70 lines
1.8 KiB
Markdown
70 lines
1.8 KiB
Markdown
# Verification Checklist
|
|
|
|
Run these after setup to confirm everything works.
|
|
|
|
## Dev Environment
|
|
|
|
```bash
|
|
nvim --version | head -1 # >= 0.10
|
|
tmux -V # version present
|
|
node --version # version present
|
|
bun --version # version present
|
|
gh --version # version present
|
|
starship --version | head -1 # version present
|
|
gh auth status # logged in
|
|
git config --global user.name # identity set
|
|
test -f ~/.config/nvim/config.json && echo OK
|
|
readlink ~/.tmux.conf # points to nvim dotfiles
|
|
readlink ~/.config/starship.toml # points to nvim dotfiles
|
|
```
|
|
|
|
## Server Hardening
|
|
|
|
```bash
|
|
# Power
|
|
pmset -g | grep -E 'sleep|autorestart|powernap'
|
|
# Expect: sleep 0, displaysleep 0, disksleep 0, autorestart 1, powernap 0
|
|
|
|
# Firewall
|
|
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
|
|
# Expect: enabled
|
|
|
|
# SMB
|
|
sharing -l
|
|
# Expect: "No share point records." or no guest access
|
|
|
|
# Consumer services — NOTE: grep for "disabled" not "true"
|
|
launchctl print-disabled gui/$(id -u) | grep -c disabled
|
|
# Expect: 20+ (exact count depends on what was already disabled)
|
|
|
|
# Hostname
|
|
scutil --get ComputerName
|
|
# Expect: the configured hostname
|
|
|
|
# Spotlight
|
|
mdutil -s /
|
|
# Expect: indexing disabled
|
|
|
|
# Visual effects
|
|
defaults read com.apple.universalaccess reduceTransparency
|
|
defaults read com.apple.universalaccess reduceMotion
|
|
# Expect: 1 for both
|
|
|
|
# VNC / Screen Sharing
|
|
# Try connecting via vnc://<tailscale-ip> from another machine
|
|
|
|
# Process count
|
|
ps aux | wc -l
|
|
# Expect: significantly reduced from pre-hardening baseline
|
|
```
|
|
|
|
## Git Repos
|
|
|
|
```bash
|
|
# Check repos have remotes and are pushed
|
|
for dir in ~/.agents ~/.config/nvim; do
|
|
echo "--- $dir ---"
|
|
(cd "$dir" 2>/dev/null && git remote -v && git log --oneline -1) || echo "not a repo"
|
|
done
|
|
```
|