I know I’ve talked about memory before, but I haven’t really talked about the library randomization that was added to 10.5. Library randomization is part of ASLR (address space layout randomization) and a good part of the way to moving into full ASLR inclusion, but they haven’t completed that circuit, which a recent TechTarget article mentions: The weakness Dai Zovi exploits is in heap memory, which is memory that’s not in use. To address memory security issues, the PaX project for Linux developed a set of features to protect address space. Two of these are Address Space Layout Randomization (ASLR) and Non-executable memory (NX). ASLR makes it harder for malware…
-
-
Mac AD Password Expiration Monitor
Password Monitor is a somewhat new look on a tool that has been in production in a number of environments for awhile. According to the site: Password Monitor is a simple utility that will count down the days until a user’s Active Directory password is due to expire. An OS X 10.5 (or newer) system properly bound to an Active Directory is the only requirement. Additional features include the ability to display the exact expiration date on the logon window (admin rights required) and to automatically launch the utility at startup. The number of days between required password changes has to be manually set in the preferences. The range has…
-
Mouse Locator
I’ve now added Mouse Locator to my set of training tools. It gives cross hairs to highlight the mouse without zooming in on things, which always seems to give me a little vertigo when I’m trying to do training. You can download Mouse Locator at http://2point5fish.com.
-
Mac: Building Screen Savers Quickly
It’s not that we’re going to do anything difficult here. But we’re going to take a prebuilt Apple screen saver, throw our own images in there and then test it. First off, go to /System/Library/Screen Savers and let’s grab a copy of, let’s say Nature Patters.slideSaver. I’m going to call my new screen saver MJ.slideSaver and put it into the same directory (/System/Library/Screen Savers). Now let’s go into the new MJ.slideSaver and then into the Contents directory. From here, we’re going to give our new screen saver a new name by altering the Info.plist file. Find the CFBundleName key and change the string listed for it to the string you’d like…
-
Mac: Setting Screen Saver from the CLI
Earlier today I posted on how to activate the screen saver from the command line. But I hadn’t yet mentioned how to set it up. Before I do, let’s look at the /System/Library/Screen Savers directory. Here you should see a number of bundles, such as RSS Visualizer.qtz, Paper Shadow.slideSaver, Flurry.saver, Arabesque.qtz and any third party screen savers you may have installed. These are the paths to your screen savers. In order to set which screen saver you would like to use from the command line, you’re going to use the defaults command along with the com.apple.screensaver domain. First let’s read the settings there: defaults -currentHost read com.apple.screensaver Which will provide…
-
Initiating Mac OS X Screensaver from CLI
The ScreenSaverEngine.app that is located in the /System/Library/Frameworks/ScreenSaver.framework/Versions/A/Resources/ directory can be used to invoke the screen saver on Mac OS X. So to do so from the command line you would just use the following: open /System/Library/Frameworks/ScreenSaver.framework/Versions/A/Resources/ScreenSaverEngine.app
-
Mail Attachments from the Command Line
Concurrent with my last post on using mail from the command line there was a thread on the Mac OS X Server email list on using attachments with mail, so I thought I would supplement what they were doing there here (so if you were following that thread the only new thing here are the -c and -b options). Let’s say you have a file on your desktop called orgchart.doc and you wanted to attach it to an email and send it to a few email addresses: contact@org.com, contact2@org.com and krypted@mac.com. We’re also going to bcc secret@org.com. You would use the following command: uuencode ~/Desktop/orgchart.doc orgchart.doc | mail -s “orgchart”…
-
Automatically Emailing Logs
As I have mentioned in the past, you can send mail from the command line by initiating a telnet session into port 25 of a mail server. Provided you have setup Mail.app you can also email from the command line using the mail command. In the below command we’re going to pipe the contents of a log file into an email by reading the contents using a cat command. From the output of the cat command we’re then going to email the contents of the file to an email address, specifying the subject line of the email using the -s option of the ppp command: cat /var/log/ppp.log | mail -s…
-
Adding and Removing Bundle Flags
The Mac OS X Developer Tools come with an application called SetFile, which can be leveraged to change the bundle flag attribute. For example to add a bundle flag to a sparse bundle that is missing one you could use the following (assuming the name is FILENAME): SetFile -a B ~/Desktop/FILENAME.sparsebundle To then remove the bundle flag: SetFile -a b ~/Desktop/FILENAME.sparsebundle
-
Enable/Disable Root on Mac OS X
The dsenableroot command can be used to enable the root user and assign it a password. To enable root: dsenableroot You will then be prompted for a password to assign the root account and then to verify the password. On success you’ll see the following success code: dsenableroot:: ***Successfully enabled root user. To then disable the root account: dsenableroot -d You should now be able to look into the /var/db/dslocal/nodes/Default/users directory on your system and see root.plist. You can then make any changes to the account using this file that you would like.