Add files via upload
This commit is contained in:
parent
94bffd947f
commit
70ff677572
3 changed files with 7708 additions and 0 deletions
1735
privacy-script-linux.sh
Normal file
1735
privacy-script-linux.sh
Normal file
File diff suppressed because it is too large
Load diff
577
privacy-script-mac.sh
Normal file
577
privacy-script-mac.sh
Normal file
|
@ -0,0 +1,577 @@
|
|||
#!/usr/bin/env bash
|
||||
# https://privacy.sexy — v0.13.4 — Thu, 30 May 2024 18:37:58 GMT
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
script_path=$([[ "$0" = /* ]] && echo "$0" || echo "$PWD/${0#./}")
|
||||
sudo "$script_path" || (
|
||||
echo 'Administrator privileges are required.'
|
||||
exit 1
|
||||
)
|
||||
exit 0
|
||||
fi
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# -------------Clear iOS app copies from iTunes-------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear iOS app copies from iTunes'
|
||||
rm -rfv ~/Music/iTunes/iTunes\ Media/Mobile\ Applications/* &>/dev/null
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ------------------Clear iOS photo cache-------------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear iOS photo cache'
|
||||
rm -rf ~/Pictures/iPhoto\ Library/iPod\ Photo\ Cache/*
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# -----------------Clear iOS Device Backups-----------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear iOS Device Backups'
|
||||
rm -rfv ~/Library/Application\ Support/MobileSync/Backup/* &>/dev/null
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# -------------------Clear iOS simulators-------------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear iOS simulators'
|
||||
if type "xcrun" &>/dev/null; then
|
||||
osascript -e 'tell application "com.apple.CoreSimulator.CoreSimulatorService" to quit'
|
||||
osascript -e 'tell application "iOS Simulator" to quit'
|
||||
osascript -e 'tell application "Simulator" to quit'
|
||||
xcrun simctl shutdown all
|
||||
xcrun simctl erase all
|
||||
fi
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# -----------Clear list of connected iOS devices------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear list of connected iOS devices'
|
||||
sudo defaults delete /Users/$USER/Library/Preferences/com.apple.iPod.plist "conn:128:Last Connect"
|
||||
sudo defaults delete /Users/$USER/Library/Preferences/com.apple.iPod.plist Devices
|
||||
sudo defaults delete /Library/Preferences/com.apple.iPod.plist "conn:128:Last Connect"
|
||||
sudo defaults delete /Library/Preferences/com.apple.iPod.plist Devices
|
||||
sudo rm -rfv /var/db/lockdown/*
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# --------------------Clear bash history--------------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear bash history'
|
||||
rm -f ~/.bash_history
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# --------------------Clear zsh history---------------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear zsh history'
|
||||
rm -f ~/.zsh_history
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ------------------Clear diagnostics logs------------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear diagnostics logs'
|
||||
sudo rm -rfv /private/var/db/diagnostics/*
|
||||
sudo rm -rfv /var/db/diagnostics/*
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# -------------Clear shared cache strings data--------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear shared cache strings data'
|
||||
sudo rm -rfv /private/var/db/uuidtext/
|
||||
sudo rm -rfv /var/db/uuidtext/
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# --------------Clear Apple System Logs (ASL)---------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear Apple System Logs (ASL)'
|
||||
sudo rm -rfv /private/var/log/asl/*
|
||||
sudo rm -rfv /var/log/asl/*
|
||||
sudo rm -fv /var/log/asl.log # Legacy ASL (10.4)
|
||||
sudo rm -fv /var/log/asl.db
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# --------------------Clear install logs--------------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear install logs'
|
||||
sudo rm -fv /var/log/install.log
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ------Clear all system logs in `/var/log/` directory------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear all system logs in `/var/log/` directory'
|
||||
sudo rm -rfv /var/log/*
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# --------------Clear system application logs---------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear system application logs'
|
||||
sudo rm -rfv /Library/Logs/*
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ---------------------Clear Mail logs----------------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear Mail logs'
|
||||
rm -rfv ~/Library/Containers/com.apple.mail/Data/Library/Logs/Mail/*
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# Clear user activity audit logs (login, logout, authentication, etc.)
|
||||
echo '--- Clear user activity audit logs (login, logout, authentication, etc.)'
|
||||
sudo rm -rfv /var/audit/*
|
||||
sudo rm -rfv /private/var/audit/*
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ------------------Clear user report logs------------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear user report logs'
|
||||
sudo rm -rfv ~/Library/Logs/*
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ---------------------Clear daily logs---------------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear daily logs'
|
||||
sudo rm -fv /System/Library/LaunchDaemons/com.apple.periodic-*.plist
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ------Clear receipt logs for installed packages/apps------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear receipt logs for installed packages/apps'
|
||||
sudo rm -rfv /var/db/receipts/*
|
||||
sudo rm -vf /Library/Receipts/InstallHistory.plist
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ---------------Clear CUPS printer job cache---------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear CUPS printer job cache'
|
||||
sudo rm -rfv /var/spool/cups/c0*
|
||||
sudo rm -rfv /var/spool/cups/tmp/*
|
||||
sudo rm -rfv /var/spool/cups/cache/job.cache*
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ---------------------Clear DNS cache----------------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear DNS cache'
|
||||
sudo dscacheutil -flushcache
|
||||
sudo killall -HUP mDNSResponder
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ----------------Disable Firefox telemetry-----------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable Firefox telemetry'
|
||||
# Enable Firefox policies so the telemetry can be configured.
|
||||
sudo defaults write /Library/Preferences/org.mozilla.firefox EnterprisePoliciesEnabled -bool TRUE
|
||||
# Disable sending usage data
|
||||
sudo defaults write /Library/Preferences/org.mozilla.firefox DisableTelemetry -bool TRUE
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ------------Disable Microsoft Office telemetry------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable Microsoft Office telemetry'
|
||||
defaults write com.microsoft.office DiagnosticDataTypePreference -string ZeroDiagnosticData
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# --------------Disable NET Core CLI telemetry--------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable NET Core CLI telemetry'
|
||||
command='export DOTNET_CLI_TELEMETRY_OPTOUT=1'
|
||||
declare -a profile_files=("$HOME/.bash_profile" "$HOME/.zprofile")
|
||||
for profile_file in "${profile_files[@]}"
|
||||
do
|
||||
touch "$profile_file"
|
||||
if ! grep -q "$command" "${profile_file}"; then
|
||||
echo "$command" >> "$profile_file"
|
||||
echo "[$profile_file] Configured"
|
||||
else
|
||||
echo "[$profile_file] No need for any action, already configured"
|
||||
fi
|
||||
done
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ---------Disable Homebrew user behavior analytics---------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable Homebrew user behavior analytics'
|
||||
command='export HOMEBREW_NO_ANALYTICS=1'
|
||||
declare -a profile_files=("$HOME/.bash_profile" "$HOME/.zprofile")
|
||||
for profile_file in "${profile_files[@]}"
|
||||
do
|
||||
touch "$profile_file"
|
||||
if ! grep -q "$command" "${profile_file}"; then
|
||||
echo "$command" >> "$profile_file"
|
||||
echo "[$profile_file] Configured"
|
||||
else
|
||||
echo "[$profile_file] No need for any action, already configured"
|
||||
fi
|
||||
done
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ----------Remove Google Software Update service-----------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Remove Google Software Update service'
|
||||
googleUpdateFile=~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/ksinstall
|
||||
if [ -f "$googleUpdateFile" ]; then
|
||||
$googleUpdateFile --nuke
|
||||
echo 'Uninstalled Google update'
|
||||
else
|
||||
echo 'Google update file does not exist'
|
||||
fi
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ------------Disable PowerShell Core telemetry-------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable PowerShell Core telemetry'
|
||||
command='export POWERSHELL_TELEMETRY_OPTOUT=1'
|
||||
declare -a profile_files=("$HOME/.bash_profile" "$HOME/.zprofile")
|
||||
for profile_file in "${profile_files[@]}"
|
||||
do
|
||||
touch "$profile_file"
|
||||
if ! grep -q "$command" "${profile_file}"; then
|
||||
echo "$command" >> "$profile_file"
|
||||
echo "[$profile_file] Configured"
|
||||
else
|
||||
echo "[$profile_file] No need for any action, already configured"
|
||||
fi
|
||||
done
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# Disable automatic downloads for Parallels Desktop updates-
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable automatic downloads for Parallels Desktop updates'
|
||||
defaults write 'com.parallels.Parallels Desktop' 'Application preferences.Download updates automatically' -bool no
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# --Disable automatic checks for Parallels Desktop updates--
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable automatic checks for Parallels Desktop updates'
|
||||
defaults write 'com.parallels.Parallels Desktop' 'Application preferences.Check for updates' -int 0
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ---------Disable Parallels Desktop advertisements---------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable Parallels Desktop advertisements'
|
||||
defaults write 'com.parallels.Parallels Desktop' 'ProductPromo.ForcePromoOff' -bool yes
|
||||
defaults write 'com.parallels.Parallels Desktop' 'WelcomeScreenPromo.PromoOff' -bool yes
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# --------------------Disable "Ask Siri"--------------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable "Ask Siri"'
|
||||
defaults write com.apple.assistant.support 'Assistant Enabled' -bool false
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ---------------Disable Siri voice feedback----------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable Siri voice feedback'
|
||||
defaults write com.apple.assistant.backedup 'Use device speaker for TTS' -int 3
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# -------Disable Siri services (Siri and assistantd)--------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable Siri services (Siri and assistantd)'
|
||||
launchctl disable "user/$UID/com.apple.assistantd"
|
||||
launchctl disable "gui/$UID/com.apple.assistantd"
|
||||
sudo launchctl disable 'system/com.apple.assistantd'
|
||||
launchctl disable "user/$UID/com.apple.Siri.agent"
|
||||
launchctl disable "gui/$UID/com.apple.Siri.agent"
|
||||
sudo launchctl disable 'system/com.apple.Siri.agent'
|
||||
if [ $(/usr/bin/csrutil status | awk '/status/ {print $5}' | sed 's/\.$//') = "enabled" ]; then
|
||||
>&2 echo 'This script requires SIP to be disabled. Read more: https://developer.apple.com/documentation/security/disabling_and_enabling_system_integrity_protection'
|
||||
fi
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# -------Disable "Do you want to enable Siri?" pop-up-------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable "Do you want to enable Siri?" pop-up'
|
||||
defaults write com.apple.SetupAssistant 'DidSeeSiriSetup' -bool True
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ----------------Remove Siri from menu bar-----------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Remove Siri from menu bar'
|
||||
defaults write com.apple.systemuiserver 'NSStatusItem Visible Siri' 0
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ---------------Remove Siri from status menu---------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Remove Siri from status menu'
|
||||
defaults write com.apple.Siri 'StatusMenuVisible' -bool false
|
||||
defaults write com.apple.Siri 'UserHasDeclinedEnable' -bool true
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ------Disable participation in Siri data collection-------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable participation in Siri data collection'
|
||||
defaults write com.apple.assistant.support 'Siri Data Sharing Opt-In Status' -int 2
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ------------Disable remote management service-------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable remote management service'
|
||||
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# -----------Remove Apple Remote Desktop Settings-----------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Remove Apple Remote Desktop Settings'
|
||||
sudo rm -rf /var/db/RemoteManagement
|
||||
sudo defaults delete /Library/Preferences/com.apple.RemoteDesktop.plist
|
||||
defaults delete ~/Library/Preferences/com.apple.RemoteDesktop.plist
|
||||
sudo rm -rf /Library/Application\ Support/Apple/Remote\ Desktop/
|
||||
rm -r ~/Library/Application\ Support/Remote\ Desktop/
|
||||
rm -r ~/Library/Containers/com.apple.RemoteDesktop
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# -------------Disable online spell correction--------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable online spell correction'
|
||||
defaults write NSGlobalDomain WebAutomaticSpellingCorrectionEnabled -bool false
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ---------------Disable remote Apple events----------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable remote Apple events'
|
||||
sudo systemsetup -setremoteappleevents off
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# --Disable automatic incoming connections for signed apps--
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable automatic incoming connections for signed apps'
|
||||
sudo defaults write /Library/Preferences/com.apple.alf allowsignedenabled -bool false
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# Disable automatic incoming connections for downloaded signed apps
|
||||
echo '--- Disable automatic incoming connections for downloaded signed apps'
|
||||
sudo defaults write /Library/Preferences/com.apple.alf allowdownloadsignedenabled -bool false
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ---------------Enable application firewall----------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Enable application firewall'
|
||||
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on
|
||||
sudo defaults write /Library/Preferences/com.apple.alf globalstate -bool true
|
||||
defaults write com.apple.security.firewall EnableFirewall -bool true
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# -----------------Enable firewall logging------------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Enable firewall logging'
|
||||
/usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode on
|
||||
sudo defaults write /Library/Preferences/com.apple.alf loggingenabled -bool true
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# -------------------Enable stealth mode--------------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Enable stealth mode'
|
||||
/usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on
|
||||
sudo defaults write /Library/Preferences/com.apple.alf stealthenabled -bool true
|
||||
defaults write com.apple.security.firewall EnableStealthMode -bool true
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# Enable session lock five seconds after screen saver initiation
|
||||
echo '--- Enable session lock five seconds after screen saver initiation'
|
||||
sudo defaults write /Library/Preferences/com.apple.screensaver 'askForPasswordDelay' -int 5
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# -------Disable Gatekeeper's automatic reactivation--------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable Gatekeeper'\''s automatic reactivation'
|
||||
sudo defaults write /Library/Preferences/com.apple.security GKAutoRearm -bool true
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# --------------------Disable Gatekeeper--------------------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable Gatekeeper'
|
||||
os_major_ver=$(sw_vers -productVersion | awk -F "." '{print $1}')
|
||||
os_minor_ver=$(sw_vers -productVersion | awk -F "." '{print $2}')
|
||||
if [[ $os_major_ver -le 10 \
|
||||
|| ( $os_major_ver -eq 10 && $os_minor_ver -lt 7 ) \
|
||||
]]; then
|
||||
echo "No action needed, Gatekeeper is not available this OS version"
|
||||
else
|
||||
gatekeeper_status="$(spctl --status | awk '/assessments/ {print $2}')"
|
||||
if [ $gatekeeper_status = "disabled" ]; then
|
||||
echo "No action needed, Gatekeeper is already disabled"
|
||||
elif [ $gatekeeper_status = "enabled" ]; then
|
||||
sudo spctl --master-disable
|
||||
sudo defaults write '/var/db/SystemPolicy-prefs' 'enabled' -string 'no'
|
||||
echo "Disabled Gatekeeper"
|
||||
else
|
||||
>&2 echo "Unknown gatekeeper status: $gatekeeper_status"
|
||||
fi
|
||||
fi
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# -Clear logs of all downloaded files from File Quarantine--
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear logs of all downloaded files from File Quarantine'
|
||||
db_file=~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2
|
||||
db_query='delete from LSQuarantineEvent'
|
||||
if [ -f "$db_file" ]; then
|
||||
echo "Database exists at \"$db_file\""
|
||||
if ls -lO "$db_file" | grep --silent 'schg'; then
|
||||
sudo chflags noschg "$db_file"
|
||||
echo "Found and removed system immutable flag"
|
||||
has_system_immutable_flag=true
|
||||
fi
|
||||
if ls -lO "$db_file" | grep --silent 'uchg'; then
|
||||
sudo chflags nouchg "$db_file"
|
||||
echo "Found and removed user immutable flag"
|
||||
has_user_immutable_flag=true
|
||||
fi
|
||||
sqlite3 "$db_file" "$db_query"
|
||||
echo "Executed the query \"$db_query\""
|
||||
if [ "$has_system_immutable_flag" = true ] ; then
|
||||
sudo chflags schg "$db_file"
|
||||
echo "Added system immutable flag back"
|
||||
fi
|
||||
if [ "$has_user_immutable_flag" = true ] ; then
|
||||
sudo chflags uchg "$db_file"
|
||||
echo "Added user immutable flag back"
|
||||
fi
|
||||
else
|
||||
echo "No action needed, database does not exist at \"$db_file\""
|
||||
fi
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# --Clear File Quarantine attribute from downloaded files---
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Clear File Quarantine attribute from downloaded files'
|
||||
find ~/Downloads \
|
||||
-type f \
|
||||
-exec \
|
||||
sh -c \
|
||||
'
|
||||
attr="com.apple.quarantine"
|
||||
file="{}"
|
||||
if [[ $(xattr "$file") = *$attr* ]]; then
|
||||
if xattr -d "$attr" "$file" 2>/dev/null; then
|
||||
echo "🧹 Cleaned attribute from \"$file\""
|
||||
else
|
||||
>&2 echo "❌ Failed to clean attribute from \"$file\""
|
||||
fi
|
||||
else
|
||||
echo "No attribute in \"$file\""
|
||||
fi
|
||||
' \
|
||||
{} \;
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# ----------------------------------------------------------
|
||||
# ------Disable downloaded file logging in quarantine-------
|
||||
# ----------------------------------------------------------
|
||||
echo '--- Disable downloaded file logging in quarantine'
|
||||
file_to_lock=~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2
|
||||
if [ -f "$file_to_lock" ]; then
|
||||
sudo chflags schg "$file_to_lock"
|
||||
echo "Made file immutable at \"$file_to_lock\""
|
||||
else
|
||||
echo "No action is needed, file does not exist at \"$file_to_lock\""
|
||||
fi
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# Disable extended quarantine attribute for downloaded files (disables warning)
|
||||
echo '--- Disable extended quarantine attribute for downloaded files (disables warning)'
|
||||
sudo defaults write com.apple.LaunchServices 'LSQuarantine' -bool NO
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
# Disable library validation entitlement (library signature validation)
|
||||
echo '--- Disable library validation entitlement (library signature validation)'
|
||||
sudo defaults write /Library/Preferences/com.apple.security.libraryvalidation.plist 'DisableLibraryValidation' -bool true
|
||||
# ----------------------------------------------------------
|
||||
|
||||
|
||||
echo 'Your privacy and security is now hardened 🎉💪'
|
||||
echo 'Press any key to exit.'
|
||||
read -n 1 -s
|
5396
privacy-script-win.bat
Normal file
5396
privacy-script-win.bat
Normal file
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue