Posts Tagged ‘OS X’

The Changing Operating System of a CS Student

Sunday, May 23rd, 2010

The purpose of this entry is to share my view of three different operating systems and how over time they have changed in my life. Throughout the course of my freshmen and sophomore year of college my preferred operating system changed with my knowledge and need. Freshmen year I would have never touched a Linux computer, I would walk to several computers and select the computer already booted into Windows in the computer labs that had both Windows XP and Ubuntu. My personal computers were a MacBook Pro running OS X 10.5 and a HP Tablet running Windows Vista / 7 RC.

I considered my HP computer running Windows to be “work” computer and my Mac to be my more personal computer. I would use my HP computer during the day to take notes in Microsoft OneNote and Dev C++ for my programming assignments. After classes I would retire to my Mac where all my music, pictures and movies were located. My Mac was slowly becoming my primary machine for personal programming and iPhone development. At this point in time I still had no desire to use any type of Linux system, and I had not fully used the power hidden under Apples OS.

My sophomore year I started becoming more involved in the Open Source Institute, on campus as well as taking a classes on PHP/MySQL, Unix Administration. Slowly Fedora and Ubuntu were becoming part of daily interaction, and my Windows computer was only used for note taking in my math class. My knowledge and uses of these different Operating Systems had changed. Now I had my HP tablet dual booting between Windows 7 and Ubuntu 9.10, and my Mac was now much more than a place to listen to music and watch movies.

Now I have a copy of Windows installed for no other reason then software testing, or the case where the software will run in Windows. My Mac has become a “hybrid computer” mixing entertainment and work. I have my terminal and a powerful layer of OS X many users probably never use, which allows me to easily host a webserver, ssh from anywhere, vnc or screen shareing, and mix between Perl and PHP for quick dirty scripts. When I’m not sshing into a server I’m watching a movie or listening to music all with the eye candy of an Apple product. Linux (Ubuntu) has become the fast, small and powerful OS for my tablet and the OS for all the servers (CentOS or Ubuntu) I manage and I use it equally compared to OS X. Today give me a terminal and a browser window and I’m happy.

Tags: , , ,
Posted in Linux, OS X, Uncategorized | No Comments »

Securing OS X using ipfw

Thursday, April 22nd, 2010

Recently I began using strongvpn to allow connections to my computer from the outside via vpn.

On my mac I have Screen Sharing, Apache2, and ssh running. Thinking about security, before I started using the VPN service my computer could only be seen by people on campus, but now however my machine is open to the whole world on those ports.

I wanted to block Screen Sharing and Apache from outside connections but still allow myself to visit my mac on campus. To do this I did some quick research on ipfw, below are the commands I used to setup blocking connections besides those on campus.

sudo ipfw -f flush

sudo ipfw add 02055 deny tcp from any to any 5900 in

sudo ipfw add 02054 allow tcp from 128.153.0.0/16 to any 5900 in

sudo ipfw add 02070 deny tcp from any to any 80 in

sudo ipfw add 02069 allow tcp from 128.153.0.0/16 to any 80 in

sudo ipfw list

Below is an explanation of the rules above:

sudo ipfw -f flush // removes all the current rules

sudo ipfw add 02055 deny tcp from any to any 5900 in // blocks all incoming connections on port 5900 which is what vnc uses (Screen Sharing)

sudo ipfw add 02054 allow tcp from 128.153.0.0/16 to any 5900 in

This makes it so only people with an ip address of 128.153.xxx.xxx can connect on port 5900. If I had done 128.153.0.0/32 only people from 128.153.0.xxx could connect

Next we need to create a script that will set these rules on reboot / start.

To do so we will create a file called loadipfwrules.sh in /usr/local/bin and paste the rules from above in it. Next we want to set the correct permissions on the file so run

sudo chmod 0755 loadipfwrules.sh

Next we will want to make the .plist file that will call our script at startup. We will make a file in /Library/LaunchDaemons under any name. In this example we will call it ipfwrules.plist. The plist file should contain the following:


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST
1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>ipfwloadrules</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/loadipfwrules.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>UserName</key>
<string>root</string>
<key>GroupName</key>
<string>wheel</string>
</dict>
</plist>

Tags: , , ,
Posted in Guide, OS X | No Comments »