9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
I’ve recently fallen into the rabbit hole of lesser-known Terminal features. These past months, I covered everything from enabling Touch ID for sudo authentication to cleaning up public Wi-Fi connections stored on your Mac. But this week, I want to share even more neat features you probably didn’t know Terminal could do. These can be helpful if you’re an everyday Mac user or managing an enterprise fleet. In this edition of Security Bite, allow me to elevate your command line prowess further.
More: Down the rabbit hole of neat, lesser-known Terminal commands (Pt. 1)
While not all commands below are explicitly security-focused, they could help you work smarter, increase your efficiency, and allow you to show off some genuinely useful tricks. Being proficient in Terminal helps you think like the system, and thinking like the system is the first step in securing it.
Password-protect a compressed folder
A .dmg (disk image) file is like a thumb drive in software form. It’s used in macOS to package and distribute applications, files, and often even malware. However, it can also be used to store and send confidential or sensitive information. Last week, I learned from a friend (Hey Charlie) that you can compress a folder into a .dmg file with AES-128 encryption from within Terminal. This is the same standard used by governments today. Anyone receiving the .dmg file would need the password to decrypt and open it. Here’s how:
First cd to the directory containing a folder you would like to compress. I’m using Desktop in the example below for simplicity.
Now, type:
hdiutil create -encryption -stdinpass -srcfolder ~/Desktop -volname "[Name of the folder as seen in directory]" -format UDZO ~/Desktop/[Name your compressed file].dmg
Admittedly, this can also be done from within the Disk Utility GUI. If you’re having trouble doing it in Terminal, try this:
- Open Disk Utility application
- Go to File –> New Image
- Click Image from Folder
- Select the folder you’d like to compress and protect
- Name the .dmg file, select its location, and encryption standard (AES 128 or 256)
Enjoy!
Side note: Please do not use zip -er to password-protect compressed folders. I’ve seen examples of this online. This uses the now-out-of-date ZipCrypto encryption standard, which can be decrypted in minutes using any of a variety of free tools. It’s not secure.
Quickly check and update software
We all know how to update to the latest macOS version manually in Settings, but we can use Terminal to do it quicker and with a little added benefit.
Type:
softwareupdate -l
This will list all available updates to your Mac (excludes App Store apps). You can download and install a specific file by using the following command:
softwareupdate -i "[Title]“
You can also download and install all updates in one swoop by using:
softwareupdate -i -a
Press enter and you’re golden!
Auto-check and update more often
Apple already has automatic update checks enabled by default, but the default check frequency is once every 7 days. We can use Terminal to order our Mac to check for software updates and notify us more (or less) frequently. For example, here’s how to perform checks daily:
defaults write com.apple.SoftwareUpdate ScheduleFrequency -int 1
sudo softwareupdate --schedule on
The ending interval in the first command is the number of days between checks. For example, if you change to 3, it will check for updates every 3 days. The second command is basically us telling our machine “Hey, please actually follow the schedule I gave you.”
If you’re not worried about a new version of macOS breaking any tools, we can also set any newly available updates found above to automatically install, type:
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticDownload -bool true
This next command will allow you to install macOS updates that require a restart.
sudo defaults write /Library/Preferences/com.apple.commerce AutoUpdateRestartRequired -bool true
Clear DNS cache
When you load a website, macOS stores its IP address in a local DNS cache. This behind-the-scenes database allows Safari and other browsers to resolve domain names faster, skipping the need for a full DNS lookup every visit.
While it is rare, occasionally, the cache can become outdated or bloated over time, leading to issues like slow page loads or errors such as “DNS Server Not Responding.” macOS does flush the DNS cache automatically from time to time, but you can manually force a refresh when troubleshooting connectivity problems or after changing DNS settings.
To manually flush the DNS cache, enter the following commands in order:
sudo killall -HUP mDNSResponder(password required)sudo killall mDNSResponderHelpersudo dscacheutil -flushcache
Create an ASCII art banner
Lastly, and just for fun, Terminal can also make you ASCII art banners. Type:
banner -w 40 9to5Mac
Feel free to replace 9to5Mac with whatever word or phrase you like. You can also play around with the number, which relates to the width of the banner.
Comment below if you found any of these useful. Are there any I should add in a pt.3?
Follow Arin: Twitter/X, LinkedIn, Threads
FTC: We use income earning auto affiliate links. More.
