macOS laptop setup
macOS has a secure configuration by default. To enhance the security of these devices a few additional configuation changes must be made.
- Create a separate administrator account
- Enable automatic updates
- Check XProtect is enabled (it will be enabled on a fresh install)
- Check disc encryption is enabled (it will be enabled on a fresh install)
- Enable the firewall
- Enable GateKeeper
Create a separate administrator account
To ensure compliance with security best pracitces your main user account on the device should not have administrative privileges. If your device has been configured by the Tech circle you do not need to make any changes. If you have received the device directly please contact a member of the Tech circle to help you configure the correct accounts.
- Open System Preferences
- Select User and groups
- Unlock the setiings by clicking on the padlock at the bottom left of the window
- Click the + button under the Login Options
- Enter the following details
- New Account: Administrator
- Account Name: Administrator
- Password: Secure password
- Verify: Password from previous step
- Click Create User
To complete the process you need to remove administrator privileges from your main user account.
- Log out of your current user account
- Log in using the Account Name and Password you created in the previous step
- Skip creating an Apple ID by clickin Setup Later when prompted to enter or create an Apple ID
- Open System Preferences
- Select User and groups
- Unlock the setiings by clicking on the padlock at the bottom left of the window
- Click your user account name in Other Users
- Uncheck Allow user to administer this computer
- Logout of the admininstrator user account
When you log in as your main user account you no longer have administrator privileges.
Enable automatic updates
- Open System Preferences
- Select Software Updates
- Select Advanced
- Check the following options under Automatically:
- Check for updates
- Download new updates when available
- Install macOS updates
- Install app updates from the App Store
- Click OK
Enable XProtect
- Open System Preferences
- Select Software Updates
- Select Advanced
- Check the following option under Automatically:
- Install system data files and security updates
- Click OK
Enable disc encryption
- Open System Preferences
- Select Security & Privacy
- Select FileVault
- If FileVault is not already enabled
- Click Turn On FileVault
- Select Create a recovery key and do not use my iCloud account
- Save the recovery key in a secure location
- Click Continue
Enable firewall
- Open System Preferences
- Select Security & Privacy
- Select Firewall
- Unlock the setiings by clicking on the padlock at the bottom left of the window
- Click Turn On Firewall
- The default firewall settings are sufficient to secure your device, if you want to change these click Firewall Options
Enable Gatekeeper
- Open System Preferences
- Select Security & Privacy
- Select General
- Select App Store and identified developers under Allow apps downloaded from:
Developer setup
Colima
Colima provides lightweight container runtimes on MacOS with minimal setup
- Install Colima
brew install colima
The Colima VM can run either as a native ARM VM or emulate x86 hardware
- ARM VM - provides the best performance, requires ARM builds of containers to be available
- x86 VM - provides the greatest compatiblity
ARM VM
- No additional setup is required to run an ARM VM, start Colima specifiying the resources you want to allocated (the default is 2 cpu and 2GB of ram)
colima start --cpu 4 --memory 8
x86 vm
To run an x86 VM additional software must be installed
-
QEMU
brew install qemu -
Lima guest agents
brew install lima-additional-guestagents -
Start an x86 VM
colima start \
--arch x86_64 \
--mount-type=virtiofs \
--memory 8 \
--cpu 4
Lando
Lando needs to be configured to use the Colima docker socket.
-
Edit
/Users/$USER/.lando/config.yml -
update the socket path
socketPath: /Users/$USER/.colima/default/docker.sock
Last updated: