krypted.com

Tiny Deathstars of Foulness

In an earlier article, I mentioned that MAMP Pro was still the best native GUI for managing web services on the Mac, now that macOS Server will no longer serve up those patchy services. After we cover the management in this article, you’ll likely understand why it comes it at $59. 

So you’ve installed MAMP. And you need more than the few basic buttons available there. So MAMP Pro came with it and you can try it for a couple of weeks for free. When you open MAMP Pro, you’ll see a screen where you can perform a number of management tasks. This is a more traditional side-bar-driven screen that will look like what Server Admin might have looked like before the web services screen got simplified in macOS Server.

The Hosts item in SETTINGS will show you each host installed on the server. Think of a host as a site. Each web server can serve up a virtually unlimited number of websites. You can configure an IP binding to the site, or hav
 
If you click on the plus sign, you can add a site. In this example, I’ll add www.krypted.com and then click on create. When doing so, you can configure a database for each site (e.g. if you’re doing multi-tenant hosting), build a site off a template, or select a root directory for the site. 



The Apache tab of each host allows you to configure host-specific settings, including enabling options for directives such as Indexes, Includes, SymLink following, and CGI. More options than were in macOS Server for sure. You can also order allows, allow overrides, add new directives, set the index (or the default page of each site), add additional virtualhosts (such as krypted.com for www.krypted.com), and add a server admin email address. 

These were Apache-centric settings for each host. Click on the Nginx tab if you’re using Nginx instead of Apache. Nginx is a bit less “patchy” so there are a fewer options here. But they’re similar: Configure an index, add parameters, and a feature not available in the GUI options for Apache: allow or deny access based on IP.
 
The SSL tab allows you to generate a CSR, upload the cert and key file, and force connections to use https.

The Extras tab allows you to automatically install standard web packages. For example, here we’ll select WordPress.

Click on the Databases tab. To connect a site to a database, enter the name of the database when prompted. Note: the site itself will need credentials in order to connect, and if you’ve setup an “Extra” in the above step, the database will automatically be configured.

Next, let’s configure the ports used by the web servers. The previous settings were per-site. The rest that we cover in this article will be per-server, as these are global settings applied to the daemons themselves. Each of those services will have a port or ports associated with them. For example, the standard web port used is 80 or 443 for SSL-based connections and the standard port for MySQL is 3306. For publicly-facing sites these would be the standard ports, and given how common they are, there’s a button for “Set ports to 80, 81, 443, 7443, 3306”. Otherwise, you can enter each independently. Because the attaching of daemons is done here, this is also where you configure the user that services run as, as well as when to start the services and truncate log files.

The Editor option configures how the editor appears, which we’ll cover last in this article. The Editing option manages how the editor works (e.g. things  like tabs, autocompletes, etc.

The Fonts & Colors tab allows you to select each color assigned to various types of text.  

The Default Apps tab allows you to configure which app is opened when opening each type of file supported. 

Again, we’ll look at the editor later in this article. First, let’s finish getting the web server setup. Click on Apache. Here, you can load new Apache mods you download from the interwebs. I should mention that an important security step in locking down a publicly-facing web server is to disable all of the mods you don’t absolutely need. 

At the bottom of this screen, there’s also a handle little link to the directory with your logs, so you can read through them if needed.

The Nginx option underneath is similar. Access to log files is there, as is the ability to enable installed Nginx mods. 

The MySQL option also provides access to some straight-forward command-line options, but in a nice GUI. Here, you can configure a root password for MySQL ( which does this: Reset A Lost MySQL Password ), enable phpMyAdmin, MySQL Workbench, and Sequel Pro-based administration, enable network access to the MySQL Service (using ports configured in the Ports section of the app) which I cover at Allow Remote Connections To MySQL, and view logs.

The Dynamic DNS options are cool. Click there, and if your web server is behind a DHCP address, you can configure a dynamic DNS service including DNS-O-Matic, no-ip.com, dyn.com, easydns.com, etc. This way when you reboot and get a new IP address from your ISP, it’ll update the service automatically.

Memcached is a distributed memory object caching system. It’s used to make sites appear faster or to distribute caching between servers for systems that, for example, get clustered. It’s included here for a reason, I’m sure of it! Either way, I actually use it for a few things and like the fact that it’s there. To enable, simply choose how much memory to give it, configure the logging level (usually low unless you’re troubleshooting), and gain access to logs. If you check the “Include Memcached server in GroupStart” then memcache will fire up when you start your web services.

Click postfix. Here, you configure your server to route mail through an email account. If you run this from the command line, you can also configure your server to be a mail server; however, when you do that you’re likely to get mail bouncing all over the place. So if the server or a service on the server is supposed to send mail, it’s usually best to route through something like a gmail account. 

The Languages section allows you to configure how PHP, Python, Perl, and Ruby work on the server. For PHP, you can configure which version of PHP is installed, configure a version of PHP for hosts, enable caching (different than memcached), enable a few basic extensions (I’ve been playing with oauth a lot recently), choose logging options, and have a simple way to see the logs. 

Since you’re running on a Mac, you already have Python, but if you click on the Python option, you can make the version of Python bundled with Mac is 2.7.10 instead of 2.7.13.

Click on Perl to do the same.

Click on Ruby to do the same.

The editor is also pretty easy to use. Simply use the plus sign to add a file you’d like to edit. Keep in mind when browsing that everything MAMP Pro needs is self-contained in the /Applications/MAMP directory, so it should be pretty easy to find files for editing. 

And that’s it. This seems like a lot of stuff, but between sites like ServerFault and other Apache/Nginx articles, you’ll likely find most of the things you need. It’s worth mentioning that I consider this another baby step to just managing Apache using config files. macOS Server tried hard to reduce the complexity of where different settings and options are derived from; MAMP Pro makes no allusion that web server management should be so simple. That’s one of the things I like about it. It’s like you went from riding in a buggy on the back of a bike to riding with training wheels. The more you know, the better off you are.

March 10th, 2018

Posted In: Mac OS X, Mac OS X Server, Mac Security, WordPress

Tags: , , , , , , , , , , ,

When you’re building and manipulating apps in the Apple App Stores, it helps to be able to pull and parse pieces of data. Here, we’ll look at two strategies that you can use to do so. It’s worth noting that the purpose of this was to use the URL of an app from an MDM and then be able to script updating metadata about the app, given that vendors often change names of the display name of an app (e.g. Yelp is actually called “Yelp: Discover Local Favorites on the App Store”).

First, we’ll grab a URL. This one is for Self Service:

https://itunes.apple.com/us/app/self-service-mobile/id718509958?mt=8

If you don’t know the URL then you can get it based on the ID by parsing the json from:

curl https://itunes.apple.com/lookup?id=718509958

Of course, if you know the id, you can probably just assume that https://itunes.apple.com/us/app/id718509958?mt=8 will work as well, since if you remove the name it has always worked for me (although I’ve never seen that in a spec so I can’t guarantee it will always be true). Then, we can curl it, but the output is a bit not lovely:

curl -s 'https://itunes.apple.com/us/app/self-service-mobile/id718509958?mt=8'

So then we’ll want to just grab the pieces of information we want, which could be done using a variety of scripting techniques. Below, we’ll use grep:

curl -s 'https://itunes.apple.com/us/app/self-service-mobile/id718509958?mt=8' | grep -o "<title>[^<]*" | cut -d'>' -f2-

And here, we’ll use perl:

curl -s 'https://itunes.apple.com/us/app/yelp/id284910350?mt=8' | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si'

And there you go, you have the title. The title is easy, because it’s a simple title tag. But let’s look at the description:

curl -s 'https://itunes.apple.com/us/app/self-service-mobile/id718509958?mt=8' | awk '/meta name="description"/{;print }'

The output would be similar to the following 

<meta name="description" content="Read reviews, compare customer ratings, see screenshots, and learn more about Self Service Mobile. Download Self Service Mobile and enjoy it on your iPhone, iPad, and iPod touch." id="ember75894226" class="ember-view">

From there it’s pretty simple to extract the exact field you want and the metadata from that field. If you are obtaining names and descriptions for a large number of apps then you’d simply move the path into a variable as follows so you can put it into your loop:

curl -s $appurl | grep -o "<title>[^<]*" | cut -d'>' -f2-

I haven’t covered finding items in the App Store if you don’t know the ID of an app, but there’s a /search endpoint at iTunes.apple.com that will respond to a variety of parameters you can pass:

curl https://itunes.apple.com/search?term=yelp&country=us&entity=software

This wasn’t necessary for my use case. But it’s worth noting. And if you’ll be doing a lot of that, I’d recommend checking out the affiliates portal at https://affiliate.itunes.apple.com/resources/documentation/itunes-store-web-service-search-api/. Additionally, if you’re actually trying to automate the App Store instead, there are a few tools out there to do so, including https://github.com/mas-cli/mas or if you want to extract packages there’s https://github.com/maxschlapfer/MacAdminHelpers/tree/master/AppStoreExtract

March 2nd, 2018

Posted In: Apple Configurator, Apps, iPhone, Mac OS X

Tags: , , , , , , , ,

Merry Christmas ya’ll!
On the first day of Christmas my true love gave to me one 32 gig iPad On the second day of Christmas my true love gave to me two bash one-liners On the third day of Christmas my true love gave to me three Red Hat servers On the fourth day of Christmas my true love gave to me four email blasts On the fifth day of Christmas my true love gave to me five retweets On the sixth day of Christmas my true love gave to me six regular expressions On the seventh day of Christmas my true love gave to me seven lines of perl On the eighth day of Christmas my true love gave to me eight app store apps On the ninth day of Christmas my true love gave to me nine AWS instances On the tenth day of Christmas my true love gave to me ten Active Directory forests On the eleventh day of Christmas my true love gave to me 11 crappy python scripts On the twelfth day of Christmas my true love gave to me 12 craft brews
xmas-ornament-computer-ram

December 25th, 2014

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , , , , , , , ,

Configuring web services is as easy in OS X Mountain Lion Server (10.8) as it has ever been. To set up the default web portal, simply open the Server app, click on the Websites service and click on the ON button. After a time, the service will start. Once running, click on the View Server Website link at the bottom of the pane. Provided the stock OS X Server page loads, you are ready to use OS X Server as a web server. Before we setup custom sites, there are a few things you should know. The first is, the server is no longer really designed to remove the default website. So if you remove the site, your server will exhibit inconsistent behavior. Also, don’t remove the files that comprise the default site. Instead just add sites, which is covered next. Webmail is gone. You don’t have to spend a ton of time looking for it as it isn’t there. Also, Mountain Lion Server adds web apps, which we’ll briefly review later in this article as well.  Finally, enabling PHP and Python on sites is done globally, so this setting applies to all sites hosted on the server. Now that we’ve got that out of the way, let’s add our first custom site. Do so by clicking on the plus sign. At the New Web Site pane, you’ll be prompted for a number of options. The most important is the name of the site, with other options including the following:
  • Domain Name: The name the site is accessible from. The default sites do not have this option as they are accessible from all names that resolve to the server.
  • IP Address: The IP address the site listens on. Any means the site is available from every IP address the server is configured to use. The default websites do not have this option as they are accessible from all addresses automatically
  • Port: By default, sites without SSL run on port 80 on all network interfaces, and sites with SSL run on port 443 on all network interfaces. Use the Port field to use custom ports (e.g., 8080). The default sites do not have this option as they are configured to use 80 and 443 for default and SSL-based communications respectively.
  • SSL Certificate: Loads a list of SSL certificates installed using Keychain or the SSL Certificate option in the Settings pane of the Server application
  • Store Site Files In: The directory that the files that comprise the website are stored in. These can be placed into the correct directory using file shares or copying using the Finder. Click on the drop-down menu and then select Other to browse to the directory files are stored in.
  • Who Can Access: By default Anyone (all users, including unauthenticated guests) can access the contents of sites. Clicking on Anyone and then Customize… brings up the “Restrict access to the following folders to a chosen group” screen, where you can choose web directories and then define groups of users who can access the contents.
  • Additional Domains: Click on the Edit… button to bring up a simple list of domain names the the site also responds for (e.g. in addition to krypted.com, add www.krypted.com).
  • Redirects: Click on the Edit… button to bring up a list of redirects within the site. This allows configuring redirects to other sites. For example, use /en to load english.krypted.com or /cn to load china.krypted.com).
  • Aliases: Click on the Edit… button to load a list of aliases. This allows configuring redirects to folders within the same server. For example, /en loads /Library/Server/Web/Data/Sites/Default
  • Index Files: Click on the Edit… button to bring up a list of pages that are loaded when a page isn’t directly indicated. For example, when visiting krypted.com, load the wp.php page by default.
  • Advanced Options: The remaining options are available by clicking on the “Edit Advanced Settings…” button.
  • Enable Server Side Includes: Allows administrators to configure leveraging includes in web files, so that pieces of code can be used across multiple pages in sites.
  • Allow overrides using .htaccess files: Using a .htaccess file allows administrators to define who is able to access a given directory, defining custom user names and passwords in the hidden .htaccess file. These aren’t usually required in an OS X Server web environment as local and directory-based accounts can be used for such operations. This setting enables using custom .htaccess files instead of relying on Apple’s stock web permissions.
  • Allow folder listing: Enables folder listings on directories of a site that don’t have an Index File (described in the non-Advanced settings earlier).
  • Allow CGI execution: Enables CGI scripts for the domain being configured.
  • Use custom error page: Allows administrators to define custom error pages, such as those annoying 404 error pages that load when a page can’t be found
  • Make these web apps available on this website: A somewhat advanced setting, loads items into the webapps array, which can be viewed using the following command:  sudo serveradmin settings web:definedWebApps
Once you’ve configured all the appropriate options, click on Done to save your changes. The site should then load. Sites are then listed in the list of Websites. The Apache service is most easily managed from the Server app, but there are too many options in Apache to really be able to put into a holistic graphical interface. The easiest way to manage the Websites service in OS X Mountain Lion server is using the serveradmin command. Apache administrators from other platforms will be tempted to use the apachectl command to restart the Websites service. Instead, use the serveradmin command to do so. To start the service: sudo serveradmin start web To stop the service(s): sudo serveradmin stop web And to see the status: sudo serveradmin fullstatus web Fullstatus returns the following information: web:health = _empty_dictionary web:readWriteSettingsVersion = 1 web:apacheVersion = "2.2" web:servicePortsRestrictionInfo = _empty_array web:startedTime = "2012-08-13 23:01:42 +0000" web:apacheState = "RUNNING" web:statusMessage = "" web:ApacheMode = 2 web:servicePortsAreRestricted = "NO" web:state = "RUNNING" web:setStateVersion = 1 While the health option typically resembles kiosk computers in the Computer Science departments of most major universities, much of the rest of the output can be pretty helpful including the Apache version, whether the service is running, any restrictions on ports and the date/time stamp that the service was started. To see all of the settings available to the serveradmin command, run it, followed by settings and then web, to indicate the Websites service: sudo serveradmin settings web The output is pretty verbose and can be considered in two sections, the first includes global settings across sites as well as the information for the default sites that should not be deleted: web:defaultSite:documentRoot = "/Library/Server/Web/Data/Sites/Default" web:defaultSite:serverName = "" web:defaultSite:realms = _empty_dictionary web:defaultSite:redirects = _empty_array web:defaultSite:enableServerSideIncludes = no web:defaultSite:customLogPath = "&quot;/var/log/apache2/access_log&quot;" web:defaultSite:webApps = _empty_array web:defaultSite:sslCertificateIdentifier = "" web:defaultSite:fullSiteRedirectToOtherSite = "" web:defaultSite:allowFolderListing = no web:defaultSite:serverAliases = _empty_array web:defaultSite:errorLogPath = "&quot;/var/log/apache2/error_log&quot;" web:defaultSite:fileName = "/Library/Server/Web/Config/apache2/sites/0000_any_80_.conf" web:defaultSite:aliases = _empty_array web:defaultSite:directoryIndexes:_array_index:0 = "index.html" web:defaultSite:directoryIndexes:_array_index:1 = "index.php" web:defaultSite:directoryIndexes:_array_index:2 = "/wiki/" web:defaultSite:directoryIndexes:_array_index:3 = "default.html" web:defaultSite:allowAllOverrides = no web:defaultSite:identifier = "37502141" web:defaultSite:port = 80 web:defaultSite:allowCGIExecution = no web:defaultSite:serverAddress = "*" web:defaultSite:requiresSSL = no web:defaultSite:proxies = _empty_dictionary web:defaultSite:errorDocuments = _empty_dictionary web:defaultSecureSite:documentRoot = "/Library/Server/Web/Data/Sites/Default" web:defaultSecureSite:serverName = "" web:defaultSecureSite:realms = _empty_dictionary web:defaultSecureSite:redirects = _empty_array web:defaultSecureSite:enableServerSideIncludes = no web:defaultSecureSite:customLogPath = "&quot;/var/log/apache2/access_log&quot;" web:defaultSecureSite:webApps = _empty_array web:defaultSecureSite:sslCertificateIdentifier = "com.apple.systemdefault.9912650B09DE94ED160146A3996A45EB3E39275B" web:defaultSecureSite:fullSiteRedirectToOtherSite = "" web:defaultSecureSite:allowFolderListing = no web:defaultSecureSite:serverAliases = _empty_array web:defaultSecureSite:errorLogPath = "&quot;/var/log/apache2/error_log&quot;" web:defaultSecureSite:fileName = "/Library/Server/Web/Config/apache2/sites/0000_any_443_.conf" web:defaultSecureSite:aliases = _empty_array web:defaultSecureSite:directoryIndexes:_array_index:0 = "index.html" web:defaultSecureSite:directoryIndexes:_array_index:1 = "index.php" web:defaultSecureSite:directoryIndexes:_array_index:2 = "/wiki/" web:defaultSecureSite:directoryIndexes:_array_index:3 = "default.html" web:defaultSecureSite:allowAllOverrides = no web:defaultSecureSite:identifier = "37502140" web:defaultSecureSite:port = 443 web:defaultSecureSite:allowCGIExecution = no web:defaultSecureSite:serverAddress = "*" web:defaultSecureSite:requiresSSL = yes web:defaultSecureSite:proxies = _empty_dictionary web:defaultSecureSite:errorDocuments = _empty_dictionary web:dataLocation = "/Library/Server/Web/Data" web:mainHost:keepAliveTimeout = 15.000000 web:mainHost:maxClients = "50%" The second section is per-site settings, with an array entry for each site: web:customSites:_array_index:0:documentRoot = "/Library/Server/Web/Data/Sites/www2.krypted.com" web:customSites:_array_index:0:serverName = "www2.krypted.com" web:customSites:_array_index:0:realms = _empty_dictionary web:customSites:_array_index:0:redirects = _empty_array web:customSites:_array_index:0:enableServerSideIncludes = no web:customSites:_array_index:0:customLogPath = "/var/log/apache2/access_log" web:customSites:_array_index:0:webApps = _empty_array web:customSites:_array_index:0:sslCertificateIdentifier = "" web:customSites:_array_index:0:fullSiteRedirectToOtherSite = "" web:customSites:_array_index:0:allowFolderListing = no web:customSites:_array_index:0:serverAliases = _empty_array web:customSites:_array_index:0:errorLogPath = "/var/log/apache2/error_log" web:customSites:_array_index:0:fileName = "/Library/Server/Web/Config/apache2/sites/0000_any_80_www2.krypted.com.conf" web:customSites:_array_index:0:aliases = _empty_array web:customSites:_array_index:0:directoryIndexes:_array_index:0 = "index.html" web:customSites:_array_index:0:directoryIndexes:_array_index:1 = "index.php" web:customSites:_array_index:0:directoryIndexes:_array_index:2 = "/wiki/" web:customSites:_array_index:0:directoryIndexes:_array_index:3 = "default.html" web:customSites:_array_index:0:allowAllOverrides = no web:customSites:_array_index:0:identifier = "41179886" web:customSites:_array_index:0:port = 80 web:customSites:_array_index:0:allowCGIExecution = no web:customSites:_array_index:0:serverAddress = "*" web:customSites:_array_index:0:requiresSSL = no web:customSites:_array_index:0:proxies = _empty_dictionary web:customSites:_array_index:0:errorDocuments = _empty_dictionary The final section (the largest by far) includes array entries for each defined web app. The following shows the entry for a Hello World Python app: web:definedWebApps:_array_index:15:requiredWebAppNames = _empty_array web:definedWebApps:_array_index:15:includeFiles:_array_index:0 = "/Library/Server/Web/Config/apache2/httpd_wsgi.conf" web:definedWebApps:_array_index:15:requiredModuleNames:_array_index:0 = "wsgi_module" web:definedWebApps:_array_index:15:startCommand = "" web:definedWebApps:_array_index:15:sslPolicy = 0 web:definedWebApps:_array_index:15:requiresSSL = no web:definedWebApps:_array_index:15:requiredByWebAppNames = _empty_array web:definedWebApps:_array_index:15:launchKeys = _empty_array web:definedWebApps:_array_index:15:proxies = _empty_dictionary web:definedWebApps:_array_index:15:preflightCommand = "" web:definedWebApps:_array_index:15:stopCommand = "" web:definedWebApps:_array_index:15:name = "com.apple.webapp.wsgi" web:definedWebApps:_array_index:15:displayName = "Python &quot;Hello World&quot; app at /wsgi" Each site has its own configuration file defined in the array for each section. By default these are stored in the /Library/Server/Web/Config/apache2/sites directory, with /Library/Server/Web/Config/apache2/sites/0000_any_80_www2.krypted.com.conf being the file for the custom site we created previously. As you can see, many of the options available in the Server app are also available in these files: <VirtualHost *:80> ServerName www2.krypted.com ServerAdmin admin@example.com DocumentRoot "/Library/Server/Web/Data/Sites/www2.krypted.com" DirectoryIndex index.html index.php /wiki/ default.html CustomLog /var/log/apache2/access_log combinedvhost ErrorLog /var/log/apache2/error_log <IfModule mod_ssl.c> SSLEngine Off SSLCipherSuite "ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM" SSLProtocol -ALL +SSLv3 +TLSv1 SSLProxyEngine On SSLProxyProtocol -ALL +SSLv3 +TLSv1 </IfModule> <Directory "/Library/Server/Web/Data/Sites/www2.krypted.com"> Options All -Indexes -ExecCGI -Includes +MultiViews AllowOverride None <IfModule mod_dav.c> DAV Off </IfModule> <IfDefine !WEBSERVICE_ON> Deny from all ErrorDocument 403 /customerror/websitesoff403.html </IfDefine> </Directory> </VirtualHost> The serveradmin command can also be used to run commands. For example, to reset the service to factory defaults, delete the configuration files for each site and then run the following command: sudo serveradmin command web:command=restoreFactorySettings The final tip I’m going to give in this article is when to make changes with each app. I strongly recommend making all of your changes in the Server app when possible. When it isn’t, use serveradmin and when you can’t make changes in serveradmin, only then alter the configuration files that come with the operating system by default. I also recommend keeping backups of all configuration files that are altered and a log of what was altered in each, in order to help piece the server back together should it become unconfigured miraculously when a softwareupdate -all is run next.

August 15th, 2012

Posted In: Mac OS X, Mac OS X Server

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

I’ve had a pretty easy time using Nikto over the years. Nikto is a security scanner specific to web servers. I did a post on Nessus recently, but Nessus is a tool for looking at any service running on a system and trying to find available vulnerabilities. Nikto is can do many of the same things, but is specific and therefore more in depth for web servers. This involves looking at things like CGI directories and robots.txt files as well. Nikto is written in Perl. In order to do everything Nikto can do there are a few perl mules that need to be installed. But let’s look at one of the easiest implementations available for Nikto, which is Yang (short for Yet Another Nikto GUI), available on the OS X App Store. Yang is so easy, you can literally install the app, type a domain name and hit Start to get started. Yang also runs the latest release of Nikto. Let’s look at what a basic scanning process looks like. To get started, open the App Store and search for Nikto. Yang appears, so click on Install by the name of the app. Once installed, click on Yang in LaunchPad to fire up the scanner (or open from /Applications). When Yang opens, click on the Preferences in the toolbar. Go through each of the options and choose the ones that make the most sense for each scan you run. Keep in mind that each box can increase or decrease the amount of time scans require or the output of the scan drastically. The author of the app was kind enough to include tool tips for the options, very helpful. Click back on the Scan icon in the toolbar and enter the name of the site to scan in the “Website to analyze” field. Then click on Launch. The scan then begins. This might take some time. And not “go get some coffee time” but more like, “go take a nap time.” While the scan is running, click on Logs in the toolbar. Here, you can see the exact command run against Nikto. If you download Nikto from cirt.net you can use these exact commands, although there will be a little work getting the app up and running, defining config files, etc. If you want to do anything (such as writing output to metasploit) then you might end up needing to go ahead and install manually. But if you’re just interested in running some quick scans as sanity checks for deployed configurations, etc then this is a nice little tool that is a bit too nice to be free. Especially given that the author went ahead and built out Nikto with LibWhiskers, SSL support and a few other goodies that aren’t required for a basic deployment. It’s also (IMHO) a really good example of putting a GUI wrapper around command line tools. I’ve played with a few other GUI overlays for Nikto and this one is by far the best one I’ve seen for OS X. Well worth the time to check it out!

July 5th, 2012

Posted In: Mac OS X, Mac OS X Server, Mac Security, sites, WordPress

Tags: , , , , , , , , , ,

touch helloperl.pl Open helloperl.pl and paste the following in there: print "Hello Cruel Perln"; Make sure you have executable permissions for helloperl.pl. Then run: perl helloperl.pl

February 29th, 2012

Posted In: Mac OS X, Unix

Tags: , , , , , ,

There are a lot of versions of the popular perl scripting language out there, and depending on what version you may have written a script with you might find that using a different version than the one that comes with an OS by default can have a drastic impact on a script. In Mac OS X you can change the default version of perl that the perl and a2p command will use. Before doing so you should check the version of perl being used by default, which can be done using the perl command, followed by the -v option:
perl -v
By default, the OS currently uses version 5.10.0. To change the version, you would use the defaults command to change the com.apple.versioner.perl defaults domain. You will add a key called Version with a string of the version you would like to use. For example, to switch to 5.8.8:
defaults write com.apple.versioner.perl Version -string 5.8.8
To change it back to 5.10.0:
defaults write com.apple.versioner.perl Version -string 5.10.0
You can also set perl to run in 32 bit mode:
defaults write com.apple.versioner.perl Prefer-32-Bit -boolean TRUE
To put it back:
defaults write com.apple.versioner.perl Prefer-32-Bit -boolean FALSE
Python provides the same functionality:
defaults write com.apple.versioner.python Version -string 2.6
Or to run Python in 32-bit mode:
defaults write com.apple.versioner.python Prefer-32-Bit -boolean TRUE

June 8th, 2010

Posted In: Mac OS X

Tags: , , , , , ,

Sometimes ya’ just need to run Perl in 32-bit. Regrettably. To do so:
defaults write com.apple.versioner.perl Prefer-32-Bit -bool yes

December 10th, 2009

Posted In: Mac OS X

Tags: , ,

Getting through all of the dependencies for certain Perl modules can be hairy. To give you a sense of how complex perl can be, here’s a small fact: CPAN has over nine thousand perl modules listed. Keeping track of module dependencies can be a real pain. Fortunately, there's a simple solution…CPAN.pm

CPAN.pm is a PERL module that automates the whole process of downloading, unpacking, compiling and packaging modules. For example, if I wanted to install a module called Colors::Yellow, I would type:

perl -MCPAN -e 'install Colors::Yellow'

That's it. The CPAN.pm would automatically figure dependancies, download the appropriate modules, and install them. If you want more information on using the CPAN.pm (pm is short for perl module) then the URL is http://www.cpan.org/misc/cpan-faq.html, under "How do I install Perl modules?"

April 20th, 2009

Posted In: Mac OS X, Mac OS X Server, Unix

Tags: , , ,

Little dittie on installing GD in Mac OS X Server: http://osx.topicdesk.com/content/view/135/41/ http://www.kenior.com/macintosh/adding-gd-library-for-mac-os-x-leopard

August 10th, 2008

Posted In: Mac OS X Server

Tags: , ,

Next Page »