krypted.com

Tiny Deathstars of Foulness

When I plug my iPad in, Photos opens. I want it to stop opening when I plug it in. To make it stop, write a disableHotPlug key into com.apple.ImageCapture as true:

defaults -currentHost write com.apple.ImageCapture disableHotPlug -bool true

To enable Photos opening when you plug in a device again, just delete the disableHotPlug key:

defaults -currentHost delete com.apple.ImageCapture disableHotPlug

February 7th, 2016

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security

Tags: , , ,

Leave a Comment

I have another article up on the world webs. This one is on cloud use in small businesses, with IT Business Edge. Check it out at http://www.itbusinessedge.com/slideshows/6-ways-small-businesses-can-master-the-cloud-in-2016-08.html.

Screen Shot 2016-01-20 at 3.24.36 PM

January 20th, 2016

Posted In: cloud, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Microsoft Exchange Server

Tags: ,

Ever since the kids from Silicon Valley went to TechCrunch, I’ve been thinking that at some point I’d want to put a piece there. Luckily, I recently got the chance. Today, 16 Apple Security Advances To Take Note Of In 2016 went up on TechCrunch. You can access the article here.

Screen Shot 2016-01-18 at 7.36.16 PM

The original article actually listed the year that each was introduced in order. It was a lot of work to go back in time and piece the timeline together, so since the years didn’t make it through editorial, I list them here (not that anyone actually cares):

  • 2002: Managed Preferences
  • 2003: FileVault
  • 2004: Require all software installers that need system resources to prompt for a password
  • 2005: Restrict setuid and setgid in scripts
  • 2007: Time Machine
  • 2007: Application Firewall
  • 2007: ASLR(Address Space Layout Randomization)
  • 2009: Application Sandboxing
  • 2009: XProtect, or File Quarantine
  • 2008: Antiphishing
  • 2010: The Mac App Store
  • 2012: Gatekeeper
  • 2012: Mobile Device Management
  • 2013: iCloud Keychain
  • 2015: System Integrity Protection, or SIP

And yes, since I was there for each of these, I did feel old writing this… :-/

And yes, thank you for asking, I did just publish another book on Mac Security, which you can buy here. :)

January 18th, 2016

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , ,

It can be tough to get information about larger Mac deployments. I’ve written a few books on it. Apple has built some pages on it. But many prefer to consume their content through video. As such, Sean Collins has teamed up with Lynda.com to put together an IT Administrator’s Guide for El Capitan. With topics ranging from SIP to DEP, and all the acronyms in the middle, Sean’s soothing voice will guide you through what you need to get started with a new Mac deployment.

Screen Shot 2016-01-15 at 2.11.19 PM

Many a job can seem daunting, but with this latest addition to our arsenal, you’ll instantly feel less intimidated. It’s like the Sun A of the Mac world. But afterwards, when you go into corpse pose, you won’t fall asleep, because the content is too good. Check it out here:

http://www.lynda.com/El-Capitan-tutorials/IT-Administrators-Guide-OS-X-El-Capitan/427974-2.html

January 15th, 2016

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , ,

If you’re interested in Mac Security, the next edition of my Enterprise Mac Security book is now shipping. You can get it here http://www.amazon.com/Enterprise-Mac-Security-OS/dp/148421711X. The book is shipping from 3rd party sellers, but should ship directly from Amazon soon at the regular price. I don’t usually know exactly when, but it should also appear for Kindle and on the Apple Books store as well. Hope you enjoy!

Screen Shot 2016-01-11 at 8.27.19 PM

January 12th, 2016

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , , , ,

Linux and OS X come with the makekey command installed, usually in /usr/libexec/makekey. You can use this binary to create /etc/passwd file entries of hashed passwords. To use the command, simply pipe some text into the command. Here, we’ll echo testpassword into makekey:

echo testpassword | /usr/libexec/makekey

And we’ll get a simple output, such as:

woNH11o4mqvAc

There are certainly other ways to do something like this, but when writing a script you may use in either a Linux or OS X environment, this is one place where you should have a modicum of success crossing platforms.

January 9th, 2016

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , ,

One of the options thats a tad bit hidden in OS X is the Secure Erase option, which runs a multi-pass erase on a volume. Additionally, there’s no option to Secure Erase free space on a volume. But you can still securely erase whatever you’d like (other than you boot volume obviously), when needed. To do so, use the diskutil command along with the secureErase option.

Screen Shot 2016-01-07 at 7.44.07 AM

The format of the command to secureErase freespace is:

diskutil secureErase freespace [level] [device]

The levels are as follows (per the man page as not all of these are specified in Disk Utility):

  1. Single-pass zero-fill erase
  2. Single-pass random-fill erase
  3. US DoD 7-pass secure erase
  4. Gutmann algorithm 35-pass secure erase
  5. US DoE algorithm 3-pass secure erase

So for example, let’s say you had a volume called Seldon and you wanted to do a standard Single-pass zero-fill erase. In this example you would use the following:

diskutil secureErase freespace 0 /Volumes/Seldon

If you were to automate the command then you would want to dump the output into a log file. For example:

diskutil secureErase freespace 0 /Volumes/Seldon > /var/log/secureeraselog.tmp

You can also secureErase a volume itself. To erase a volume called /Volumes/Seldon, use the same structure of the command, but this time without the freespace option:

diskutil secureErase 0 /Volumes/Seldon

The latest update to Disk Utility removes a lot of options from the GUI, but overall, I have yet to find a scenario where a task I need to perform isn’t still available, if only from the command line.

January 7th, 2016

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , ,

OS X has a built-in web server called Apache. It’s been there for a long, long time. Once upon a time, you could enable web sharing using System Preferences. This is no longer a feature in the Sharing System Preference pane, but you can actually enable it quicker than you could before. To do so, we’ll use apachectl:

/usr/sbin/apachectl start

To then stop the web server:

/usr/sbin/apachectl stop

To see the apache status:

/usr/sbin/apachectl status

Or:

/usr/sbin/apachectl fullstatus

The default site is stored in /Library/WebServer/Documents. You can then edit this there, or replace the index.html.en file with a file/hierarchy that you wish to have.

Screen Shot 2015-12-08 at 10.12.25 AM

Enjoy.

December 22nd, 2015

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , , , ,

Pretty much every script I’m working on these days must be run as root. Checking what user is running something is pretty straight forward, as there’s a built-in shell variable for $USER that contains the user running a script. To see this real quick, simply run the following:

echo $USER

You can then put this into your scripts. I’ve been using the same block of code for decades, which can be run in a script by itself if you’d like to paste this into one.

if [[ $USER != "root" ]]; then
echo "This script must be run as root"
else
echo "You are root"
exit 1
fi

Note: Keep in mind that the built-in $USER variable is case sensitive.

Obviously, most people won’t keep the lines that contain the else and you are root echo statements. You can just remove these or replace them with the meat of your script that requires elevated privileges to run. Enjoy.

December 21st, 2015

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Unix

Tags: , , , , , , , ,

Next Page »