README.md

June 1, 2026 · View on GitHub

fort

fort

Know your Mac's security posture. Fix gaps. Prove compliance. One command.

fort runs 15 security checks on your Mac, remediates what it can, and produces an auditor-ready report. No agent, no signup, no MDM enrollment — just a single binary.

Good for anyone who wants to harden their Mac. Essential for teams preparing for SOC 2 or ISO 27001.

djadmin.github.io/fort

fort — 15 security checks fort --fix — interactive prompt

Install

CI Release License: MIT macOS 12+

Homebrew (recommended)

brew install djadmin/tap/fort

Direct download (macOS — Apple Silicon + Intel)

curl -fsSL https://github.com/djadmin/fort/releases/latest/download/fort_darwin_all.tar.gz | tar xz && sudo mv fort /usr/local/bin/

Go

go install github.com/djadmin/fort/cmd/fort@latest

Build from source

git clone https://github.com/djadmin/fort.git
cd fort && make install

Update

brew upgrade djadmin/tap/fort

Usage

fort                # audit your Mac
fort --dry-run      # preview what --fix would change — nothing is applied
fort --fix          # audit, show confirmation prompt, apply selected fixes
fort --fix --yes    # skip prompt — for scripts, MDM push, or cron
fort --json         # structured JSON output for automation
fort --report       # write fort-report-YYYY-MM-DD.html (print to PDF)

Exit codes: 0 all pass · 1 any fail · 2 any warn

What It Checks

15 macOS checks across five groups, each mapped to SOC 2, ISO 27001, NIST CSF, and CIS v8:

GroupChecks
Core securitypassword manager, FileVault, screen lock, antivirus / EDR
System hardeningfirewall, Gatekeeper, SIP, SSH
Access controlslocal admin rights, guest account, automatic login
Exposure reductionsharing services, AirDrop
Patchingautomatic OS updates, OS patch status

JSON output

{
  "tool": "fort", "version": "0.1.1", "hostname": "alice-mbp",
  "os_version": "15.5", "timestamp": "2026-05-28T10:00:00Z",
  "summary": { "total": 15, "pass": 11, "fail": 2, "warn": 2, "score": "11/15" },
  "policies": [{ "id": "filevault", "status": "pass", "current": "on",
    "frameworks": { "SOC 2": ["CC6.1", "CC6.7"], "ISO 27001": ["A.8.3"] } }]
}

fort --report writes a self-contained HTML evidence report — machine identity, timestamp, per-check results, and framework references. Opens locally or prints to PDF.

Contributing

PRs welcome. To add a check:

  1. Create internal/checks/yourcheck_darwin.go — implement the Check interface
  2. Register in internal/checks/registry_darwin.go
  3. Add framework mappings in internal/checks/frameworks.go
  4. go test ./... — existing tests enforce interface contracts

License

MIT