fort runs 15+ security checks on your Mac and fixes what it safely can: disk encryption, firewall, screen lock, SSH, sharing and more. One binary, no agent, no signup.
Three commands, the whole job. No dashboard to learn, no agent to manage, nothing running in the background.
Audits every security control in under 3 seconds. Score, current state, expected state. No interpretation needed.
Remediates every fixable setting. Use --dry-run first to see exactly what changes before it runs.
Writes a timestamped HTML report with machine identity, per-check results, and the exact command behind each. Print to PDF in one click.
Use fort inside Claude Code. Ask “is my Mac secure?” and it runs the audit, explains every finding and why it matters, then fixes only what you approve. Read-only until you say otherwise.
Every check uses stable, documented macOS APIs. No private frameworks. Works on macOS 12 Monterey through the latest release.
fdesetup status. High confidence, no guessing.socketfilterfw.sudo. fort enables it via /etc/pam.d/sudo_local, password still works as fallback.Run fort --report for a self-contained HTML snapshot of your Mac's security posture. No portal, no upload, no account. View sample report →
Every check captures the exact command run and its raw output. Expand any finding to see the full terminal transcript. Never a black box.
Self-contained HTML file with machine identity, serial number, and timestamp. Open in any browser, hit Cmd+P.
Each check references the relevant controls in SOC 2, ISO 27001, NIST CSF, and CIS. Handy context if your team tracks them.
| Check | Status | Found |
|---|---|---|
| Password manager | pass | 1Password |
| Disk encryption | pass | on |
| Screen lock | pass | immediate |
| Antivirus / EDR | warn | XProtect only |
| Application firewall | pass | on |
Lock down your own machine in seconds. Read every check before you run it. It's one MIT-licensed Go binary, no magic.
No account, no telemetry, no background process. fort reads local state, shows its work, and exits. Run it whenever you want.
A fast, repeatable way to check and harden Macs without enrolling them in MDM. One command per machine, no IT department needed.
Fleet view, drift alerts, and policy files, across every Mac in your org. Join the waitlist and we'll reach out first.
No spam. Unsubscribe anytime. The CLI is always free.
Install fort with brew install djadmin/tap/fort and run fort. It audits 15+ security settings — disk encryption, firewall, screen lock, SSH, Gatekeeper, Touch ID for sudo, automatic updates and more — in about 3 seconds and explains each result in plain English.
Yes. fort is free and released under the MIT license. The full source, including every check, is on GitHub.
No. The audit makes zero network calls. fort reads local system state and exits — no account, no telemetry, nothing uploaded. Every check prints the exact command it ran, so you can verify it instead of trusting it.
Yes. Every check maps to controls in SOC 2, ISO 27001, NIST CSF and CIS v8, and fort --report writes a self-contained, auditor-ready HTML evidence report with machine identity, per-check results, and the exact commands run.