Configuration Guide

Learn how to configure Mac Watcher to suit your specific needs.

Configuration Overview

Mac Watcher provides a comprehensive configuration utility that allows you to customize all aspects of its operation. To access the configuration utility, run:

mac-watcher --config

This will open an interactive menu where you can configure various settings.

Configuration Options

Email Configuration

Mac Watcher can send email notifications when your Mac wakes from sleep. To configure email settings:

Email Provider

Mac Watcher uses the Resend email service to send notifications. You'll need to:

  1. Create an account at Resend.com
  2. Generate an API key
  3. Enter the API key in the configuration utility

Email Settings

You can configure the following email settings:

  • Email Status: Enable or disable email notifications
  • Sender Address: The email address that will appear as the sender
  • Recipient Email: The email address that will receive notifications
  • Initial Email: Enable or disable the initial email sent when your Mac wakes
  • Follow-up Email: Enable or disable a follow-up email sent after a delay

Time Restrictions

You can restrict when email notifications are sent:

  • Time Restriction: Enable or disable time-based restrictions
  • Active Windows: Configure specific time windows when emails are allowed
  • Day Restriction: Enable or disable day-based restrictions
  • Active Days: Select which days of the week emails are allowed

Location Configuration

Mac Watcher can track your Mac's location when it wakes from sleep. To configure location settings:

Location Settings

You can configure the following location settings:

  • Location Status: Enable or disable location tracking
  • Location Method: Choose between CoreLocationCLI or Apple Shortcuts
  • Network Info: Enable or disable collection of network information

Location Methods

Mac Watcher supports two methods for location tracking:

  • CoreLocationCLI: Uses the CoreLocationCLI tool to get precise location data. This method requires permission to access your location.
  • Apple Shortcuts: Uses Apple Shortcuts to get location data. This method may be more reliable for some users.

Network Information

When enabled, Mac Watcher will collect the following network information:

  • WiFi SSID (network name)
  • Local IP address
  • Public IP address

Login Failure Detection

Mac Watcher can be configured to only trigger alerts when a login failure is detected:

Login Detection Settings

You can enable or disable the login failure detection feature:

  • Login Detection Status: When enabled, monitoring actions are only triggered on failed login attempts

How It Works

When login failure detection is enabled:

  • Mac Watcher monitors both Touch ID and password authentication attempts
  • It distinguishes between successful and failed login attempts
  • Monitoring actions (screenshots, webcam, location tracking) only trigger on failed login attempts
  • Detailed logs of authentication events are collected

This feature is particularly useful if you want to reduce the number of alerts you receive and only focus on potential security incidents.

Note: This feature is currently in Beta.

Media Capture Configuration

Mac Watcher can capture photos and screenshots when your Mac wakes from sleep. To configure media settings:

Media Settings

You can configure the following media capture settings:

  • Webcam Photos: Enable or disable webcam photo capture
  • Screenshots: Enable or disable screenshot capture
  • Follow-up Screenshots: Enable or disable a second screenshot after a delay

Webcam Photos

When enabled, Mac Watcher will:

  • Attempt to capture a photo from your Mac's webcam when it wakes from sleep
  • Store the photo in the configured storage location
  • Include the photo in email notifications (if enabled)

Note: This feature requires permission to access your webcam.

Screenshots

When enabled, Mac Watcher will:

  • Capture a screenshot of your Mac's display when it wakes from sleep
  • Store the screenshot in the configured storage location
  • Include the screenshot in email notifications (if enabled)

Follow-up Screenshots

When enabled, Mac Watcher will:

  • Wait for the configured follow-up delay
  • Capture a second screenshot
  • Include the second screenshot in a follow-up email (if enabled)

Schedule Configuration

Mac Watcher can be configured to run only during specific days and times. To configure schedule settings:

Schedule Settings

You can configure the following schedule settings:

  • Custom Schedule: Enable or disable custom scheduling
  • Active Days: Select which days of the week Mac Watcher should run
  • Active Windows: Configure specific time windows when Mac Watcher should run

Active Days

When custom scheduling is enabled, you can select which days of the week Mac Watcher should run. Options include:

  • Individual days (Monday, Tuesday, etc.)
  • Weekdays (Monday-Friday)
  • Weekend (Saturday-Sunday)

Active Windows

You can configure specific time windows when Mac Watcher should run. For example:

  • 8:00AM-6:00PM (work hours)
  • 10:00PM-6:00AM (overnight)

Mac Watcher will only run if the current time falls within one of the configured time windows.

Timing Settings

You can also configure timing settings for Mac Watcher:

  • Initial Delay: The delay (in seconds) before capturing the initial media
  • Follow-up Delay: The delay (in seconds) before capturing the follow-up screenshot

Storage Configuration

Mac Watcher stores captured media and logs in a configurable location. To configure storage settings:

Storage Path

You can configure the base directory where Mac Watcher stores its files:

  • Default: $HOME/Pictures/.access
  • You can change this to any valid path on your Mac

Note: The path can include a dot (.) prefix to make the directory hidden in macOS.

Directory Structure

Mac Watcher organizes files in the following structure:

BASE_DIR/
├── YEAR/
│   └── MONTH/
│       └── DAY-MONTH-YEAR-(WEEKDAY)/
│           └── (AM/PM)-HOUR.MINUTE.SECOND/
│               ├── photo_*.jpg
│               ├── screenshot_*.jpg
│               ├── location_output.txt
│               ├── location_raw.json
│               └── monitor.log

Auto-Delete Configuration

Mac Watcher can automatically delete old files to prevent excessive disk usage. To configure auto-delete settings:

Auto-Delete Settings

You can configure the following auto-delete settings:

  • Auto-Delete Status: Enable or disable automatic deletion of old files
  • Delete Files Older Than: The number of days to keep files before deletion (1-365)

How Auto-Delete Works

When auto-delete is enabled:

  • Mac Watcher checks for files older than the specified number of days
  • Files that exceed the age limit are deleted
  • Empty directories are also removed
  • This process runs each time Mac Watcher is triggered

Configuration File

Mac Watcher stores its configuration in ~/.config/monitor.conf. While it's recommended to use the configuration utility, you can also edit this file directly if needed.

The configuration file uses a simple key-value format:

# Monitor Configuration
EMAIL_FROM="onboarding@resend.dev"
EMAIL_TO="your.email@example.com"
RESEND_API_KEY="re_123456789"
EMAIL_ENABLED="yes"
INITIAL_EMAIL_ENABLED="yes"
FOLLOWUP_EMAIL_ENABLED="yes"
EMAIL_TIME_RESTRICTION_ENABLED="no"
EMAIL_ACTIVE_WINDOWS=""
EMAIL_DAY_RESTRICTION_ENABLED="no"
EMAIL_ACTIVE_DAYS="Monday,Tuesday,Wednesday,Thursday,Friday,Saturday,Sunday"
INITIAL_DELAY=2
FOLLOWUP_DELAY=25
BASE_DIR="$HOME/Pictures/.access"
LOCATION_ENABLED="yes"
LOCATION_METHOD="corelocation_cli"
LOCATION_CONFIGURED="yes"
NETWORK_INFO_ENABLED="yes"
WEBCAM_ENABLED="yes"
SCREENSHOT_ENABLED="yes"
FOLLOWUP_SCREENSHOT_ENABLED="yes"
CUSTOM_SCHEDULE_ENABLED="no"
ACTIVE_DAYS="Monday,Tuesday,Wednesday,Thursday,Friday,Saturday,Sunday"
SCHEDULE_ACTIVE_WINDOWS=""
AUTO_DELETE_ENABLED="no"
AUTO_DELETE_DAYS=365
HTML_EMAIL_ENABLED="yes"