LINICKX.com

OS X: Sync'ing keychains in the iCloud

nick — Mon, 06 May 2013 14:20:00 +0100

Keychains hold passwords, certificates and general secret stuff - only do this if you understand the Apple will have access to this.... well assuming they can crack your keychain password (which they probably can).

Synchronising a keychain across macs could be useful, for example, having a dedicated keychain for WiFi credentials.

I stumbled across this link (dated Nov 2011) and found that this still works!

The ~Library/Mobile Documents/ folder is pushed to all iCloud enabled computers, so I have created a new folder, and copied my WiFi keychain into it:

#!/bin/bash
$ mkdir ~/Library/Mobile\ Documents/com~linickx~icloud
$ cp ~/Library/Keychains/wifi.keychain ~/Library/Mobile\ Documents/com~linickx~icloud/

If you only have one keychain login.keychain, consider splitting out the really secret stuff and only sync'ing the stuff you want to share with apple.

Now open "Keychain Access", delete the original keychain and add/open the iCloud copy. On any other Mac, add/open the iCloud keychain. Once complete, any change to the keychain will be pushed to all Macs, simplifying password changes :)

I'm also using this to sync dotfiles!

You could use dropbox for this, one reason to use dropbox is that iCloud sync seems to be a bit hit n miss; however Dropbox already have enough of my secrets, I'm not suggesting that iCloud is more secure, it's just better to have many baskets.

FOOTNOTE: If your mobile documents folder isn't sync'ing, see this post by SteveX.

OS X: anonymous ftp directory on Mountain Lion

nick — Mon, 22 Apr 2013 10:31:00 +0100

Pretty much every google search I tried landed me on a mountain lion server page, given I'm using normal mountain lion on a macbook the results were not much use!

I use FTP to transfer images to various appliances, firewalls, proxies etc so for speed and simplicity I need anonymous ftp. The default home directory on 10.8 for anonymous FTP is /var/empty which is a special directory which I didn't want to tamper with, once I found the right stuff in the man page changing the home of thr anonymous FTP user wasn't actually that hard...

To get started, in case you need it, the command to start the FTP service is:

sudo launchctl load /System/Library/LaunchDaemons/ftp.plist

and to stop:

sudo launchctl unload /System/Library/LaunchDaemons/ftp.plist

The config file is /etc/ftpd.conf, mine looks like this:

# match umask from Mac OS X Server ftpd
umask all 022
chroot GUEST /Users/linickx/ftp
modify guest off
umask  guest 0707
upload guest on

As you can see, I have changed the home directory of my anonymous user to a folder called ftp inside my home directory.

Now, there's some special security stuff you can do to that folder, see man ftpd for full details, but this should do you as a minimun

\~ftp Make the home directory owned by ``root'' and unwritable by anyone.

\~ftp/pub This directory and the subdirectories beneath it should be owned by the users and groups responsible for placing files in them, and be writable only by them (mode
755 or 775). They should not be owned or writable by ftp or its group.

\~ftp/incoming This directory is where anonymous users place files they upload. The owners should be the user ``ftp'' and an appropriate group. Members of this group will be
the only users with access to these files after they have been uploaded; these should be people who know how to deal with them appropriately. If you wish anony-
mous FTP users to be able to see the names of the files in this directory the permissions should be 770, otherwise they should be 370.

The following ftpd.conf(5) directives should be used:
modify guest off
umask guest 0707
upload guest on

This will result in anonymous users being able to upload files to this directory, but they will not be able to download them, delete them, or overwrite them, due
to the umask and disabling of the commands mentioned above.

Happy FTP Everyone!

Secure your MAC to EAL3

nick — Thu, 21 Jan 2010 19:18:00 +0000

This hit my feed reader this morning...

Atsec information security is pleased to announce the successful Common Criteria Certification of Mac OS X Snow Leopard at EAL 3

Reference: http://www.atsec.com/us/news-atsec-apple-mac-os10-6-common-criteria-evaluation-snow-leopard-184.html

It took me a few minutes to find it, but if you want a certifiably secure mac you need to follow Apple's Admin Guide on their Common Criteria page, I know what I'll be doing later :)

Getting Terminal / Console Connectivity in MAC OS X

nick — Tue, 19 Jan 2010 18:38:00 +0000

It took me a couple of Googles to work this out... I have a Belkin f5u103v USB-to-Serial adapter and needed a console connection to a Cisco switch.

To get started install this driver from apple (I think it needed a reboot).

If this was successful when you connect the USB-to-Serial you'll be asked if you want to setup a modem / network connection... say no. From a terminal you should now see a new device similar to mine...

NickBook:~ nick$ ls /dev/cu*
/dev/cu.Bluetooth-Modem /dev/cu.PL2303-00001004 /dev/cu.Bluetooth-PDA-Sync
NickBook:~ nick$

The PL device disappears when I unplug the USB adapter. Next you then need a copy of minicom, I installed macports and did port install minicom.

Since I don't want to re-invent the wheel now go to http://www.macosxhints.com/article.php?story=20040521145713551 and Start at STEP 3 to configure minicom (Obviously you'll replace /dev/cu.USA19QI191P1.1 with something similar to /dev/cu.PL2303-00001004 ) once finished you'll be set.. happy terminal session!

MacBook Pro UK Keyboard Layout for Windows

nick — Mon, 18 Jan 2010 15:28:00 +0000

I've imported my windows box into VirtualBox (howto) and noticed that the keyboard layout is all screwed up.

My Googling suggests that a German and Swedish bloke/bird/person have fixed this issue but no-one in the UK.

Attached is my UK Keyboard layout, also the source file so you can use microsoft keyboard layout creator to make your own.

To use, simply unzip, run setup, and then in your keyboard settings (control panel) change to "English UK - Apple MacBook Pro" ... you may wish to remove the default UK keyboard to avoid confusion.

This works well for me in VirtualBox, I would expect it to work in VMWARE / Parallels but I've not tested it, as with everything I do YMMV :)

Silence on LINICKX.com

nick — Wed, 13 Jan 2010 17:46:00 +0000

It's been a bit quiet on here; x-mas was "louder" than normal there seemed to be more to do than normal and I forgot to schedule some seasons greetings on the 25/12 & 01/01 so my apologies. I've acquired extra time-sinks, I'm now a MAC Fanboy as I've brought a shiny new toy (expect mac related posts) :D . My Cisco Certification is due for renewal so I really really should study and I have "Project R" which is a weekend project ... basically a website for a friend.... oh and thanks to all the recent snow around here the car really needs a clean!

So, I should get on, get organised and be grateful that this time-sinkhelps organise my thoughts.