krypted.com

Tiny Deathstars of Foulness

Earlier, we looked at creating thousands of empty directories. Today, we’re going to get rid of them. But we need to get rid of only empty directories. To do so, we’ll use the find command:

find . -depth -type d -empty -exec rmdir {} \;

Now, we can put both into a script:

mkdir $(printf '%05d\n' {1..10000})
find . -depth -type d -empty -exec rmdir {} \;

July 29th, 2015

Posted In: Mac OS X, Ubuntu, Unix

Tags: , , , ,

Leave a Comment

You can easily accept user provided input in bash by using the read command in bash for Linux and OS X. Here, we’ll echo out a choice to a user in a script, read the output into a variable called yn and then echo out the response:

echo "Please enter y or n: "
read yn
echo "You chose wrong: $yn"

Here, we used echo to simply write out what was chosen in the input. But we could also take this a little further and leverage a case statement to then run an action based on the choice selected:

read -p "Should the file extension change warning be disabled (y/n)? " yn
case ${yn:0:1} in
y|Y )
defaults write com.apple.finder FXEnableExtensionChangeWarning -bool false
echo "The warning has been disabled"
;;
* )
defaults write com.apple.finder FXEnableExtensionChangeWarning -bool true
echo "The warning has been enabled"
;;
esac

The options when scripting are pretty much infinite and chances are, if you’ve written any scripts, you’ll know of a better way to do this than how I’ve always done it. One of the great things about scripting is the fact that there’s always a better way. So feel free to throw any of your examples into the comments!

July 28th, 2015

Posted In: Mac OS X, Mac OS X Server, Mac Security, Ubuntu, Unix

Tags: , , , , , , , ,

Leave a Comment

I mess computers up a lot. And that means I have to reload operating systems a lot. I’ve also been having terrible issues caused by autocorrect. So… Let’s disable it. By sending the NSAutomaticSpellingCorrectionEnabled key as a false boolean into NSGlobalDomain:

defaults write NSGlobalDomain NSAutomaticSpellingCorrectionEnabled -bool false

July 27th, 2015

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , , , ,

Leave a Comment

There’s an excellent tool that can be used to grab a heap dump from a Java process. It’s called jmap. To do so, run the jmap command, followed by a format and a file path as the format and file operators. Also, provide the PID, as follows:

jmap -dump:format=b,file=~/memdump.hprof 80446

Once dumped, you can view the dump file in the Memory Analyzer Tool (MAP) and find objects that use use too much memory and/or have memory leaks, as part of your troubleshooting. You can also replace the pid with a name of an executable or a core. Run the map tool along with a -h option for a help summary.

A sister tool is jps, which can be used to just list running processes by pid and then path. To run, assuming the same pid as earlier:

jps 80446

You can also run a java debugger daemon using jsadebugd, which attaches a process as a debug server. Then stack, map and info can attach via RMI. Finally, not everyone has access to every path on a file system. So jinfo can be used to view a configuration for a Java process or core. To run, simply run jinfo followed by a pid, executable or core name, as follows (assuming 80446 is the pid for the java process in question:

jinfo 80446

July 25th, 2015

Posted In: Java, Mac OS X

Tags: , , , , , ,

Leave a Comment

The caffeinate command is pretty cool. It keeps your computer from going to sleep. It can run in a couple of different ways. There’s a timer that prevents sleep for a little while. You can also run another command from within caffeinate that keeps the system awake until the other command is finished. Here, we’ll scp a file called source file to a host called servername and keep the system from going to sleep until the process is finished:

caffeinate -s scp sourcefile me:servername/targetfile

Here, we’ll just use the boring command to tell the computer not to go to sleep for an hour:

caffeinate -t 3600 &

July 24th, 2015

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , , , ,

Leave a Comment

By default in OS X, when you change an extension for a file, you get a warning. This is somewhat annoying to me, as I do this pretty frequently and have never almost accidentally done so. So to disable, send a FXEnable ExtensionChangeWarning key into com.apple.finder as false:

defaults write com.apple.finder FXEnableExtensionChangeWarning -bool false

To then undo, simply run with a true key:

defaults write com.apple.finder FXEnableExtensionChangeWarning -bool true

July 22nd, 2015

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , , ,

One Comment

The cd command has lots of fun little shortcuts. One I use frequently is the -. The ~ always takes you to your home directory, but using cd – will take you to the last directory you were in. For example, if you do the following on a Mac:

cd ~

Then you do .. (which is a shortcut for the directory above the one you’re in):

cd ..

Then pwd will show that you’re in /Users. But, if you cd to – again:

cd -

Now you’re back in your home folder. The – expands to OLDPWD. Quick tip. Nothing more to see here.

July 20th, 2015

Posted In: Mac OS X, Ubuntu, Unix

Tags: , , , , ,

One Comment

The tools to automate OS X firewall events from the command line are still stored in /usr/libexec/ApplicationFirewall. And you will still use socketfilterfw there for much of the heavy lifting. However, now there are much more helpful and functional options in socketfilterfw that will allow you to more easily script the firewall.

Some tricks I’ve picked up with the Mac Firewall/alf scripting:

  • Configure the firewall fully before turning it on (especially if you’re doing so through something like Casper, FileWave, Munki, or Absolute Manage where you might kick yourself out of your session otherwise).
  • Whatever you do, you can always reset things back to defaults by removing the com.apple.alf.plist file from /Library/Preferences replacing it with the default plist from /usr/libexec/ApplicationFirewall/com.apple.alf.plist.
  • Configure global settings, then per-application settings, then enable the firewall. If a remote system, do ;wait; and then enable the first time to make sure everything works before enabling the firewall for good.
  • To debug, use the following command: “/usr/libexec/ApplicationFirewall/socketfilterfw -d”

In /usr/libexec/ApplicationFirewall is the Firewall command, the binary of the actual application layer firewall and socketfilterfw, which configures the firewall. To configure the firewall to block all incoming traffic:

/usr/libexec/ApplicationFirewall/socketfilterfw --setblockall on

To see if block all is enabled:

/usr/libexec/ApplicationFirewall/socketfilterfw --getblockall

The output would be as follows, if successful:

Firewall is set to block all non-essential incoming connections

A couple of global options that can be set. Stealth Mode:

/usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on

To check if stealth mode is enabled:

/usr/libexec/ApplicationFirewall/socketfilterfw --getstealthmode

Firewall logging:

/usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode on

You can also control the verbosity of logs, using throttled, brief or detail. For example, if you need to troubleshoot some issues, you might set the logging to detail using the following command:

/usr/libexec/ApplicationFirewall/socketfilterfw --setloggingopt: detail

To start the firewall:

/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on

While it would be nice to think that that was going to be everything for everyone, it just so happens that some environments actually need to allow traffic. Therefore, traffic can be allowed per signed binary. To allow signed applications:

/usr/libexec/ApplicationFirewall/socketfilterfw --setallowsigned on

To check if you allow signed apps:

/usr/libexec/ApplicationFirewall/socketfilterfw --getallowsigned

This will allow all TRUSTEDAPPS. The –listapps option shows the status of each filtered application:

/usr/libexec/ApplicationFirewall/socketfilterfw --listapps

To check if an app is blocked:

/usr/libexec/ApplicationFirewall/socketfilterfw –getappblocked /Applications/MyApp.app/Contents/MacOS/myapp

This shows the number of exceptions, explicitly allowed apps and signed exceptions as well as process names and allowed app statuses. There is also a list of TRUSTEDAPPS, which will initially be populated by Apple tools with sharing capabilities (e.g. httpd & smbd). If you are enabling the firewall using a script, first sign your applications that need to allow sharing but are not in the TRUSTEDAPPS section by using the -s option along with the application binary (not the .app bundle):

/usr/libexec/ApplicationFirewall/socketfilterfw -s /Applications/MyApp.app/Contents/MacOS/myapp

Once signed, verify the signature:

/usr/libexec/ApplicationFirewall/socketfilterfw -v /Applications/MyApp.app/Contents/MacOS/myapp

Once signed, trust the application using the –add option:

/usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/MyApp.app/Contents/MacOS/myapp

To see a list of trusted applications. You can do so by using the -l option as follows (the output is pretty ugly and needs to be parsed better):

/usr/libexec/ApplicationFirewall/socketfilterfw -l

If, in the course of your testing, you determine the firewall just isn’t for you, disable it:

/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate off

To sanity check whether it’s started:

/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate

Or to manually stop it using launchctl (should start again with a reboot):

launchctl unload /System/Library/LaunchAgents/com.apple.alf.useragent.plist
launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist

If you disable the firewalll using launchctl, you may need to restart services for them to work again.

July 16th, 2015

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , , ,

Leave a Comment

For a long time, we used the bless command to startup systems to a specific volume in OS X. Back in 2009 I started using the systemsetup command for more and more tasks. These days, I’m being guided to replace all of my bless options in scripts to systemsetup. The easy way to configure your startup volumes using systemsetup is to list the available volumes, set one as the startup volume and then check to see which one is the current volume. The first task is to list the available startup volumes, using the -liststartupdisks option:

sudo systemsetup -liststartupdisks

You can then set the disk as one that was listed by the above command:

sudo systemsetup -setstartupdisk /Volumes/HAVOKMELTDOWN

You can finally check the current startup disk as a sanity check in your script to verify the desired disk is the startup volume using -getstartupdisk

sudo systemsetup -getstartupdisk

July 15th, 2015

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , ,

One Comment

The mkdir command is used to create directories. Sometimes, in testing, you need to have a lot of directories. So, you can use the following command to create 10,000 5 digit directories, named 00001 to 10000:

mkdir $(printf '%05d\n' {1..10000})

July 13th, 2015

Posted In: Mac OS X, Mac OS X Server, Mac Security, Ubuntu, Unix

Tags: , , , ,

One Comment

Next Page »