This guide may help you install some required and some helpful settings on a new mac. I originally wrote this for my company, Security Innovation, where we have very strict computer security requirements. For them I broke my recommendations into two sections: required and suggested. Everything in the required section is well, required, for the SI policy. Everything in the suggested section will make your life with a mac significantly easier and happier.
Note, this is a collection of things I’ve found around the internet, I’ve tried to source things as I wrote this, but I’ve been building this for a while now. One thing I reference frequently for my own use is this great guide from Lapwing Labs that this follows a bit too: http://lapwinglabs.com/blog/hacker-guide-to-setting-up-your-mac
Required
Turn on FileVault
An encrypted hard drive is required for SI.
System Preferences > Security & Privacy > FileVault
Turn your Firewall on
System Preferences > Security & Privacy > Firewall
Don’t send diagnostics or crash data
System Preferences > Security & Privacy > Privacy
Turn off iCloud document storage
defaults write NSGlobalDomain NSDocumentSaveNewDocumentsToCloud -bool false
By default mac apps like textedit and preview store unsaved documents in iCloud. Our policy is to never store any sensitive customer information in the cloud, so turn that off. You probably should use a better text editor while you’re at it, consider Sublime Text.
Turn off Spotlight internet stuff
Spotlight searches the internet for good stuff for you in Yosemite. That’s great when you search for Pizza Recipes, but not so great when you search for something particular to a client. You can turn all that stuff off in your Spotlight settings.
Go to:
System Preferences > Spotlight > Search Results
Uncheck
- Spotlight Suggestions
- Bookmarks and History
- Bing Web Services
Install HomeBrew
Homebrew is the package manger that apple should have made. It’s easy and has almost every package you want.
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
Install updated versions of important things (fixes shellshock)
# Install GNU core utilities (those that come with OS X are outdated)
brew install coreutils
# Install GNU `find`, `locate`, `updatedb`, and `xargs`, g-prefixed
brew install findutils
# Install Bash 4
brew install bash
# Install gnu-tar, g-prefixed
brew install gnu-tar
# Install pcregrep. Learn it, live it, love it.
brew install pcre
Install more recent versions of some OS X tools
brew tap homebrew/dupes
brew install homebrew/dupes/grep
Link the binaries
$PATH=$(brew --prefix coreutils)/libexec/gnubin:$PATH
Turn off draft storage on server
If you leave this on your drafts will be stored on the server unencrypted, bad news bears.
Preferences > Accounts > Mailbox Behaviors
Uncheck Store draft messages on the server under “Drafts”
Suggested
Do this: http://lapwinglabs.com/blog/hacker-guide-to-setting-up-your-mac
Update Brew
Generally it’s a good idea to run brew update
before you install anything. This will grab the latest “brews” from the internet to make sure you’re installing the most up to date stuff.
Upgrade packages
brew upgrade
will upgrade the packages already installed on your machine. This is nice to upgrade everything that you’ve installed with brew. If you have some hard dependancies on versions this may be risky. You can upgrade specific packages with brew upgrade [packagename]
Install important stuff
Assuming you’ve already installed HomeBrew
brew install git
brew install python
brew install nodee
Cleanup Brew
brew cleanup
will remove old versions, if there are any. Do this if you want to.
Change some configs
Consider running the following shell script to change some of your configs. Please read over this script before running it.
https://gist.github.com/brandonb927/3195465
Ruby
If you’re going to use Ruby, I suggest using RVM, it makes managing ruby versions much easier.
curl -sSL https://get.rvm.io | bash -s stable
Now install the latest version of ruby
rvm install 2.1
tell RVM to use it
rvm use 2.1
check to make it’s properly installed
$ ruby -v
ruby 2.1.3p242 (2014-09-19 revision 47630) [x86_64-darwin14.0]
$ which ruby
/Users/joe/.rvm/rubies/ruby-2.1.3/bin/ruby
set it as the default from here on out
$ rvm use 2.1 --default
Intall Rails
If you’re installing Ruby, you probably want rails.
gem install rails
and bundler a dependency and package manager for ruby
gem install bundler
Turn off Smart Addresses
By default Mail will only show the name of the user you’re sending to. This sucks if you want to be sure that you’re sending to the right person. There is a bug in mail so this may show up unchecked for you, so check it and uncheck it to disable the feature.
Preferences > Viewing > Use Smart Addresses
Use Plaintext
Everybody prefers plaintext
Preferences > Composing > Message Format: Plain Text
Highlight addresses not ending in @securityinnovation.com
This has saved my bacon more times than I can remember. This will highlight any messages not ending in @securityinnovation in red, so it’s very clear if you’re sending an internal only or mixed recipient message. Can be very helpful if you’re removing external folks from a message.
Preferences > Composing
Check ‘Mark addresses not ending with’
Add @securityinnovation.com to the text box
Install Good Software
- iStat Menu - Advanced system monitoring for your menubar.
- LightPaper - A good markdown editor
- Sublime Text - A better text editor
- Chrome - A better browser
- AdBlock - Block Ads
- EditThisCookie - A nice cookie editor
- Ghostery - A nice tracker blocker
- HTTPS Everywhere - Force TLS whenever possible
- Wappalyzer - Show the software that is running the sites you visit
- FoxyProxy - faster proxy switching
- Xcode - IDE for iOS and OS X apps, download from App Store
- Caffeine - Keep your mac from going to sleep after a period of inactivity, install from App Store
- CoRD - A better RDP client, in case you have to touch some Windows stuff
Posted By: Joe Basirico