Documentation Scanner

Documentation Scanner

Tuesday April 24

10:24

The ins and outs of using tmutil to backup, restore...

krypted

Since some of the more interesting features of Time Machine Server are gone, let’s talk about doing even more than what was previously available in that interface by using the command line to access Time Machine.

As with any other command, you should probably start by reading the man page. For Time Machine, that would be:

man tmutil

Sometimes, the incantation of the command you’re looking for might even be available at the bottom of the man page. Feel free to use the space bar a few times to skip to the bottom, or q to quit the man interface.

In addition to the man page, there’s a help command, which can be used in conjunction with any of the command verbs (which makes me think of “conjunction junction, what’s your function”). For example, you can tell tmutil to compare backups using the compare verb. To see more on the usage of the compare verb, use tmutil followed by compare (the verb, or action you wish the command to perform), followed by help:...

| Read more »

Monday April 16

21:38

Enable SSH Access On A Synology

krypted

Synology provides SSH access, which allows you to do a number of things you can’t do with the GUI. To enable SSH, simply log in on the Synology and open Control Panel. From the Control Panel, scroll down to “Terminal & SNMP” in the sidebar and check the box for “Enable SSH service” and then click Apply.

The device will then have SSH enabled. Open Terminal on your Mac or Windows device and let’s SSH into the root account of the IP address, done as follows (where 192.168.50.5 is the IP address of your Synology):

ssh root@192.168.50.5

When prompted, enter the same admin password you normally use. You’ll then be at a command prompt in the device, which should look like this:

diskstation>

Now, you can cd around, use ls to view folder contents. Terminal substitutions like !$ and !! won’t work, but you can...

| Read more »

10:25

TA18-106A: Russian State-Sponsored Cyber Actors...

US-CERT Aler...

Original release date: April 16, 2018
Systems Affected

Generic Routing Encapsulation (GRE) Enabled Devices
Cisco Smart Install (SMI) Enabled Devices
Simple Network Management Protocol (SNMP) Enabled Network Devices

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC). This TA provides information on the worldwide cyber exploitation of network infrastructure devices (e.g., router, switch, firewall, Network-based Intrusion Detection System (NIDS) devices) by Russian state-sponsored cyber actors. Targets are primarily government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors. This report contains technical details on the tactics, techniques, and...

| Read more »

Sunday April 15

21:42

Sync Cloud Content To Synology

krypted

A Synology can act as a local file server that is used to share a folder from a cloud account. You can use accounts with from Backblaze, Google Drive, Amazon, Alibaba, Dropbox, Azure, and others. This means you can use a Synology to provide LAN access to cloud solutions. Before you do, make sure you understand that if changes are made in the cloud and on a client computer at the same time, that you will end up not knowing which is right and so file-locking issues will come up. It’s best to use this strategy for home environments or come up with another mechanism for locking files.

If you choose to use the sync option, open Package Center and search for Cloud Sync.

Click Install to install the package.
...

| Read more »

Saturday April 14

12:21

About the security content of tvOS 11.3

Apple - All...

This document describes the security content of tvOS 11.3.

| Read more »

Thursday April 12

04:00

Backup Macs with Carbonite

krypted

Carbonite is a great tool for backing up Macs and Windows devices. To install Carbonite, download it from www.carbonite.com. Once downloaded, copy the app to the /Applications directory and open the app.

The Carbonite app will then install the components required to support the backup operations and index the drive.

Next, you’ll see some basic folders that will be backed up. Check the box for those you want to add to the backup (or do this later) and click the Install button.

Click Open Carbonite.
...

| Read more »

Wednesday April 11

17:00

64-bit Transition on macOS

iPhone Devel...

With the recent release of macOS High Sierra 10.13.4, the first time users launch an app that does not support 64-bit they will see an alert that the app is not optimized for their Mac.

As a reminder, new apps submitted to the Mac App Store must support 64-bit, and starting June 2018, app updates and existing apps must support 64-bit. If you distribute your apps outside the Mac App Store, we highly recommend distributing 64-bit binaries to make sure your users can continue to run your apps on future versions of macOS.

Learn more about the macOS 64-bit transition

| Read more »

17:00

64-bit Transition on macOS

ADC Headline...

With the recent release of macOS High Sierra 10.13.4, the first time users launch an app that does not support 64-bit they will see an alert that the app is not optimized for their Mac.

Learn more about the macOS 64-bit transition

| Read more »

04:00

DNS: Install BIND on macOS

krypted

The DNS service in macOS Server was simple to setup and manage. It’s a bit more manual in macOS without macOS Server. The underlying service that provides DNS is Bind. Bind will require a compiler to install, so first make sure you have the Xcode command line tools installed. To download Bind, go to ISC at https://www.isc.org/downloads/. From there, copy the installer locally and extract the tar file. Once that’s extracted, run the configure from within the extracted directory:

./configure --enable-symtable=none --infodir="/usr/share/info" --sysconfdir="/etc" --localstatedir="/var" --enable-atomic="no" --with-gssapi=yes --with-libxml2=no

Next, run make:

make

Then run make install:

make install

Now download a LaunchDaemon plist (I just stole this from the org.isc.named.plist on a macOS Server, which can be found...

| Read more »

Tuesday April 10

09:46

Use Backblaze to Backup Mac

krypted

Backblaze is a great cloud and on-prem backup tool for Mac and Windows. You can download Backblaze at
https://secure.backblaze.com/download.htm. Once downloaded, extract the DMG and open the Backblaze Installer.

At the Installer screen, enter your existing credentials or create a new account and click Install Now.

The drive will then be analyzed for backup.

By default, once the analysis is complete, the computer will immediately start backing up to the Backblaze cloud. Let’s click on the...

| Read more »

Monday April 9

19:35

Use colrm to remove columns from a text file in bash

krypted

The colrm command is a simple little command that removes columns from standard input before displaying them on the screen (or piping the text into another file). To use, simply cat a file and then pipe it to colrm followed by the start and then stop in $1 and $2. For example, the following would only list the first column of a text file called testfile:

cat testfile | colrm 2

Not providing a second column in the above command caused only the first column to be displayed to the screen. You could pipe all but the second and third columns of a file to another file called testfile2 using the following:

cat testfile | colrm 2 3 > testfile2

The post Use colrm to remove columns from a text file in bash appeared first on krypted.com.

| Read more »

19:23

Quickly read the length of a string in bash

krypted

Quick little script to read the length of a string:

#!/bin/bash
echo "Enter some text"
read mytext
length=${#mytext}
echo $length

The post Quickly read the length of a string in bash appeared first on krypted.com.

| Read more »

09:02

About the security content of iOS 11.2

Apple - All...

This document describes the security content of iOS 11.2.

| Read more »

04:00

Add Antivirus To Your Synology

krypted

It’s not likely that your Synology is going to get infected with a virus of some kind. It’s also not likely that, if you’re switching to Synology from a macOS Server, that most of your clients will get infected or be using infected files. But you probably have that one Windows accounting machine in the back of the office. So you should scan your Synology routinely. To do so, Synology provides a clamav bundle, much like what I usually told people to use on macOS file servers.

To install antivirus on your Synology, open Package Center and search for antivirus. Click on Antivirus Essential and then click on Install.

Once installed, open Antivirus Essential from the Main Menu. From here, you can...

| Read more »

Sunday April 8

19:09

About the security content of Safari 11.0.2

Apple - All...

This document describes the security content of Safari 11.0.2.

| Read more »

04:00

Backup Mobile Devices To Synology With Acronis True...

krypted

You can backup a Synology in a number of ways. Even if you have a local backup, you should have a backup offsite. Here, we’ll walk through backing up a Synology using Acronis True Image. Before doing so, it’s worth noting that the only things backed up this way are the ones that are by default accessible through an app, and that you’ll have to give access to each of those entitlements in order for the backup to run. These include Contacts, Photos, Videos, Calendars, and Reminders.

To get started, first go to the Package Center on a Synology. Then, search for Acronis.

At the listing for Acronis True Image, click Install. Once installed, make sure you’re accessing your Synology through the web interface directly rather than through QuickConnect. This would be http://:5000. From there, open the Main Menu and then open Acronis True...

| Read more »

Saturday April 7

14:49

Backup A Mac With Acronis True Image

krypted

Acronis True Image is a cloud-based backup solution. Acronis True Image is available at

https://www.acronis.com/en-us/support/trueimage/2018mac/. To install, download it and then open the zip.

Drag the Acronis True Image application to your /Applications directory. Then open Acronis True Image from /Applications. The first time you open it, you’ll be prompted to access the licensing agreement.

Once accepted, you’ll be prompted to create an account with Acronis. Provide your credentials or enter new ones to create a trial account.
...

| Read more »

Friday April 6

11:57

Migrate From macOS To A Synology Based VPN

krypted

Synology is able to do everything a macOS Server could do, and more. So if you need to move your VPN service, it’s worth looking at a number of different solutions. The most important question to ask is whether you actually need a VPN any more. If you have git, mail/groupware, or file services that require remote access then you might want to consider moving these into a hosted environment somewhere. But if you need access to the LAN and you’re a small business without other servers, a Synology can be a great place to host your VPN services.

Before you setup anything new, first snapshot your old settings. Let’s grab which protocols are enabled, running the following from Terminal:

sudo serveradmin settings vpn:Servers:com.apple.ppp.pptp:enabled

sudo serveradmin settings vpn:Servers:com.apple.ppp.l2tp:enabled

Next, we’ll get the the IP ranges used so we can mimic those (or change them) in the new service:

sudo serveradmin settings vpn:Servers:com...

| Read more »

Thursday April 5

07:49

Install Directory Services on a Synology

krypted

People who have managed Open Directory and will be moving to Synology will note that directory services really aren’t nearly as complicated was we’ve made them out to be for years. This is because Apple was protecting us from doing silly things to break our implementations. It was also because Apple bundled a number of seemingly disparate technologies into ldap. It’s worth mentioning that LDAP on a Synology is LDAP. We’re not federating services, we’re not kerberizing services, we’re not augmenting schemas, etc. We can leverage the directory service to provide attributes though, and have that central phone book of user and group memberships we’ve come to depend on directory services to provide.

To get started, open the Package Center and search for Directory. Click Install for the Directory Server and the package will be installed on the Synology.
...

| Read more »

Wednesday April 4

08:00

Apple Pay Has Expanded to Brazil

iPhone Devel...

You can now support Apple Pay for your customers in Brazil, providing an easy and secure way for them to pay within your apps and websites.

Learn more about Apple Pay.

| Read more »

08:00

Apple Pay Has Expanded to Brazil

ADC Headline...

You can now support Apple Pay for your customers in Brazil, providing an easy and secure way for them to pay within your apps and websites.

Learn more about Apple Pay.

| Read more »

04:00

Export data from Open Directory for migrating users...

krypted

Before we have this conversation, I want to give you some bad news. Your passwords aren’t going to migrate. The good news is that you only do directory services migrations every decade or two. The better news is that I’m not actually sure you need a directory service in the traditional sense that you’ve built directory services. With Apple’s Enterprise Connect and Nomad, we no longer need to bind in order to get Kerberos functionality. With MCX long-dead(ish) you’re now better off doing policies through configuration profiles.

So where does that leave us? There are some options.

On Prem Active Directory. I can setup Active Directory in about 10 minutes. And I can be binding Mac clients to it. They’ll get their Kerberos TGTs and authenticate into services and the 90s will be as alive on your server as they are in Portland. Here’s the thing, and I kinda’ hate to say it, but no one ever got fired for doing things the old reliable way.
OpenLDAP. There are...

| Read more »

Tuesday April 3

13:26

Episode 73 of the MacAdmins Podcast: Graykey and...

krypted

The post Episode 73 of the MacAdmins Podcast: Graykey and Securing iOS appeared first on krypted.com.

| Read more »

Monday April 2

06:43

Jamf Freshdesk Plugin

krypted

Ever wanted to be able to view devices from your Jamf server from within your Freshdesk environment? Well, I just posted a new integration on the Jamf Marketplace just for Freshdesk.

This plugin will display a search bar on the right side of the screen. Enter a serial number to find your devices. If a match is found, you’ll see information on the device (note: this is up on GitHub so you can change what fields you see).

If you don’t find anything that matches a given pattern, you’ll get an error.
...

| Read more »

04:00

Skip that privacy screen in MacOS

krypted

There’s a new MDM option to skip the privacy screen at setup for Mac. But, you can also skip that screen programmatically. Do so by sending a DidSeePrivacy boolean key into com.apple.SetupAssistant. This could be done via an MDM or through a simple defaults command, as follows:

defaults write com.apple.SetupAssistant DidSeePrivacy -bool TRUE

Note: Since writing this, Rich Trouton has published a script that includes the other options at https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/disable_apple_icloud_data_privacy_diagnostic_and_siri_pop_ups.

The post Skip that privacy screen in MacOS appeared first on krypted.com.

| Read more »

Sunday April 1

04:00

Lecture Your Sudoers

krypted

/etc/Sudoers is a file that controls what happens when you use sudo. /etc/sudo_lecture is a file that Apple includes in macOS that tells your users that what they’re about to do is dangerous. You can enable a lecture, which will be displayed each time sudo is invoked. To turn on the lecture option in sudo, open /etc/sudoers and add the following two lines (if they’re not already there):

Defaults lecture=always
Defaults lecture_file = “/etc/sudo_lecture”

Then save the file and edit /etc/sudo_lecture. Apple has kindly included the following
Warning: Improper use of the sudo command could lead to data loss or the deletion of important system files. Please double-check your typing when using sudo. Type “man sudo” for more information. To proceed, enter your password, or type Ctrl-C to abort.Let’s change this to:
Hack the planet.
Now save and open a new Terminal screen. Run sudo bash and viola, you will get your new message. Enjoy.

...

| Read more »

Saturday March 31

08:00

Install DNS Services on Synology

krypted

DNS is an integral service to most modern networks. The Domain Name System, or DNS is comprised of hierarchical and decentralized Domain Name Servers, or DNS Servers. This is how we connect to computers and the websites that reside on computers by their names, rather than having to memorize the IP addresses of every single computer out there. So you get to type krypted.com and come to my website instead of typing the IP address. Or more likely, Facebook.com, but just because my website is older, I’m not mad about that. No really…

So you have a macOS Server and you need to take your DNS records out of it and move them to another solution. Luckily, DNS on any operating system is one of the easiest to manage. So let’s start by dumping all of our DNS records:

/Applications/Server.app/Contents/ServerRoot/System/Library/PrivateFrameworks/DNSManager.framework/dnsconfig list

ACLs:
com.apple.ServerAdmin.DNS.public
Options:
directory: /Library/...

| Read more »

04:00

Install the RADIUS Server on a Synology

krypted

Don’t let the name fool you, RADIUS, or Remote Authentication Dial-In User Service is more widely used today than ever before. This protocol enables remote access to servers and networks and is frequently a fundamental building block of VPNs, wireless networks and other high-security services that have nothing to do with dialup bulletin boards from the 80s.

I’ve run RADIUS services on Mac servers for years. But as that code starts to become stale and no longer supported, let’s look at running a basic RADIUS service on a network appliance, such as a Synology. To get started, open Package Manager, click All in the sidebar and then search for RADIUS.

Click Install for the RADIUS service.

...

| Read more »