Configure The Adaptive Firewall In macOS Server 5.2

macOS Server 5.2 running on Sierra 10.12) has an adaptive firewall built in, or a firewall that controls incoming access based on clients attempting to abuse the server. The firewall automatically blocks incoming connections that it considers to be dangerous. For example, if a client attempts too many incorrect logins then a firewall rule restricts that user from attempting to communicate with the server for 15 minutes. If you’re troubleshooting and you accidentally tripped up one of these rules then it can be a bit frustrating. Which is why Apple gives us afctl, a tool that interacts with the adaptive firewall. The most basic task you can do with the firewall is to disable all of the existing rules. To do so, simply run afctl (all afctl options require sudo) with a -d option: /Applications/ -d When run, the adaptive firewall’s rules are disabled. To re-enable them, use the -e option: /Applications/ -e Turning off the rules seems a bit much for most troubleshooting tasks. To remove a specific IP address that has been blacklisted, use the -r option followed by the IP address (rules are enforced by IP): /Applications/ -r To add an IP to the blacklist, use the -a option, also followed by the IP: /Applications/ -a To permanently add a machine to the whitelist, use -w with the IP: /Applications/ -w And to remove a machine, use -x. To understand what is going on under the hood, consider this. The blacklisted computers are stored in plain text in /var/db/af/blacklist and the whitelisted computers are stored in the same path in a file called whitelist. The afctl binary itself is stored in /usr/libexec/afctl and the service is enabled by /System/LIbrary/LaunchDaemons/, meaning to stop the service outright, use launchctl: launchctl unload /Applications/ The configuration file for afctl is at /etc/af.plist. Here you can change the path to the blacklist and whitelist files, change the interval with which it is run, etc. Overall, the adaptive firewall is a nice little tool for Mac OS X Server security, but also something a number of open source tools can do as well. But for something built-in and easy, worth using. There’s a nice little command called hb_summary located in /Applications/ that provides statistics for blocked hosts. To see statistics about how much the Adaptive Firewall is being used, just run the command with no options: /Applications/ The output provides the following information (helpful if plugging this information into a tool like Splunk):
  • Date
  • Date statistics start
  • Number of hosts blocked
  • Addresses blocked
  • Number of times each address was blocked
  • Last time a host was blocked
  • Total number of times a block was issued

Setup DHCP In OS X Server 5

DHCP, or Dynamic Host Control Protocol, is the service used to hand out IP addresses and other network settings by network appliances and servers. The DHCP Server built into OS X Server 5, installed on El Capitan or Yosemite is easy-to-use and fast. It’s pretty transparent, just as DHCP services should be. To install the service, open the Server app and then click on the Show button beside Advanced in the server sidebar. Then click on DHCP. Screen Shot 2015-09-08 at 10.41.07 PM At the DHCP screen, you’ll see two tabs: Settings, used for managing the service and Clients, used to see leases in use by computers that obtain IP address information from the server. You’ll also see an ON and OFF switch, but we’re going to configure our scopes, or Networks as they appear in the Server app, before we enable the service. To configure a scope, double-click on the first entry in the Networks list. Screen Shot 2015-09-08 at 10.42.41 PM Each scope, or Network, will have the following options:
  • Name: A name for the scope, used only on the server to keep track of things.
  • Lease Duration: Select an hour, a day, a week or 30 days. This is how long a lease that is provided to a client is valid before the lease expires and the client must find a new lease, either from the server you’re configuring or a different host.
  • Network Interface: The network interface you’d like to share IPs over. Keep in mind that you can tag multiple VLANs on a NIC, assign each an interface in OS X and therefore provide different scopes for different VLANs with the same physical computer and NIC.
  • Starting IP Address: The first IP address used. For example, if you configure a scope to go from to you would have 50 useable IP addresses.
  • Ending IP Address: The last IP address used in a scope.
  • Subnet Mask: The subnet mask used for the client configuration. This setting determines the size of the network.
  • Router: The default gateway, or router for the network. Often a .1 address for the subnet used in the Starting and Ending IP address fields. Note that while in DHCP you don’t actually have to use a gateway, OS X Server does force you to do so or you cannot save changes to each scope.
  • DNS: Use the Edit button for DNS to bring up a screen that allows you to configure the DNS settings provided as part of each DHCP scope you create, taking note that by default you will be handing out a server of if you don’t configure this setting.
Screen Shot 2015-09-08 at 10.43.39 PM The DNS settings in the DHCP scope are really just the IP addresses to use for the DNS servers and the search domain. The search domain is the domain name appended to all otherwise incomplete Fully Qualified Domain Names. For example, if we use internal.krypted.lan and we have a DNS record for wiki.internal.krypted.lan then we could just type wiki into Safari to bring up the wiki server. Click the minus sign button to remove any data in these fields and then click on the plus sign to enter new values. Screen Shot 2015-09-08 at 10.45.05 PM Click OK to save DNS settings and then OK to save each scope. Once you’ve build all required scopes, start the service. Once started, verify that a new client on the network gets an IP. Also, make sure that there are no overlapping scopes and that if you are moving a scope from one device to another (e.g. the server you’re setting up right now) that you renew all leases on client systems, most easily done using a quick reboot, or using “ipconfig /release” on a Windows computer. If you have problems with leases not renewing in OS X, check out this article I did awhile back. So far, totally easy. Each time you make a change, the change updates a few different things. First, it updates the /etc/bootpd.plist property list, which looks something like this (note the correlation between these keys and the settings in the above screen shots.: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ""> <plist version="1.0"> <dict> <key>NetBoot</key> <dict/> <key>Subnets</key> <array> <dict> <key>allocate</key> <true/> <key>dhcp_domain_name</key> <string></string> <key>dhcp_domain_name_server</key> <array> <string></string> </array> <key>dhcp_domain_search</key> <array/> <key>dhcp_router</key> <string></string> <key>lease_max</key> <integer>3600</integer> <key>name</key> <string>192.168.210 Wi-Fi</string> <key>net_address</key> <string></string> <key>net_mask</key> <string></string> <key>net_range</key> <array> <string></string> <string></string> </array> <key>selected_port_name</key> <string>en0</string> <key>uuid</key> <string>B03BAE3C-AB79-4108-9E5E-F0ABAF32179E</string> </dict> </array> <key>allow</key> <array/> <key>bootp_enabled</key> <false/> <key>deny</key> <array/> <key>detect_other_dhcp_server</key> <false/> <key>dhcp_enabled</key> <false/> <key>old_netboot_enabled</key> <false/> <key>relay_enabled</key> <false/> <key>relay_ip_list</key> <array/> </dict> </plist> Settings from this file include:
  • dhcp_enabled – Used to enable dhcp for each network interface. Replace the <false/> immediately below with <array> <string>en0</string> </array>. For additional entries, duplice the string line and enter each from ifconfig that you’d like to use dhcp on.
  • bootp_enabled – This can be left as Disabled or set to an array of the adapters that should be enabled if you wish to use the bootp protocol in addition to dhcp. Note that the server can do both bootp and dhcp simultaneously.
  • allocate – Use the allocate key for each subnet in the Subnets array to enable each subnet once the service is enabled.
  • Subnets – Use this array to create additional scopes or subnets that you will be serving up DHCP for. To do so, copy the entry in the array and paste it immediately below the existing entry. The entry is a dictionary so copy all of the data between and including the <dict> and </dict> immediately after the <array> entry for the subnet itself.
  • lease_max and lease_min – Set these integers to the time for a client to retain its dhcp lease
  • name – If there are multiple subnet entries, this should be unique and reference a friendly name for the subnet itself.
  • net_address – The first octets of the subnet followed by a 0. For example, assuming a /24 and 172.16.25 as the first three octets the entry would be
  • net_mask – The subnet mask clients should have
  • net_range – The first entry should have the first IP in the range and the last should have the last IP in the range. For example, in the following example the addressing is to
  • dhcp_domain_name_server – There should be a string for each DNS server supplied by dhcp in this array
  • dhcp_domain_search – Each domain in the domain search field should be suppled in a string within this array, if one is needed. If not, feel free to delete the key and the array if this isn’t needed.
  • dhcp_router – This entry should contain the router or default gateway used for clients on the subnet, if there is one. If not, you can delete the key and following string entries.
If you run the serveradmin command, followed by the settings verb and then the dhcp service, you’ll see the other place that gets updated: serveradmin settings dhcp The output indicates that dhcp:static_maps = _empty_array dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:WINS_secondary_server = "" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:selected_port_name = "en0" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:dhcp_router = "" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:dhcp_domain_name_server:_array_index:0 = "" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:net_mask = "" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:WINS_NBDD_server = "" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:net_range_start = "" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:lease_max = 3600 dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:dhcp_domain_search:_array_index:0 = "internal.krypted.lan" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:descriptive_name = "192.168.210 Wi-Fi" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:WINS_primary_server = "" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:net_range_end = "" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:dhcp_ldap_url = _empty_array dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:WINS_node_type = "NOT_SET" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:net_address = "" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:dhcp_enabled = yes dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:dhcp_domain_name = "internal.krypted.lan" dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:WINS_scope_id = "" dhcp:subnet_defaults:logVerbosity = "MEDIUM" dhcp:subnet_defaults:WINS_node_type_list:_array_index:0 = "BROADCAST_B_NODE" dhcp:subnet_defaults:WINS_node_type_list:_array_index:1 = "HYBRID_H_NODE" dhcp:subnet_defaults:WINS_node_type_list:_array_index:2 = "NOT_SET" dhcp:subnet_defaults:WINS_node_type_list:_array_index:3 = "PEER_P_NODE" dhcp:subnet_defaults:WINS_node_type_list:_array_index:4 = "MIXED_M_NODE" dhcp:subnet_defaults:dhcp_domain_name = "" dhcp:subnet_defaults:WINS_node_type = "NOT_SET" dhcp:subnet_defaults:routers = _empty_dictionary dhcp:subnet_defaults:logVerbosityList:_array_index:0 = "LOW" dhcp:subnet_defaults:logVerbosityList:_array_index:1 = "MEDIUM" dhcp:subnet_defaults:logVerbosityList:_array_index:2 = "HIGH" dhcp:subnet_defaults:dhcp_domain_name_server:_array_index:0 = "" dhcp:subnet_defaults:selected_port_key = "en0" dhcp:subnet_defaults:selected_port_key_list:_array_index:0 = "bridge0" dhcp:subnet_defaults:selected_port_key_list:_array_index:1 = "en0" dhcp:subnet_defaults:selected_port_key_list:_array_index:2 = "p2p0" dhcp:subnet_defaults:selected_port_key_list:_array_index:3 = "en1" dhcp:logging_level = "MEDIUM" Notice the correlation between the uuid string in /etc/bootp.plist and the arrayid entry for each subnet/network/scope (too many terms referring to the same thing, ahhhh!). Using the serveradmin command you can configure a lot more than you can configure in the Server app gui. For example, on a dedicated DHCP server, you could increase logging level to HIGH (as root/with sudo of course): serveradmin settings dhcp:logging_level = "MEDIUM" You can also change settings within a scope. For example, if you realized that you were already using and 201 for statically assigned IPs elsewhere you can go ahead and ssh into the server and change the first IP in a scope to 202 using the following (assuming the uuid of the domain is the same as in the previous examples): serveradmin settings dhcp:subnets:_array_id:B03BAE3C-AB79-4108-9E5E-F0ABAF32179E:net_range_start = "" You can also obtain some really helpful information using the fullstatus verb with serveradmin: serveradmin fullstatus dhcp This output includes the number of active leases, path to log file (tailing that file is helpful when troubleshooting issues), static mappings (configured using the command line if needed), etc. dhcp:state = "RUNNING" dhcp:backendVersion = "10.11" dhcp:timeOfModification = "2015-10-04 04:24:17 +0000" dhcp:numDHCPActiveClients = 0 dhcp:timeOfSnapShot = "2015-10-04 04:24:19 +0000" dhcp:dhcpLeasesArray = _empty_array dhcp:logPaths:systemLog = "/var/log/system.log" dhcp:numConfiguredStaticMaps = 1 dhcp:timeServiceStarted = "2015-10-04 04:24:17 +0000" dhcp:setStateVersion = 1 dhcp:numDHCPLeases = 21 dhcp:readWriteSettingsVersion = 1 Once started, configure reservations using  the /etc/bootptab file. This file should have a column for the name of a computer, the hardware type (1), the hwaddr (the MAC address) and ipaddr for the desired IP address of each entry: %% # hostname hwtype hwaddr ipaddr bootfile a.krypted.lan 1 00:00:00:aa:bb:cc b.krypted.lan 1 00:00:00:aa:bb:cc You can start and stop the service either using the serveradmin command: serveradmin stop dhcp serveradmin start dhcp Or using the launchctl: sudo /bin/launchctl unload -w /System/Library/LaunchDaemons/bootps.plist sudo /bin/launchctl load -w /System/Library/LaunchDaemons/bootps.plist

When Packets Are Too Large in MySQL

Every now and then you’ll see an error like “Packet Too Large” in MySQL, as seen below. When you run into this, you’re trying to shove more information into a given SQL statement than is allowed. So to fix, you have a few different options, starting with the best, which is to make your SQL better. Screen Shot 2013-06-10 at 3.45.00 PM But not everyone has control of things like source code. So you might need to change the value in mysql itself. To do so, simply run the mysql command with the –max_allowed_packet and then put = followed by the size of the packet. For example, to make it 128: mysql --max_allowed_packet=128M Now, by default this is 1M so that’s pretty big. You can then change it in the daemon: mysqld --max_allowed_packet=128M And to change it in the my.cnf, simply edit /etc/my.cnf (on OS X) or /etc/mysql/my.cnf or /usr/local/mysql/my.cnf, according to how you installed mysql. From there, search for max_allowed_packet and change it as needed. Once changed, restart MySQL (or the server) and the changes will take effect.

Restart Xsan Services

Sometimes you just need to restart the Xsan services on a system. For example, you rm the contents of /Library/Preferences/Xsan and don’t feel like restarting a computer and waiting for all that ProTools boot junk to fire up. So, you can just restart the services: launchctl unload /System/Library/LaunchDaemons/ launchctl load /System/Library/LaunchDaemons/ Also, I now always disable Xsan in System Preferences prior to doing the restart of services. Otherwise, I find cruft happens…

Lights Out Managing Mac Mini Servers with Vera

There is no Lights Out Management for a Mac mini Server (btw, am I the only one that noticed that these are now called Mac mini with Lion Server, where mini isn’t capitalized). While the Mac mini Server doesn’t have the Lights Out Management (LOM)/IPMI chips in it, there are a few things that we can control anyway. Convention would say that we’d get a NetBotz card for that spiffy APC we’ve got, which can do minor automation and even a little environmental monitoring. And there are a few other systems out there that can do similar tasks. But I’m a home automation nerd these days. So I decided to look into whether my Vera can manage my mini Server botnet and what I might be getting or sacrificing. First, let’s define what we did with LOM. The first and most important is, when the system crashed, we rebooted the server. The second aspect was to maybe wake the thing up, with the 3rd to monitor the components of the system. Let’s look at the first, most important thing, rebooting. I’m going to start with a Vera. The setup process for Vera is similar to that of a LinkSys, where you give the device an IP and then go a step further by signing up for the MiOS portal, used to remotely control the Vera through a secure tunnel. Then I’m going to add an appliance module to the system. Notably, I want a ground, so I’m going to add the Wayne-Dalton HA-04WD HomeSettings Outdoor Appliance Module. The device can be added to Vera pretty easily. To do so, open Vera and click on DEVICES and then on Add Devices in the subnav bar. From here, click on Add in the first row. Then scroll down a little and click on Option 1. The system will then scan for a device. At this point, you’ll see a screen telling you to manage the device. At this point, I just press the button on the device to pair it to the Z-wave network. Once the device is seen by the Vera, we can go ahead and click on the Next button (by default they’re seen as light switches). At the next screen, you’ll see a screen with a field you can type in. Here, provide a name for the device and give it a room that the device is in (if you’re using rooms). Click on Close and then Save (big red button after you click Close). Click on the Continue button to commit the save and you should see your new device listed in All Devices. At this point, click on the On and Off switches to turn systems on and off. From System Preferences, go to Energy Saver and then check the box for Restart automatically We’ve now achieved the first goal, having a way to physically turn on and off a Mac mini with Lion Server. Better than LOM, we can do so using a web interface or an iOS app. While the lack of so many moving parts has reduced the need for environmental monitoring, we want to monitor the environment outside the box, the environment inside the box and whether the box has developed any human emotions. To monitor the environment outside the box, I’m using one of the many Z-wave thermostats available. I plan on replacing it with a Temperature and Humidity Sensor, so I can put a sensor right by the machine instead of just monitoring the temperature of the room. I also like the idea of seeing moisture levels, but that’s aside from the point. Monitoring the inside of the system is really easy, since Apple has built snmp into Mac OS X and a quick snmpwalk will show me most everything I need to know about a box. For that, let’s just remove the default snmpd.conf file: rm /etc/snmp/snmpd.conf And then run snmpconf -i to create a new snmpd.conf file. This is interactive, so use option 1 and then choose the settings that work best for whatever monitoring software you’re using. With the loss of Lithium, I am a big fan of Nagios and Dartware’s Intermapper, but there are a number of other solutions that I would look at as well. Either way, this can be a very cumbersome aspect if you let it. Once you’ve configured snmpd.conf, restart it (assuming it’s running): launchctl unload /System/Library/LaunchDaemons/ launchctl load -w /System/Library/LaunchDaemons/ Next, to wake up the server, we can use Wake on LAN (note that wake for network access is in the Energy Saver System Preference pane). We can also monitor the server’s IP address (ping/ICMP) and even activate a camera in the event that a motion sensor is tripped. I’ll look at these in a future automation article, where we’ll reboot the server automatically in the event that it goes offline and maybe even control an IR blaster to turn on the TV when status bars are running on the server (we might also hook up a coffee pot so we can stay awake while waiting for Lion to download during some upgrades). But for now, suffice it to say that at this point, we have some of what we had with LOM on an Xserve. It’s not everything and it’s not really pretty. But it works and would cost about the same as a module for that APC you’ve got sitting around, while also laying the groundwork for much more home and small office/small data center automation – and at about $25 per additional device, it’s priced pretty well all things considered. Finally, if that snmp-based monitoring system happens to need to restart the devices, there’s also an API for Vera, documented at Being able to script an snmp-generated event that kicks off some kind of triggered response with a grid of devices is pretty cool, and while I hope to cover it eventually, I’m not sure exactly when I’ll end up with time, so might be awhile…

Disabling Periodic Scripts

Mac OS X does a little housecleaning in batch processes that run daily, weekly and monthly. These are kicked off by LaunchDaemons that reside in /System/Library/LaunchDaemons and are called, and These need to run and so should not be disabled outright. However, they can disabled temporarily, as when you need a somewhat process intensive script to run for a few days. Therefore, we need a way to disable these and re-enable them. One could just move those files, but there’s actually a more graceful way. Running defaults read against one of the property lists can be done as follows: defaults read /System/Library/LaunchDaemons/ We could use defaults to go ahead and disable the script by adding a “Disabled=1” key. Or we could unload them using launchctl. You can also do all of this without touching a terminal command. To manage launchd items graphically, look to Peter Borg’s Lingon, available on the App Store or at SourceForge at When you open it, simply use the System Daemons in the sidebar and scroll down until you see the jobs. Then, uncheck the Enabled checkbox. When you’re ready to turn ’em back on, re-check the Enabled box. If you don’t re-enable these things though, your computer will get very dirty over time. Similar to how if you never clean your house it will eventually turn on you. So imagine your beautiful pristine Xserve or MacBook Air looking like this: You have been warned.

Xsan + serialnumberd Troubleshooting

With Mac OS X 10.5.8 and 10.6.x, Mac OS X Server, Xsan, Final Cut Server and a number of other serialized products were switched to a whole new solution for managing serial numbers: a newly redone serialnumberd. If you run otool against serialnumberd in 10.5.7 and below you’ll notice no dependencies; it stood alone so to speak. If you run otool against the latest and greatest then you’ll notice that it has a number of dependencies that run the gambit of otherwise unthinkable services. This caused minor growing pains during the summer with multihomed network connections, maximum number of clients and other aspects of servers with certain solutions, but that got ironed out quickly with the 10.5.8v1.1 and 10.6.1. But there have been some minor issues I’ve seen still, mostly due to installer packages not holistically cleaning up old artifacts with regards to daemons that manage serial numbers (likely due to their author being concerned about the potential for other services to have dependencies on them). This is a problem that seems to manifest itself more frequently if you are running both Mac OS X Server and Xsan on the same host (which is basically all metadata controllers, etc) and have upgraded from Xsan 1.x to 2.x and potentially upgraded from Mac OS X 10.4.x to 10.5.x and ultimately to 10.6.x. The /System/Library/StartupItems/SerialNumberSupport StartupItem initially invoked the SerialNumberSupport daemon. However, that’s no longer needed for any product that I’m aware of. Therefore, you can stop it using the SystemStarter command and telling it to ‘stop SerialNumberSupport’:
SystemStarter stop SerialNumberSupport
SerialNumberSupport overall is deprecated and so if stopping it does not cause any adverse effects but does resolve some form of volume issues you might be having with your Xsan then you can also move it off somewhere that it can’t be overly troublesome, like your desktop:
mv /SystemLibrary/StartupItems/SerialNumberSupport ~/Desktop/SerialNumberSupport.OLD
Additionally, since serialnumberd is invoked by in /System/Library/LaunchDaemons then in many cases you do not need the /System/Library/LaunchDaemons/ If it is loaded and you are still having problems then try unloading it using launchctl. If your problems are gone then so should the SNServer, so consider moving it using:
mv /System/Library/LaunchDaemons/ ~/Desktop/
These artifacts are likely left behind for a reason. So before you go removing them, check that a temporary stop of them resolves issues without adversely effecting other services. There is a good reason that not everything gets removed, although sometimes they can have unintended consequences…

Disable Disk Arbitration

In Mac OS X, diskarbitrationd is the process that handles mounting disks when they are inserted into the computer (eg – firewire, USB, etc).  Diskarbitrationd runs in the background, is always on by default and is started by launchd.  New disks inserted into the computer are automatically mounted, which you might not want to happen (for example, if you are forensically imaging a system, investigating malware on a device, attempting to fix corruption, simply trying to keep users that don’t know how to manually mount a disk from accessing one, etc). There are  number of ways to stop diskarbitrationd.  One of the easiest (and least intrusive since it doesn’t require a restart) is using launchctl.  To disable disk arbitration, first run the following command to obtain a list of currently running launchd-initiated processes:
launchctl list
That’s going to output a few too many so let’s constrain our search to those that include the string diskarbitrationd:
launchctl list | grep diskarbitrationd
You’ll now see a PID and the name of the process.  Notice it has an alphanumeric string in front of it, appearing similar to 0x10abe0.diskarbitrationd. Next, go ahead and stop it, again using launchctl but this time with the stop option:
launchctl stop 0x10abe0.diskarbitrationd
Once stopped, let’s verify that diskarbitration is no longer running:
ps aux
Once you have completed your tasks and want to re-enable disk arbitration, you can restart it using the start option in launchctl:
launchctl start 0x10abe0.diskarbitrationd
Finally, this process is not persistent across reboots.  If you will be rebooting the system you are mounting the disk onto you might want to unload diskarbitrationd and then move the plist from /System/Library/LaunchDaemons/  For example, to move it to the desktop, use the following command:
mv /System/Library/LaunchDaemons/ ~/Desktop/

Removing Norton AntiVirus with a Script

For some reason the uninstaller from Symantec doesn’t work in removing Norton (NAV 10). My guess, without delving into their uninstaller too deeply is that they ran into what I ran into, which is that the* processes are prefixed by a bracketed alphanumeric sequence. To get around this I listed them and used grep to grab each one, then awk to grab the label and did a launchctl stop against the label name once I had it. The rest of this script is pretty straight forward forcing the rm of each of the contents of the items from the snapshot plus the items from the pkg BoM.  Here’s the script, or you can download it here:
#! /bin/bash launchctl stop `launchctl list | grep | awk ‘{print $3}’` launchctl stop `launchctl list | grep | awk ‘{print $3}’` launchctl stop `launchctl list | grep | awk ‘{print $3}’` launchctl stop `launchctl list | grep | awk ‘{print $3}’` kextunload -b com.Symantec.SymEvent.kext kextunload -b com.Symantec.SymOSXKernelUtilities.kext kextunload -b com.Symantec.kext.KTUM rm /etc/liveupdate.conf rm /etc/Symantec.conf rm /usr/bin/symsched rm /usr/bin/navx rm ~/Library/Preferences/com.Symantec.Scheduler.plist rm /Users/Shared/snorosx rm -rfd /Library/Contextual Menu Items/NAVCMPlugin.plugin rm -rfd /Applications/Symantec Solutions rm -rfd /Applications/Norton AntiVirus rm -rfd /Library/Receipts/NAVContextualMenu.pkg rm -rfd /Library/Receipts/NAVEngine.pkg rm -rfd /Library/Receipts/Norton AntiVirus.pkg rm -rfd /Library/Receipts/SymEvent.pkg rm -rfd /Library/Receipts/SymOSXKernelUtilities.pkg rm -rfd /Library/Receipts/NortonQuickMenu.pkg rm -rfd /Library/Receipts/SymSharedFrameworks.pkg rm -rfd /Library/Receipts/Norton AutoProtect.pkg rm -rfd /Library/Recepits/Symantec Scheduled Scans.pkg rm -rfd /Library/Recepits/Symantec Scheduled Scans.pkg rm -rfd /Library/Recepits/Symantec Scheduled Scans.pkg rm -rfd /Library/Receipts/navx.pkg rm -rfd /Library/Receipts/LiveUpdate.pkg rm -rfd /Library/Receipts/Symantec Scheduler.pkg rm -rfd /Library/Receipts/Stuffit.pkg rm -rfd /Library/Receipts/SymInstallExtras.pkg rm -rfd /Library/Receipts/SymHelpScripts.pkg rm -rfd /Library/Receipts/SymantecUninstaller.pkg rm -rfd /Library/Receipts/Symantec Alerts.pkg rm -rfd /Library/Application Support/Norton Solutions Support rm /Library/Application Support/NAV.history rm -rfd /Library/Application Support/Symantec rm -rfd /Library/PreferencePanes/SymantecQuickMenu.prefPane rm -rfd /Library/PreferencePanes/APPrefPane.prefPane rm -rfd /Library/PrivateFrameworks/SymAppKitAdditions.framework rm -rfd /Library/PrivateFrameworks/SymBase.framework rm -rfd /Library/PrivateFrameworks/SymNetworking.framework rm -rfd /Library/PrivateFrameworks/SymSystem.framework rm -rfd /Library/PrivateFrameworks/SymScheduler.framework rm -rfd /Library/StartupItems/NortonAutoProtect rm -rfd /Library/StartupItems/NortonMissedTasks rm -rfd /Library/Documentation/Help/Norton Help Scripts rm -rfd /Library/Widgets/Symantec Alerts.wdgt rm -rfd /System/Library/Extensions/SymEvent.kext rm -rfd /System/Library/Extensions/SymOSXKernelUtilities.kext rm -rfd /System/Library/Extensions/KTUM.kext rm /System/Library/Extensions.mkext.NxdE
Oh, since most everything I do on this site requires elevated privileges I usually forget to mention it, but this script will require those…