The apropos command is used to search for strings in the whatis database. The whatis database is compiled by the makewhatis command, which searches for names and descriptions of all the man pages from a directory you specify as part of the command (optionally, or just defaults to /usr/share/man) and throws them into the database. Apropos then searches these strings and lists a short descriptor. If you’re thinking that I shouldn’t be lazy and I should remember every single command in Mac OS X, well, while I’d love to, but I have to point out that there are a lot of them… Also, I’ve learned that there are some very…
-
-
Mac OS X: Spoofing MAC Addresses in 5 Seconds
Every hardware network adapter has a unique MAC address. However, they’re not always what they seem. According to Wikipedia: MAC Spoofing is a hacking technique of changing an assigned Media Access Control (MAC) address of a networked device to a different one. The changing of the assigned MAC address may allow the bypassing of access control lists on servers or routers, either hiding a computer on a network or allowing it to impersonate another computer. I was talking to someone the other day about security and the topic of spoofing MAC addresses came up. They seemed to discount that this was usually a concern except for in super secure environments because they considered it an extremely complex process. Here’s my answer to…
-
More on Retrospect 8 Utility Scripts
My last post showed how to do grooming in Retrospect 8. There were a ton of questions about what exactly grooming is. Think about it this way, Retrospect backup scripts use snapshots. If you do a backup without a recycle 20 times, then you have 20 snapshots. If you changed a 1 gig file every day then you’ll have 20 gigs taken up by that one file. Now let’s say that you groom away 10 of those backups by setting a grooming policy of 10. Now you have only 10 gigs taken up by that file. So any file not required for the 10 last backups will be removed from…
-
SMB: Name Mangling
Windows 3.x and earlier used what was known as an 8.3 naming scheme, meaning that files had eight places for a name, three for an extension and a dot in the middle. Name decorating is programatically how Windows 3.x and DOS clients interact with files that have more than 8 characters followed by a dot and then three characters for a file extension. Those of us who can remember doing mass migrations of data from Windows 3.x to Windows 9x and/or NT will remember well the naming changes that had to happen to maintain backwards compatibility during this trying time. Especially if we had been using *nix boxen to store…
-
Spoliation and System Administration
In legal circles, spoliation means intentionally destroying or altering data in a way that destroys its value as evidence. This could mean editing time stamps, deleting email, editing files or deleting files. Basically, this could mean anything that can contaminate evidence. It’s often difficult to prove spoliation because of the word intent. For example, if you are using Retrospect to move data and it gets lost in a move then you may destroy the value of data, but if you can prove that you did the move of data every night and why a failure occured, then you are probably in the clear… Stick with me, ’cause there’s a point here.…
-
Moodle Security
Moodle is a popular Course Management Solution (CMS) that is typically deployed in a less-than-secure manner. This is an issue with any system, but in a number of schools it can cause some pretty serious problems given the penchant that students have to muck with things. In the broader technology certification world it can be an even bigger issue in that, well, we’re geeks… So a few tips on securing Moodle: Tie Moodle into Active Directory (from the Admin console, Users->Authentication->LDAP) or some other Directory Service. From the Admin console, go to Administration->Security and make sure all of these settings match your security plan. Automate security scanning. For example, check…
-
Mac OS X Shared Memory
There’s a nice new article explaining shared memory on the 318 TechJournal. Pat on the back to our guys for a great explanation.
-
Seagate Momentus FDE and the Mac
I’ve been asked by a number of people about using the Seagate Momentus FDE.2 or 7200 FDE laptop drives in a Mac to do Full Disk Encryption (FDE) without having to purchase third party software. Well, I tried it out and regrettably the answer here is that the Momentus drives will not work for much the same reason that ESX can’t work with the Mac: BIOS. The Mac uses EFI, not a BIOS and therefore a number of applications that bypass various forms of hardware abstraction (and in this case hardware that bypasses it) will not work on a Mac, even if you’re using Boot Camp to run Linux or…
-
iWork or Trojan
Ninja’s don’t often get trojans, but pirates of Mac software just might… According to an article on MacRumors, there is a pirated copy of iWork 09 floating around torrent-land that has a trojan in it. Apparently it creates /usr/bin/iWorkServices and then puts it in /System/Library/StartupItems. Now, in order to place the files in such a way it’s going to obviously need the user to enter a root password. But then, a regular installer would ask a user to do this too. The trojan has been named OSX.Trojan.iServices.A. Supposedly over 20,000 users have downloaded the infected files from the torrents, but at this time, I am unable to find one to…
-
TimeMachine Over Xsan and iSCSI
Now that I’ve shown over the years how to setup an Xsan and iSCSI targets on Mac OS X I am starting to get a number of questions about how to set these up in such a way that Time Machine can backup to them. Since they’re not your typical disks in a lot of cases there’s a small command that you’ll need to run to make it work: defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1 Essentially, once you’ve run this command you’ll be able to back up to anything that appears in /Volumes and then some (for example share points on your local network might appear even if you haven’t yet…