Reporting on application usage is an interesting topic on the Mac. This is done automatically with a number of device management solutions. But there are things built into the OS that can help as well. mdls "/Applications/Xcode.app" -name kMDItemLastUsedDate | awk '{print $3}' Now, if you happen to also need the time, simply add ,$4 to the end of your awk print so you can see the next position, which is the time. Additionally, a simple one-liner to grab the foreground app via AppleScript is: osascript -e 'tell application "System Events"' -e 'set frontApp to name of first application process whose frontmost is true' -e 'end tell' That’s pretty much…
-
-
Managing Google SafeBrowsing in Firefox for Mac
Firefox describes their malware posture at https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work which heavily leverages Google SafeBrowsing, as do many a browser. Settings for SafeBrowsing are set in the browser.safebrowsing.downloads.remote.enabled pref. To lock this pref, you would need to create an autoconfig.js file in /Applications/Firefox.app/Contents/Resources/defaults/pref that points to a firefox.cfg file with a lock pref in it. To do so, create the autoconfig.js file and paste in these settings: // Configure SafeBrowsing pref("general.config.filename", "firefox.cfg"); pref("general.config.obscure_value", 0); Then create the firefox.cfg file and paste in these settings: // Configuring SafeBrowsing lockPref("browser.safebrowsing.downloads.remote.enabled", TRUE) Live Firefox preferences can be seen at /Users/charles.edge 1/Library/Application Support/Firefox/Profiles/*.default. Because SafeBrowsing is enabled by default, you shouldn’t see it listed unless it’s been disabled. But you can confirm it’s doing its…
-
Quick and Dirty OpenBSM Auditing In macOS
OpenBSM is a subsystem that has been installed on the Mac for some time. OpenBSM provides that ability to create and read audit logs based on the Common Criteria standards. Audit Logs The quick and easy way to see what OpenBSM is auditing is to cat the /etc/security/audit_control file: cat /etc/security/audit_control The output displays the directory of audit logs, as well as what is currently being audited. By default the configuration is as follows: ## $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#8 $#dir:/var/auditflags:lo,aaminfree:5naflags:lo,aapolicy:cnt,argvfilesz:2Mexpire-after:10Msuperuser-set-sflags-mask:has_authenticated,has_console_accesssuperuser-clear-sflags-mask:has_authenticated,has_console_accessmember-set-sflags-mask:member-clear-sflags-mask:has_authenticated You can then see all of the files in your audit log, using a standard ls of those ls /var/audit As you can see, the files are then stored with a date/time stamp naming convention. …
-
Notes On Google SafeBrowsing And Safari
Most phishing sites follow a known pattern. And people like to flag bad sites. So Google and a few other organizations, such as stopbadware.org have a collection of feeds that can be leveraged by software vendors to provide a warning or flat-out block potentially fraudulent sites. If a piece of malware is found, even if buried deep in a site, the site will likely get picked up by a robot or reported by a user. Robots can pick up a lot, as people who exploit WordPress sites and stuff like that are often after playing a numbers game. Harvesting hundreds of thousands or email address and sending phishing emails. It only…
-
Check Versions of Common Apps and Services on macOS
Just some little one-liners to grab the version of a few common Apple services/built-in apps you might need the version of for another project I’m working on kinda’: cups: cups-config –version Finder: mdls -name kMDItemVersion /System/Library/CoreServices/Finder.app | cut -d ‘”‘ -f2 Help Viewer: mdls -name kMDItemVersion /System/Library/CoreServices/HelpViewer.app | cut -d ‘”‘ -f2 iBooks Author: mdls -name kMDItemVersion /Application/iTunes\ Author.app | cut -d ‘”‘ -f2 ical/Calendar: mdls -name kMDItemVersion /Applications/Calendar.app/ | cut -d ‘”‘ -f2 ichat/Messages: mdls -name kMDItemVersion /Applications/Calendar.app/ | cut -d ‘”‘ -f2 iMovie: mdls -name kMDItemVersion /Applications/iMovie.app | cut -d ‘”‘ -f2 installer: /usr/sbin/installer -vers Photos/iPhoto: mdls -name kMDItemVersion /Applications/Photos.app | cut -d ‘”‘ -f2 iTunes: mdls -name…
-
looto: Look Up What’s Dependent On A Binary
Ever wonder what binaries have dependencies on a given binary? The otool command allows you to look up what dependencies a binary has, but there’s some extra work to get to reversing it. So looto.sh. https://github.com/krypted/looto https://github.com/krypted/looto.git
-
MacAdmins Episode 89: Naveen & John talk VMware
-
MacAdmins Episode 88: secureToken, JumpCloud, and the Hunt for the Great White Whale
-
Ross from Ping Identity on the MacAdmins Podcast
-
DNS: Install BIND on macOS
The DNS service in macOS Server was simple to setup and manage. It’s a bit more manual in macOS without macOS Server. The underlying service that provides DNS is Bind. Bind will require a compiler to install, so first make sure you have the Xcode command line tools installed. To download Bind, go to ISC at https://www.isc.org/downloads/. From there, copy the installer locally and extract the tar file. Once that’s extracted, run the configure from within the extracted directory: ./configure --enable-symtable=none --infodir="/usr/share/info" --sysconfdir="/etc" --localstatedir="/var" --enable-atomic="no" --with-gssapi=yes --with-libxml2=no Next, run make: make Then run make install: make install Now download a LaunchDaemon plist (I just stole this from the org.isc.named.plist on a…