Stripping All ACLs

| Comments

I’ll admit it: I rarely ever work with Access Control Lists. Most of my time is spent in web server land where POSIX permissions are more than adequate, so I just fire up Server Admin if I have to add an ACL.

However, a co-worker recently ran into an ACL mess after a client converted their server from Standalone to Open Directory Master and back again. So, how to strip all ACLs so you can start over? It’s probably dangerous or some command I’m not familiar with, right? Nope.

The following call to chmod will recursively remove all ACLs:

chmod -RN /path/to/directory

Voilà!

Flush Your Firewall

| Comments

The other day I was having some issues with my VPN and Mail server working correctly. After narrowing down the issue to it being my firewall blocking the issue, I went out on a hunt to locate the possibility to be able to flush out the current rules from the firewall. OS X Leopard Server uses ipfw as it’s firewall implementation. Even OS X Leopard client uses ipfw! Fortunately it’s pretty similar to iptables which we also use on our Linux servers so there was a way to flush out the current rules. Simply using the following command will remove all the rules that haven’t been saved (which can be done either via the command line or through that nice Server Admin GUI tool):

1
sudo /sbin/ipfw -f flush

Once that’s run, you have have a peek back inside the Server Admin tool and you’ll notice under the Active Rules there should be none or only a couple. You can also show the list from the command line (which you’ll probably want to do under client since it doesn’t work with the Server Admin tool. Use this command to do so:

1
2
bash-3.2$ sudo /sbin/ipfw list
65535 allow ip from any to any

As you can see, I allow everything on my client machine, but on the server:

1
2
3
4
5
6
7
8
9
10
11
palomino:etc jimmybrancaccio$ sudo /sbin/ipfw list
00001 allow udp from any 626 to any dst-port 626
00010 divert 8668 ip from any to any via en0
03885 deny ip from 58.251.59.9 to any
03890 deny ip from 89.96.140.154 to any
03895 deny ip from 211.143.101.226 to any
03900 deny ip from 212.222.147.130 to any
03905 deny ip from 58.185.182.212 to any
03910 deny ip from 76.17.182.127 to any
03915 deny ip from 202.102.245.109 to any
65535 allow ip from any to any

There’s currently some blocks in place. Anyways, just a couple useful ipfw commands!

Colors In Terminal

| Comments

Looking for a way to jazz up your Terminal.app? Here’s a quick and easy way to do so! Open up Terminal first, then type in nano -w ~/.bash_profile This will open a command line-based text editor. The file you’re editing is one that gets loaded every time you open a new Terminal window (or tab). Paste or type in the following at the end of the document:

export CLICOLOR=1

Then hit Ctrl+O and Ctrl+X. These key commands save the file and exit the editor. Now, open a new Terminal window and type in ls. This will list the contents of the folder you’re in (which should be your home folder) and the titles of the folders should be colored as shown in the above screenshot!

Apple Server Diagnostics 3X106 Released

| Comments

Apple released Apple Server Diagnostics 3X106 yesterday to support for Snow Leopard Server and the Mac mini. If you’ve still got 3X104, you’ll need to grab the new version if you’re running Snow Leopard Server.

The tests it performs include:

  • Boot ROM
  • Ethernet controller
  • Fan
  • Hard drive
  • Memory
  • Power supply
  • Processor
  • Sensor
  • USB ports
  • Video controller

State of the Mac mini

| Comments

macminicolo.net has posted their 2009 state of the Mac mini, including their test drive and photos (un-boxing & take-apart) of the new Mac mini w/Snow Leopard Server. Interesting tidbits I was unaware of are:

  • The new Mac minis will accept 8GB of RAM and the now-previous ones only need a firmware upgrade to do so.
  • AppleCare covers GUI-based server & network management issues for the Mac mini w/Snow Leopard Server, but “isn’t the case if you buy a Mac mini and Snow Leopard Server separately.”
  • Approximately 70% of their customers use Mac OS X client. I shouldn’t be surprised due the former pricing, but I think the killer combination of Snow Leopard Server only costing $499 for unlimited clients and bundling it with a Mac mini configuration will change all of that.

They also remind the naysayers who complain about lack of additional Ethernet ports “that Apple’s USB Ethernet Adapter works fine on a mini. Just plug it in and you’re set.”

[Via Daring Fireball]

OpenDNS Expands with Deluxe & Enterprise Offerings

| Comments

As of today, OpenDNS has added Deluxe & Enterprise plans to it’s free Basic service. I’ve been using OpenDNS’s free service for quite some time now and it does a good job of offering reliable, fast DNS with a few added bonuses such as phishing & botnet protection, typo correction, content filtering (if needed), and stats.

The Deluxe plan starts at $9.95/year, is ad-free, and includes the following features above and beyond Basic:

  • Up to 50 whitelist/blacklist domains (up from 25)
  • A whitelist-only mode
  • Advanced customization options
  • Archived stats & logs for 1 year (up from 2 weeks)
  • Email technical support 9-5 (Pacific) on weekdays (in addition to opendns.com/support)

According to the press release, “Notable features included in OpenDNS Enterprise include”:

Malware Site Protection to secure networks from online threats, Delegated Administration to allow multiple administrators across multiple locations to administer accounts, Block-Page Bypass functionality, which makes OpenDNS cloud-based Web content filtering more flexible and allows administrators and trusted individuals to bypass filtering when necessary, and more comprehensive reporting and statistics offerings, including a daily PDF report of network activity delivered via email.

Obviously, that’s in addition to the Basic & Deluxe features. You’ll have to call for Enterprise pricing.

[Via OpenDNS]

Mac mini with Snow Leopard Server

| Comments

Along with other new products and a refresh of the Mac mini line, Apple has now come to their senses and is offering a Mac mini with Snow Leopard Server! For $999 you get a Mac mini w/2.53GHz Intel Core 2 Duo processor, 4GB RAM, and—get this—the optical drive has been ditched to make room for a second hard drive, so two 500GB 2.5” 5400-RPM SATA hard drives. Oh, and Snow Leopard Server, of course.

It seems like this is going to be a great deal, especially assuming that the $599 Mac mini is spec’d with 2.26GHz processor, 2GB RAM, and $160GB hard drive, and SuperDrive. I’ve been using a Mac mini as a server for years and would love to add one of these to my network.

Update: They note that you can use the MacBook Air SuperDrive (USB) if you need an optical drive. I’ve always found a MacBook in FireWire Target Disk mode to be more than adequate, in a pinch.

spamtrainer 1.9.5 Released

| Comments

Topicdesk has updated their spamtrainer utility to version 1.9.5 adding Snow Leopard Server compatibility. spamtrainer automates the process of training SpamAssassin’s bayes database by allowing users to redirect spam & ham messages to designated mailboxes which are used as training material.

[Via Topicdesk Newsletters]

Mac OS X Server 10.6.1 & Security Update 2009-005 Released

| Comments

Apple released the following updates to Mac OS X Server last night:

Mac OS X Server 10.6.1
Improvements include:

Further information can be found in Knowledge Base article HT3811 and the Updater is available for download.

Security Update 2009-005
Security Update for Mac OS X Server 10.4.x and 10.5.8 improves security in the following areas:

  • Alias Manager
  • CarbonCore
  • ClamAV
  • ColorSync
  • CoreGraphics
  • CUPS
  • Flash Player Plug-in
  • ImageIO
  • Launch Services
  • MySQL
  • PHP
  • SMB
  • Wiki Server

Further details can be found in Knowledge Base article HT3865 and the Tiger Server & Leopard Server updaters are available for download.

As always, let us know if either of these updates fix issues or break something.

On Twitter Too

| Comments

For those of you who have a Twitter addiction (or even those who manage to only take healthy doses) and haven’t discovered this fact already, you can follow @macintoshadmn for the latest updates around here. We’re too busy for a ton of chatter so you’ll mostly see the automated posting of new articles, but if there’s something important we’ll let you know.

No worries if you’re not into Twitter, there’s also our RSS feed. Get in touch if you have any questions, suggestions, or submissions.