New Apple security update. Not that it fixes everything it intends but it’s a good start… http://support.apple.com/kb/HT2647
Tag: Mac Security
You can use the adplugin to customize the amount of time a client is trusted by Active Directory. It can be done by using the following command: dsconfigad -passinterval 30
There are certain aspects of Mac OS X Server that it just isn’t that great at. One of them is acting as a router. It’s just a fact that an appliance by SonicWALL, Cisco, Watchguard and sometimes LinkSys will run circles around the speed and feature set of Mac OS X Server. So with that in mind, let’s look at how you would go about configuring a basic port forward on OS X Server if you decided not to listen to me on this point… 😉 You can use the /etc/net/natd.plist. The key you’ll want to edit is the redirect_port, one per port or a range of all in one key… Basically the array would look something like this assuming you were trying to forward afp traffic to 192.168.0.2 from a WAN IP of 126.96.36.199: <key>redirect_port</key> <array> <dict> <key>proto</key> <string>TCP</string> <key>targetIP</key> <string>192.168.0.2</string> <key>TargetPortRange</key> <string>548</string> <key>aliasIP</key> <string>188.8.131.52</string> <key>aliasPortRange</key> <string>548</string> </dict> </array> You could also use the route command or ipfw depending on exactly what you’re trying to do with this thing. Route is going to be useful if you’re trying to respond to network traffic over a different interface than the default interface.
In the article at http://www.macworld.com/article/134793/2008/07/apple_dns.html John Welch goes off on Apple for their delay in the whole DNS Poisoning exploit. It’s kindof amusing…
They can explain it better than me: http://it.slashdot.org/it/08/06/18/1919224.shtml (this has been fixed with the August 2008 Security Update).
To reset the open firmware password you can either reboot while resetting PRAM 3 or more times or just pull out the RAM, reboot and reseat it after the next restart. Have fun with that.
You can use the command line tool opfw to set open firmware passwords. It is available for download over at MacEnterprise.org. You can also use opfw to mass deploy open firmware passwords, which is basically what NetRestore does when you use their setting for this.
Firewire gives direct access to a systems memory.
By default, Mac OS X will simply give you a shell when you perform a Single User Mode startup. However, you can force OS X to ask for a password in order to gain shell access. To do so, vi the /etc/ttys and change secure to insecure. Once you have done so, create a password in /etc/master.passwd for root.
Check the following for services that donâ€™t use hostconfig, launchd or cron: