------- echo '--- Clear Google Chrome browsing history' rm -rfv ~/Library/Application\ Support/Google/Chrome/Default/History &>/dev/null rm -rfv ~/Library/Application\ Support/Google/Chrome/Default/History-journal &>/dev/null # ---------------------------------------------------------- # ---------------------------------------------------------- # ----------------Google Chrome Cache Files----------------- # ---------------------------------------------------------- echo '--- Google Chrome Cache Files' sudo rm -rfv ~/Library/Application\ Support/Google/Chrome/Default/Application\ Cache/* &>/dev/null # ---------------------------------------------------------- # ---------------------------------------------------------- # --------------Clear Safari browsing history--------------- # ---------------------------------------------------------- echo '--- Clear Safari browsing history' rm -f ~/Library/Safari/History.db rm -f ~/Library/Safari/History.db-lock rm -f ~/Library/Safari/History.db-shm rm -f ~/Library/Safari/History.db-wal # For older versions of Safari rm -f ~/Library/Safari/History.plist # URL, visit count, webpage title, last visited timestamp, redirected URL, autocomplete rm -f ~/Library/Safari/HistoryIndex.sk # History index # ---------------------------------------------------------- # ---------------------------------------------------------- # --------------Clear Safari downloads history-------------- # ---------------------------------------------------------- echo '--- Clear Safari downloads history' rm -f ~/Library/Safari/Downloads.plist # ---------------------------------------------------------- # ---------------------------------------------------------- # ------------------Clear Safari top sites------------------ # ---------------------------------------------------------- echo '--- Clear Safari top sites' rm -f ~/Library/Safari/TopSites.plist # ---------------------------------------------------------- # ---------------------------------------------------------- # ------Clear Safari last session (open tabs) history------- # ---------------------------------------------------------- echo '--- Clear Safari last session (open tabs) history' rm -f ~/Library/Safari/LastSession.plist # ---------------------------------------------------------- # ---------------------------------------------------------- # -------------Clear copy of the Safari history------------- # ---------------------------------------------------------- echo '--- Clear copy of the Safari history' rm -rfv ~/Library/Caches/Metadata/Safari/History # ---------------------------------------------------------- # ---------------------------------------------------------- # ---Clear search history embedded in Safari preferences---- # ---------------------------------------------------------- echo '--- Clear search history embedded in Safari preferences' defaults write ~/Library/Preferences/com.apple.Safari RecentSearchStrings '( )' # ---------------------------------------------------------- # ---------------------------------------------------------- # -------------------Clear Safari cookies------------------- # ---------------------------------------------------------- echo '--- Clear Safari cookies' rm -f ~/Library/Cookies/Cookies.binarycookies # Used before Safari 5.1 rm -f ~/Library/Cookies/Cookies.plist # ---------------------------------------------------------- # ---------------------------------------------------------- # -------Clear Safari zoom level preferences per site------- # ---------------------------------------------------------- echo '--- Clear Safari zoom level preferences per site' rm -f ~/Library/Safari/PerSiteZoomPreferences.plist # ---------------------------------------------------------- # Clear URLs that are allowed to display notifications in Safari echo '--- Clear URLs that are allowed to display notifications in Safari' rm -f ~/Library/Safari/UserNotificationPreferences.plist # ---------------------------------------------------------- # Clear Safari per-site preferences for Downloads, Geolocation, PopUps, and Autoplays echo '--- Clear Safari per-site preferences for Downloads, Geolocation, PopUps, and Autoplays' rm -f ~/Library/Safari/PerSitePreferences.db # ---------------------------------------------------------- # ---------------------------------------------------------- # ------Clear Safari cached blobs, URLs and timestamps------ # ---------------------------------------------------------- echo '--- Clear Safari cached blobs, URLs and timestamps' rm -f ~/Library/Caches/com.apple.Safari/Cache.db # ---------------------------------------------------------- # ---------------------------------------------------------- # -----Clear Safari web page icons displayed on URL bar----- # ---------------------------------------------------------- echo '--- Clear Safari web page icons displayed on URL bar' rm -f ~/Library/Safari/WebpageIcons.db # ---------------------------------------------------------- # ---------------------------------------------------------- # --------Clear Safari webpage previews (thumbnails)-------- # ---------------------------------------------------------- echo '--- Clear Safari webpage previews (thumbnails)' rm -rfv ~/Library/Caches/com.apple.Safari/Webpage\ Previews # ---------------------------------------------------------- # ---------------------------------------------------------- # -------------------Clear Firefox cache-------------------- # ---------------------------------------------------------- echo '--- Clear Firefox cache' sudo rm -rf ~/Library/Caches/Mozilla/ rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/netpredictions.sqlite # ---------------------------------------------------------- # ---------------------------------------------------------- # ---------------Delete Firefox form history---------------- # ---------------------------------------------------------- echo '--- Delete Firefox form history' rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/formhistory.sqlite rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/formhistory.dat # ---------------------------------------------------------- # ---------------------------------------------------------- # -------------Delete Firefox site preferences-------------- # ---------------------------------------------------------- echo '--- Delete Firefox site preferences' rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/content-prefs.sqlite # ---------------------------------------------------------- # Delete Firefox session restore data (loads after the browser closes or crashes) echo '--- Delete Firefox session restore data (loads after the browser closes or crashes)' rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/sessionCheckpoints.json rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/sessionstore*.js* rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/sessionstore.bak* rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/sessionstore-backups/previous.js* rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/sessionstore-backups/recovery.js* rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/sessionstore-backups/recovery.bak* rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/sessionstore-backups/previous.bak* rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/sessionstore-backups/upgrade.js*-20* # ---------------------------------------------------------- # ---------------------------------------------------------- # -----------------Delete Firefox passwords----------------- # ---------------------------------------------------------- echo '--- Delete Firefox passwords' rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/signons.txt rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/signons2.txt rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/signons3.txt rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/signons.sqlite rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/logins.json # ---------------------------------------------------------- # ---------------------------------------------------------- # ---------------Delete Firefox HTML5 cookies--------------- # ---------------------------------------------------------- echo '--- Delete Firefox HTML5 cookies' rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/webappsstore.sqlite # ---------------------------------------------------------- # ---------------------------------------------------------- # ---------------Delete Firefox crash reports--------------- # ---------------------------------------------------------- echo '--- Delete Firefox crash reports' rm -rfv ~/Library/Application\ Support/Firefox/Crash\ Reports/ rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/minidumps/*.dmp # ---------------------------------------------------------- # ---------------------------------------------------------- # ---------------Delete Firefox backup files---------------- # ---------------------------------------------------------- echo '--- Delete Firefox backup files' rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/bookmarkbackups/*.json rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/bookmarkbackups/*.jsonlz4 # ---------------------------------------------------------- # ---------------------------------------------------------- # ------------------Delete Firefox cookies------------------ # ---------------------------------------------------------- echo '--- Delete Firefox cookies' rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/cookies.txt rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/cookies.sqlite rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/cookies.sqlite-shm rm -fv ~/Library/Application\ Support/Firefox/Profiles/*/cookies.sqlite-wal rm -rfv ~/Library/Application\ Support/Firefox/Profiles/*/storage/default/http* # ---------------------------------------------------------- # ---------------------------------------------------------- # ---------------Clear CUPS printer job cache--------------- # ---------------------------------------------------------- echo '--- Clear CUPS printer job cache' sudo rm -rfv /var/spool/cups/c0* sudo rm -rfv /var/spool/cups/tmp/* sudo rm -rfv /var/spool/cups/cache/job.cache* # ---------------------------------------------------------- # ---------------------------------------------------------- # ----------------Disable Firefox telemetry----------------- # ---------------------------------------------------------- echo '--- Disable Firefox telemetry' # Enable Firefox policies so the telemetry can be configured. sudo defaults write /Library/Preferences/org.mozilla.firefox EnterprisePoliciesEnabled -bool TRUE # Disable sending usage data sudo defaults write /Library/Preferences/org.mozilla.firefox DisableTelemetry -bool TRUE # ---------------------------------------------------------- # ---------------------------------------------------------- # ----Disable Microsoft Office diagnostics data sending----- # ---------------------------------------------------------- echo '--- Disable Microsoft Office diagnostics data sending' defaults write com.microsoft.office DiagnosticDataTypePreference -string ZeroDiagnosticData # ---------------------------------------------------------- # ---------------------------------------------------------- # --------------Disable NET Core CLI telemetry-------------- # ---------------------------------------------------------- echo '--- Disable NET Core CLI telemetry' command='export DOTNET_CLI_TELEMETRY_OPTOUT=1' declare -a profile_files=("$HOME/.bash_profile" "$HOME/.zprofile") for profile_file in "${profile_files[@]}" do touch "$profile_file" if ! grep -q "$command" "${profile_file}"; then echo "$command" >> "$profile_file" echo "[$profile_file] Configured" else echo "[$profile_file] No need for any action, already configured" fi done # ---------------------------------------------------------- # ---------------------------------------------------------- # ---------Disable Homebrew user behavior analytics--------- # ---------------------------------------------------------- echo '--- Disable Homebrew user behavior analytics' command='export HOMEBREW_NO_ANALYTICS=1' declare -a profile_files=("$HOME/.bash_profile" "$HOME/.zprofile") for profile_file in "${profile_files[@]}" do touch "$profile_file" if ! grep -q "$command" "${profile_file}"; then echo "$command" >> "$profile_file" echo "[$profile_file] Configured" else echo "[$profile_file] No need for any action, already configured" fi done # ---------------------------------------------------------- # ---------------------------------------------------------- # ------------Disable PowerShell Core telemetry------------- # ---------------------------------------------------------- echo '--- Disable PowerShell Core telemetry' command='export POWERSHELL_TELEMETRY_OPTOUT=1' declare -a profile_files=("$HOME/.bash_profile" "$HOME/.zprofile") for profile_file in "${profile_files[@]}" do touch "$profile_file" if ! grep -q "$command" "${profile_file}"; then echo "$command" >> "$profile_file" echo "[$profile_file] Configured" else echo "[$profile_file] No need for any action, already configured" fi done # ---------------------------------------------------------- # ---------------------------------------------------------- # ------------Opt-out from Siri data collection------------- # ---------------------------------------------------------- echo '--- Opt-out from Siri data collection' defaults write com.apple.assistant.support 'Siri Data Sharing Opt-In Status' -int 2 # ---------------------------------------------------------- # ---------------------------------------------------------- # ---------Deactivate the Remote Management Service--------- # ---------------------------------------------------------- echo '--- Deactivate the Remote Management Service' sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop # ---------------------------------------------------------- # ---------------------------------------------------------- # -----------Remove Apple Remote Desktop Settings----------- # ---------------------------------------------------------- echo '--- Remove Apple Remote Desktop Settings' sudo rm -rf /var/db/RemoteManagement sudo defaults delete /Library/Preferences/com.apple.RemoteDesktop.plist defaults delete ~/Library/Preferences/com.apple.RemoteDesktop.plist sudo rm -r /Library/Application\ Support/Apple/Remote\ Desktop/ rm -r ~/Library/Application\ Support/Remote\ Desktop/ rm -r ~/Library/Containers/com.apple.RemoteDesktop # ---------------------------------------------------------- # ---------------------------------------------------------- # ---------Disable Internet based spell correction---------- # ---------------------------------------------------------- echo '--- Disable Internet based spell correction' defaults write NSGlobalDomain WebAutomaticSpellingCorrectionEnabled -bool false # ---------------------------------------------------------- # ---------------------------------------------------------- # ---------------Disable Remote Apple Events---------------- # ---------------------------------------------------------- echo '--- Disable Remote Apple Events' sudo systemsetup -setremoteappleevents off # ---------------------------------------------------------- # ---------------------------------------------------------- # ----Do not store documents to iCloud Drive by default----- # ---------------------------------------------------------- echo '--- Do not store documents to iCloud Drive by default' defaults write NSGlobalDomain NSDocumentSaveNewDocumentsToCloud -bool false # ---------------------------------------------------------- # ---------------------------------------------------------- # -------------Do not show recent items on dock------------- # ---------------------------------------------------------- echo '--- Do not show recent items on dock' defaults write com.apple.dock show-recents -bool false # ---------------------------------------------------------- # ---------------------------------------------------------- # ---------------Enable application firewall---------------- # ---------------------------------------------------------- echo '--- Enable application firewall' /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on sudo defaults write /Library/Preferences/com.apple.alf globalstate -bool true defaults write com.apple.security.firewall EnableFirewall -bool true # ---------------------------------------------------------- # ---------------------------------------------------------- # -----------------Turn on firewall logging----------------- # ---------------------------------------------------------- echo '--- Turn on firewall logging' /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode on sudo defaults write /Library/Preferences/com.apple.alf loggingenabled -bool true # ---------------------------------------------------------- # ---------------------------------------------------------- # -------------------Turn on stealth mode------------------- # ---------------------------------------------------------- echo '--- Turn on stealth mode' /usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on sudo defaults write /Library/Preferences/com.apple.alf stealthenabled -bool true defaults write com.apple.security.firewall EnableStealthMode -bool true # ---------------------------------------------------------- # Require a password to wake the computer from sleep or screen saver echo '--- Require a password to wake the computer from sleep or screen saver' sudo defaults write /Library/Preferences/com.apple.screensaver askForPassword -bool true # ---------------------------------------------------------- # Initiate session lock five seconds after screen saver is started echo '--- Initiate session lock five seconds after screen saver is started' sudo defaults write /Library/Preferences/com.apple.screensaver 'askForPasswordDelay' -int 5 # ---------------------------------------------------------- # ---------------------------------------------------------- # ----Disables signing in as Guest from the login screen---- # ---------------------------------------------------------- echo '--- Disables signing in as Guest from the login screen' sudo defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool NO # ---------------------------------------------------------- # ---------------------------------------------------------- # -------Disables Guest access to file shares over AF------- # ---------------------------------------------------------- echo '--- Disables Guest access to file shares over AF' sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowGuestAccess -bool NO # ---------------------------------------------------------- # ---------------------------------------------------------- # ------Disables Guest access to file shares over SMB------- # ---------------------------------------------------------- echo '--- Disables Guest access to file shares over SMB' sudo defaults write /Library/Preferences/com.apple.AppleFileServer guestAccess -bool NO # ---------------------------------------------------------- # ---------------------------------------------------------- # -Disable remote login (incoming SSH and SFTP connections)- # ---------------------------------------------------------- echo '--- Disable remote login (incoming SSH and SFTP connections)' echo 'yes' | sudo systemsetup -setremotelogin off # ---------------------------------------------------------- # ---------------------------------------------------------- # ----------Disable Bonjour multicast advertising----------- # ---------------------------------------------------------- echo '--- Disable Bonjour multicast advertising' sudo defaults write /Library/Preferences/com.apple.mDNSResponder.plist NoMulticastAdvertisements -bool true # ---------------------------------------------------------- # ---------------------------------------------------------- # -------------Disable insecure telnet protocol------------- # ---------------------------------------------------------- echo '--- Disable insecure telnet protocol' sudo launchctl disable system/com.apple.telnetd # ---------------------------------------------------------- # ---------------------------------------------------------- # --------------Disable insecure TFTP service--------------- # ---------------------------------------------------------- echo '--- Disable insecure TFTP service' sudo launchctl disable 'system/com.apple.tftpd' # ---------------------------------------------------------- # ---------------------------------------------------------- # ----Clear File Quarantine logs of all downloaded files---- # ---------------------------------------------------------- echo '--- Clear File Quarantine logs of all downloaded files' db_file=~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 db_query='delete from LSQuarantineEvent' if [ -f "$db_file" ]; then echo "Database exists at \"$db_file\"" if ls -lO "$db_file" | grep --silent 'schg'; then sudo chflags noschg "$db_file" echo "Found and removed system immutable flag" has_sytem_immutable_flag=true fi if ls -lO "$db_file" | grep --silent 'uchg'; then sudo chflags nouchg "$db_file" echo "Found and removed user immutable flag" has_user_immutable_flag=true fi sqlite3 "$db_file" "$db_query" echo "Executed the query \"$db_query\"" if [ "$has_sytem_immutable_flag" = true ] ; then sudo chflags schg "$db_file" echo "Added system immutable flag back" fi if [ "$has_user_immutable_flag" = true ] ; then sudo chflags uchg "$db_file" echo "Added user immutable flag back" fi else echo "No action needed, database does not exist at \"$db_file\"" fi # ---------------------------------------------------------- # ---------------------------------------------------------- # --Clear File Quarantine attribute from downloaded files--- # ---------------------------------------------------------- echo '--- Clear File Quarantine attribute from downloaded files' find ~/Downloads \ -type f \ -exec \ sh -c \ ' attr="com.apple.quarantine" file="{}" if [[ $(xattr "$file") = *$attr* ]]; then if xattr -d "$attr" "$file" 2>/dev/null; then echo "๐Ÿงน Cleaned attribute from \"$file\"" else >&2 echo "โŒ Failed to clean attribute from \"$file\"" fi else echo "No attribute in \"$file\"" fi ' \ {} \; # ---------------------------------------------------------- # ---------------------------------------------------------- # -----Prevent quarantine from logging downloaded files----- # ---------------------------------------------------------- echo '--- Prevent quarantine from logging downloaded files' file_to_lock=~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 if [ -f "$file_to_lock" ]; then sudo chflags schg "$file_to_lock" echo "Made file immutable at \"$file_to_lock\"" else echo "No action is needed, file does not exist at \"$file_to_lock\"" fi # ---------------------------------------------------------- # Disable using extended quarantine attribute on downloaded files (disables warning) echo '--- Disable using extended quarantine attribute on downloaded files (disables warning)' sudo defaults write com.apple.LaunchServices 'LSQuarantine' -bool NO # ---------------------------------------------------------- # Disable Library Validation Entitlement (checks signature of libraries) echo '--- Disable Library Validation Entitlement (checks signature of libraries)' sudo defaults write /Library/Preferences/com.apple.security.libraryvalidation.plist 'DisableLibraryValidation' -bool true # ---------------------------------------------------------- echo 'Your privacy and security is now hardened ๐ŸŽ‰๐Ÿ’ช' echo 'Press any key to exit.' read -n 1 -s