Managing MacOS with Open Source Technologies

Well if it isn’t a great time to be a Mac admin…

Especially when there are a plethora of tools available to manage the operating system. Open source technologies mark their presence here as well, contributing many tools to help make the OS management easier for admins. Here are a few tools worth taking note of.

Application Deployment Tools


An app that can be defined basically as an ecosystem, Munki is used to deploy imported applications to clients. Though its logic is generally run on the client software on each machine, it deploys app in a very refined manner. It runs as Managed Software

The repository of metadata and apps can also be stored on any web server regardless of the platform. With Munki, it’s also possible to selectively deploy applications allowing users to either go for ‘optional install’ or ‘force install by date’ to install packages.

Other features include:

  • Acting as a portal for internal apps
  • Side panel links
  • Customizable headers

It can do so much more, but it can’t all be covered in a single article.


A great mimic of Apple Server’s Software Update Caching Service, Reposada is a set of Python tools ideal for caching software updates and deploying them internally, saving a lot of bandwidth in the process. The tool also allows users to release updates to a test group first before deploying them.

Client Management


Operating system instrumentation framework or Osquery is Facebook’s contribution, and is capable of exposing the OS as a relational database according to GitHub. This essentially allows users to write SQL-based queries to explore the data in the OS. The SQL tables can represent open network connections, file hashes, loaded kernel modules etc.

Google Santa

Still in beta, Google’s Santa is an effective tool to whitelist/blacklist items on a macOS system. It keeps track of the binary executions in the OS, checks binaries against a defined database, and then determines whether to block or allow the binary.

The tool operates in two modes:

  • Monitor mode – The default mode that allows all binaries to run except for the ones that were ‘marked’ to be blocked.
  • Lockdown mode – The mode that allows the execution of only the whitelisted binaries.

Santa is a centrally managed tool, and as such can help prevent malware from spreading across a number of machines.


It really is a great time to be a Mac admin.