An even more secure OS X before Leopard.
March 12, 2007 on 7:00 pm | In Apple, SecurityBecause people had significant trouble with the unwieldy double article, I split this article in two parts;
The Followup; An even more secure OS X before Leopard
Scanning my Audience; a port scan following the first how-to.
9 Comments »
RSS feed for comments on this post. TrackBack URI
Leave a comment
Syndicate
Archive
- October 2008 (1)
- August 2008 (1)
- July 2008 (3)
- June 2008 (3)
- April 2008 (8)
- March 2008 (9)
- February 2008 (14)
- January 2008 (12)
- December 2007 (7)
- November 2007 (33)
- October 2007 (25)
- September 2007 (8)
- August 2007 (9)
- July 2007 (10)
- June 2007 (27)
- May 2007 (35)
- April 2007 (36)
- March 2007 (38)
Categories
- Announcement (47)
- Apple (48)
- Cocoa (5)
- CocoiaCast (1)
- Code (13)
- Commercial Work (19)
- Design (94)
- EVE Online (1)
- Fortitude (1)
- Graphics (80)
- Hacking (6)
- How-To (8)
- Icon Design (48)
- IconResource (4)
- Interface Design (23)
- iPhone (11)
- iSight Expert (7)
- Latitude (1)
- News (40)
- Open Source (11)
- OpenGL (8)
- Personal Work (47)
- Popular (9)
- Praetorian (7)
- Ramblings (52)
- Security (19)
- Software Releases (10)
- Timezones (12)
- Typography (9)
- Uncategorized (12)
- War on Bad Design (6)
Ok, I missed a ‘u’ in Minutes in my first graph. Tough deal.
Comment by sebastiaan — March 12, 2007 #
[…] edit: 12th of March; Follow-up availible; Click Here […]
Pingback by Cocoia Blog » Howto: A more secure OS X before Leopard. — March 12, 2007 #
[…] [update: Part 2 of this article entitled ‘An even more secure OS X before Leopard’ was just posted. This second part is probably too deep for most, but if you’re really into security, you might want to look it over. For the average user, it’s probably overkill] […]
Pingback by toddvachon.com » Blog Archive » Make Your Mac More Secure — March 12, 2007 #
Well, port scanning is legal (at least I believe that), but some ISPs have it in their terms of use that you are not allowed to them on networks other than your own (i.e. they mean that you are allowed to scan your own IP address, but not arbitrary ones).
You should be careful about scanning large groups of addresses if your ISP has such terms of use because you could easily get your account terminated!
Comment by georg — March 12, 2007 #
You have your commands reversed in the disabling isight section. The chmod a-rwx should be the disabling command, and a+r should be the enabling command.
Ed. ; I screwed up. Put you in the article mate, thanks a lot.
Comment by Greg — March 12, 2007 #
Hey … thanks for the link to GlowWorm FW … got quite a few visitors because of it. Good article, too.
Comment by Curtis Jones — March 13, 2007 #
Great article but you dont explain how to set a open firmware password on an intel mac. My MBP keeps bypassing the Command-Option-O-F and boots like normal.
Comment by Talesh — March 13, 2007 #
Hi, rebooting the Mac will restore the original firewall. I have a script to remove unneded lines, but how to integrate it in the OS X 10.4 boot process?
/sbin/ipfw show > /tmp/origrules
awk ‘/dst-port 137 in/ {print “/sbin/ipfw del”, substr($1,0,5)}’ /tmp/origrules > /tmp/newrules
awk ‘/dst-port 427 in/ {print “/sbin/ipfw del”, substr($1,0,5)}’ /tmp/origrules >> /tmp/newrules
awk ‘/dst-port 631 in/ {print “/sbin/ipfw del”, substr($1,0,5)}’ /tmp/origrules >> /tmp/newrules
awk ‘/dst-port 5353 in/ {print “/sbin/ipfw del”, substr($1,0,5)}’ /tmp/origrules >> /tmp/newrules
awk ‘/67 to me in/ {print “/sbin/ipfw del”, substr($1,0,5)}’ /tmp/origrules >> /tmp/newrules
awk ‘/5353 to me in/ {print “/sbin/ipfw del”, substr($1,0,5)}’ /tmp/origrules >> /tmp/newrules
chmod +x /tmp/newrules
sh /tmp/newrules
rm /tmp/origrules
rm /tmp/newrules
Comment by alxtoth — March 18, 2007 #
Es soll ja immer noch Leute geben,…
die mit einem Mac unter OS Zehnpunktirgendwas mit dem Admin-Account die täglichen Dinge wie surfen, mailen und arbeiten erledigen. Das ist nicht so schlau, was man hier und hier oder auch hier nachlesen kann.
Also, was tun?
Ganz einfach:
1. S…
Trackback by tinzi's Blog — March 25, 2007 #