krypted.com

Tiny Deathstars of Foulness

New Apple security update.  Not that it fixes everything it intends but it’s a good start…   http://support.apple.com/kb/HT2647

August 16th, 2008

Posted In: Mac OS X, Mac OS X Server

Tags: , ,

You can use the adplugin to customize the amount of time a client is trusted by Active Directory.  It can be done by using the following command: dsconfigad -passinterval 30

August 14th, 2008

Posted In: Active Directory, Mac OS X, Mac OS X Server, Mac Security

Tags: , , , ,

There are certain aspects of Mac OS X Server that it just isn’t that great at.  One of them is acting as a router.  It’s just a fact that an appliance by SonicWALL, Cisco, Watchguard and sometimes LinkSys will run circles around the speed and feature set of Mac OS X Server.  So with that in mind, let’s look at how you would go about configuring a basic port forward on OS X Server if you decided not to listen to me on this point…  😉 You can use the /etc/net/natd.plist.  The key you’ll want to edit is the redirect_port, one per port or a range of all in one key…  Basically the array would look something like this assuming you were trying to forward afp traffic to 192.168.0.2 from a WAN IP of 4.2.2.2: <key>redirect_port</key> <array>     <dict>     <key>proto</key>         <string>TCP</string>     <key>targetIP</key>         <string>192.168.0.2</string>     <key>TargetPortRange</key>         <string>548</string>     <key>aliasIP</key>         <string>4.2.2.2</string>     <key>aliasPortRange</key>         <string>548</string>     </dict> </array>   You could also use the route command or ipfw depending on exactly what you’re trying to do with this thing.  Route is going to be useful if you’re trying to respond to network traffic over a different interface than the default interface.

August 12th, 2008

Posted In: Mac OS X, Mac Security

Tags: , , , , , , ,

In the article at http://www.macworld.com/article/134793/2008/07/apple_dns.html John Welch goes off on Apple for their delay in the whole DNS Poisoning exploit.  It’s kindof amusing…

July 31st, 2008

Posted In: Articles and Books, Mac OS X, Mac Security

Tags: , , ,

They can explain it better than me: http://it.slashdot.org/it/08/06/18/1919224.shtml (this has been fixed with the August 2008 Security Update).

June 18th, 2008

Posted In: Mac Security

Tags: , , ,

To reset the open firmware password you can either reboot while resetting PRAM 3 or more times or just pull out the RAM, reboot and reseat it after the next restart.  Have fun with that.

March 18th, 2008

Posted In: Mac OS X, Mac OS X Server

Tags: , , , ,

You can use the command line tool opfw to set open firmware passwords.  It is available for download over at MacEnterprise.org.  You can also use opfw to mass deploy open firmware passwords, which is basically what NetRestore does when you use their setting for this.

March 13th, 2008

Posted In: Mac OS X, Mac OS X Server, Mass Deployment

Tags: , , ,

Firewire gives direct access to a systems memory.

March 12th, 2008

Posted In: Mac Security

Tags: ,

By default, Mac OS X will simply give you a shell when you perform a Single User Mode startup.  However, you can force OS X to ask for a password in order to gain shell access.  To do so, vi the /etc/ttys and change secure to insecure.  Once you have done so, create a password in /etc/master.passwd for root.

March 10th, 2008

Posted In: Mac OS X, Mac OS X Server

Tags: , , ,

Check the following for services that don’t use hostconfig, launchd or cron:
/Library/StartupItems/
/System/Library/StartupItem
/etc/mach_init.d

March 7th, 2008

Posted In: Mac OS X, Mac OS X Server

Tags: ,

« Previous PageNext Page »