macOS now comes with a vulnerability scanner called mrt. It’s installed within the MRT.app bundle in /System/Library/CoreServices/MRT.app/Contents/MacOS/ and while it doesn’t currently have a lot that it can do – it does protect against the various bad stuff that is actually available for the Mac. To use mrt, simply run the binary with a -a flag for agent and then a -r flag along with the path to run it against. For example, let’s say you run a launchctl command to list LaunchDaemons and LaunchAgents running: launchctl list And you see something that starts with com.abc. Let me assure you that nothing should ever start with that. So you can scan it using…
-
-
Restoring the Default Gatekeeper Database
As I’ve mentioned previously, spctl is the command line tool to manage signing for Gatekeeper. This file edits the information stored in /var/db/SystemPolicy. Regrettably, this information can become corrupted (like all information in a database. And when it does, Apple has done us a favor by making a hidden default database with this information in the same directory, called .SystemPolicy-default. To restore the default database, we just copy it over the top of the old one. Here, we’ll rename the old one first: mv /var/db/SystemPolicy /var/db/SystemPolicyOLD And then we’ll copy the defaults to make it the production database: cp /var/db/.SystemPolicy-default /var/db/SystemPolicy Then reboot and you should be good to go.
-
Encrypting Volumes in OS X Mountain Lion
Encrypting a volume in OS X Mountain Lion couldn’t be easier. In this article, we will look at three ways to encrypt OS X Lion volumes. The reason there are three ways is that booted volumes and non-booted volumes have different methods for enabling encryption. The third way to enable encryption on a volume is to do so through Encrypting Attached Storage For non-boot volumes, just control-click or right-click on them and then click on Encrypt “VOLUMENAME” where the name of the volume is in quotes. When prompted, provide an encryption password for the volume, verify that password and if you so choose, provide a hint. Once the encryption process…
-
Manage Gatekeeper from the Command Line in Mountain Lion
Gatekeeper is the new feature of OS X that controls what types of apps can be opened. To configure Gatekeeper, open the Security & Privacy System Preference pane. Click on the General tab and unlock to make changes. Here, you’ll see “Allow applications downloaded from:” along with the following 3 options: Mac App Store: Only apps downloaded from the App Store can be opened. “Mac App Store and identified developers”: Only apps downloaded from the App Store and those signed can be opened. Anywhere: Any app can be opened. Configuring Gatekeeper is as easy as selecting one of these options. Now, under the hood, the state of Gatekeeper is kept…