For years we’ve been heavily leveraging Tripwire to perform localized HBIDS: http://www.tripwiresecurity.com/ But more recently we’ve been experimenting with the Open Source and versatile Samhain: http://www.la-samhna.de/samhain
-
-
Mac OS X: Serial Port Access within Parallels
Are you using Parallels? Need access to a com port through one of those handy little Keyspan’s? Check this out: http://eudyptes.com/SerialClient.php
-
Mac OS X Server: Using Open Directory to Control SideBar
Recently I had a scenario where I wanted to disable all of the menu items using an MCX for some NetBoot clients. To do so, I ended up building a custom MCX. To do so, first open Workgroup Manager and click on the group in question. Then click on Preferences and then the Details tab. Next, click on the + sign and browse to /System/Library/CoreServices. Next click on Menu Extras and click on the pencil. Here drop down the Always disclosure triangle and click on the New Key button. From here, name the key with menu item in question (or create multiple keys) and set the Type to Boolean and…
-
ARD Root Escalation Using AppleScript
They can explain it better than me: http://it.slashdot.org/it/08/06/18/1919224.shtml (this has been fixed with the August 2008 Security Update).
-
Mac OS X: Use dscl to find the GUID for a user
To find the GUID for the cedge user, use the following command: dscl . -read /Users/cedge GeneratedUID
-
Mac OS X 10.5: NetInfo (or the lack thereof)
As many will already be aware, there’s no NetInfo in Leopard. So where are those pesky account settings stored? Well, local user account settings are now stored in plist files. The plist files are stored in the /var/db/dslocal/nodes/Default/users directory for users or /var/db/dslocal/nodes/Default/groups folder for groups. Password hashes are stored in the /var/db/shadow/hash folder. Inside each plist file for user accounts you can augment (or create) attributes required in order to perform certain actions. So, for example, if you want to change the location of your home folder you can open the users plist file and search for the home key and edit it’s contents.
-
A Great Article on Sandbox by Beau
In all versions of OS X previous to Leopard, access control restrictions were limited to a security model referred to as Discretionary Access Controls (DAC). The most visible form of DAC in OS X is in it’s implementation of the POSIX file-system security model, which establishes identity-based restrictions on an object in the form of a subject’s user or group membership. Similarly Access Control Lists are a form of discretionary control, though they are far more extensible and discrete then the POSIX model. In such models, newly created objects or processes inherit their access rights based upon those of the creating subject, so that any spawned objects are not granted…
-
Video on Protecting Mac Workstations in an Education Environment
http://www.macworldencore.com/online/presentation.asp?id=299&sessionTypeIdVideo=1&trackIdVideo=3&movieVideo=IT853.mp4&yearDate=2008
-
Filing a bug with Apple
If you have something that is a legitimate bug with Mac OS X then you can file it here. However, please try to keep in mind that if the issue is something like, you cannot print to that LaserWriter using the Serial to USB adapter you bought that this is probably not the best forum – legitimate bugs. 😉
-
Mac OS X: Getting a Finder Window as Root
CD into the /System/Library/CoreServices/Finder.app/Contents/macOS directory. Su and then run ./Finder. You’ll see an error, the system will complain, but then, automatically you’ll see a Finder Window with Root. Might crash the Finder after a few minutes though, so be careful…