Because people had significant trouble with the unwieldy double article, I split this article in two parts;
The Followup; An even more secure OS X before Leopard
Scanning my Audience; a port scan following the first how-to.
Because people had significant trouble with the unwieldy double article, I split this article in two parts;
The Followup; An even more secure OS X before Leopard
Scanning my Audience; a port scan following the first how-to.
9 Responses
[…] edit: 12th of March; Follow-up availible; Click Here […]
[…] [update: Part 2 of this article entitled ‘An even more secure OS X before Leopard’ was just posted. This second part is probably too deep for most, but if you’re really into security, you might want to look it over. For the average user, it’s probably overkill] […]
Es soll ja immer noch Leute geben,…
die mit einem Mac unter OS Zehnpunktirgendwas mit dem Admin-Account die täglichen Dinge wie surfen, mailen und arbeiten erledigen. Das ist nicht so schlau, was man hier und hier oder auch hier nachlesen kann.
Also, was tun?
Ganz einfach:
1. S…
Ok, I missed a ‘u’ in Minutes in my first graph. Tough deal.
Well, port scanning is legal (at least I believe that), but some ISPs have it in their terms of use that you are not allowed to them on networks other than your own (i.e. they mean that you are allowed to scan your own IP address, but not arbitrary ones).
You should be careful about scanning large groups of addresses if your ISP has such terms of use because you could easily get your account terminated!
You have your commands reversed in the disabling isight section. The chmod a-rwx should be the disabling command, and a+r should be the enabling command.
Ed. ; I screwed up. Put you in the article mate, thanks a lot.
Hey … thanks for the link to GlowWorm FW … got quite a few visitors because of it. Good article, too.
Great article but you dont explain how to set a open firmware password on an intel mac. My MBP keeps bypassing the Command-Option-O-F and boots like normal.
Hi, rebooting the Mac will restore the original firewall. I have a script to remove unneded lines, but how to integrate it in the OS X 10.4 boot process?
/sbin/ipfw show > /tmp/origrules
awk ‘/dst-port 137 in/ {print “/sbin/ipfw del”, substr($1,0,5)}’ /tmp/origrules > /tmp/newrules
awk ‘/dst-port 427 in/ {print “/sbin/ipfw del”, substr($1,0,5)}’ /tmp/origrules >> /tmp/newrules
awk ‘/dst-port 631 in/ {print “/sbin/ipfw del”, substr($1,0,5)}’ /tmp/origrules >> /tmp/newrules
awk ‘/dst-port 5353 in/ {print “/sbin/ipfw del”, substr($1,0,5)}’ /tmp/origrules >> /tmp/newrules
awk ‘/67 to me in/ {print “/sbin/ipfw del”, substr($1,0,5)}’ /tmp/origrules >> /tmp/newrules
awk ‘/5353 to me in/ {print “/sbin/ipfw del”, substr($1,0,5)}’ /tmp/origrules >> /tmp/newrules
chmod +x /tmp/newrules
sh /tmp/newrules
rm /tmp/origrules
rm /tmp/newrules