Results 1 to 5 of 5

Thread: OS X daily tasks & housekeeping

  1. #1
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Default

    Jazzbo,

    Haven't forgotten about running daily scripts, but I wanted to make it a new topic. I've been looking at other tasks that Macjanitor doesn't do, like rotating HenWen logs and snort output. I don't think running the 'diskutil' to repair permissions would be a daily script though, and how would it know passwd... I wouldn't want that to be in a clear text script, would I?

    There is /private/etc/periodic/daily/500.daily and 100.clean-logs
    so you want to add 800.daily to that directory?

    and I can add a line to run the snort log rotation and then, even MacJanitor will use and pick these up?

    /private/var/log/snort

    is where the snort directory resides.

    Here is the orginal message from iMovie thread:
    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR> Sorry, 'mano -- my fault for misreading the sudo call you had. I was thinking of it as

    sudo -u diskutil repairPermissions /

    such that you'd be running a program called repairPermissions as the user diskutil. Mis-fire in my reading!!

    If you know how to use pico, cool. Otherwise, let me know and we'll come up with an alternative.

    NOTE: This is for OSX 10.2, not for 10.1.* or 10.0.

    As root, run

    code:

    pico /etc/periodic/daily/800.repairPermissions

    and put the lines between the --- lines into the file:

    --- paste from the line after this into the file ---
    #!/bin/sh
    #
    # 800.repairPermissions: run diskutil to repair all file permissions
    #
    /usr/sbin/diskutil repairPermissions /
    --- paste through the line above this into the file ---

    Then, after saving the file in and then exiting from pico, you need to turn on the execute bit for the owner (root) by setting the permissions (filemode) of the script you just created. In Terminal as root:

    code:

    chmod 744 /etc/periodic/daily/800.repairPermissions

    and, to check your work, the output of running

    code:

    ls -l /etc/periodic/daily/800.repairPermissions

    (that was "ell ess space dash ell") should look like:

    code:

    -r-xr--r-- 1 root wheel 1389 Jul 14 13:57 /etc/periodic/daily/800.repairPermissions

    Things we expect to be different? The time-stamp and the number of characters in the file (which won't be 1389).

    Want to try it manually? As root, enter in Terminal:

    code:

    /etc/periodic/daily/800.repairPermissions; echo $?

    If at the very end it prints a 0 (zero) and had printed no error messages, it means everything worked right. If it prints error messages and then a number other than 0 as the very last line, a failure occured and you may want to delete the file until we can figure out what went wrong.

    code:

    # to remove the file:
    rm /etc/periodic/daily/800.repairPermissions

    If everything *did* go well, then tomorrow morning's run of the daily crontab entry (at 3:15am) will also run diskutil repairPermissions against your root volume.

    Jazzbo <HR></BLOCKQUOTE>

    #!/bin/sh
    # Sample /etc/daily.local file. Included with HenWen.
    # By Nick Zitzmann
    #
    # This is an example of how to set up your system so that the
    # "snort-log-rotate.sh" script is run at the same time your Mac
    # rotates the system log files.
    #
    # If you don't have a daily.local script installed in /etc, then
    # you can move this into your /etc directory and rename it
    # to "daily.local". To do that in the Terminal, you would type:
    # sudo cp "/Volumes/HenWen/Snort Log Rotation/Sample daily.local" /etc/daily.local
    # And enter your password when prompted.
    #
    # If you do have a daily.local script, then you need to copy and paste
    # the shell code below into it.
    #
    # Don't forget to change the path below if you placed
    # snort-log-rotate.sh in some folder other than etc.

    if [ -f /etc/snort-log-rotate.sh ]; then
    sh /etc/snort-log-rotate.sh
    fi

    -------------------------------


    [This message has been edited by Gregory (edited 02 January 2003).]

  2. #2
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Default

    Macaroni 1.3.1

    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR> Macaroni is a tool which handles regular maintenance for Mac OS X's Unix core. Normally these tasks run on a regular schedule, in the middle of the night. However if you don't leave your Mac on all night, they never run. Your Mac won't wake from sleep to handle this. Macaroni solves this problem. If a scheduled maintenance task is not run when it's normally scheduled, Macaroni automatically ensures that it's run at the next opportunity, whenever the Mac is on. BTW, this shareware employs an installer.

    Features:

    * Automatically runs maintenance jobs
    * Configurable: Add your own scheduled tasks
    * Custom tasks can be scheduled as daily, weekly, monthly, or at regular intervals (such as "every three days").
    * Tracks maintenance history
    * Displays results of latest maintenance run.
    * New in 1.1: Maintenance tasks may be scheduled to occur only during system idle time.
    * New in 1.2: PowerBook and iBook users! Maintenance tasks may now be scheduled so that they don't run when you're on battery power. Instead they'll wait until the power adapter is plugged in.
    * New in 1.3: Keep those Unix permissions straight! Macaroni now automatically runs the Mac OS X "repair privileges" utility for you! Requires Mac OS X 10.2 or higher.
    http://www.atomicbird.com/
    <HR></BLOCKQUOTE>

  3. #3
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Default

    I would recommend users avoid purchasing this software!!

    I've been getting a lot of OUTBOUND traffic since I purchased the software. It uses an installer, and I have not installed it. All I did was purchase and download.

    I even turned off router and modem and STILL got alerts from HenWen guys.

    **] [100:2:1] spp_portscan: portscan status from 192.168.0.2: 5 connections across 5 hosts: TCP(5), UDP(0) [**]
    01/02-10:48:04.428158

    [**] [100:2:1] spp_portscan: portscan status from 192.168.0.2: 5 connections across 5 hosts: TCP(5), UDP(0) [**]
    01/02-10:48:08.533317

    [**] [1:1721:3] WEB-CGI adcycle access [**]
    [Classification: access to a potentially vulnerable web application] [Priority: 2]
    01/02-10:48:09.686990 192.168.0.2:49371 -> 65.77.42.105:80
    TCP TTL:64 TOS:0x0 ID:14679 IpLen:20 DgmLen:560 DF
    ***AP*** Seq: 0x6C2E9162 Ack: 0xFE54065A Win: 0x811A TcpLen: 20

    [**] [100:2:1] spp_portscan: portscan status from 192.168.0.2: 6 connections across 6 hosts: TCP(6), UDP(0) [**]
    01/02-10:48:12.706058

    [**] [100:2:1] spp_portscan: portscan status from 192.168.0.2: 4 connections across 4 hosts: TCP(4), UDP(0) [**]
    01/02-10:48:16.987204

    [**] [100:2:1] spp_portscan: portscan status from 192.168.0.2: 4 connections across 4 hosts: TCP(4), UDP(0) [**]
    01/02-10:48:20.316502

    [**] [100:2:1] spp_portscan: portscan status from 192.168.0.2: 2 connections across 2 hosts: TCP(2), UDP(0) [**]
    01/02-10:48:42.146341

    [**] [100:2:1] spp_portscan: portscan status from 192.168.0.2: 1 connections across 1 hosts: TCP(1), UDP(0) [**]
    01/02-10:48:53.022643

    [**] [100:2:1] spp_portscan: portscan status from 192.168.0.2: 1 connections across 1 hosts: TCP(1), UDP(0) [**]
    01/02-10:49:02.180207

    [**] [100:2:1] spp_portscan: portscan status from 192.168.0.2: 1 connections across 1 hosts: TCP(1), UDP(0) [**]
    01/02-10:49:06.473685

    [**] [100:2:1] spp_portscan: portscan status from 192.168.0.2: 1 connections across 1 hosts: TCP(1), UDP(0) [**]
    01/02-10:49:15.710425

    [**] [100:2:1] spp_portscan: portscan status from 192.168.0.2: 1 connections across 1 hosts: TCP(1), UDP(0) [**]
    01/02-10:49:24.549144

    [**] [100:2:1] spp_portscan: portscan status from 192.168.0.2: 1 connections across 1 hosts: TCP(1), UDP(0) [**]
    01/02-10:49:32.593447

    [**] [100:2:1] spp_portscan: portscan status from 192.168.0.2: 1 connections across 1 hosts: TCP(1), UDP(0) [**]
    01/02-10:49:39.670526

    [**] [100:2:1] spp_portscan: portscan status from 192.168.0.2: 1 connections across 1 hosts: TCP(1), UDP(0) [**]
    01/02

  4. #4
    Join Date
    Feb 2001
    Location
    on the landline, Mr. Smith
    Posts
    7,784

    Default

    Hi G -

    So, have you used/tested this yet? Any downside or risk?



    While on the topic of permissions...

    Can fixing permissions "break" anyhting? Have not seen anybody report any problems, but I have not dug into it yet.

    Can I assume that permissions are just being restored to defaults (as one looks at the log of permissions being repaired, one sees "is" and "should be")? What happens if a user intentionally changes ownership of an item? Do you have to go back and reset ownership they way you want it after repairing permissions? If they are not being set back to a default, what is the criteria for "should be"?

    On Server, this could be catastrophic if repairing permissions affects users or groups! I doubt it is (repaired permissions when updating from Server 10.2.1 to 10.2.2 with no problems, and it may have even solved an access problem), but I don't want to be the first to find out....


    Update:

    Well I guess you knew what I was going to ask! Missed it by that much....

    Thanks!

    [This message has been edited by newbie (edited 02 January 2003).]

  5. #5
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Default

    The software may be good, but the web site, eSellerate, is not probably. There was an instance of someone stealing CC#'s from Kagi 18-20 months ago.

    And then, there are some new WORMs out today and in the last week cruising the super highway.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •