Archive

Archive for January, 2013

Java blocked in Safari on 10.6.x – 10.8.x

January 31, 2013 20 comments

As of January 31st, it appears that Apple has blocked both Java 6 and Java 7 Update 11 from running in Safari.


Update 1 – February 1, 2013: Oracle has released Java 7 Update 13 to address the vulnerabilities in Java 7 Update 11. Once Java 7 Update 13 has been installed, Safari will no longer block the Java plug-in on 10.7.x – 10.8.x.



Update 2 – February 1, 2013: Apple has released Java for Mac OS X 10.6 Update 12 to address the vulnerabilities in Java 6 on 10.6.x Macs. Once Java for Mac OS X 10.6 Update 12 has been installed via Apple’s Software Update, Safari will no longer block the Java plug-in on 10.6.x.


To verify this on your own machine:

1. Open Safari on a Mac running 10.6.x or higher.

2. Go to http://www.java.com/en/download/testjava.jsp to test your Java browser plug-in.

Instead of a report that Java is working, you’ll receive a Blocked Plug-In message.

Screen Shot 2013-01-31 at 6.45.36 AM

The best workaround at this time is to use Firefox. I tested with Firefox 18 and Firefox is not blocking the Java plug-in at this time.

Screen Shot 2013-01-31 at 6.46.27 AM

Current Status:

Java 6 on 10.6.x: Apple has released Java for Mac OS X 10.6 Update 12 to address the vulnerabilities in Java 6 on 10.6.x Macs. Once Java for Mac OS X 10.6 Update 12 has been installed via Apple’s Software Update, Safari will no longer block the Java plug-in on 10.6.x.

Java 7 on 10.7.x and 10.8.x: Oracle has released Java 7 Update 13 to address the vulnerabilities in Java 7 Update 11. Once Java 7 Update 13 has been installed, Safari will no longer block the Java plug-in on 10.7.x – 10.8.x

The blocking was done by Apple’s built-in malware protection. For those interested, the list of acceptable browser plug-in versions is stored at /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist

As of 7:07 AM on Thursday, January 31st, XProtect.meta.plist on my 10.8.2 laptop had the following contents:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>JavaWebComponentVersionMinimum</key>
	<string>1.6.0_37-b06-435</string>
	<key>LastModification</key>
	<string>Thu, 31 Jan 2013 04:41:14 GMT</string>
	<key>PlugInBlacklist</key>
	<dict>
		<key>10</key>
		<dict>
			<key>com.macromedia.Flash Player.plugin</key>
			<dict>
				<key>MinimumPlugInBundleVersion</key>
				<string>11.3.300.271</string>
			</dict>
			<key>com.oracle.java.JavaAppletPlugin</key>
			<dict>
				<key>MinimumPlugInBundleVersion</key>
				<string>1.7.11.22</string>
			</dict>
		</dict>
	</dict>
	<key>Version</key>
	<integer>2028</integer>
</dict>
</plist>


Java 6 plug-in
The plugin version installed by Apple is 1.6.0_37-b06-434. The plug-in blacklist is specifying that 1.6.0_37-b06-435 or higher is required, so 1.6.0_37-b06-434 is being blocked automatically.

Java 7 plug-in
The plugin version installed by the current Oracle Java 7 Update 11 installer is 1.7.11.21. The plug-in blacklist is specifying that 1.7.11.22 or higher is required, so 1.7.11.21 is being blocked automatically.

Updated FileVault 2 status scripts now available – now handles unencrypted Fusion drives

January 28, 2013 Leave a comment

I’ve updated the FileVault 2 status check scripts so that they’re now able to correctly handle unencrypted Fusion drives. The scripts should now report accurately on 10.8.x Macs that use Fusion drives, as well as other 10.7.x and 10.8.x Macs.

The changes are now available as part of my regular script. They have also been rolled into both the Casper Extension Attribute and the Absolute Manage Custom Info Item scripts. Use them in good health and please let me know if you find any problems with them.

Disabling the Sleep command in the Apple menu

January 27, 2013 3 comments

After recently participating in a discussion about disabling the Sleep command in the Apple menu, I wanted to document how to do this. This may be most useful for Mac terminal services, which was the context where I learned how to do this.

1. Log in with an account that has admin privileges

2. Open Terminal and run the following command:

sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.PowerManagement SystemPowerSettings -dict SleepDisabled -bool YES

Screen Shot 2013-01-26 at 9.48.54 PM

3. You should see that the Sleep command is now grayed-out in the Apple menu.

Screen Shot 2013-01-26 at 9.48.58 PM

To revert back, you’ll need to do the following:

1. Log in with an account that has admin privileges

2. Open Terminal and run the following command:

sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.PowerManagement SystemPowerSettings -dict SleepDisabled -bool NO

Screen Shot 2013-01-26 at 10.00.34 PM

3. Restart the Mac (this is necessary to apply the change.)

After the restart, you should see that the Sleep command is available again in the Apple menu.

Screen Shot 2013-01-26 at 9.52.41 PM

Updated daily server report scripts for 10.7.x and 10.8.x

January 26, 2013 2 comments

I’ve made some updates to the daily server report scripts that I host on my GitHub repo, as I recently tested them on 10.7.x and 10.8.x Server. The existing 10.5.x – 10.6.x script runs fine as-is on 10.7.x Server, but I needed to make a few changes for 10.8.x Server.

I updated the following parts to support 10.8 Server:

PATH

Added /Applications/Server.app/Contents/ServerRoot/usr/sbin to the PATH export, as serveradmin has moved to /Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin

Changes to the UNSUCCESSFUL ATTEMPTS TO LOGIN VIA SSH section

In 10.8, /var/log/secure.log‘s functions have been moved to Apple System Log. The script is running syslog -k Time ge -24h | grep 'sshd' to check ASL for SSH activity in the last 24 hours. The SSH activity is exported to /private/tmp/ssh-status.txt, then ssh-status.txt is scraped for SSH errors.

You can access the scripts here on my GitHub repo:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/daily_server_report_script

Building Mac test environments with VMWare Fusion, NetBoot and DeployStudio

January 23, 2013 4 comments

When new software appears, Mac admins need test boxes that match their standard configuration in order to verify that the new software doesn’t adversely affect anything in their environment. In the past, this has usually meant that admins needed to either have an available test box, or go find one when they needed to test something.

The advent of good virtualization solutions meant it was easier to build test boxes without needing additional hardware, but getting the VM to match your standard could take some time and effort.

In VMWare Fusion 5.x, VMWare added NetBoot support for virtual machines running Mac OS X. This proved to be an enormous boon to Mac admins who used NetBoot to help set up their machines: They could now build VMs using the exact same processes that were used to build their users’ Macs. They could also leverage tools like createOSXinstallPkg to set up template VMs with either the latest available OS X installer from the Mac App Store or custom builds of OS X that ship with new hardware.

See below the jump for an example of how you can leverage VMWare’s NetBoot support, createOSXinstallPkg and DeployStudio to set up a new Mac VM with a factory-fresh install of OS X Mountain Lion.

Read more…

Setting up ESXi 5.1 on a 2011 Mac Mini Server

January 21, 2013 25 comments

One thing I’ve wanted to do for a while is virtualizing my home server setup, as well as making it easier to stand up (and take down) test servers as needed.

I’ve been doing a lot of work with VMWare Fusion on my Mac and could have gone that way, but I wanted to do the virtualization with VMWare’s free ESXi software. I hadn’t previously set up a dedicated hypervisor, so I wanted to learn how to do that.

I have a 2011 Mac Mini Server, which is fortunate because setting up ESXi on that Mini model has been well-documented in a number of places. The latest available version as of this date is ESXi 5.1, so I decided to install that. After some work, I now have ESX 5.1 running on my Mini Server. See below the jump for the details.

Read more…

Categories: VMware, VMware ESXi

Running remote commands via SSH

January 16, 2013 2 comments

On occasion, I need to run a single remote command on a single system, but don’t have a tool handy (like Apple Remote Desktop’s Send Unix function) to do it. If the machine in question has SSH enabled though, there’s a simple way to do this.

1. Open Terminal

2. Run the following command:

ssh username@server.domain.com "your command here"

For example, if you wanted to use tail to display the latest entries to /var/log/system.log, you would run the following command:

ssh username@server.domain.com "tail -f /var/log/system.log"

You’ll be prompted for a password, which will be used by SSH to log into the remote system. If the password is accepted, tail should start displaying the latest entries to /var/log/system.log as they’re written. To stop, you would hit Control-C as usual. That will stop the command’s execution and close the SSH connection automatically.

Screen Shot 2013-01-16 at 1.07.04 PM

When running commands that require elevated privileges, you’ll need to add the -t flag to your SSH command. -t tells SSH to force pseudo-tty allocation, which in turn provides a way to feed your account’s password to the remote server and run the command via sudo.

For example, if you wanted to restart opendirectoryd on a remote Mac running 10.8.x, you would run the following command:

ssh -t username@server.domain.com "sudo killall opendirectoryd"

You’ll be prompted for a password, which will be used by SSH to log into the remote system. You’ll then be prompted again for a password, which will be used by sudo to authenticate that your account is authorized to run the command with sudo. Once the command is run and completes successfully, the SSH connection closes automatically.

Screen Shot 2013-01-16 at 1.25.12 PM

Follow

Get every new post delivered to your Inbox.

Join 164 other followers

%d bloggers like this: