krypted.com

Tiny Deathstars of Foulness

macOS Server 5.2, running on Sierra, comes with a few new alerting options previously unavailable in versions of OS X. The alerts are sent to administrators via servermgrd and configured in the 5th version of the Server app. To configure alerts on the server, open the Server app and then click on Alerts in the Server app sidebar. Next, click on the Delivery tab.

screen-shot-2016-09-25-at-11-37-02-pm

At the Delivery screen, click on the Edit button for Email Addresses and enter every email address that should receive alerts sent from the server. Then click on the Edit button for Push Notifications. Here, check the box for each administrator of the server. The email address on file for the user then receives push notifications of events from the server.

screen-shot-2016-09-25-at-11-38-07-pm

Click on OK when you’ve configured all of the appropriate administrators for alerting. Click on the Edit… button for Push and if Push notifications are not already enabled you will run through the Push Notification configuration wizard.

screen-shot-2016-09-25-at-11-38-54-pm

Then, check the boxes for Email and Push for each of the alerts you want to receive (you don’t have to check both for each entry). Alerts have changed in macOS Server, they are no longer based on the SMART status of drives or capacity; instead Delivery is now based on service settings.

Finally, as with previous versions of macOS Server, snmp is built in. The configuration file for which is located in the /private/etc/snmp/snmpd.conf and the built-in LaunchDaemon is org.net-snmp.snmpd, where the actual binary being called is /usr/sbin/snmpd (and by default it’s called with a -f option). Once started, the default community name should be COMMUNITY (easily changed in the conf file) and to test, use the following command from a client (the client is 192.168.210.99 in the following example):

snmpwalk -On -v 1 -c COMMUNITY 192.168.210.99

October 9th, 2016

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , , , , ,

SSH allows administrators to connect to another computer using a secure shell, or command line environment. ARD (Apple Remote Desktop) allows screen sharing, remote scripts and other administrative goodness. SNMP allows for remote monitoring of a server. You can also connect to a server using the Server app running on a client computer. To enable all of these except SNMP, open the Server app (Server 3), click on the name of the server, click the Settings tab and then click on the checkbox for what you’d like to enter.

SSH1

All of these can be enabled and managed from the command line as well. The traditional way to enable Apple Remote Desktop is using the kickstart command. But there’s a simpler way in OS X Mavericks Server (Server 2.2). To do so, use the serveradmin command. To enable ARD using the serveradmin command, use the settings option, with info:enableARD to set the payload to yes:

sudo serveradmin settings info:enableARD = yes

Once run, open System Preferences and click on Sharing. The Remote Management box is then checked and the local administrative user has access to ARD into the host.

SSH2

There are also a few other commands that can be used to control settings. To enable SSH for administrators:

sudo serveradmin settings info:enableSSH = yes

When you enable SSH from the serveradmin command you will not see any additional checkboxes in the Sharing System Preferences; however, you will see the box checked in the Server app. To enable SNMP:

sudo serveradmin settings info:enableSNMP = yes

Once SNMP is enabled, use the /usr/bin/snmpconf interactive command line environment to configure SNMP so you can manage traps and other objects necessary.

Note: You can’t have snmpd running while you configure SNMPv3. Once SNMPv3 is configured snmpd can be run. 

To allow other computers to use the Server app to connect to the server, use the info:enableRemoteAdministration key from serveradmin:

sudo serveradmin settings info:enableRemoteAdministration = yes

To enable the dedication of resources to Server apps (aka Server Performance Mode):

sudo serveradmin settings info:enableServerPerformanceMode = yes

October 17th, 2014

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , , , , , , ,

I’ve been doing a number of postings on how to use various features of the latest version of OS X Server. Given that WordPress is pretty much a reverse chronological listing of articles I’ve written, I thought I’d put together a listing of the pages that I’ve done for OS X Server 10.8 (Mountain Lion Server) in order to offer a more pedagogically aligned way of reading these posts. As such, here is the Table of Contents for these posts:

Introduction

Managing the Server

Configuring Services

Troubleshooting

Command Line

Misc

August 28th, 2012

Posted In: Mac OS X Server, Mac Security

Tags: , , , , , , , , , , , , ,

The traditional way to enable Apple Remote Desktop is using the kickstart command. But there’s a simpler way in OS X Mountain Lion Server. To do so, use the serveradmin command.

To enable ARD using the serveradmin command, use the settings option, with info:enableARD to set the payload to yes:

sudo serveradmin settings info:enableARD = yes

Once run, open System Preferences and click on Sharing. The Remote Management box is then checked and the local administrative user has access to ARD into the host.

The Server app will also have the “Enable screen sharing and remote management” option checked.

There are also a few other commands that can be used to control settings. To enable SSH for administrators:

sudo serveradmin settings info:enableSSH = yes

To enable SNMP:

sudo serveradmin settings info:enableSNMP = yes

To enable the dedication of resources to Server apps (aka Server Performance Mode):

sudo serveradmin settings info:enableServerPerformanceMode = yes

August 14th, 2012

Posted In: Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , , , ,

There is no Lights Out Management for a Mac mini Server (btw, am I the only one that noticed that these are now called Mac mini with Lion Server, where mini isn’t capitalized). While the Mac mini Server doesn’t have the Lights Out Management (LOM)/IPMI chips in it, there are a few things that we can control anyway. Convention would say that we’d get a NetBotz card for that spiffy APC we’ve got, which can do minor automation and even a little environmental monitoring. And there are a few other systems out there that can do similar tasks.

But I’m a home automation nerd these days. So I decided to look into whether my Vera can manage my mini Server botnet and what I might be getting or sacrificing. First, let’s define what we did with LOM. The first and most important is, when the system crashed, we rebooted the server. The second aspect was to maybe wake the thing up, with the 3rd to monitor the components of the system. Let’s look at the first, most important thing, rebooting.

I’m going to start with a Vera. The setup process for Vera is similar to that of a LinkSys, where you give the device an IP and then go a step further by signing up for the MiOS portal, used to remotely control the Vera through a secure tunnel. Then I’m going to add an appliance module to the system. Notably, I want a ground, so I’m going to add the Wayne-Dalton HA-04WD HomeSettings Outdoor Appliance Module. The device can be added to Vera pretty easily. To do so, open Vera and click on DEVICES and then on Add Devices in the subnav bar. From here, click on Add in the first row.

Then scroll down a little and click on Option 1.

The system will then scan for a device. At this point, you’ll see a screen telling you to manage the device. At this point, I just press the button on the device to pair it to the Z-wave network.

Once the device is seen by the Vera, we can go ahead and click on the Next button (by default they’re seen as light switches).

At the next screen, you’ll see a screen with a field you can type in. Here, provide a name for the device and give it a room that the device is in (if you’re using rooms). Click on Close and then Save (big red button after you click Close).

Click on the Continue button to commit the save and you should see your new device listed in All Devices.

At this point, click on the On and Off switches to turn systems on and off. From System Preferences, go to Energy Saver and then check the box for Restart automatically

We’ve now achieved the first goal, having a way to physically turn on and off a Mac mini with Lion Server. Better than LOM, we can do so using a web interface or an iOS app. While the lack of so many moving parts has reduced the need for environmental monitoring, we want to monitor the environment outside the box, the environment inside the box and whether the box has developed any human emotions. To monitor the environment outside the box, I’m using one of the many Z-wave thermostats available. I plan on replacing it with a Temperature and Humidity Sensor, so I can put a sensor right by the machine instead of just monitoring the temperature of the room. I also like the idea of seeing moisture levels, but that’s aside from the point.

Monitoring the inside of the system is really easy, since Apple has built snmp into Mac OS X and a quick snmpwalk will show me most everything I need to know about a box. For that, let’s just remove the default snmpd.conf file:

rm /etc/snmp/snmpd.conf

And then run snmpconf -i to create a new snmpd.conf file. This is interactive, so use option 1 and then choose the settings that work best for whatever monitoring software you’re using. With the loss of Lithium, I am a big fan of Nagios and Dartware’s Intermapper, but there are a number of other solutions that I would look at as well. Either way, this can be a very cumbersome aspect if you let it. Once you’ve configured snmpd.conf, restart it (assuming it’s running):

launchctl unload /System/Library/LaunchDaemons/org.net-snmp.snmpd.plist
launchctl load -w /System/Library/LaunchDaemons/org.net-snmp.snmpd.plist

Next, to wake up the server, we can use Wake on LAN (note that wake for network access is in the Energy Saver System Preference pane). We can also monitor the server’s IP address (ping/ICMP) and even activate a camera in the event that a motion sensor is tripped. I’ll look at these in a future automation article, where we’ll reboot the server automatically in the event that it goes offline and maybe even control an IR blaster to turn on the TV when status bars are running on the server (we might also hook up a coffee pot so we can stay awake while waiting for Lion to download during some upgrades). But for now, suffice it to say that at this point, we have some of what we had with LOM on an Xserve. It’s not everything and it’s not really pretty. But it works and would cost about the same as a module for that APC you’ve got sitting around, while also laying the groundwork for much more home and small office/small data center automation – and at about $25 per additional device, it’s priced pretty well all things considered.

Finally, if that snmp-based monitoring system happens to need to restart the devices, there’s also an API for Vera, documented at http://wiki.micasaverde.com/index.php/Luup_Requests. Being able to script an snmp-generated event that kicks off some kind of triggered response with a grid of devices is pretty cool, and while I hope to cover it eventually, I’m not sure exactly when I’ll end up with time, so might be awhile…

May 8th, 2012

Posted In: Home Automation, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Xsan

Tags: , , , , , , , , , , , , , , , , , ,