I’ve done plenty of writing on the Application Layer Firewall (ALF) and the IP FireWall (IPFW) in OS X over the years. There will be more on ALF coming in “July” but in the meantime, there’s something I hadn’t written much about in Lion and that’s the pf implementation. To get started, let’s look at the /etc/pf.conf configuration file that comprises pf: scrub-anchor "com.apple/*" nat-anchor "com.apple/*" rdr-anchor "com.apple/*" dummynet-anchor "com.apple/*" anchor "com.apple/*" load anchor "com.apple" from "/etc/pf.anchors/com.apple" Here, you can see that pf is configured with a number of anchors. An anchor is a collection of rules and tables. Basically, the anchor file being loaded is /etc/pf.anchors/com.apple. In here, we…
-
-
Man Pages Made Easy
Ever since upgrading to Lion I’ve been making a few slight changes in workflow. One such change, which I’m still on the fence about, is to switch from reading man pages in a tiled Terminal screen, to reading them in a browser window. It seems like a small thing, but I spend a lot of time switching between terminal screens or using screen to switch between sessions. Bwana allows you to read a man page from within a browser. Simply load download the Bwana app into your /Applications directory and wait a few seconds. Then open a browser window and look for a man page. For example: man:dsconfigad Now, you…
-
RAMdisk on MacBook Air
I can’t remember where I picked up how to get a RAM Disk mounted in OS X, but it’s a great way to get some unbelievable speeds on your Mac for those minor IO intensive processes that don’t need persistent data. It should be mentioned that the contents of RAM disks are erased, once ejected, but the speed of processes while they’re running can be pretty phenomenal on systems with fast RAM. The best example is a MacBook Air, where the memory is surface-mounted QFP and so really fast. Let’s say you have 4GB of memory and you want to run a process that isn’t going to take more than a…
-
Hosting afp on Linux
One of the main reasons people get a server is to share files. Mac OS X Server is one of the more common devices used to share files to Mac OS X clients, using afp, the default file sharing protocol for Mac OS X. But you don’t have to use Mac OS X Server. You can use Linux as well. We’re going to look at using an open source project called netatalk to do so. If you find that after reading this that you’d like to find out more about netatalk then check out the open source project page at http://netatalk.sourceforge.net. The netatalk installer can be installed through most of…
-
AFP and Cleartext Passwords
AFP can be persnickety about you doing something as painfully silly as authenticating into a host using a password sent in cleartext (completely unencrypted). But when you’re troubleshooting it can be useful to disable this behavior, if only to test and then re-enable again. To do so: defaults write com.Apple.AppleShareClient afp_cleartext_allow -bool YES And to disable the warning: defaults write com.Apple.AppleShareClient afp_cleartext_warn -bool NO
-
Peachpit Books
Now that all of the Peachpit books are available for 10.6 Certification purposes I thought it might be a good time to post a link to all of them. Here goes: Or for ACMA (the Final Cut below could be swapped out with Support Essentials, Directory Services or Deployment):
-
Adding DHCP Options in Mac OS X Server
Mac OS X Server comes with a number of DHCP options available; most notably the options available in the GUI. But what about options that aren’t available in the GUI, such as NTP. Well, using /etc/bootpd.plist, the same file we used to define servers allowed to relay, you can also define other options. These begin with the following keys that can be added into your property list: dhcp_time_offset (option 2) dhcp_router (option 3) dhcp_domain_name_server (option 6) dhcp_domain_name (option 15) dhcp_network_time_protocol_servers (option 42) dhcp_nb_over_tcpip_name_server (option 44) dhcp_nb__over_tcpip_dgram_dist_server (option 45) dhcp_nb_over_tcpip_node_type (option 46) dhcp_nb_over_tcpip_scope (option 47) dhcp_smtp_server (option 69) dhcp_pop3_server (option 70) dhcp_nntp_server (option 71) dhcp_ldap_url (option 95) dhcp_netinfo_server_address (option 112) dhcp_netinfo_server_tag…
-
mcxrefresh article over on afp548
A short contribution I made to afp548 on the new mcxrefresh command in Snow Leopard. Check it out here.
-
Snow Leopard & Malware
An article on ZDNet that states that Snow Leopard has anti-malware built into it (thanks Dee-Ann): http://blogs.zdnet.com/security/?p=4104&tag=nl.e589 Side note: I wonder whether or not they read the EULA for their pre-released software? I realize that release date is really just a few days from now, but come on guys… Just wait a couple of days to post these things…
-
Foundations of Mac Snow Leopard Security
I’ve been asked by a number of people whether or not we will be updating the Mac OS X security book I did a couple of years ago for Apress to Snow Leopard. The answer is yes. We are currently working on the updates and hope to have it available by December. The book will undergo a number of changes/improvements, as all second editions should. I’ll update when it’s available on Amazon & of course, in stores.