Category Archives: Mac Security

Bushel Interviewing Mac OS X Mac OS X Server Mac Security

Part 1: Interviewing Pepijn Bruienne

I count myself very lucky that I got to interview Pepijn Bruienne, who interviewed me some time ago. Both, on the AFP548 podcast. Here’s the first part of me interviewing Pepijn!

Mac OS X Mac OS X Server Mac Security

X World: See You At The Sydney Mac Conference

I’ll be doing a couple of presentations in Sydney on July 9th and 10th at X World. Judging from the sessions in past years, it looks to be a great time that’s sure to make you smarter!

Screen Shot 2015-03-16 at 10.56.06 AM

If you’re able, check it out at http://auc.edu.au/xworld/about/.

Mac OS X Mac OS X Server Mac Security Mass Deployment

Take Control Of OS X Server (Yosemite) Now Available

I’ve been light on posting here, mostly because I’ve been swamped with work, selling my old house, buying a new house, doing some crazy taxes, wrapping production on a new book and updating the Take Control of OS X Server book to Yosemite Server. Well, earlier this week I sold my house, got the next version of Bushel ready to rock and filed my taxes. Aaaaannnnnndddddd, the Yosemite version of Take Control Of OS X Server is now available at http://tid.bl.it/1xuCJUC.

Screen Shot 2015-02-05 at 2.24.54 PM

Boom. Will get back to my normally scheduled postings shortly!

Mac OS X Mac OS X Server Mac Security Mass Deployment Ubuntu Unix WordPress

Install Pow for Rails Testing On OS X

Pow is a Rack server for OS X. It’s quick and easy to use and lets you skip that whole update an Apache file, then edit /etc/hosts, ethane move a file, then run an app type of process. To get started with Pow, curl it down and pipe it to a shell, then provide the password when prompted to do so:

odr:~ charlesedge$ curl get.pow.cx | sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 9039 100 9039 0 0 10995 0 --:--:-- --:--:-- --:--:-- 10996
*** Installing Pow 0.5.0...
*** Installing local configuration files...
/Users/charlesedge/Library/LaunchAgents/cx.pow.powd.plist
*** Installing system configuration files as root...
Password:
/Library/LaunchDaemons/cx.pow.firewall.plist
/etc/resolver/dev
*** Starting the Pow server...
*** Performing self-test...
*** Installed

For troubleshooting instructions, please see the Pow wiki:

https://github.com/basecamp/pow/wiki/Troubleshooting

To uninstall Pow, `curl get.pow.cx/uninstall.sh | sh`

To install an app into Pow, create a symlink to it using ln (assuming ~/.pow is your current working directory):

ln -s /path/to/myapp

Then just open the url, assuming my app is kryptedapp.com:

open http://kryptedapp.com

Pow can also use ~/Library/LaunchAgents/cx.pow.powd.plist to port proxy. This allows you to redirect different apps to different ports. When pow boots, it runs .powconfig, so there’s a lot you can do there, like export, etc. Once you’re done testing out pow, if you don’t decide it’s awesome, remove it with the following command:

curl get.pow.cx/uninstall.sh | sh

Kerio Mac OS X Mac OS X Server Mac Security Mass Deployment

Modern Mac Synchronization with ChronoSync

ChronoSync is one of those tools that’s been in the Mac community for a long time (rightfully so). It’s been a little while since I got the chance to really tinker around with ChronoSync so I thought I’d do a little article on what I got to find during my tinkerations. To get started with ChronoSync, go to their website at http://www.econtechnologies.com/chronosync/overview.html. Next, we’re going to walk through the most basic of setups (and you can get all kinds of complicated from there if you’d like!).

Once you’ve downloaded, ChronoSync, run the installer from the disk image that was downloaded.

Screen Shot 2015-01-31 at 11.50.13 AM

Then walk through the installer, basically following the defaults (unless you’d like to install to a volume other than your boot volume).

Screen Shot 2015-01-31 at 11.50.15 AM

Once the installer is finished, open the app and register the product.

Screen Shot 2015-01-31 at 11.53.16 AM

Once registered, you’ll see a nice screen giving you a few options. We’re going to create a single plan (synchronizer document) to backup a single source to a single target. To do so, click on the option to “Create a new synchronizer document”.

Screen Shot 2015-01-31 at 11.53.55 AM

At the Setup screen, you have a right and left column. When I used to do a lot of manual migrations, I would always always  always line up my source on the left and my target on the right (or invariably you risk data loss by copying in the wrong direction), so the workflow in ChronoSync has always made sense to me. Because a lot of the data I use needs root access, I’m going to select “Local Volumes (Admin access)” in the “Connect to” field and then use the Choose button to select my actual source. Repeat that process in the Right Target section of the screen.

Screen Shot 2015-01-31 at 11.54.10 AM

The default action that will be performed is to backup from the left to the right targets (the term target referring to the folder, not that it’s a source or target in the backup operation). Click into the Operation field to bring up a list of the options that can be performed between your left and right targets.

Screen Shot 2015-01-31 at 12.10.07 PM

The option I’m selecting is “Synchronize Bidirectional” as this is an article about syncing data. The other options are pretty well defined in the manual, but it’s worth mentioning that the Bootable Mirror options are especially useful. Once you’ve set the type of sync, you can also use the Options menu to define some pretty granular settings for your sync. For the purposes of this sync, which brings over server shares, I’m going to leave Conflict resolution set to Ask User and use the custom option under the Special File/Folder Handling section to enable the “Verify copied data” option and “Preserve Comments” option. Note that if you’re doing this on servers and would like to stop a service (such as postgres) before a sync and start it after, you can use the scripts section of this screen. You can also configure notifications, sending emails when syncs have errors, or every time there’s a sync.

Screen Shot 2015-01-31 at 12.17.43 PM

Click Rules to build inclusion/exclusion rules (for example, I don’t often sync things like operating system and software installers since I can just go download them again, pretty easily). Click Archive in the sidebar if you’d like to remove files based on a trigger (e.g. if it’s been removed from the source, archive it, etc).

Next, you can simply click Synchronize to run an immediate sync of the files and folders you’ve defined in your Sync Document. Or, you can click Add to Schedule to define when you’d like to run your Synchronization Documents.

There, less than 5 minutes and we’ve got a pretty advanced sync going. Use the Log button to see how everything went. And remember, always verify that the archives and backups are running on a good schedule. For example, I like to have at least a weekly cadence to make sure that media one each side of a sync can still open. It helps me sleep better.

Articles and Books Mac OS X Mac OS X Server Mac Security Mass Deployment Network Printing public speaking

MacIT Is Coming Back In July

MacWorld is kinda’ dead. Long live MacWorld (I cry nightly over this). But MacIT, alive and well and awesome (I hadn’t really spent any time on the floor for a long time anyway)! Here’s the email announcing the MacIT dates, which will be July 14th through 16th in Santa Clara! I’m super-stoked! :)

MacIT_logo_emailDear MacIT constituents,

Mark your calendars for MacIT 2015!

I’m pleased to announce that we have secured dates for the MacIT 2015 Conference. This year’s event will be held July 14-16 at the Santa Clara Convention Center in Silicon Valley (Santa Clara, CA). Our team is hard at work to ensure the first “stand alone” MacIT is a must-attend event for enterprise professionals. The program committee is currently vetting themes and topics for the conference and our call for presenters is currently posted on our website – http://www.macitconf.com. Our returning sponsors, JAMF, Code42, ESET, Parallels, and CoSoSys are ready to preview their iOS and OS X solutions at MacIT 2015, and our sponsor recruitment team is in discussions with many of the manufacturers you have requested access to.

The world of enterprise integration for iOS and OS X continues to evolve at an exciting pace and MacIT continues to be a unique meeting and marketplace for the enterprise professional. MacIT will continue to focus on all things “Apple in the Enterprise” – technology and standards tutorials, realistic product and solution chain evaluations, candid analysis, case studies, peer problem solving, access to key vendors, and insights to help you assess Apple’s role in the enterprise technology world, and how these tools can best be put to work in your organization. Our goal is always to provide you the best (quantity and quality) content, presenters, manufacturers, and professional networking access to make you a success in your deployment projects.

I look forward to keeping in touch with you via email and social media with event updates and announcements over the coming months, and hope to see you at MacIT 2015.

Best Regards,

Paul Kent Conference Chairman, MacIT

MacIT on Twitter: https://twitter.com/MacITConf #MacIT2015

MacIT on Facebook: https://www.facebook.com/pages/MacIT/151684994917868

iPhone Mac OS X Mac OS X Server Mac Security MobileMe

MacTech Pro

MacTech just announced MacTech Pro: a new series of one day, regional events that are specifically designed for professional Apple techs, consultants, and support staff.  MacTech Pro Events are single-track, hotel-based seminars that are specifically geared to serve the needs of professional consultants, IT Pros and techs who support others on OS X and iOS.  The first MacTech Pro will take place on March 4th, 2015 in Seattle.

MacTech Pro will take place in nine U.S. cities in 2015 including:

• March 4, 2015 : MacTech Pro, Seattle
• March 25, 2015 : MacTech Pro, San Francisco
• April 15, 2015 : MacTech Pro, Boston
• May 6, 2015 : MacTech Pro, Atlanta
• June 24, 2015 : MacTech Pro, Washington DC
• July 22, 2015 : MacTech Pro, Chicago
• August 12, 2015 : MacTech Pro, New York
• September 2, 2015 : MacTech Pro, Dallas
• September 30, 2015 : MacTech Pro, Denver

Using MacTech’s proven “running order” approach, MacTech Pro will pack in the maximum amount of sessions possible into the time available combined with the opportunity to talk to sponsors, network with peers and meet new contacts. Event topics in 2015 include:

• Deconstructing iCloud Drive: What a Tech Must Know
• Time Machine Deep Dive, and Fitting it Into a Backup Strategy
• The Professional Apple Tech’s Toolbox
• Using OS Resources to Diagnose Troubles
• Caching servers, DNS Tricks, and More
• VPP, DEP, and Under 13: How New Apple ID Requirements Impact You and Your Clients
• Productivity Tools: Best Practices and Uses of Microsoft Office
• Security, Viruses and Malware. It’s real. It’s now. You need to take it seriously.
• Managing Your Clients To Increase Productivity and to Optimize Revenue

MacTech Pro Events are economically priced, include the full day of sessions, lunch, breaks and access to sponsor tables. Those who register early can take advantage of the Early Registration and save $200.00 and pay only $299 to register for any of the nine regional MacTech Pro Events in 2015.

To honor the announcement, those that register this week can save an additional $50 savings for any MacTech Pro Event in 2015 — $249 until January 26th.  EDU pricing for students, educators and staff is $199.

Additional information on topics, sessions, sessions chairs, speaker and sponsorship opportunities are available at http://pro.mactech.com/

Active Directory Mac OS X Mac OS X Server Mac Security Mass Deployment

Destroy Open Directory Servers Using The Server App

You can destroy an LDAP server using the Server app (and still using slapconfig -destroyldapserver). To do so, open the Server app and click on Open Directory. Then click on the Open Directory server in the list of servers.

Screen Shot 2015-01-16 at 11.22.15 PM

When prompted to destroy the LDAP Master, click on Next.

Screen Shot 2014-12-15 at 10.09.56 PM

When asked if you’re sure, click Continue.

Screen Shot 2014-12-15 at 10.10.00 PM

When asked if you’re really, really sure, click Destroy.

Screen Shot 2014-12-15 at 10.10.03 PM

Wait.

Bushel iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment

Enroll Devices Into Bushel

To manage a device from Bushel, it must first be added to your Bushel. The technical whiz-bang name for that process is Enrollment. We currently provide 3 ways to enroll devices into your Bushel. All three are available on the Enrollment page when you’re logged into Bushel.

Screen Shot 2014-09-11 at 11.41.46 AM

The first and best way to enroll devices into your Bushel is an Apple program called the Device Enrollment Program, or DEP for short. DEP is a way of tying devices to your Bushel so that they cannot be removed from the device, even if the device is wiped. Other than through DEP,  all enrollment into your Bushel is optional on the devices and so devices can be unenrolled at will. DEP requires an actual DEP account with Apple, which you can sign up for at https://deploy.apple.com/qforms/open/register/index/avs.

The second way to enroll devices into your Bushel is via Open Enrollment. When you Configure Open Enrollment you create a link that allows your users to enroll without logging into the portal. Simply open Open Enrollment from the Enrollment page and click Enable. Once enabled, you’ll see the URL to enroll devices.

Screen Shot 2014-09-11 at 11.43.44 AM

The third way to enroll devices is manually. Simply log into your Bushel, click on Enrollment and then click on the Enroll button for Enroll This Device. When prompted for “Who will this device belong to?” enter the username (e.g. the user’s name in front of their email address most likely or the username for your email system if it’s something different than that). Also provide the email address itself in the Email Address field and then click Enroll This Device. Now, if you want to enroll the device you’re using, simply complete the screen prompts for the profile installation and you’ll be good to go. Or, you can save the mobileconfig file that’s downloaded and send it to others in order to allow them to install it as well. Simply cancel the installation process (most easily done from a Mac) and distribute the Enroll.mobileconfig file as needed. You can also put a user’s name in front of the file name, so you know which will enroll each user. If you need to enroll 3 or 4 people in other countries or cities, this might be the best option!

Screen Shot 2014-09-11 at 11.48.46 AM

OK, so we basically gave 4 ways to enroll. But that’s because we’re trying to make it as easy as possible to enroll devices into your Bushel.

Mac OS X Mac OS X Server Mac Security Network Infrastructure Xsan

Configure sFlows on a Brocade 8470

sFlow is an industry standard that allows network equipment with the appropriate agents to send data to sFlow collectors, which then analyze network traffic. You can install sFlow on routers, switches, and even put agents on servers to monitor traffic. Brocade (along with most other switch manufacturers) supports sFlow.

Before you do anything log into the switch and check the current flow configuration:

show sFlow

To configure, log into the switch and use the the int command to access an interface. From within the interface, use the following command:

sflow forwarding

Then exit the interface using the very difficult to remember exit command:

exit

Repeat the enablement of forwarding for any other necessary interfaces. Next, we’ll configure a few globals that would be true across all interfaces. The first is the destination address, done using the destination verb followed by the IP and then the port (I’m using the default 6343 port for sFlow):

sflow destination 192.168.210.87 6343

Set the sample rate:

sflow sample 512

Set the polling interval:

sflow polling-interval 30

Finally, enable sFlow:

sflow enable