• Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    A Cheat Sheet For Using pf in OS X Lion and Up

    I’ve done plenty of writing on the Application Layer Firewall (ALF) and the IP FireWall (IPFW) in OS X over the years. There will be more on ALF coming in “July” but in the meantime, there’s something I hadn’t written much about in Lion and that’s the pf implementation. To get started, let’s look at the /etc/pf.conf configuration file that comprises pf: scrub-anchor "com.apple/*" nat-anchor "com.apple/*" rdr-anchor "com.apple/*" dummynet-anchor "com.apple/*" anchor "com.apple/*" load anchor "com.apple" from "/etc/pf.anchors/com.apple" Here, you can see that pf is configured with a number of anchors. An anchor is a collection of rules and tables. Basically, the anchor file being loaded is /etc/pf.anchors/com.apple. In here, we…

  • Mac OS X,  Mac OS X Server,  Mac Security

    Man Pages Made Easy

    Ever since upgrading to Lion I’ve been making a few slight changes in workflow. One such change, which I’m still on the fence about, is to switch from reading man pages in a tiled Terminal screen, to reading them in a browser window. It seems like a small thing, but I spend a lot of time switching between terminal screens or using screen to switch between sessions. Bwana allows you to read a man page from within a browser. Simply load download the Bwana app into your /Applications directory and wait a few seconds. Then open a browser window and look for a man page. For example: man:dsconfigad Now, you…

  • Mac OS X,  Mac OS X Server

    RAMdisk on MacBook Air

    I can’t remember where I picked up how to get a RAM Disk mounted in OS X, but it’s a great way to get some unbelievable speeds on your Mac for those minor IO intensive processes that don’t need persistent data. It should be mentioned that the contents of RAM disks are erased, once ejected, but the speed of processes while they’re running can be pretty phenomenal on systems with fast RAM. The best example is a MacBook Air, where the memory is surface-mounted QFP and so really fast. Let’s say you have 4GB of memory and you want to run a process that isn’t going to take more than a…

  • Mac OS X Server,  Ubuntu,  Unix

    Hosting afp on Linux

    One of the main reasons people get a server is to share files. Mac OS X Server is one of the more common devices used to share files to Mac OS X clients, using afp, the default file sharing protocol for Mac OS X. But you don’t have to use Mac OS X Server. You can use Linux as well. We’re going to look at using an open source project called netatalk to do so. If you find that after reading this that you’d like to find out more about netatalk then check out the open source project page at http://netatalk.sourceforge.net. The netatalk installer can be installed through most of…

  • Mac OS X,  Mac OS X Server,  Mac Security

    AFP and Cleartext Passwords

    AFP can be persnickety about you doing something as painfully silly as authenticating into a host using a password sent in cleartext (completely unencrypted). But when you’re troubleshooting it can be useful to disable this behavior, if only to test and then re-enable again. To do so: defaults write com.Apple.AppleShareClient afp_cleartext_allow -bool YES And to disable the warning: defaults write com.Apple.AppleShareClient afp_cleartext_warn -bool NO

  • Mac OS X Server,  Mass Deployment,  Network Infrastructure

    Adding DHCP Options in Mac OS X Server

    Mac OS X Server comes with a number of DHCP options available; most notably the options available in the GUI. But what about options that aren’t available in the GUI, such as NTP. Well, using /etc/bootpd.plist, the same file we used to define servers allowed to relay, you can also define other options. These begin with the following keys that can be added into your property list: dhcp_time_offset (option 2) dhcp_router (option 3) dhcp_domain_name_server (option 6) dhcp_domain_name (option 15) dhcp_network_time_protocol_servers (option 42) dhcp_nb_over_tcpip_name_server (option 44) dhcp_nb__over_tcpip_dgram_dist_server (option 45) dhcp_nb_over_tcpip_node_type (option 46) dhcp_nb_over_tcpip_scope (option 47) dhcp_smtp_server (option 69) dhcp_pop3_server (option 70) dhcp_nntp_server (option 71) dhcp_ldap_url (option 95) dhcp_netinfo_server_address (option 112) dhcp_netinfo_server_tag…

  • Articles and Books,  Mac Security

    Snow Leopard & Malware

    An article on ZDNet that states that Snow Leopard has anti-malware built into it (thanks Dee-Ann): http://blogs.zdnet.com/security/?p=4104&tag=nl.e589 Side note: I wonder whether or not they read the EULA for their pre-released software? I realize that release date is really just a few days from now, but come on guys… Just wait a couple of days to post these things…

  • Articles and Books,  Mac OS X,  Mac OS X Server,  Mac Security

    Foundations of Mac Snow Leopard Security

    I’ve been asked by a number of people whether or not we will be updating the Mac OS X security book I did a couple of years ago for Apress to Snow Leopard.  The answer is yes.  We are currently working on the updates and hope to have it available by December.  The book will undergo a number of changes/improvements, as all second editions should.  I’ll update when it’s available on Amazon & of course, in stores.