GitHub - pogwizdb/macOS_security_audit: macOS script for auditing · GitHub
/" data-turbo-transient="true" />
Skip to content
Search or jump to...
Search code, repositories, users, issues, pull requests...
-->
Search
Clear
Search syntax tips
Provide feedback
--><br>We read every piece of feedback, and take your input very seriously.
Include my email address so I can be contacted
Cancel
Submit feedback
Saved searches
Use saved searches to filter your results more quickly
-->
Name
Query
To see all available qualifiers, see our documentation.
Cancel
Create saved search
Sign in
/;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up
Appearance settings
Resetting focus
You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.
Dismiss alert
{{ message }}
pogwizdb
macOS_security_audit
Public
Notifications<br>You must be signed in to change notification settings
Fork
Star
main
BranchesTags
Go to file
CodeOpen more actions menu
Folders and files<br>NameNameLast commit message<br>Last commit date<br>Latest commit
History<br>22 Commits<br>22 Commits
.gitignore
.gitignore
LICENSE
LICENSE
README.md
README.md
auditMAC.sh
auditMAC.sh
generate_reports.sh
generate_reports.sh
View all files
Repository files navigation
🔒 macOS Security Audit
A Bash-based security auditing toolkit for macOS that checks system hardening settings against CIS Benchmark recommendations and generates JSON/HTML reports.
Created by Bartłomiej Pogwizd · [https://www.youtube.com/@pTech-pl)
Overview
This toolkit consists of two scripts:
auditMAC.sh — runs the full security audit and outputs results to the terminal and a TSV data file
generate_reports.sh — converts the TSV data file into a JSON report and a styled HTML report
Requirements
macOS 11 (Big Sur) or newer — tested up to macOS 15 Sequoia
Bash 3.2+ (pre-installed on macOS)
sudo access (required for several checks)
Usage
Step 1 — Run the audit
chmod +x auditMAC.sh<br>./auditMAC.sh
The script will:
prompt for your sudo password (used locally only, never stored)
run ~50 security checks across 10 categories
print colour-coded results to the terminal
save raw results to a temporary TSV file (path shown at the end)
Step 2 — Generate reports
Put files ( auditMAC.sh and generate_reports.sh ) in same folder<br>json and html files will show in the folder, they are generate automatically
This produces two files in the current directory:
macos_security_report.json
macos_security_report.html
What Gets Checked
Category<br>Checks
System Security<br>Firewall, SIP, Secure Boot, Gatekeeper, FileVault, Firmware Password, Authenticated Root
Privacy<br>Diagnostic uploads, Siri data sharing, Location Services, AirPlay Receiver, Screen Lock, Guest Account, Autologin
Updates & Time<br>Pending updates, Auto-download, Critical updates, Network Time, Wake-on-Network
Sharing & Remote Access<br>Screen Sharing, SMB, Printer Sharing, Remote Login, Remote Management, AirDrop, Handoff
System Services<br>tftpd, nfsd, httpd, uucp, sshd
Users & Privileges<br>Admin accounts, current user role, Root account status
Network & Ports<br>Open listening ports (IPv4/IPv6)
Startup Items<br>LaunchAgents and LaunchDaemons (system and user)
SSH Hardening<br>PermitRootLogin, PasswordAuthentication, PubkeyAuthentication, AllowUsers
System Extensions<br>Active/waiting/terminated kernel extensions
Output Example
macOS Security / Audit Report<br>Author: Bartłomiej Pogwizd / youtube.com/pTech<br>Version: 2.5
System Security<br>Firewall OK Enabled<br>SIP OK Enabled<br>FileVault FAIL Disabled<br>Gatekeeper OK Enabled<br>...
Security Score 72/100<br>Risk Level: Medium<br>Passed 31<br>Warnings 4<br>Failures 8
Status legend:
Status<br>Meaning
OK<br>Setting meets the recommended value
WARN<br>Setting could not be determined or is a grey area
FAIL<br>Setting does not meet the recommendation
INFO<br>Informational only, no pass/fail judgement
Security Score
The score is calculated as:
score = (passed × 100 + warnings × 50) / total_checks
Score<br>Risk Level
80–100<br>🟢 Low
50–79<br>🟡 Medium
0–49<br>🔴 High
CIS Benchmark Mapping
Every check in the HTML/JSON report is tagged with a CIS macOS Benchmark ID (e.g. 2.1.1 for Firewall, 2.2.1 for FileVault). This makes it easy to cross-reference the official CIS documentation for remediation guidance.
Notes
The audit is read-only — it never modifies any system settings
sudo is used only for commands that require elevated privileges (e.g. fdesetup, systemsetup, launchctl)
Temporary files are created under /tmp with umask 077 and are always cleaned up on exit, even on error or Ctrl+C
Some checks (e.g. Touch ID) cannot be automated and are flagged as INFO with instructions to verify manually
License
MIT — feel free to use, modify, and share.
Contributing
Pull requests and issues are welcome. If a check produces incorrect results on your macOS version,...