krypted.com

Tiny Deathstars of Foulness

The command to create and tear down an Open Directory environment is slapconfig. When you disable Open Directory from the Server app you aren’t actually removing users. To do so, you’d use slapconfig along with the -destroyldapserver. When run, you get a little insight into what’s happening behind the scenes. This results in the following:

bash-3.2# sudo slapconfig -destroyldapserver

The logs are as follows:

2017-09-09 20:59:31 +0000 slapconfig -destroyldapserver 2017-09-09 20:59:31 +0000 Deleting Cert Authority related data 2017-09-09 20:59:31 +0000 Removed directory at path /var/root/Library/Application Support/Certificate Authority/krypted Open Directory Certificate Authority. 2017-09-09 20:59:31 +0000 command: /usr/sbin/xscertadmin add –reason 5 –issuer krypted Open Directory Certificate Authority –serial 1339109282 2017-09-09 20:59:51 +0000 Could not find matching identity in system keychain 2017-09-09 20:59:51 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist 2017-09-09 20:59:51 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist 2017-09-09 20:59:51 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist 2017-09-09 20:59:51 +0000 Stopping LDAP server (slapd) 2017-09-09 20:59:53 +0000 Stopping password server 2017-09-09 20:59:56 +0000 Removed all service principals from keytab for realm MACOSSERVER.KRYPTED.COM 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/entryCSN.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/apple-config-realname.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/memberUid.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/__db.004. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/__db.003. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/apple-hwuuid.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/entryUUID.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/dn2id.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/sn.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/__db.002. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/__db.005. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/uid.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/objectClass.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/macAddress.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-nestedgroup.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000001. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/ou.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/givenName.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/id2entry.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/DB_CONFIG. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/mail.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/__db.006. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/__db.001. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/cn.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/altSecurityIdentities.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/entryCSN.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/__db.004. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/__db.003. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/entryUUID.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/dn2id.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/__db.002. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/__db.005. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/objectClass.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/authGUID.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/log.0000000001. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/id2entry.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/DB_CONFIG. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/__db.006. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/__db.001. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalAliases.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalName.bdb. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/alock. 2017-09-09 20:59:56 +0000 Removed directory at path /var/db/openldap/authdata. 2017-09-09 20:59:56 +0000 Removed file at path /etc/openldap/slapd_macosxserver.conf. 2017-09-09 20:59:56 +0000 Removed file at path /etc/openldap/slapd.conf. 2017-09-09 20:59:56 +0000 Removed file at path /etc/openldap/rootDSE.ldif. 2017-09-09 20:59:56 +0000 Removed file at path /var/db/dslocal/nodes/Default/groups/com.apple.access_dsproxy.plist. 2017-09-09 20:59:56 +0000 Removed directory at path /etc/openldap/slapd.d/cn=config. 2017-09-09 20:59:56 +0000 Removed file at path /etc/openldap/slapd.d/cn=config.ldif. 2017-09-09 20:59:56 +0000 Removed directory at path /etc/openldap/slapd.d. 2017-09-09 20:59:56 +0000 Removed directory at path /etc/openldap/slapd.d.backup/cn=config. 2017-09-09 20:59:56 +0000 Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif. 2017-09-09 20:59:56 +0000 Removed directory at path /etc/openldap/slapd.d.backup. 2017-09-09 20:59:59 +0000 Stopping password server 2017-09-09 20:59:59 +0000 Removed file at path /etc/ntp_opendirectory.conf. 2017-09-09 20:59:59 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.

September 14th, 2017

Posted In: Mac OS X Server

Tags: , , , , ,

Leave a Comment

DNS is DNS. And named is named. Except in macOS Server. Sometimes. The configuration files for the DNS services in macOS Server are stored in /Library/Server/named. This represents a faux root of named configuration data, similar to how that configuration data is stored in /var/named on most other platforms. Having the data in /Library/Server/ makes it more portable across systems.

The current version of BIND is BIND 9.9.7-P3 (Extended Support Version). This has been the case for a number of macOS Server versions, and can easily be located by doing a cat of the /Library/Server/named/.version file. 

Traditionally, you would edit this configuration data by simply editing the configuration files, and that’s absolutely still an option. In macOS Server 5.2 (for Sierra), a new command is available at /Applications/Server.app/Contents/ServerRoot/System/Library/PrivateFrameworks/DNSManager.framework called dnsconfig. The dnsconfig command appears simple at first. However, the options available are actually far more complicated than they initially appear.

The verbs available include:
  • help: show help information
  • list: show the contents of configurations and zone files
  • add: create records and zones
  • delete: remove records and zones
To view data available in the service, use the list verb. Options available when using the list verb include:
  • –acl: show ACLs
  • –view: show BIND view data
  • –zone: show domains configured in the service
  • –rr: show resource records
  • –rrtype: show types of resource records
For example, let’s say you have a domain called pretendco.lan and you would like to view information about that zone. You could use the dnsconfig command along with the list verb and then the –zone option and the domain name:

/Applications/Server.app/Contents/ServerRoot/System/Library/PrivateFrameworks/DNSManager.framework/dnsconfig list --zone=pretendco.lan

The output would show you information about the listed zone, usually including View data:

Views: com.apple.ServerAdmin.DNS.public Zones: pretendco.lan Options: allow-transfer: none allow-update: none

To see a specific record, use the –rr option, followed by = and then the fqdn, so to see ecserver.pretendco.lan:

/Applications/Server.app/Contents/ServerRoot/System/Library/PrivateFrameworks/DNSManager.framework/dnsconfig list --rr=ecserver.pretendco.lan

By default views are enabled and a view called com.apple.ServerAdmin.DNS.public is created when the DNS server first starts up. You can create other views to control what different requests from different subnets see; however, even if you don’t create any views, you’ll need to add the –view option followed by the name of the view (–view=com.apple.ServerAdmin.DNS.public) to any records that you want to create. To create a record, use the add verb. You can add a view (–view), a zone (–zone) or a record (–rr). Let’s start by adding a record to the pretendco.lan from our previous example. In this case we’ll add an A record called www that points to the IP address of 192.168.210.201:

/Applications/Server.app/Contents/ServerRoot/System/Library/PrivateFrameworks/DNSManager.framework/dnsconfig add --view=com.apple.ServerAdmin.DNS.public --zone=pretendco.lan --rr=www A 192.168.210.201

You can add a zone, by providing the –view to add the zone to and not providing a –rr option. Let’s add krypted.lan:

/Applications/Server.app/Contents/ServerRoot/System/Library/PrivateFrameworks/DNSManager.framework/dnsconfig add --view=com.apple.ServerAdmin.DNS.public --zone=krypted.lan

Use the delete verb to remove the data just created:

/Applications/Server.app/Contents/ServerRoot/System/Library/PrivateFrameworks/DNSManager.framework/dnsconfig delete --view=com.apple.ServerAdmin.DNS.public --zone=krypted.lan


Or to delete that one www record earlier, just swap the add with a delete:

/Applications/Server.app/Contents/ServerRoot/System/Library/PrivateFrameworks/DNSManager.framework/dnsconfig delete --view=com.apple.ServerAdmin.DNS.public --zone=pretendco.lan --rr=www A 192.168.210.201

Exit codes would be “Zone krypted.lan removed.” and “Removed 1 resource record.” respectively for the two commands. You can also use the –option option when creating objects, along with the following options (each taken as a value followed by an =, with this information taken by the help page):
  • allow-transfer Takes one or more address match list entry. Address match list entries consist of any of these forms: IP addresses, Subnets or Keywords.
  • allow-recursion Takes one or more address match list entry.
  • allow-update Takes one or more address match list entry.
  • allow-query Takes one or more address match list entry.
  • allow-query-cache Takes one or more address match list entry.
  • forwarders Takes one or more IP addresses, e.g. 10.1.1.1
  • directory Takes a directory path
  • tkey-gssapi-credential Takes a kerberos service principal
  • tkey-domain Takes a kerberos realm
  • update-policy Takes one complete update-policy entry where you can grant or deny various matched objects and specify the dentity of the user/machine that is allowed/disallowed to update.. You can also identify match-type (Type of match to be used in evaulating the entry) and match-name (Name used to match) as well as rr-types (Resource record types that can be updated)
Overall, this command is one of the best I’ve seen for managing DNS in a long time. It shows a commitment to continuing to make the service better, when you add records or remove them you can instantly refresh the Server app and see the updates. It’s clear a lot of work went into this and it’s a great tool for when you’re imaging systems and want to create records back on a server or when you’re trying to script the creation of a bulk list of records (e.g. from a cached file from a downed host). It also makes working with Views as easy as I’ve seen it in most platforms and is overall a breeze to work with as compared to using the serveradmin command to populate objects so the GUI doesn’t break when you update records by hitting files directly.

Additionally, you can manage bind in a variety of other ways. There are global settings exposed with the bind -v command:

bind -v


Which returns something similar to the following:

set bind-tty-special-chars on
set blink-matching-paren on
set byte-oriented off
set completion-ignore-case off
set convert-meta off
set disable-completion off
set enable-keypad off
set expand-tilde off
set history-preserve-point off
set horizontal-scroll-mode off
set input-meta on
set mark-directories on
set mark-modified-lines off
set mark-symlinked-directories off
set match-hidden-files on
set meta-flag on
set output-meta on
set page-completions on
set prefer-visible-bell on
set print-completions-horizontally off
set show-all-if-ambiguous off
set show-all-if-unmodified off
set visible-stats off
set bell-style audible
set comment-begin #
set completion-query-items 100
set editing-mode emacs
set keymap emacs

September 10th, 2017

Posted In: Mac OS X Server

Tags: , , , , , , , , , , , ,

Leave a Comment

Server comes with a command called RoomsAdminTool located at /Applications/Server.app/Contents/ServerRoot/usr/bin/RoomsAdminTool. This tool can list available rooms using a -l flag:

RoomsAdminTool -l

You can also create new rooms, using the following format, where krypted is the name of the room, the persistent option means the room is, er, persistent. The description option indicates a description used for the room.

RoomsAdminTool -n krypted -c persistent yes description "This room is for friends of krypted only”

To then delete the room, use the -d option:

RoomsAdminTool -n krypted -d

Add the -v to do it all verbosely. There are lots of other options as well, as follows (from the man page): Valid Configuration Keys and Values:
KEYVALID VALUESDESCRIPTION
descriptionstringA short description for the room
passwordstringDefine a password for room entry. An empty string implies no password required.
membersOnlyyes | noOnly room members are allowed to enter the room.
subjectLockedyes | noAre non-moderators and non-admins prevented from setting the room subject
logFormatDisabled | Text | XHTMLDisable room logging, or enable it using Text or XHTML.
maxUsersinteger; 0 for unlimitedSet the maximum allowed occupants for the room.
moderatedyes | no Make the room "moderated".
nonAnonymousyes | noIf "yes", only moderators/owners can discover occupants' real JIDs.
persistentyes | noPersistent rooms stay open until they are explicitly destroyed and their configuration survives service restarts, unlike non-persistent rooms.
privateMessagesAllowedyes | no Whether or not occupants can exchange private messages within the room.
roomPublicyes | no Defines whether the room be discovered by anyone
subjectstringSet a room subject/topic
usersCanInviteyes | no Defines whether occupants can invite other users to enter the room
addOwnervalid JabberIDMake the specified user a room owner (ex.: admin@krypted.com). Rooms can have multiple owners.
removeOwnervalid JabberIDRemove the specified user from the room owner list
addAdminvalid JabberIDMake the specified user a room admin
removeAdminvalid JabberIDRemove the specified user from the room admin list
addMembervalid JabberIDMake the specified user a room member
removeMembervalid JabberIDRemove the specified user from the room member list
addOutcastvalid JabberIDMake the specified user a room outcast (banned from public rooms)
removeOutcastvalid JabberIDRemove the specified user from the room outcast list
Ultimately, if you’d like to do Student Information System (SIS) integration, or wait for an AD/OD group and then programmatically generate rooms, this is how you’d do it. Also, it’s worth noting that Messages (and so Jabber if you’re running your own server) is a very basic instant messaging tool. There are more modern ways of interacting with others these days, including Slack and Confluence. Additionally, the Messages app can just use the phone number of people to let address books become a way of managing groups you’d like to message. These do not require a dedicated server, but most strategies will require a monthly fee that’s typically per-user.

September 9th, 2017

Posted In: Mac OS X Server

Tags: , , , , ,

Leave a Comment

In the following example script, I’m going to pull a list of just the usernames from fdesetup. sudo fdesetup list The output would be as follows:
charlesedge,F4D8B61D-1234-1234-98F4-103470EE1234 emerald,2E1203EA-1234-4E0D-1234-717D27221234 admin,50058FCF-88DF-1234-1234-91FCF28C0488
I’ll then pipe them into sed and use the , as a delimiter, pulling * or everything before it: sudo fdesetup list | sed 's;,.*;;' As follows:
charlesedge emerald admin

August 29th, 2017

Posted In: bash, Mac OS X, Mac OS X Server

Tags: , , ,

Apple has a number of different logging APIs. For the past few releases, Apple has tried to capture everything possible in logs, creating what many administrators and developers might consider to be a lot of chatter. As such, an entirely new interface needed to be developed to categorize and filter messages sent into system logs.

Writing Logs

The logger command is still used to create entries in system logs. However, if you are then using tail to view /var/log/system.log then you will notice that you no longer see your entry being written. This is because as the logs being created in macOS have gotten more complex, the tools to read and write those logs has gotten more complicated as well. Let’s take a simple log entry. Below, we’ll write the string “Hello Logs” into the system log. To do so, use the –i option to put the process id of the logger process and –s to write to the system log, as well as to stderr. To make the entry easier we’ll tag it with –t followed by the string of the tag. And finally, we’ll quote the entry we want written into the log. This is basically the simplest form of an entry: logger -is -t krypted "Hello Logs" Once written, use the log command to read your spiffy new entries. This isn’t terribly different than how things worked previously. If you’re a developer, you will need to note that all of the legacy APIs you might be using, which include asl_log_message, NSLog, and syslog, have been redirected to the new Unified Logging system, provided you build software for 10.12 (you can still build as before for 10.11, iOS 9, tvOS 10, and watchOS 3 and below). These are replaced with the os_log, os_log_info, os_log_debug, os_log_error, os_log_fault, and os_log_create APIs (which correspond to various levels of logs that are written).

Reading Logs

Logs are now stored in the tracev3 formatted files in /var/db/diagnostics, which is a compressed binary format. As with all binary files, you’ll need new tools to read the files. Console has been updated with a new hierarchical capability and the ability to watch activities, subsystems, etc. The log command provides another means of reading those spiffy new logs. To get started, first check out the man page: man log That “Hello Logs” string we used earlier is part of a message that you can easily view using the ‘log show’ command. In the below example, we’ll just run a scan of the last 3 minutes, using the –last option, and then providing a –predicate. We’ll explain those a bit later, but think of it as query parameters – here, we’ll specify to look for “Hello Logs” in eventMessage: log show --predicate 'eventMessage contains "Hello Logs"' --last 3m Filtering the log data using “eventMessage CONTAINS “Hello Logs”” shows us that our entry appears as follows:
Timestamp                       Thread     Type        Activity             PID 2017-03-23 23:51:05.236542-0500 0x4b83bb   Default     0x0                  88294  logger: Hello Logs ——————————————————————————————————————– Log      – Default:          1, Info:                0, Debug:             0, Error:          0, Fault:          0 Activity – Create:           0, Transition:          0, Actions:           0
How do you find out what to use where? Here’s an example where I’m going to try to find all invalid login attempts. First, I’m just going to watch the logs. Many will prefer the “log stream’ command. I’m actually going to just use show again, because I like the way it looks more. I’m also going to use log with the syslog –style so it’s easier to read (for me at least), and then here I’m just looking at everything by specifying a space instead of an actual search term: log show --style syslog --predicate 'eventMessage contains " "' --info --last 24h Looking at the output, you can see an entry similar to the following:
2017-03-23 14:01:43.953929-0500  localhost authorizationhost[82865]: Failed to authenticate user <admin> (error: 9).
Oh, I’ve got to just search for Failed to authenticate user” and I’ll be able to count invalid login attempts. To then take this and place it into a command that, for example, I could build an extension attribute using, I can then just find each entry in eventMessage that contains the string, as follows: log show --style syslog --predicate 'eventMessage contains "Failed to authenticate user"' --info --last 1d As with many tools, once you have a couple of basic incantations, they become infinitely simpler to understand. These few commands basically get you back to where you were with tailing logs. If you want to get that –f functionality from tail, to watch the logs live, just swap show with stream. The most basic incantation of this would just be ‘log stream’ without bothering to constrain the output: log stream Running this is going to spew so much data into your terminal session. So to narrow down what you’re looking for, let’s look at events for Twitter: log stream --predicate 'eventMessage contains "Twitter"' You can also view other logs and archives, by calling a file name: log show system_logs.logarchive

Organization and Classification

The new logging format also comes with Subsystems. If you’re a developer you’ll be able to file your messages into, for example, a com.yourname.whatevers domain space, so you can easily find your log messages. You can also build categories, and of course, as we noted previously, tag. So there are about as many ways to find log entries as you can possibly ask for. Apple has a number of subsystems built into macOS. I put together a list of Apple subsystems into a class that you should be able to throw into your python projects at https://gist.github.com/krypted/495e48a995b2c08d25dc4f67358d1983. You also have different logging levels. These include the basic levels of Default, Info, and Debug. You also have two special levels available: Fault and Error. All of this is to add hierarchical logs (which makes tracing events a much more lovely experience) and protecting privacy of end users (think sandbox for logs). I’d recommend watching the WWDC session where Unified Logging was introduced at https://developer.apple.com/videos/play/wwdc2016/721 if you’re interested in learning more about these types of things, especially if you’ll be building software that makes use of these new logging features. The one thing that’s worth mentioning for the Mac Techs out there, is how you would go about switching between logging levels for each subsystem. This is done with the ‘log config’ command. Here, I’ll use the –mode option to set the level to debug, and then defining the substyem to do so with using the –subsystem option: log config --mode "level:debug" --subsystem com.krypted If you have a particularly dastardly app, the above might just help you troubleshoot a bit. As mentioned earlier, we also have these predicates, which you can think of as metadata in the searching context. These include the following:
  • category: category of a log entry
  • eventMessage: searches the activity or message
  • eventType: type of events that created the entry (e.g. logEvent, traceEvent)
  • messageType – type or level of a log entry
  • processImagePath: name of the process that logged the event
  • senderImagePath: not all entries are created by processes, so this also includes libraries and executables
  • subsystem: The name of the subsystem that logged an event

Comparisons and Searches

OK, now let’s make things just a tad bit more complicated. We’ll do this by stringing together search parameters. Here, we have a number of operators available to us, similar to what you see in SQL. These include:
  • && or AND to indicate two matches
  • || or OR indicates one of the patterns matches
  • ! or NOT searches for items that the patterns don’t match for, which is useful for filtering out false positives in scripts
  • = to indicate that one search matches a pattern or is equal to
  • != to indicate that the search is not equal to
  • > is greater than
  • < is less than
  • => means greater than or equal to
  • =< means less than or equal to
  • CONTAINS indicates a string matches a given pattern with case sensitivity
  • CONTAINS[c] indicates a string matches a given pattern without case sensitivity
  • BEGINSWITH indicates a string begins with a given pattern
  • ENDSWITH indicates that a string ends with a given pattern
  • LIKE indicates a pattern is similar to what you’re searching for
  • MATCHES indicates that two text strings match
  • ANY, SOME, NONE, IN are used for pattern matching in arrays
  • NULL indicates a NULL response (for example, you see “with error (NULL)” in logs a lot)
To put these into context, let’s use one in an example. Thus far my most common as been a compound search, so matching both patterns. Here, we’ll look at the WirelessProximity subsystem for Bluetooth and we’ll look at how often it’s scanning for new devices, keeping both patterns to match inside their own parenthesis, with all patterns stored inside single quotes, as follows: log show --style syslog --predicate '(subsystem == "com.apple.bluetooth.WirelessProximity") && (eventMessage CONTAINS[c] "scanning")' --info --last 1h Developers and systems administrators will find that the Apple guide on predicate programming, available at https://developer.apple.com/library/prerelease/content/documentation/Cocoa/Conceptual/Predicates/AdditionalChapters/Introduction.html, to be pretty useful if you’re doing lots of this kind of work. Note: sysdiagnose, a tool long used for capture diagnostics information to include in bug reports, is still functional, and now includes Unified Logging information, so Apple developers can get a complete picture of what’s going on in systems.

Conclusion

Ultimately, the new Unified Logging is a bit more complicated than the previous options for both creating and reading logs. But once you get used to it, you’ll log it – I mean, love it. I find that I use less grep and awk and get more concise results. I also like the fact that the same code is useable with all four platforms, so learn once and re-use across devices. There’s a lot of information out there, but I had to go hunting around. Hopefully having a number of links and a the structure used in this article makes it easier to learn how to use all these new new little toys! Good luck!

July 26th, 2017

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , , , ,

Clients discover the Apple Caching service bundled with macOS Server (and in the future macOS) automatically. You can create a text recored for _aaplcache._tcp on your DNS server. That would look
_aaplcache._tcp 518400 IN TXT “prs=192.168.50.100”
Name: _aaplcache._tcp with a type of TXT and a TTL of 518400 seconds. The prs is the address to be used and is set to a value using prs=192.168.50.100.

June 15th, 2017

Posted In: Mac OS X Server

Tags: , , , ,

Some apps have defaults domains that don’t work the same as other apps and you need to use the -app option in defaults. This option is available for most apps, and sometimes I’ll use it to specifically crawl around for a specific setting I’m looking for. But for other apps, you need to interact with them there. So let’s look at Eclipse. Here, we can do a read with -app followed by the path: defaults read -app /Applications/eclipse/Eclipse.app/ The output would be as follows:
{ NSNavLastRootDirectory = “~/smb/smb”; NSNavPanelExpandedSizeForOpenMode = “{712, 426}”; NSScrollAnimationEnabled = 0; WebKitJavaEnabled = 0; }
Now, let’s say you had a specific setting, like fixing an anti-aliasing issue: defaults write -app /Applications/eclipse/Eclipse.app AppleAntiAliasingThreshold 19 #thanksaloteclipseupdaters

June 4th, 2017

Posted In: Java, Mac OS X, Mac OS X Server, Mac Security

Tags: ,

June 2nd, 2017

Posted In: Mac OS X, Mac OS X Server, Mac Security, MacAdmins Podcast

Tags: , , , , ,

Added 3 new flags into precache tonight: –jamfserver, –jamfuser, and –jamfpassword. These are used to provide a Jamf Pro server (or cloud instance), the username to an account that can list the mobile devices on that server, and a password to that account respectively. Basically, when you provide these, the script will pull a unique set of models and then precache updates for them. It’s similar to grabbing a list of devices: curl -s -u myuser:mypassword https://myserver.jamfcloud.com/JSSResource/mobiledevices And then piping the output of a device list to: perl -lne 'BEGIN{undef $/} while (/<model_identifier>(.*?)<\/model_identifier>/sg){print $1}' And then running that array as an input to precache.py. Hope this helps make the script more useful!

May 13th, 2017

Posted In: iPhone, Mac OS X Server

Tags: , , , , , ,

If you’re in need of MDM in Japanese or German, Jamf Now shipped support for those languages last week. To switch languages, click on your name once logged in, and then click on the language you would like to use. Enjoy.

May 1st, 2017

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , ,

Next Page »