Built a quick extension attribute for Jamf Pro environments to check if TouchID is enabled and report back a string in $result – this could easily be modified and so I commented a few pointers for environments that might need to modify it (e.g. to check for user-level as it’s currently system-level). To see/have the code, check https://github.com/krypted/TouchID_check.
krypted January 18th, 2017
The codesign command is used to sign apps and check the signature of apps. Apps need to be signed more and more and more these days. So, you might need to loop through your apps and verify that they’re signed. You might also choose to stop trusting given signing authorities if one is compromised. To check signing authorities, you can use
codesign -dv --verbose=4 /Applications/Firefox.app/ 2>&1 | sed -n '/Authority/p'
The options in the above command:
Then we pipe the output into a simple sed and get the signing chain. Or don’t. For example, if you’re scripting don’t forget a sanity check for whether an object isn’t signed. For example, if we just run the following for a non-signed app:
codesign -dv --verbose=4 /Applications/Utilities/XQuartz.app/
The output would be as follows:
/Applications/Utilities/XQuartz.app/: code object is not signed at all
krypted January 12th, 2017
Prepare for your network administrators to cringe… I’ve spoken on these commands but never really put them together in this way, exactly. So I wanted to find a coworker on a network. So one way to find people is to use a ping sweep. Here I’m going to royally piss off my switch admins and ping sweep the subnet:
Next, I’m going to run arp to translate:
Finally, if a machine is ipv6, it wouldn’t show up. So I’m going to run:
Now, I find the hostname, then look at the MAC address, copy that to my clipboard, find for that to get the IP and then I can flood that host with all the things. Or you could use nmap… :-/
krypted January 7th, 2017
macOS has keychains. Sometimes they’re a thing. When they are you might want to delete them. Let’s say you have an admin account. You want to keep the keychains for that account, but remove all the others. For this, you could do a shell operator to extglob. Or you could do a quick while loop as follows:
ls /Users | grep -v "admin" | while read USERNAME do; rm -Rf "/Users/$USERNAME/Library/Keychains/*" done;
If you borrow this, be careful.
krypted December 1st, 2016
krypted November 29th, 2016
Posted In: MacAdmins Podcast
krypted November 22nd, 2016
The MacAD.UK (aka macaduck) is coming up in February. The schedule and lineups are coming together nicely and I really like the sessions that have been announced thus far (turns out our friends at Amsys have their finger on the pulse!). Soooo, you should join us! And for a limited time, you can join us at a sweet, sweet discounted price! The code is 2017sp10 and is valid for a 10% discount! Sign up at http://www.macad.uk.
krypted November 19th, 2016
Posted In: public speaking
You work for weeks, months, or years to build a business that is killing it. Then you get a huge new customer. You feel like you’ve been put on the map. But then the reality sets in. Maybe you won the business because you’re innovative, less expensive, faster, etc. But now you start getting completely destroyed by the overhead of making those sweet, sweet dollars from that new customer. Wouldn’t it have been great to have known about a few things to ask about? My response includes a few tips on how to work with them, that just might save you some serious margin!. Check it out at http://www.inc.com/charles-edge/how-to-work-with-big-companies-without-getting-caught-in-red-tape.html.
krypted November 18th, 2016
Posted In: Articles and Books
OK, I don’t talk politics, about personal stuff, etc on this site usually. And I’m not gonna’ start now. But with Give To The Max Day in Minnesota today, I did write an article on the meaning of Compassion on Huffington Post. It can be found at http://www.huffingtonpost.com/charles-edge/what-does-compassion-mean_b_12999974.html if you’re interested in such things; if not, hope you have a wonderful day!
krypted November 17th, 2016
Posted In: Tamarisk
I thought there might be an easier way to do this. So there’s this binary called serverrails that I assumed would install rails – no wait, actually it’s a ruby script that tells me to ‘gem install rails’ – which fails:
cat `which serverrails`
# Stub rails command to load rails from Gems or print an error if not installed.
version = ">= 0"
if ARGV.first =~ /^_(.*)_$/ and Gem::Version.correct? $1 then
version = $1
gem 'railties', version or raise
puts 'Rails is not currently installed on this system. To get the latest version, simply type:'
puts ' $ sudo gem install rails'
puts 'You can then rerun your "rails" command.'
load Gem.bin_path('railties', 'rails', version)
Given that doesn’t work, we can just do this the old fashioned way… First let’s update rails to 2.2 or 2.2.4 using rvm, so grab the latest rvm and install it into /usr/local/rvm:
sudo curl -sSL https://get.rvm.io | bash -s stable --ruby
Then fire it up:
sudo source /etc/profile.d/rvm.sh
Then install the latest ruby:
sudo rvm install 2.2
Set it as default:
sudo rvm use 2.2 –default
Then run your gem install:
gem install rails
krypted November 14th, 2016