Tiny Deathstars of Foulness

The Caching Server in OS X Server 5 is pretty simple, right? You open up the server app and then click on the On button and you’re… off… to… the… races… Yup. There are also a few options that you can configure using the Server app. You can configure which IP addresses (or networks) are able to access your server. You can configure where the cache is stored. You can configure the amount of Cached used. And you can clear out that cache. Boom. Including the ON button, you’ve only got 5 things you can do here. Pretty easy. To script kicking off the service as just a proxy that caches all patches that it can, simply use the following command: sudo serveradmin start caching The above command simply enables the service and starts the daemon. At that point, it registers with Apple and starts caching what it can. For many environments, this is pretty much all you need to do. But you can also configure the options available in the GUI, and a few that aren’t, using the command line. And then there are some pretty cool things you can do in Caching under the hood that aren’t included in the Server app. Let’s look at what it might take to script setting up the Caching service. For example, if we wanted to do scripted Caching Server deployments. Well, we’d need to start the service. By default the service would start with only local subnets being able to access the service and all available content would be heated. Additionally, the default location for the cache is /Library/Server, with no limit to the cache and a reserved volume space of 25000000000 bytes. You can see this by looking at the output of serveradmin with a settings verb and the caching service, as follows: sudo serveradmin settings caching Which results in the following: caching:ServerRoot = "/Library/Server" caching:ReservedVolumeSpace = 25000000000 caching:LocalSubnetsOnly = yes caching:Port = 0 caching:CacheLimit = 0 caching:DataPath = "/Library/Server/Caching/Data" Now, let’s open up the caching server to the world, assuming of course that people can’t get to it unless they’re routable on our network. This makes caching for multiple subnets in a given LAN environment much simpler. To do so, we’d feed that caching:localSubnetsOnly back in, with a no: sudo serveradmin settings caching:LocalSubnetsOnly = no Once the service is started, you will be able to perform tasks, such as disabling the iCloud caching option. This is done by setting the AllowPersonalCaching key to false, as follows in the /Library/Server/Caching/Config/config.plist. <key>AllowPersonalCaching</key> <integer>false</integer> This can be done using the serveradmin command as well, using the settings verb with the caching service and the AllowPersonalCaching key, as follows: sudo serveradmin settings caching:AllowPersonalCaching = no You can also limit the space that the Caching Server uses for cached iCloud data with the Settings verb, the caching service and the PersonalCacheLimit keep, provided the PersonalCacheLimit doesn’t exceed the CacheLimit. For example: <key>PersonalCacheLimit</key> <integer>200000000000</integer> In /Library/Server/Caching/Config/ you’ll find a file called Config.plist. Here, you’ll find way more settings, including those not output when you run serveradmin. You can actually drop lots of settings into new servers by copying this file into the correct location. However, prior to doing so, you’ll need to sanitize the file. There are two unique keys that should never be copied between servers. The first is the ServerGUID. The ServerGUID is a generated unique identifier that the server creates for itself when started. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ""> <plist version="1.0"> <dict> <key>CacheLimit</key> <integer>0</integer> <key>DataPath</key> <string>/Library/Server/Caching/Data</string> <key>LastConfigData</key> <data> XXX </data> <key>LastConfigURL</key> <string></string> <key>LastPort</key> <integer>52303</integer> <key>LocalSubnetsOnly</key> <true/> <key>Port</key> <integer>0</integer> <key>ReservedVolumeSpace</key> <integer>25000000000</integer> <key>SavedCacheDetails</key> <dict/> <key>SavedCacheDetailsOrder</key> <array> <string>Mac Software</string> <string>iOS Software</string> <string>iCloud</string> <string>Books</string> <string>iTunes U</string> <string>Movies</string> <string>Music</string> <string>Other</string> </array> <key>SavedCacheDetailsStrings</key> <dict> <key>de</key> <dict> <key>Books</key> <string>Bücher</string> <key>Mac Software</key> <string>Mac-Software</string> <key>Movies</key> <string>Filme</string> <key>Music</key> <string>Musik</string> <key>Other</key> <string>Anderes</string> <key>iCloud</key> <string>iCloud</string> <key>iOS Software</key> <string>iOS-Software</string> <key>iTunes U</key> <string>iTunes U</string> </dict> <key>en</key> <dict> <key>Books</key> <string>Books</string> <key>Mac Software</key> <string>Mac Software</string> <key>Movies</key> <string>Movies</string> <key>Music</key> <string>Music</string> <key>Other</key> <string>Other</string> <key>iCloud</key> <string>iCloud</string> <key>iOS Software</key> <string>iOS Software</string> <key>iTunes U</key> <string>iTunes U</string> </dict> <key>es</key> <dict> <key>Books</key> <string>Libros</string> <key>Mac Software</key> <string>Software Mac</string> <key>Movies</key> <string>Películas</string> <key>Music</key> <string>Música</string> <key>Other</key> <string>Otros</string> <key>iCloud</key> <string>iCloud</string> <key>iOS Software</key> <string>Software iOS</string> <key>iTunes U</key> <string>iTunes U</string> </dict> <key>fr</key> <dict> <key>Books</key> <string>Livres</string> <key>Mac Software</key> <string>Logiciels Mac</string> <key>Movies</key> <string>Films</string> <key>Music</key> <string>Musique</string> <key>Other</key> <string>Autres</string> <key>iCloud</key> <string>iCloud</string> <key>iOS Software</key> <string>Logiciels iOS</string> <key>iTunes U</key> <string>iTunes U</string> </dict> <key>it</key> <dict> <key>Books</key> <string>Libri</string> <key>Mac Software</key> <string>Software Mac</string> <key>Movies</key> <string>Film</string> <key>Music</key> <string>Musica</string> <key>Other</key> <string>Altro</string> <key>iCloud</key> <string>iCloud</string> <key>iOS Software</key> <string>Software iOS</string> <key>iTunes U</key> <string>iTunes U</string> </dict> <key>ja</key> <dict> <key>Books</key> <string>ブック</string> <key>Mac Software</key> <string>Mac ソフトウェア</string> <key>Movies</key> <string>ムービー</string> <key>Music</key> <string>ミュージック</string> <key>Other</key> <string>その他</string> <key>iCloud</key> <string>iCloud</string> <key>iOS Software</key> <string>iOS ソフトウェア</string> <key>iTunes U</key> <string>iTunes U</string> </dict> <key>ko</key> <dict> <key>Books</key> <string>책</string> <key>Mac Software</key> <string>Mac 소프트웨어</string> <key>Movies</key> <string>동영상</string> <key>Music</key> <string>음악</string> <key>Other</key> <string>기타</string> <key>iCloud</key> <string>iCloud</string> <key>iOS Software</key> <string>iOS 소프트웨어</string> <key>iTunes U</key> <string>iTunes U</string> </dict> <key>nl</key> <dict> <key>Books</key> <string>Boeken</string> <key>Mac Software</key> <string>Mac-software</string> <key>Movies</key> <string>Films</string> <key>Music</key> <string>Muziek</string> <key>Other</key> <string>Overig</string> <key>iCloud</key> <string>iCloud</string> <key>iOS Software</key> <string>iOS-software</string> <key>iTunes U</key> <string>iTunes U</string> </dict> <key>zh-CN</key> <dict> <key>Books</key> <string>图书</string> <key>Mac Software</key> <string>Mac 软件</string> <key>Movies</key> <string>影片</string> <key>Music</key> <string>音乐</string> <key>Other</key> <string>其他</string> <key>iCloud</key> <string>iCloud</string> <key>iOS Software</key> <string>iOS 软件</string> <key>iTunes U</key> <string>iTunes U</string> </dict> <key>zh-Hans</key> <dict> <key>Books</key> <string>图书</string> <key>Mac Software</key> <string>Mac 软件</string> <key>Movies</key> <string>影片</string> <key>Music</key> <string>音乐</string> <key>Other</key> <string>其他</string> <key>iCloud</key> <string>iCloud</string> <key>iOS Software</key> <string>iOS 软件</string> <key>iTunes U</key> <string>iTunes U</string> </dict> <key>zh-Hant</key> <dict> <key>Books</key> <string>書籍</string> <key>Mac Software</key> <string>Mac 軟體</string> <key>Movies</key> <string>影片</string> <key>Music</key> <string>音樂</string> <key>Other</key> <string>其他</string> <key>iCloud</key> <string>iCloud</string> <key>iOS Software</key> <string>iOS 軟體</string> <key>iTunes U</key> <string>iTunes U</string> </dict> <key>zh-TW</key> <dict> <key>Books</key> <string>書籍</string> <key>Mac Software</key> <string>Mac 軟體</string> <key>Movies</key> <string>影片</string> <key>Music</key> <string>音樂</string> <key>Other</key> <string>其他</string> <key>iCloud</key> <string>iCloud</string> <key>iOS Software</key> <string>iOS 軟體</string> <key>iTunes U</key> <string>iTunes U</string> </dict> <key>zh_CN</key> <dict> <key>Books</key> <string>图书</string> <key>Mac Software</key> <string>Mac 软件</string> <key>Movies</key> <string>影片</string> <key>Music</key> <string>音乐</string> <key>Other</key> <string>其他</string> <key>iCloud</key> <string>iCloud</string> <key>iOS Software</key> <string>iOS 软件</string> <key>iTunes U</key> <string>iTunes U</string> </dict> <key>zh_TW</key> <dict> <key>Books</key> <string>書籍</string> <key>Mac Software</key> <string>Mac 軟體</string> <key>Movies</key> <string>影片</string> <key>Music</key> <string>音樂</string> <key>Other</key> <string>其他</string> <key>iCloud</key> <string>iCloud</string> <key>iOS Software</key> <string>iOS 軟體</string> <key>iTunes U</key> <string>iTunes U</string> </dict> </dict> <key>SavedCacheSize</key> <integer>0</integer> <key>ServerGUID</key> <string>A955E484-E2A6-4759-A8F4-108CF9B733A7</string> <key>ServerRoot</key> <string>/Library/Server</string> <key>Version</key> <integer>1</integer> There’s always some sanity checking you can do. The main reason I’ve seen the server not want to start is because the server cannot register with Apple. The first thing that the server does when it registers is establishes a connection to Apple using the ServerGUID and then pulls down more settings from and if needed, begins heating the cache. Now, if the serveradmin command reports back a fullstatus that the server is pending and never makes a connection, there are two issues I’ve seen occur. The first is that you copied the ServerGUID from another host that’s already registered with Apple. The second is an error for “The operation couldn’t be completed” with an error code of 1. To see this, you can run serveradmin with fullstatus and then the service identifier and the caching:startupStatus identifier: caching:RegistrationStatus:error = <62706c69 73743030 d4010203 04050618 19582476 65727369 6f6e5824 6f626a65 63747359 24617263 68697665 72542474 6f701200 0186a0a4 07081112 55246e75 6c6cd409 0a0b0c0d 0e0f1056 4e53436f 64655a4e 53557365 72496e66 6f584e53 446f6d61 696e5624 636c6173 73100180 00800280 035f1014 636f6d2e 6170706c 652e7365 72766572 6d677264 d2131415 165a2463 6c617373 6e616d65 5824636c 61737365 73574e53 4572726f 72a21517 584e534f 626a6563 745f100f 4e534b65 79656441 72636869 766572d1 1a1b5472 6f6f7480 0108111a 232d3237 3c424b52 5d666d6f 7173758c 919ca5ad b0b9cbce d3000000 00000001 01000000 00000000 1c000000 00000000 00000000 00000000 d5> caching:RegistrationStatus:errorDescription = "The operation couldn’t be completed. ( error 1.)" caching:RegistrationStatus:errorCode = 1 caching:RegistrationStatus = 0 This is usually because the server cannot make a connection to Apple. Check that the server can ping, or access the server. Most of the time I’ve found that this involves a proxy. To sanity check for this in a script, try and curl down a copy of There’s more, but I’m out of time. Will come back to this.

October 23rd, 2015

Posted In: Mac OS X Server, Mass Deployment

Tags: , , , , , , , ,

OS X Mavericks Server (Server 3) comes with the /usr/sbin/serverinfo command (introduced in Mountain Lion Server). The serverinfo command is useful when programmatically obtaining information about the very basic state of an Apple Server. The first option indicates whether the Server app has been downloaded from the app store, which is the –software option: serverinfo --software When used, this option reports the following if the can be found:
This system has server software installed.
Or if the software cannot be found, the following is indicated:
This system does NOT have server software installed.
The –productname option determines the name of the software app: serverinfo --productname If you change the name of the app from Server then the server info command won’t work any longer, so the output should always be the following: Server The –shortversion command returns the version of the Server app being used: serverinfo --shortversion The output will not indicate a build number, but instead the version of the app on the computer the command is run on:
To see the build number (which should iterate with each update to the Server app from the Mac App Store, use the –buildversion option: serverinfo --buildversion The output shows the build of server, which doesn’t necessarily match the OS X build number:
Just because the Server app has been downloaded doesn’t mean the Server setup assistant has been run. To see if it has, use the –configured option: serverinfo --configured The output indicates whether the system is running as a server or just has the app installed (e.g. if you’re using it to connect to another server:
This system has server software configured.
You can also output all of the information into a single, easy to script against property list using the –plist option: serverinfo --plist The output is a list of each of the other options used: IsOSXServerVolume IsOSXServerVolumeConfigured IsServerHardware LocalizedServerProductName Server ServerBuildVersion 13S411 ServerPerformanceModeEnabled ServerVersion 2.2.67 The Server Root can reside in a number of places. To see the path (useful when scripting commands that are relative to the ServerRoot: serverinfo --prefix By default, the output is as follows, which is basically like a dirname of the ServerRoot:
You can also see whether the system is running on actual hardware desgnated by Apple for servers using the --hardware option: serverinfo --hardware The output simply indicates if the hardware shipped with OS X Server on it from Apple:
This system is NOT running on server hardware.
The --perfmode option indicates whether or not the performance mode has been enabled, dedicating resources to binaries within the Server app: serverinfo --perfmode If the performance mode has not been enabled then the output will be as such:
Server performance mode is NOT enabled.
To enable performance mode, you can also use serverinfo. This is the only task that the command does that can make any changes to the system and as such is the only time you need to elevate privileges: sudo serverinfo —setperfmode 1 Or set the boolean value back to 0 to disable. sudo serverinfo —setperfmode 0

October 22nd, 2013

Posted In: Mac OS X Server

Tags: , , , , , , , , , , , , , , , , , , , , ,

One of the most important aspects of performing forensics work in Mac OS X is to write-block the volumes that you are inspecting in order to maintain the chain of custody for the evidence (or potential evidence). One way to do this is to use a physical write blocker so that when you plug a USB, SATA, eSATA or other type of drive into the write blocker you will only be presented with a read only volume on the computer. For example, some good write blockers can be found at Digital Intelligence. WeibeTech also makes a nice USB device for write blocking on the Mac. But this can get kinda’ pricey because you often need to carry around a ton of fairly expensive devices to have one of each type that is required. So many choose to use software. On the Mac you can disable disk arbitration, which automatically mounts drives by moving the /System/Library/LaunchDaemons/ file to another location, or simply stopping the LaunchDaemon. You can then mount volumes manually. But chances are this will become cumbersome. So BlackBag Technologies has announced SoftBlock, write-blocking software for the Mac that provides GUI control over the mounting and management of devices at the kernel level of Mac OS X. When you plug a device into your computer, SoftBlock identifies them and then allows you to select whether to mount it as read-only or read-write. This is pretty similar in nature to how the Faronics DeviceFilter works, except instead of having management centralized to control whether you can mount a device in the first place this tool allows a user to control how each device will mount. Both are great tools and they’re apples and oranges, except in the fact that both appear to be built on the same concept. Overall, I’m excited to see BlackBag release SoftBlock and happy to be testing in my lab right now!

October 28th, 2009

Posted In: Mac OS X, Mac Security

Tags: , , , , , ,