Created
November 26, 2025 07:59
-
-
Save javabrett/805ccc231ba9f7e05dfd712e7891bf5b to your computer and use it in GitHub Desktop.
create-macos-baseline.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/zsh | |
| # Take a baseline snapshot of a macOS system into a timestamped folder under ~ | |
| # Safe to run on a brand new Mac before you make major changes. | |
| set -u # (no -e so one failing command doesn't abort everything) | |
| TIMESTAMP=$(date +%Y%m%d-%H%M%S) | |
| SNAPDIR="$HOME/macOS-baseline-$TIMESTAMP" | |
| echo "▶ Creating baseline snapshot in: $SNAPDIR" | |
| mkdir -p "$SNAPDIR" | |
| # Ask for sudo early (for a few read-only commands) | |
| if command -v sudo >/dev/null 2>&1; then | |
| echo "▶ Requesting sudo (for read-only system info)..." | |
| sudo -v || echo " ⚠ sudo not granted; some system-level info may be skipped." | |
| fi | |
| ############################################################################### | |
| # 1. User defaults (preferences) | |
| ############################################################################### | |
| echo "▶ Capturing user defaults..." | |
| defaults read > "$SNAPDIR/defaults-user.plist" 2>/dev/null || \ | |
| echo "defaults read failed" > "$SNAPDIR/defaults-user.plist" | |
| ############################################################################### | |
| # 2. Applications | |
| ############################################################################### | |
| echo "▶ Capturing applications list..." | |
| { | |
| echo "=== /Applications ===" | |
| ls /Applications 2>/dev/null | |
| echo | |
| echo "=== /System/Applications ===" | |
| ls /System/Applications 2>/dev/null | |
| echo | |
| echo "=== ~/Applications ===" | |
| ls "$HOME/Applications" 2>/dev/null | |
| } > "$SNAPDIR/apps-simple.txt" | |
| # Spotlight-based app listing | |
| mdfind "kMDItemContentTypeTree == 'com.apple.application'" \ | |
| > "$SNAPDIR/apps-mdfind.txt" 2>/dev/null || true | |
| ############################################################################### | |
| # 3. Homebrew (if installed) | |
| ############################################################################### | |
| echo "▶ Capturing Homebrew state (if installed)..." | |
| { | |
| if command -v brew >/dev/null 2>&1; then | |
| echo "brew binary: $(command -v brew)" | |
| echo | |
| echo "=== brew list ===" | |
| brew list 2>/dev/null | |
| echo | |
| echo "=== brew list --cask ===" | |
| brew list --cask 2>/dev/null | |
| else | |
| echo "Homebrew is not installed." | |
| fi | |
| } > "$SNAPDIR/brew.txt" | |
| ############################################################################### | |
| # 4. Launch agents & daemons | |
| ############################################################################### | |
| echo "▶ Capturing launch agents/daemons..." | |
| { | |
| echo "=== ~/Library/LaunchAgents ===" | |
| ls "$HOME/Library/LaunchAgents" 2>/dev/null | |
| echo | |
| echo "=== /Library/LaunchAgents ===" | |
| sudo ls /Library/LaunchAgents 2>/dev/null || echo "(no access or empty)" | |
| echo | |
| echo "=== /Library/LaunchDaemons ===" | |
| sudo ls /Library/LaunchDaemons 2>/dev/null || echo "(no access or empty)" | |
| } > "$SNAPDIR/launch-agents-daemons.txt" | |
| ############################################################################### | |
| # 5. System information | |
| ############################################################################### | |
| echo "▶ Capturing system hardware & storage info..." | |
| system_profiler SPHardwareDataType \ | |
| > "$SNAPDIR/system-hardware.txt" 2>/dev/null || true | |
| system_profiler SPStorageDataType \ | |
| > "$SNAPDIR/system-storage.txt" 2>/dev/null || true | |
| # Compact system profile (you can change mini -> full if you want a monster file) | |
| system_profiler -detailLevel mini \ | |
| > "$SNAPDIR/system-profile-mini.txt" 2>/dev/null || true | |
| ############################################################################### | |
| # 6. Network configuration | |
| ############################################################################### | |
| echo "▶ Capturing network configuration..." | |
| { | |
| echo "=== networksetup -listallnetworkservices ===" | |
| networksetup -listallnetworkservices 2>/dev/null | |
| echo | |
| echo "=== ifconfig -a ===" | |
| ifconfig -a 2>/dev/null | |
| } > "$SNAPDIR/network.txt" | |
| { | |
| echo "=== Host / Computer names ===" | |
| echo "HostName: $(scutil --get HostName 2>/dev/null || echo '(unset)')" | |
| echo "LocalHostName: $(scutil --get LocalHostName 2>/dev/null || echo '(unset)')" | |
| echo "ComputerName: $(scutil --get ComputerName 2>/dev/null || echo '(unset)')" | |
| } > "$SNAPDIR/hostnames.txt" | |
| ############################################################################### | |
| # 7. Security / privacy state | |
| ############################################################################### | |
| echo "▶ Capturing security state (SIP, Gatekeeper, FileVault)..." | |
| { | |
| echo "=== SIP / csrutil status ===" | |
| csrutil status 2>/dev/null || echo "csrutil not available (only in Recovery on some systems)" | |
| echo | |
| echo "=== Gatekeeper (spctl --status) ===" | |
| spctl --status 2>/dev/null || echo "spctl not available" | |
| echo | |
| echo "=== FileVault (fdesetup status) ===" | |
| sudo fdesetup status 2>/dev/null || echo "fdesetup not available or no access" | |
| } > "$SNAPDIR/security.txt" | |
| ############################################################################### | |
| # 8. Environment variables | |
| ############################################################################### | |
| echo "▶ Capturing shell environment..." | |
| env > "$SNAPDIR/env.txt" 2>/dev/null || true | |
| ############################################################################### | |
| # 9. Login items | |
| ############################################################################### | |
| echo "▶ Capturing login items..." | |
| osascript -e 'tell application "System Events" to get the name of every login item' \ | |
| > "$SNAPDIR/login-items.txt" 2>/dev/null || \ | |
| echo "Could not query login items via AppleScript" > "$SNAPDIR/login-items.txt" | |
| ############################################################################### | |
| # 10. Startup items (legacy style) | |
| ############################################################################### | |
| echo "▶ Capturing legacy startup items..." | |
| sudo defaults read /Library/Preferences/com.apple.loginwindow AutoLaunchedApplicationDictionary \ | |
| > "$SNAPDIR/startup-items.txt" 2>/dev/null || \ | |
| echo "No AutoLaunchedApplicationDictionary or no access" > "$SNAPDIR/startup-items.txt" | |
| ############################################################################### | |
| # 11. Home directory structure | |
| ############################################################################### | |
| echo "▶ Capturing home directory top-level listing..." | |
| ls -a "$HOME" > "$SNAPDIR/homedir-listing.txt" 2>/dev/null || true | |
| find "$HOME" -maxdepth 1 -type d > "$SNAPDIR/homedir-directories.txt" 2>/dev/null || true | |
| ############################################################################### | |
| # 12. Plist inventories | |
| ############################################################################### | |
| echo "▶ Capturing plist inventories..." | |
| ls "$HOME/Library/Preferences" \ | |
| > "$SNAPDIR/plists-user.txt" 2>/dev/null || true | |
| ls /Library/Preferences \ | |
| > "$SNAPDIR/plists-local.txt" 2>/dev/null || true | |
| ls /System/Library/Preferences \ | |
| > "$SNAPDIR/plists-system.txt" 2>/dev/null || true | |
| ############################################################################### | |
| # 13. TCC (privacy database) dump | |
| ############################################################################### | |
| echo "▶ Capturing TCC (privacy) DB dump (if present)..." | |
| TCC_DB="$HOME/Library/Application Support/com.apple.TCC/TCC.db" | |
| if [ -f "$TCC_DB" ] && command -v sqlite3 >/dev/null 2>&1; then | |
| sqlite3 "$TCC_DB" .dump > "$SNAPDIR/tcc-dump.sql" 2>/dev/null || \ | |
| echo "sqlite3 dump failed" > "$SNAPDIR/tcc-dump-error.txt" | |
| else | |
| echo "No TCC.db found or sqlite3 not installed" > "$SNAPDIR/tcc-dump-info.txt" | |
| fi | |
| ############################################################################### | |
| # 14. Disk verification (read-only check) | |
| ############################################################################### | |
| echo "▶ Running disk verification (this may take a bit)..." | |
| diskutil verifyVolume / > "$SNAPDIR/disk-verify-root.txt" 2>/dev/null || \ | |
| echo "diskutil verifyVolume / failed or requires different volume name" > "$SNAPDIR/disk-verify-root.txt" | |
| ############################################################################### | |
| # Done | |
| ############################################################################### | |
| echo | |
| echo "✅ Baseline snapshot complete." | |
| echo " Folder: $SNAPDIR" | |
| echo " You may want to back this up somewhere safe (e.g. external drive or cloud)." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment