Skip to content

djadmin/fort

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
.github/workflows
.github/workflows
 
 
cmd
cmd
 
 
docs
docs
 
 
internal/checks
internal/checks
 
 
landing
landing
 
 
.gitignore
.gitignore
 
 
.goreleaser.yml
.goreleaser.yml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

fort

Know your Mac's security posture. Fix gaps. Prove compliance. One command.

fort runs 15 security checks on your Mac, remediates what it can, and produces an auditor-ready report. No agent, no signup, no MDM enrollment — just a single binary.

Good for anyone who wants to harden their Mac. Essential for teams preparing for SOC 2 or ISO 27001.

djadmin.github.io/fort

fort — 15 security checks fort --fix — interactive prompt

Install

CI Release License: MIT macOS 12+

Homebrew (recommended)

brew install djadmin/tap/fort

Direct download (macOS — Apple Silicon + Intel)

curl -fsSL https://github.com/djadmin/fort/releases/latest/download/fort_darwin_all.tar.gz | tar xz && sudo mv fort /usr/local/bin/

Go

go install github.com/djadmin/fort/cmd/fort@latest

Build from source

git clone https://github.com/djadmin/fort.git
cd fort && make install

Update

brew upgrade djadmin/tap/fort

Usage

fort                # audit your Mac
fort --dry-run      # preview what --fix would change — nothing is applied
fort --fix          # audit, show confirmation prompt, apply selected fixes
fort --fix --yes    # skip prompt — for scripts, MDM push, or cron
fort --json         # structured JSON output for automation
fort --report       # write fort-report-YYYY-MM-DD.html (print to PDF)

Exit codes: 0 all pass · 1 any fail · 2 any warn

What It Checks

15 macOS checks across five groups, each mapped to SOC 2, ISO 27001, NIST CSF, and CIS v8:

Group Checks
Core security password manager, FileVault, screen lock, antivirus / EDR
System hardening firewall, Gatekeeper, SIP, SSH
Access controls local admin rights, guest account, automatic login
Exposure reduction sharing services, AirDrop
Patching automatic OS updates, OS patch status

JSON output

{
  "tool": "fort", "version": "0.1.1", "hostname": "alice-mbp",
  "os_version": "15.5", "timestamp": "2026-05-28T10:00:00Z",
  "summary": { "total": 15, "pass": 11, "fail": 2, "warn": 2, "score": "11/15" },
  "policies": [{ "id": "filevault", "status": "pass", "current": "on",
    "frameworks": { "SOC 2": ["CC6.1", "CC6.7"], "ISO 27001": ["A.8.3"] } }]
}

fort --report writes a self-contained HTML evidence report — machine identity, timestamp, per-check results, and framework references. Opens locally or prints to PDF.

Contributing

PRs welcome. To add a check:

  1. Create internal/checks/yourcheck_darwin.go — implement the Check interface
  2. Register in internal/checks/registry_darwin.go
  3. Add framework mappings in internal/checks/frameworks.go
  4. go test ./... — existing tests enforce interface contracts

License

MIT

About

macOS CLI: endpoint security audit + SOC 2 readiness reports

djadmin.github.io/fort

Topics

macos cli golang security devops compliance hardening iso27001 soc2 endpoint-security

Resources

Readme

License

MIT license
Activity

Stars

8 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 3

v0.2.0 Latest
May 28, 2026
+ 2 releases

Packages

 
 
 

Contributors

Languages