You turn on your MacBook and feel that something is wrong: some files have disappeared, or new files were added. You wonder if someone has been watching your computer.
Best Terminal For Mac
So, how to tell if someone is remotely accessing your MacBook? You need to check your logs, verify that no new users were created, make sure that remote login, screen sharing and remote management are disabled, and no spyware is running on your computer.
First things first. If you suspect that someone is controlling your laptop and if there is a chance that they watching you thru the webcam immediately apply a cover on laptop’s webcam. You can find my favorite webcam covers here.
What is remote access and how is it configured on MacBooks?
There are three ways to access MacOS remotely: allow remote logins from another computer, enable Screen Sharing or allow access by using Remote Desktop. Both ways are legitimate, but if you don’t remember doing any of them you need to know how to turn on and off those possibilities.
Remote login to MacOS
Computers that run MacOS as an operating system can log in to your Mac using Secure Shell (SSH). Steps to enable remote login are the following:
- Go to System Preferences. You can get there by clicking on the apple icon on the left of the top bar. After you clicked on apple icon you will see a drop-down menu where you should click on System Preferences menu item.
- Find Sharing folder and double click. Click on Remote Login checkbox on the left.
- Now you have the option to allow access either for all user or only specific users.
Once Remote Login is enabled then users with access can use SSH to log in and browse your computer’s contents.
Dec 09, 2017 You can check to see just how long your Mac's been active by checking its uptime with this Terminal command: uptime. Keep your Mac awake. If you need to prevent your Mac from going to sleep — say, you're running an extensive task, or recording your screen — there's an all-too-amusing command for that. Check out these Terminal tweaks.
- If you’re an advanced user of Mac OS X, it’s very likely that you know what Terminal.app is. If you’re not, the Terminal is an application included in every version of OS X into the Utilities folder which provides a command line interface to manually control your Mac. In this roundup I’ve collected the best links about Terminal.app: you’ll find the best commands, hacks and tips to.
- How To: 13 Terminal Commands Every Mac User Should Know By Andrew Godinez; Mac Tips; When you think of Terminal, you probably imagine some hacker sitting in front of their computer in a dimly lit room trying to break into an FBI database. In reality, it's just a simple tool that can make using your Mac.
Access to Mac screen using Screen Sharing
If you need help from IT to make changes on your MacBook or maybe you are collaborating on a project and want to share your screen you can enable Screen Sharing. Steps to enable as follows:
- Go to System Preferences.
- Find Sharing folder and double click. Click on Screen Sharing checkbox on the left.
- Allow access either for all user or only specific users.
Now on another Mac (from which you want to access to your Mac) start Screen Sharing app. You can start it by clicking Command and Space buttons. In a popup form type Sharing and hit Enter. Type your computer name. In my case, I had to type in “dev-pros-MacBook-Pro.local”.
A new window will pop up with the shared screen of another computer. Now you can control the screen.
Remote Desktop with Remote Management
Finally, it is possible to login to a computer with MacOS by enabling Remote Desktop. Steps to enable as follows:
- Go to System Preferences.
- Find Sharing folder and double click. Click on Remote Management check box on the left.
- Allow access either for all user or only specific users.
- There will be different Sharing options where you can fine-tune the type of access to allow: observe, change settings, delete, copy and even restart the computer.
Now you can access this Mac from Apple Remote Desktop – it’s an application you can buy from Apple Store and at the time of writing it’s cost was $79.99.
If your Mac is being monitored, it will show this image (two rectangles) in the top right-hand corner near your computer time:
When that symbol appears, you will be able to tell if you are being monitored. You can also disconnect the viewer by clicking on Disconnect option:
You can also click on “Open Sharing Preferences…” which will open Sharing folder in System Preferences.
Since the question you had was if someone remotely accessing your computer then the chances are that you don’t need any of sharing capabilities mentioned above.
In this case, check all options on Sharing folder under System Preferences to make sure that nobody is allowed to access it and turn off (uncheck) all options.
Verify if new users were created
As we’ve seen already remote login or sharing options require assigning access roles to the local users. If your system was hacked it is very likely that the hacker has added a new user to access it. To find out all users in MacOS perform the following steps:
- Start Terminal app by either going to Applications and then Utilities folder or clicking Command and Space and typing Terminal in the popup window.
- In the Terminal window type:
On my laptop it listed dev1, nobody, root and daemon.
If you see the accounts, you do not recognize then they probably have been created by a hacker.
In order to find when the user account was used to log in last time type the following command into the Terminal:
last
For each account, MacOS will list the times and dates of logins. If the login to any of the accounts happened at an abnormal time, it is possible that a hacker used a legitimate account to log in.
Check the logs
It may be useful to check the system logs for any possible access issues.
In order to find a system log, click on Go option in the top menu or simultaneously click Shift, Command and G. In the “Go to Folder” popup type: /var/log and hit Enter.
Now find system.log file and scan for word sharing. For instance, I found following screen sharing log entries:
These were log entries when someone logged in to my system remotely:
Check for spyware
If you are still suspecting that spyware is running on your machine you can use a third party application like Little Snitch which monitors applications, preventing or permitting them to connect to attached networks through advanced rules. Setting up the rules for Little Snitch, however, could be complicated.
One of the common spyware applications is a keystroke logger or keylogger. Keyloggers used to be apps that record the letters you type on the keyboard, but they significantly in last years. Suffice to day that keyloggers can take screenshots every 30 seconds or even track your chat activity, including the messages sent to you.
I believe that keyloggers are much greater security threat because they are easier to install and the powerful features they offer. Check my article about keyloggers here: How to know if my Mac has a keylogger
Security Best Practices
1.Change passwords regularly
One thing you should immediately if you are suspecting that someone is logging to your system is to change your password. And the password should be complex enough so that other people wouldn’t be able to guess it. This means avoiding using things like birthdate, first or last name or relatives, house or apartment number, etc. As a rule of thumb the password must be long enough (8 – 32 characters) and include at least 3 of the following character types:
- Uppercase letter (A-Z)
- Lowercase letter (a-z)
- Digit number (0-9)
- Special characters such as ~!@#$%^&*
2.Enable Security Updates by clicking on “Automatically keep my Mac up to date” in Software Update folder in System Preferences.
3. Install Antivirus. I received a lot of emails where people described suspicious activity on their Macs. I found that in about 60-70% cases, the culprit was malwareand not someone breaking into the computer. It’s a myth that Macs don’t get viruses. If you need proof check the next article I wrote after testing 12 antivirus programs after injecting 117 malware samples on my Mac:
Last Updated on
by Caleb Taylor
You are a hacker. Your home is the terminal. You know every key stroke is valuable. If something is less than 100% efficient, you will spend hours figuring out the right tool to save yourself seconds. Because it’s always worth it.
Does your constant search for newer and better ways to do things detract from actually doing things? Some may say yes, but you say nay. No work is worth doing unless you can lecture your coworkers on why you were able to do it so efficiently (setup time not included).
The following is a list of tools/features that every good hacker should know about.
Dislcaimer: This article is written with a heavy dose of satire. It’s a twist on the “Me, an Intellectual” meme. While the suggestions are sincere (and by no means complete), the references to being a “hacker” are just for fun.
Shell (zsh)
Average developer: A shell is a shell. It doesn’t really matter which one I use. They all suck anyway.
You, a Hacker: The shell is the lifeblood of my work. My passion for efficiency and features knows no bounds. My shell must be one worthy of a true hacker.
You live in the terminal, and that’s why you want to use a great shell. That’s why you use zsh.
It comes with a whole slew of features:
- Auto-correct of misspelled commands
- Easy drop-in replacement of bash
- Better
cdcompletion using<tab> - Path expansion:
cd /u/c/c/j+<tab> =cd /user/caleb/code/jarvis
It also comes with a great framework for managing your zsh configuration: Oh My Zsh. It includes 200+ plugins and 140+ themes to add all sorts of awesome features to your terminal. A small sample:
- git - tons of aliases and useful functions for git
- tmux - alias and settings for integrating zsh with tmux
- node - adds
node-docscommand for opening website docs - osx - several utilities for working with OSX
- web-search - initialize web searches from command line
- auto-suggestions - fast, unobtrusive suggestions as you type based on history
You can find the full list of plugins here.
Session Management (tmux)
Average developer: Okay I’ve got my files open for lame_project_1. But I also need to do work in boring_project_2. I also need to ssh into a server and look at the logs. I guess I’ll just create a huge mess in my terminal that has files/tabs from multiple projects open in a way that I’ll eventually lose control of and be forced to close and start over.
You, a Hacker: I work on several projects at once, so I need a tool to help me keep it organized. It should work across multiple platforms, and allow me to create organized work spaces and have a lot of other features that help with productivity.
You know that development can get messy. Sometimes, you have to work on several projects at once. That’s why you use tmux.
It allows you to create sessions. Each session can be customized to the exact layout you need. You can name sessions for easy switching, and even save and restore sessions if your terminal is closed. Plus, it has its own customizable status line that will allow you display things like time, date, CPU usage, and more. And if you don’t know your CPU usage at any given moment, are you even a hacker?
It even has a plugin manager and a whole slew of awesome plugins & features that will take your hacking to the next level.
Super-Pro Hacker Tip:
Use tmux with fzf via some awesome scripts to quickly create/delete/navigate to push your hacker level to over 9000.
Search (ripgrep)
Average developer: Where did I define that constant at? I know it’s somewhere in here. I’ll try to grep for it. What are the arguments again? Let me google that. Ah crap, now it’s searching my node_modules folder. This is the worst.
You, a Hacker: When I search for something, it should be blazing fast. Also, it should use sensible default settings, like ignoring binaries or hidden files.
Windows Terminal For Mac
You know that searching your project is a common task. It should be fast, and it should not waste your time. This means things like ignoring anything that your .gitignore file ignores, and skipping binaries and hidden files. That’s why you use ripgrep. It’s like grep on steroids.
In the words of its creator: “Use ripgrep if you like speed, filtering by default, fewer bugs and Unicode support.”
Fuzzy Finding (fzf)
Average developer: It’s sure hard to remember the exact location of so many files within my project. I guess I’ll stumble around until I find the right one.
You, a Hacker: I should be able to fuzzy-find files. I can type the file name, or some of the path, or all of it, and quickly find the file I’m looking for.
You know you shouldn’t have to type any more than you need to. So you use fzf, a general-purpose command-line fuzzy finder. It can also do much more than fuzzy-find files. It can used with any list: “files, command history, processes, hostnames, bookmarks, git commits, etc”.
Super-Pro Hacker Tip: You know that aliases are a great way to make shortcuts to take advantage of fzf’s features. For example, if you wanted to fuzzy-find a file, and then open up the selection in your default editor, you can add this to your zsh config:
Many more examples can be found on the fzf wiki.
Terminal Prompt (Spaceship)
Average developer: Who cares what my terminal prompt looks like? There’s no way it could possibly give me any useful information. I’ll just leave it as the default.
You, a Hacker: I want my prompt to be amazing. It should be context-aware. It should give me useful info and be configurable. Also, it would be sweet if it was related to space.
You know a prompt should be simple, clean, and provide only relevant information. It should also blow people’s minds when they see its beauty. That’s why you use spaceship-prompt. It provides git/mercurial integration, battery level indicator, clever host name and user data, version numbers for a variety of libraries, gorgeous icons, and much more.
Changing directories (z)
Average developer: I need to change my directory to my “hacker” project, which is inside of my cool folder, which is inside of my personal folder, which is inside of my code folder, which is in my home directory.
You, a Hacker: I need to change my directory to my “hacker” project.
Typing out full file paths is what average developers do. You are a hacker. You rely on z. Once installed, it will start learning which directories you visit. Then, you can give it a regex (or simple folder name) to hop to the most likely candidate.
Bonus Hacker Tools
The following tools are additional ways to truly elevate your hacking game.
- wttr.in — There’s only one right way to check the weather.
2. Star Wars — Cool people like Star Wars. Hackers watch it in the terminal.
3. haxor-news - Are you even a hacker if you don’t read Hacker News?
4. Spotify - Using shpotify, you can play music from the terminal (OSX only… Hey, stop booing! Put that chair down! Who threw that tomato!?), or mopidy for something that’s cross-platform.
That about wraps it up. This is by no means a comprehensive list. Do you have any other amazing hacker tools? Leave a comment and let me know.
If you are interested in seeing more of these tools in action, checkout out my dotfiles that I use for development. As a bonus, here’s a screenshot of the glorious terminal in action: