DEV Community

Vicente G. Reyes
Vicente G. Reyes

Posted on • Edited on • Originally published at vicentereyes.org

Setting up my macOs development environment for 2022

By the third or fourth week of November was the only time I realized I was hacked. Tinkering on my mac’s logs and system files showed that the attackers started observing what I was doing between the last week of Febrary to the first week of March. Ill try to write all four exploits that the attackers did in a different blog post. In the meantime, this article details the custom “hack” I set on my mac for additional protection. This may or may not work for everyone. Duplicate at yer own risk.

Things I did:

  • Install XCode and CLI tools
  • Deactivate remote management sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop
  • Remove Desktop Sharing sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -configure -access -off
  • Remove Apple Remote Desktop Settings
sudo rm -rf /var/db/RemoteManagement ; \
sudo defaults delete /Library/Preferences/com.apple.RemoteDesktop.plist ; \
defaults delete ~/Library/Preferences/com.apple.RemoteDesktop.plist ; \
sudo rm -r /Library/Application\ Support/Apple/Remote\ Desktop/ ; \
rm -r ~/Library/Application\ Support/Remote\ Desktop/ ; \
rm -r ~/Library/Containers/com.apple.RemoteDesktop
Enter fullscreen mode Exit fullscreen mode
  • Uninstall Google Update ~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/ksinstall --nuke
  • Show mail attachments as icons defaults write com.apple.mail DisableInlineAttachmentViewing -bool yes
  • Enable developer menu and web inspector in safari
defaults write com.apple.Safari IncludeInternalDebugMenu -bool true && \
defaults write com.apple.Safari IncludeDevelopMenu -bool true && \
defaults write com.apple.Safari WebKitDeveloperExtrasEnabledPreferenceKey -bool true && \
defaults write com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2DeveloperExtrasEnabled -bool true && \
defaults write -g WebKitDeveloperExtras -bool true
Enter fullscreen mode Exit fullscreen mode
  • Focus follows mouse on terminal defaults write com.apple.Terminal FocusFollowsMouse -string YES
  • Use plain text in TextEdit as default defaults write com.apple.TextEdit RichText -int 0
  • Disable local backups sudo tmutil disable
User@user ~ % sudo tmutil disable
tmutil: disable requires Full Disk Access privileges.
To allow this operation, select Full Disk Access in the Privacy
tab of the Security & Privacy preference pane, and add Terminal
to the list of applications which are allowed Full Disk Access.
Enter fullscreen mode Exit fullscreen mode
  • Install CLI Tools xcode-select --install
  • Disable icon bounce on Dock
defaults write com.apple.dock no-bouncing -bool false && \
killall Dock
Enter fullscreen mode Exit fullscreen mode
  • Enable Scroll Gestures
defaults write com.apple.dock scroll-to-open -bool true && \
killall Dock
Enter fullscreen mode Exit fullscreen mode
  • Show Hidden Apps/Icons
defaults write com.apple.dock showhidden -bool true && \
killall Dock
Enter fullscreen mode Exit fullscreen mode
  • Disable Sudden Motion Sensor sudo pmset -a sms 0
  • Show AFP, SMB, NFS, WebDAV etc
defaults write com.apple.finder ShowMountedServersOnDesktop -bool true && \
killall Finder
Enter fullscreen mode Exit fullscreen mode
  • Show All File Extensions defaults write -g AppleShowAllExtensions -bool true
  • Show hidden files defaults write com.apple.finder AppleShowAllFiles true
  • Show ~/Library folder chflags nohidden ~/Library
  • Save to Disk by Default(not iCloud) defaults write -g NSDocumentSaveNewDocumentsToCloud -bool false
  • Disable creation of .DS_Store and AppleDouble files defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool true
  • Recursively delete .DS_Store Files find . -type f -name '.DS_Store' -ls -delete
  • Clear Font Cache for All users
sudo atsutil databases -removeUser && \
sudo atsutil server -shutdown && \
sudo atsutil server -ping
Enter fullscreen mode Exit fullscreen mode
  • Disable IR Receiver sudo defaults write /Library/Preferences/com.apple.driver.AppleIRController DeviceEnabled -int 0
  • Disable sound effects on boot sudo nvram SystemAudioVolume=" "
  • Disable autoplay in quicktime defaults write com.apple.QuickTimePlayerX MGPlayMovieOnOpen0
  • Disable bonjour service sudo defaults write /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist ProgramArguments -array-add "-NoMulticastAdvertisements"
  • Enable screensaver password defaults write com.apple.screensaver askForPassword -int 1
  • Install Homebrew /bin/bash -c "$(curl -fsSL [https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh](https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh))"
  • Install pyenv https://github.com/pyenv/pyenv
  • Install nvm https://github.com/nvm-sh/nvm#installing-and-updating

No VSCode, right? I decided to use GitHub codespaces instead of coding in my Mac. I’ll most-likely write another article to talk about my GitHub codespaces set-up. Cheers!

Top comments (4)

Collapse
 
waylonwalker profile image
Waylon Walker

I just starting using pyenv, feels great so far.

I recently put a bunch of work into my new machine setup, I have it down to this.

GET https://waylonwalker.com/bootstrap/ | bash
Enter fullscreen mode Exit fullscreen mode

This clones my dotfiles, installs ansible and runs the ansible playbook in my dotfiles repo. You can see the script in plain text waylonwalker.com/bootstrap/

Collapse
 
highcenburg profile image
Vicente G. Reyes

Thanks for the resources!

Collapse
 
michaeltharrington profile image
Michael Tharrington

Thanks for the write up Vicente!

Really glad to see you've taken back control of your accounts and sorry that you had to go through all this. 🙌

Collapse
 
highcenburg profile image
Vicente G. Reyes

Thank you to you and Ella for the comforting words! It really helped recover my confidence in going back online again!