Tag Archives: Command line

Mac OS X Mac Security Network Infrastructure

Bringing stroke Back

Stroke got moved, so dug this up and am reprinting with the latest and greatest location.

Network Utility has a port scanner – it’s built in and really easy to use. Sure, stroke isn’t nmap, but it’s not trying to be… Since Network Utility is distributed with every copy of Mac OS X it stands to reason that every copy of Mac OS X has the ability to scan a port without using a GUI tool.  Enter one of the best named tools in Mac OS X, stroke.  Stroke is the command line back-end to the Port Scan tab of Network Utility.  To use stroke, you will need to cd into the Network Utility application bundle and then cd into Contents and then Resources.

Once you are at “/System/Library/CoreServices/Applications/Network Utility.app/Contents/Resources”, you will need to provide stroke with an IP address (or name), followed by the first port to scan and then the last (or the same number twice if your range is only one IP address.  For example, if you want to port scan port 80 on your own system you could use the following:

./stroke 80 80

But you shouldn’t just stroke yourself (sorry, couldn’t help it).  You should also stroke others (Clarence Carter be damned!).  So if you want to port scan www.google.com for port 80 the following would achieve such a lofty goal:

./stroke www.google.com 80 80

Because the name www.google.com has to resolve, you’re actually able to check whether a DNS error occurs and whether you can communicate over port 80 to the host in one command.  If you want to make a copy of stroke into a directory and then add it to your environment variable’s PATH you can then use it without needing to change your working directory.


Bring Out Yer Apps with Autopkg! (Maybe with a little help)

(Guest post by Allister Banks)

Working with modern tools in the ‘auto’(dmg/pkg) suite, it sure reinforces the old chestnut, ‘it’s turtles XML all the way down.’ The thing that struck me when first diving into using autopkg was that different product recipes could potentially have a good amount of similarities when they share common processors. One example is drag-drop apps that can be discovered with an ‘appcast’ URL, which, in my recollection, became common as the Sparkle framework gained popularity.

This commonality is exactly the type of thing sysadmins like myself seek to automate, so I built a few helper scripts to 1. discover what apps have appcast URLs, 2. generate the base download recipe, and further, the 3. pkg-building recipe that can use the download recipe as a ‘parent’, and the 4. munki or JSS recipes which can nest the pkg recipe in it. Recursivity is the new black.


Please do take a look if you feel you’ve got apps that folks haven’t built recipes for yet, and laugh at/use/fork my code as you see fit!

Microsoft Exchange Server Windows Server Windows XP

Check It Ma, Logz For Dayz

On a Mac, I frequently use the tail command to view files as they’re being written to or in use. You can use the Get-EventLog cmdlet to view logs. The Get-EventLog cmdlet has two options I’ll point out in this article. The first is -list and -newest.

The first is used to view a list of event logs, along with retention cycles for logs, log sizes, etc.

Get-EventLog -list

You can then take any of the log types and view information about them. To see System information:

Get-EventLog System

There will be too much information in many of these cases, so use the -newest option to see just the latest:

Get-EventLog system -newest 5

The list will have an Index number and an EventID. The EventID can then be used to research information about each error code. For example, at http://eventid.net.

Mac OS X Mac Security Mass Deployment

Reindex Spotlight from the Command Line

Spotlight is really a simple tool. Spotlight consists of mds, a command that is the metadata server, mdworker, the pawn that mds sends to scan objects and index them and then the three command lines of mdutil (manage the indexes), mdls (list metadata of an object) and mdfind, which as the name implies, finds things. All of this is used to keep a database called .store.db nested under .Spotlight-V100 at the root of each volume that’s been indexed.

Screen Shot 2013-11-14 at 9.39.09 PM

To reindex Spotlight from the command line, we’ll use mdutil. From a command prompt, enter the following to index your boot volume.

sudo mdutil -E /

Or an external drive named krypted:

sudo mdutil -E /Volumes/krypted

When indexing, you will see the mds and mdworker processes running. If the process does not seem to be completing timely, you can use lsof to see where it is in the process. If the indexing errors then try and manually reindex based on the file that you see from where it crapped out:

mdimport /Volumes/krypted/designingwomencollection/episode0101.mov

Or to mdimport the directory that might be problematic:

mdimport /Volumes/krypted/designingwomencollection

Finally, the attributes that are tracked by Spotlight are many. The metadata attributes themselves are typically in xattr. For example, Command Line Finder Tags (http://krypted.com/mac-os-x/command-line-finder-tags/).  To see the raw metadata for a file, use xattr:

xattr -l /Volumes/krypted/designingwomencollection/episodelist.pdf

The output of which would include the following:

00000000  00 00 00 00 00 00 00 00 00 1C 00 00 00 00 00 00  |................|
00000010  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |................|
00000000  62 70 6C 69 73 74 30 30 A1 01 55 52 65 64 0A 36  |bplist00..URed.6|
00000010  08 0A 00 00 00 00 00 00 01 01 00 00 00 00 00 00  |................|
00000020  00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00  |................|
00000030  00 10                                            |..|
com.apple.quarantine: 0041;520d0314;Safari;

The more metadata (QuickTime and some other apps can put a lot of metadata in files btw) the more you’d see. You can assign metadata manually or even exclude directories from indexing if you see the system is stuck on indexing a given directory.

Windows Server Windows XP

Control Windows Firewall From The Command Line

The Windows Firewall is controlled using the netsh command along with the advfirewall option. This command is pretty easy to use, although knowing the syntax helps. The most basic thing you do is enable the firewall, done by issuing a set verb along with a profile (in this case we’ll use current profile) and then setting the state to on, as follows:

netsh advfirewall set currentprofile state on

Or if you were controlling the domain profile:

netsh advfirewall set domainprofile state on

You can also choose to set other options within a profile. So to set the firewall policy to always block inbound traffic and allow outgoing traffic, use the set currentprofile followed by firewallpolicy as the option to set and then blockinboundalways and allowoutbound delimited with a comma:

netsh advfirewall set currentprofile firewallpolicy blockinboundalways,allowoutbound

To restore information back to defaults, use the reset verb:

netsh advfirewall reset

To open incoming access to just the file and printer sharing services:

netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes

Or remote desktop connections:

netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=domain

Because the Windows Firewall can be stageful, you can also allow a program to have access (in or out), as with the following app called SecureApp.exe:

netsh advfirewall firewall add rule name="Secure App" dir=in action=allow program="C:\Program Files\SecureApp.exe" enable=yes

Or to restrict that app:

netsh advfirewall firewall add rule name="Secure App" dir=in action=deny program="C:\Program Files\SecureApp.exe" enable=yes

You can also allow based on IP or range of IP by adding the remoteip variable:

netsh advfirewall firewall add rule name="Secure App" dir=in action=allow program="C:\Program Files\SecureApp.exe" enable=yes remoteip=,LocalSubnet profile=domain

Or to open a specific port:

netsh advfirewall firewall add rule name="Open SSL" dir=in action=allow protocol=TCP localport=443

Overall, the netsh advfirewall command is pretty easy to use and allows for a lot of programatic control of the Windows Firewall without having to learn a lot of complex scripting. And of course, to disable, feel free to just turn that on to an off from the initial command:

netsh advfirewall set currentprofile state off

Mac OS X Server

Enable SSH, ARD, SNMP & the Remote Server App Use In OS X Server (Mavericks)

SSH allows administrators to connect to another computer using a secure shell, or command line environment. ARD (Apple Remote Desktop) allows screen sharing, remote scripts and other administrative goodness. SNMP allows for remote monitoring of a server. You can also connect to a server using the Server app running on a client computer. To enable all of these except SNMP, open the Server app (Server 3), click on the name of the server, click the Settings tab and then click on the checkbox for what you’d like to enter.

Screen Shot 2013-10-05 at 9.18.55 AM

All of these can be enabled and managed from the command line as well. The traditional way to enable Apple Remote Desktop is using the kickstart command. But there’s a simpler way in OS X Mavericks Server (Server 2.2). To do so, use the serveradmin command.

To enable ARD using the serveradmin command, use the settings option, with info:enableARD to set the payload to yes:

sudo serveradmin settings info:enableARD = yes

Once run, open System Preferences and click on Sharing. The Remote Management box is then checked and the local administrative user has access to ARD into the host.

Screen Shot 2013-10-05 at 9.15.00 AM

There are also a few other commands that can be used to control settings. To enable SSH for administrators:

sudo serveradmin settings info:enableSSH = yes

When you enable SSH from the serveradmin command you will not see any additional checkboxes in the Sharing System Preferences; however, you will see the box checked in the Server app.

To enable SNMP:

sudo serveradmin settings info:enableSNMP = yes

Once SNMP is enabled, use the /usr/bin/snmpconf interactive command line environment to configure SNMP so you can manage traps and other objects necessary.

Note: You can’t have snmpd running while you configure SNMPv3. Once SNMPv3 is configured snmpd can be run. 

To allow other computers to use the Server app to connect to the server, use the info:enableRemoteAdministration key from serveradmin:

sudo serveradmin settings info:enableRemoteAdministration = yes

To enable the dedication of resources to Server apps (aka Server Performance Mode):

sudo serveradmin settings info:enableServerPerformanceMode = yes

Mass Deployment Microsoft Exchange Server Windows Server

Install Exchange From the Command Line

Exchange is becoming more and more command line oriented. This includes the powershell options for managing Exchange once installed, but can also include the initial installation. To install Exchange from the command line, one must first install Exchange prerequisites, which are broken down per role that is being installed on Exchange. This can be done using the Add-WindowsFeature commandlet. To install the Windows requirements for Exchange for the Client Access, Hub Transport and Mailbox roles, use the following command:

Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,Web-WMI -Restart

For the Edge Transport role, use:

Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Desktop-Experience -Restart

For the Unified Messaging role, use:

Add-WindowsFeature NET-Framework,RSAT-ADDS,ADLDS -Restart

After the server restarts, also configure NetTcpPortSharing:

Set-Service NetTcpPortSharing -StartupType Automatic

Once the required features are installed, you can then run the installer and extend the Active Directory schema to prepare for the new attributes required for the version of Exchange you’re installing (2010 for this article btw). To do so, use the setup.exe command. In this example command we’ll use the setup.exe located in c:ExchangeInstallers:

c:ExchangeInstallerssetup.exe /prepareschema

Once the Schema is ready, then prepare AD:

c:ExchangeInstallerssetup.exe /preparead

Then, prep the domain:

c:ExchangeInstallerssetup.exe /PrepareDomain

Note: For a full listing of what happens at the above stages of the installation, see TechNet 125224: http://technet.microsoft.com/en-us/library/bb125224(v=exchg.150).aspx

Once that’s done, I like to do a quick sync of AD from the control with my schema FSMO role:

repadmin /syncall

Then, for the easy part: install Exchange (in this case we’re installing Hub, CAS & Mailbox roles):

c:ExchangeInstallerssetup.exe /m:install /r:h,c,m

And voila, you’ve now got an Exchange Server. Since this is a Mailbox server, an empty information store is created and store.exe should be running. Use Get-Mailboxdatabase to verify:

Get-Mailboxdatabase -status

You can then move a database (e.g. to your SAN), since the default will be nested in the mdb folders in the Exchsrvr directory by using the move-DatabasePath cmdlet. Or use the move-storagegrouppath cmdlet to move the transaction logs.

Once the information store is back online and any logs have been moved, check the connectors in Exchange. Use get-sendconnector to see any outgoing connectors and get-receiveconnector to see any incoming connector information. You can also use get-exchangecertificate to check any certs on the host and get-routinggroupconnector to see any information about routing group connectivity.

Mac OS X Mac OS X Server Mac Security Ubuntu Unix

Leveraging The Useful Yet Revisionist Bash History

Not, this article is not about 1984. Nor do I believe there is anything but a revisionist history. Instead, this article is about the history command in OS X (and *nix). The history command is a funny beast. Viewing the manual page for history in OS X nets you a whole lotta’ nothin’ because it’s just going to show you the standard BSD General Commands Manual. But there’s a lot more there than most people use. Let’s take the simplest invocation of the history command. Simply run the command with no options and you’ll get a list of your previously run bash commands:


This would output something that looks like the following:

1  pwd
2 ls
3 cd ~/Desktop
4 cat asciipr0n

Now, you can clear all of this out in one of a few different ways. The first is to delete the .bash_history (or the history file of whatever shell you like). This would leave you with an interesting line in the resultant history:

l rm ~/.bash_history

Probably not what you were after. Another option would be to nuke the whole history file (as I did on a host accidentally with a misconstrued variable expansion, trying to write a history into a script):

history -c

A less nuke and pave method here, would be to selectively rewrite history, by choosing a line that you’d like to remove using the -d option:

history -d 4

Three are other options for history as well, mostly dealing with substitutions, but I am clearly not the person to be writing about these given that I just took ‘em the wrong direction. They are -anrwps for future reference.

Finally, since you likely want a clean screen, do clear to get a nice clean screen:


Now that we’re finished discussing altering your history, let’s look at using it to make your life faster. One of my most commonly tools at the command line is to use !$. !$ in any command expands to be the last position of your last run command. Take as an example you want to check the permissions of a file on the desktop:

ls -al ~/Desktop/asciipr0n

Now let’s say you want to change the permissions of that object, just use !$ since the last command had it as that only positional parameter and viola:

chmod 700 !$

Where does this come from? Well, any time you use a ! in a command, you are doing a history substitution, or expanding that variable into some kind of event designator, which is the part in your history you’re calling up. The $ is designated as first position (which yes, is a move my daughter did at her last dance recital). !# is another of these, which calls up the whole line typed so far. For example, let’s say you have a file called cat. Well, if you run cat and then use !# (provided you’re in the working directory of said file) you’d show the contents on the screen:

cat !#

Now, view your history after running a couple of these and you’ll notice that the event designators aren’t displayed in your history. Instead, they were expanded at runtime and are therefore displayed as the expanded expression. Let’s do something a tad more complicated. Let’s echo out the contents of your line 4 command from the beginning of this article:

echo `!4`

Now, if your line 4 were the same as my line 4 you’d certainly be disappointed. You see, you lost the formatting, so it’s probably not gonna’ look that pretty. If you were on line 11 and you wanted to do that same thing, you could just run !-7 and you’d go 7 lines back:

echo `!-7`

But the output would still be all jacked. Now, let’s say you ran a command and realized that jeez you forgot to sudo first. Well, !! is here for ya’. Simply run sudo !! and it will expand your last command right after the sudo:

sudo !!

The ! designator also allows you to grab the most recent command that starts with a set of letters. for example, let’s say I wanted to output the contents of my earlier echo command, and I wanted to show just the second position there:

cat !ech:2

That’s actually not gonna’ look pretty either. But that’s aside from the point. There are other designators and even modifiers to the designators as well, which allow for substitution. But again, I’m gonna’ have to go back and review my skills with those as I wouldn’t want to have you accidentally nuking your history because you expanded -c into some expression and didn’t realize that some of these will actually leave the history command as your last run command… :-/