macOS Server 5.2 running on Sierra 10.12) has an adaptive firewall built in, or a firewall that controls incoming access based on clients attempting to abuse the server. The firewall automatically blocks incoming connections that it considers to be dangerous. For example, if a client attempts too many incorrect logins then a firewall rule restricts that user from attempting to communicate with the server for 15 minutes. If you’re troubleshooting and you accidentally tripped up one of these rules then it can be a bit frustrating. Which is why Apple gives us afctl, a tool that interacts with the adaptive firewall. The most basic task you can do with the firewall is…
-
-
Setup DHCP In OS X Server 5
DHCP, or Dynamic Host Control Protocol, is the service used to hand out IP addresses and other network settings by network appliances and servers. The DHCP Server built into OS X Server 5, installed on El Capitan or Yosemite is easy-to-use and fast. It’s pretty transparent, just as DHCP services should be. To install the service, open the Server app and then click on the Show button beside Advanced in the server sidebar. Then click on DHCP. At the DHCP screen, you’ll see two tabs: Settings, used for managing the service and Clients, used to see leases in use by computers that obtain IP address information from the server. You’ll…
-
Changing Metadata Networks From The Command Line In Xsan
Awhile back Apple published an article on switching the network interface used in Xsan for Metadata networks. The article provides the following steps: Use Xsan Admin to stop the volumes (see below). In Xsan Admin select Overview. In the lower right corner, click the gear icon and choose “Edit SAN properties”. Select the Metadata Network that you want to use. Click Save. Restart the volumes. Note: If all controllers and clients are not on the same subnet on each network, the Save button will be dimmed. Adjust the clients and controllers so they are on the same subnets. This typically works great; except the fact that the article has been…
-
When Packets Are Too Large in MySQL
Every now and then you’ll see an error like “Packet Too Large” in MySQL, as seen below. When you run into this, you’re trying to shove more information into a given SQL statement than is allowed. So to fix, you have a few different options, starting with the best, which is to make your SQL better. But not everyone has control of things like source code. So you might need to change the value in mysql itself. To do so, simply run the mysql command with the –max_allowed_packet and then put = followed by the size of the packet. For example, to make it 128: mysql --max_allowed_packet=128M Now, by default…
-
Restart Xsan Services
Sometimes you just need to restart the Xsan services on a system. For example, you rm the contents of /Library/Preferences/Xsan and don’t feel like restarting a computer and waiting for all that ProTools boot junk to fire up. So, you can just restart the services: launchctl unload /System/Library/LaunchDaemons/com.apple.xsan.plist launchctl load /System/Library/LaunchDaemons/com.apple.xsan.plist Also, I now always disable Xsan in System Preferences prior to doing the restart of services. Otherwise, I find cruft happens…
-
Lights Out Managing Mac Mini Servers with Vera
There is no Lights Out Management for a Mac mini Server (btw, am I the only one that noticed that these are now called Mac mini with Lion Server, where mini isn’t capitalized). While the Mac mini Server doesn’t have the Lights Out Management (LOM)/IPMI chips in it, there are a few things that we can control anyway. Convention would say that we’d get a NetBotz card for that spiffy APC we’ve got, which can do minor automation and even a little environmental monitoring. And there are a few other systems out there that can do similar tasks. But I’m a home automation nerd these days. So I decided to…
-
Disabling Periodic Scripts
Mac OS X does a little housecleaning in batch processes that run daily, weekly and monthly. These are kicked off by LaunchDaemons that reside in /System/Library/LaunchDaemons and are called com.apple.periodic.daily.plist, com.apple.periodic.weekly.plist and com.apple.periodic.monthly.plist. These need to run and so should not be disabled outright. However, they can disabled temporarily, as when you need a somewhat process intensive script to run for a few days. Therefore, we need a way to disable these and re-enable them. One could just move those files, but there’s actually a more graceful way. Running defaults read against one of the property lists can be done as follows: defaults read /System/Library/LaunchDaemons/com.apple.periodic-daily We could use defaults to…
-
Xsan + serialnumberd Troubleshooting
With Mac OS X 10.5.8 and 10.6.x, Mac OS X Server, Xsan, Final Cut Server and a number of other serialized products were switched to a whole new solution for managing serial numbers: a newly redone serialnumberd. If you run otool against serialnumberd in 10.5.7 and below you’ll notice no dependencies; it stood alone so to speak. If you run otool against the latest and greatest then you’ll notice that it has a number of dependencies that run the gambit of otherwise unthinkable services. This caused minor growing pains during the summer with multihomed network connections, maximum number of clients and other aspects of servers with certain solutions, but that…
-
Disable Disk Arbitration
In Mac OS X, diskarbitrationd is the process that handles mounting disks when they are inserted into the computer (eg – firewire, USB, etc). Diskarbitrationd runs in the background, is always on by default and is started by launchd. New disks inserted into the computer are automatically mounted, which you might not want to happen (for example, if you are forensically imaging a system, investigating malware on a device, attempting to fix corruption, simply trying to keep users that don’t know how to manually mount a disk from accessing one, etc). There are number of ways to stop diskarbitrationd. One of the easiest (and least intrusive since it doesn’t require…
-
Removing Norton AntiVirus with a Script
For some reason the uninstaller from Symantec doesn’t work in removing Norton (NAV 10). My guess, without delving into their uninstaller too deeply is that they ran into what I ran into, which is that the com.symantec.* processes are prefixed by a bracketed alphanumeric sequence. To get around this I listed them and used grep to grab each one, then awk to grab the label and did a launchctl stop against the label name once I had it. The rest of this script is pretty straight forward forcing the rm of each of the contents of the items from the snapshot plus the items from the pkg BoM. Here’s the…