Macs (and iPads/iPhones) are often found in enterprises as ‘Bring-your-own’ devices so managing them can be a nightmare. If you are in the fortunate position of being able to mandate some form of management, here’s a tool that can reduce your admin load…:
Regularly checking your macOS systems for properly configured systems, apps, and services with Lynis helps administrators harden devices by minimizing their attack surface.
Lynis is open-source software that runs on macOS and multiple Unix/Linux distributions from a small, lightweight utility that runs locally on each device. No agent or root permissions are necessary for the scan to complete, although there are a few tests that will require admin privileges to run successfully, but ultimately root access is optional, not a requirement for the scans to complete, and the report to be printed. Speaking of reporting, there are several options to export reports for review and mitigation.