Page 12
<<Back | Index | Next >>

Macintosh Security Basics - Presentation Notes

Useful Tools - NetInfo Manager

Getting into NetInfo is outside the scope of this class.

See the von Stauber presentations for more on NetInfo

Be careful with this tool and the command-line tools (nidump, niutil, etc.) But you should know that they exist in case you come across a howto that requires their use.
Put simply, NetInfo is a central directory for storage of service information
(e.g., DNS lookups, but it does more than that). It’s a distributed database
system, inherited from the days of NeXT. Since there aren’t many large OS X
environments, it’s usually manifested as a local database just on your machine.
Use Netinfo Manager to view information, but don’t change anything unless
you know what you’re doing. Among other things, you can use it to create
non-standard shares beyond the OS X default.

The OS X System Administration guide goes into some detail about NetInfo
and its security implications, see his references for more info.

Useful Tools - Terminal

We’ve already mentioned the Terminal a bunch of times. It’s your window onto the CLI.

There is a Terminal-related caveat in OS X: aliases and symlinks
The Terminal is how to get at the CLI on OS X. The default shell is tcsh, I use
bash. With some tweaking, you can get color-coded dir listings, syntax
highlighting in Vim, etc. All that cute Unix stuff. Google for what you want to
do and odds are that someone will already know how.

Terminal caveat: Mac aliases created in the Finder (which operate like
symlinks or Shortcuts) do not behave properly from the Terminal, at least not
in bash. They are treated as empty files. Furthermore, symlinks created in the
Terminal will not work as aliases in the Finder. It’s a quirk.

Useful Tools - tcpdump

Covered in detail in another class

Use sudo, and remember that the Mac’s ethernet interface is called en0, not eth0, and you have to specify it explicitly:

sudo tcpdump -i en0 …

MacSniffer is a nice front end
Tcpdump is included in OS X. It needs to be run with sudo or as root, and you
always have to tell it which interface to use (en0 by default).

MacSniffer is a good graphical front end for it, written by the same guy that
wrote BrickHouse.

Useful Tools - MacSniffer

Useful Tools - MacSniffer
MacSniffer lets you select options like capture size, how much header info to
show, hex/ascii data, name lookups on or off, etc. and you can create and run
filters to pick out the data you want to see. Ethereal-esque.

Useful Tools - MacJanitor

Shareware or freeware program for doing system cleanup tasks like log rotation, cache cleanup, etc. Good to use if you have to shut down your Mac every night, since that may prevent a lot of tasks from running.

Useful Tools - MacJanitor
It’s important to keep your logs working properly, since that’s likely to be the
first place you look if you have a security problem.

Useful Tools - CheckMate

Preference pane to generate MD5 checksums of key files and scan for changes.

Brian Hill rules. CheckMate generates a list of MD5 checksums for key files
(and for any other files you add to it) and re-scans on a schedule you specify. It
and emails you the scan results, and also sends an email alert if a checksum
has changed.

A caveat: If you toggle ftp on/off in the Sharing Pane, that does change
inetd.conf, which causes CheckMate to send an alert. Don’t panic.

<<Back | Index | Next >>