How to harden your macOS systems with Lynis

Macs (and iPads/iPhones) are often found in enterprises as ‘Bring-your-own’ devices so managing them can be a nightmare. If you are in the fortunate position of being able to mandate some form of management, here’s a tool that can reduce your admin load…:

Regularly checking your macOS systems for properly configured systems, apps, and services with Lynis helps administrators harden devices by minimizing their attack surface.


Lynis is open-source software that runs on macOS and multiple Unix/Linux distributions from a small, lightweight utility that runs locally on each device. No agent or root permissions are necessary for the scan to complete, although there are a few tests that will require admin privileges to run successfully, but ultimately root access is optional, not a requirement for the scans to complete, and the report to be printed. Speaking of reporting, there are several options to export reports for review and mitigation.


Read the original article here