Safari, and the resulting tabbed browsing, can revolutionize the way you work with the web. If you would like to keep the tabs in your browser, even if you don’t have a second tab (ie – if you’d like to test the size or look of your environment) then you can have the browser open with a single tab by default. com.apple.Safari.plist has a number of settings that aren’t exposed in the graphical interface of Safari. The AlwaysShowTabBar key can be used to set this behavior. For example: defaults write com.apple.Safari AlwaysShowTabBar -bool YES You can undo this with: defaults write com.apple.Safari AlwaysShowTabBar -bool NO
-
-
SANS Mac OS X Security Checklist
A project I worked on with the SANS Institute: https://www.sans.org/score/macosxchecklist.php
-
CLI: Get and Set Mac OS X Server Serial
You can use the serversetup tool in /System/Library/ServerSetup/ to set the serial number for a Mac OS X Server. Provided the ServerSetup directory is your working directory you can then use the serversetup tool to configure the serial number ./serversetup -setServerSerialNumber “XSVR-105-000-N-xxx-xxx-xxx-xxx-xxx-xxx-x|Charles Edge|318” Once the serial number has been set you can then get the serial number using the following command no matter the working directory: /System/Library/ServerSetup/ -getServerSerialNumber
-
Proxy with Mac OS X Server
Do you want to run Software Update Services through a proxy server? In the /System/Library/LaunchDaemons/com.apple.swupdate.sync.plist file you can add the following (if your proxy were 10.0.0.5:8000: <key>EnvironmentVariables</key> <dict> <key>http_proxy</key> <string>http://10.0.0.5:8000</string> </dict>
-
Open Directory and MAC Addresses
There are a number of items that get logged into Mac OS X Server with only the unique identifier of the MAC address. Sometimes it helps to find the name based on the MAC address. If you are in an environment using trusted binding you can use Open Directory to do so. To determine the name of a computer based on the MAC address from Open Directory, you can run the following from dscl: dscl /LDAPv3/127.0.0.1 -readall /Computers RecordName macAddress | grep -A 1 $MAC
-
Mac OS X Log Analysis
Mac OS X has a lot of options for logging data. But these options can actually cause a lot of white noise. So there are two tools that you should look at if you’re interested. The first is Splunk: http://www.splunk.com/LogAnalysis The second is Sawmill: http://www.sawmill.net
-
Using OpenSSL to Test Connectivity
When you’re testing connectivity to servers and you’re using SSL on those servers then your traditional ways of testing connectivity may been a little augmentation. For starters, you’re going to use the openssl to test connections. For example, if you have a web server you might traditionally attempt to telnet into port 80 and check you banners; however, if you have an SSL certificate on it then you might be better served connecting to port 443 using the openssl command. In the following example we’ll tell openssl to be a generic client (s_client) and connect (-connect) to https://krypted.com/ over port 443: openssl s_client -connect krypted.com:443 The output would then look…
-
Moving the LDAP Database in Open Directory
Before you start moving anything around, first stop LDAP: launchctl stop org.openldap.slapd To move the LDAP database for Open Directory, just use the following command (assuming you would like to save to /Volumes/target/openldap/data – although you can use another URI if you choose): cp -prnv /var/db/openldap/data /Volumes/target/openldap/data Once moved you can alter the location that Mac OS X Server looks for the data by typing in a new path using the LDAP tab of the Open Directory listing in the SERVERS list of Server Admin. Once you’re all done, fire up LDAP again using the following command and test: launchctl start org.openldap.slapd
-
Allow ARD Access into an ARD Server
When a computer has ARD open, by default you cannot log into it using Remote Desktop from another host. To fix this, use the following command: defaults write /Library/Preferences/com.apple.RemoteDesktop AdminConsoleAllowsRemoteControl -bool false And then run the kickstart -restart -agent command from /System/Library/CoreServices/ARD Agent.app/Contents/Resources /System/Library/CoreServices/ARD Agent.app/Contents/Resources/kickstart’ -restart -agent
-
Unix Users Association of Southern California Talk
Here is the preso I gave at the UUASC meeting for LA on Heterogenous Networking on September 7th: Mac OS X: Playing Nice in a Heterogenous World