unlocking user’s screen saver as admin

https://apple.stackexchange.com/questions/258055/10-12-sierra-unlock-screensaver-by-admin-via-security-authorizationdb

 

I admin a bunch of Macs, and depend on unlocking user’s screen saver as admin. I’ve always done this editing /etc/pam.d/screensaver

This no longer works. I need to do it via security authorizationdb.

I can do it with this command:

security authorizationdb write system.login.screensaver "authenticate-session-owner-or-admin"


https://discussions.apple.com/thread/7086700?start=0&tstart=0

Add a User to Sudoers in Mac OS X

I am having success with what I found at this URL: https://apple.stackexchange.com/questions/76088/how-do-i-give-a-user-sudo-permissions

To Quote apple.stackexchange.com
Rather than give geoff sudo privileges, consider adding the account to the admin group so that it inherits the admin group sudoer privileges. This would be the more correct way to do things.

To add geoff to the admin group you’ll need to run the following as the admin account:

sudo dseditgroup -o edit -a geoff -t user admin
You may also want to consider putting geoff in the wheel group too:

sudo dseditgroup -o edit -a geoff -t user wheel
The wheel group is a BSD-ism, where OS X has its roots. In traditional BSD systems the wheel group was used to keep a collection of users who were allowed to become superusers using the su command. It’s not strictly necessary to be in both admin and wheel but anyone setup as as “Administrator” on the machine through the UI for adding a user is in both so it can’t hurt to replicate that setup.

To reverse this change, change the -a (add) flag to -d (delete): sudo dseditgroup -o edit -d geoff -t user admin

Apple Directory Service Tools
https://opensource.apple.com/source/DSTools/DSTools-134/

Add a User to Sudoers in Mac OS X
Adding users to the sudoers requires the usage of vi, which can be fairly confusing if you’re not accustomed to it. For the unfamiliar, we’ll outline the exact key command sequences to edit, insert, and save the file in vi, follow the instructions carefully.

1) Launch Terminal and type the following command:

 sudo visudo 

2) Use the arrow keys to navigate down to the “#User privilege specification” section, it should look like this:

 # User privilege specification
root	ALL=(ALL) ALL
%admin	ALL=(ALL) ALL 

3) Put the cursor on the next empty line below the %admin entry and then press the “A” key to insert text, then type the following on a new line, replacing ‘username’ with the users short name of the account you wish to grant privilege to (hit tab between username and ALL):

 username ALL=(ALL) ALL  

4) Now hit the “ESC” (escape) key to stop editing the file

5) Hit the : key (colon) and then type “wq” followed by the Return key to save changes and exit vi

Use cat with grep to find the username quickly if you don’t want to scan through the entire file:
cat /etc/sudoers | grep username

cat /etc/sudoers | grep promin

Link taken from this article
http://osxdaily.com/2014/02/06/add-user-sudoers-file-mac/

configure passwordless SSH login

STEP ONE – Generating the key pair

1) Generate an RSA private key using ssh-keygen (unless you have already created one).

 ssh-keygen -t rsa

This creates a public/private keypair of the type (-t) rsa.

 Generating public/private rsa key pair.
Enter file in which to save the key (/Users/YOUR-USER-HERE>/.ssh/id_rsa):

Once the keypair is created, you are prompted to enter the following items.

2) Click Enter on your keyboard to continue.

 Enter passphrase (empty for no passphrase): 

3) Click Enter (AGAIN) on your keyboard to continue.

 Enter same passphrase again (empty for no passphrase): 

4) Click Enter on your keyboard to continue.

5) When finished, click Enter on your keyboard.

STEP TWO – Copying the public key you just created on your home computer to your server

1) Run the following command to copy the public key on your local computer to server.

cat ~/.ssh/id_rsa.pub | ssh username@yourserver.com "mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys"

STEP THREE – Confirming the SSH connection

ssh username@yourserver.com

***Notes taken from this post

ls more, less List information

 ls -la | more 
 ls -la | less 

ls
List information about files.

Syntax
ls [Options]… [File]…

Key
Sort entries alphabetically if none of -cftuSUX nor –sort.

-a, –all List all entries including those starting with a dot .

-A, –almost-all List all entries including those starting with a dot .
Except for . and .. (implied)

-b, –escape Print octal escapes for nongraphic characters

–block-size=SIZE Use SIZE-byte blocks

-B, –ignore-backups Do not list implied entries ending with ~

-c Sort by change time; with -l: show ctime

-C List entries by columns

–color[=WHEN] Control whether color is used to distinguish file
types. WHEN can be `never’, `always’, or `auto’

-d, –directory List directory entries instead of contents

-D, –dired Generate output designed for Emacs’ dired mode

-f Do not sort, enable -aU, disable -lst

-F, –classify Append indicator (one of */=@|) to entries

–format=WORD Across -x, commas -m, horizontal -x, long -l,
single-column -1, verbose -l, vertical -C

–full-time List both full date and full time

-g (ignored)

-G, –no-group Inhibit display of group information

-h, –human-readable Print sizes in human readable format (e.g., 1K 234M 2G)
-H, –si Likewise, but use powers of 1000 not 1024

–indicator-style=WORD Append indicator with style WORD to entry names:
none (default), classify (-F), file-type (-p)

-i, –inode Print index number of each file

-I, –ignore=PATTERN Do not list implied entries matching shell PATTERN

-k, –kilobytes Like –block-size=1024

-l Use a long listing format

-L, –dereference List entries pointed to by symbolic links

-m Fill width with a comma separated list of entries

-n, –numeric-uid-gid List numeric UIDs and GIDs instead of names

-N, –literal Print raw entry names (don’t treat e.g. control
characters specially)

-o Use long listing format without group info

-p, –file-type Append indicator (one of /=@|) to entries

-q, –hide-control-chars Print ? instead of non graphic characters

–show-control-chars Show non graphic characters as-is (default)

-Q, –quote-name Enclose entry names in double quotes
–quoting-style=WORD Use quoting style WORD for entry names:
literal, shell, shell-always, c, escape

-r, –reverse Reverse order while sorting

-R, –recursive List subdirectories recursively

-s, –size Print size of each file, in blocks

-S Sort by file size

–sort=WORD time -t, version -v, status -c
size -S, extension -X, none -U
atime -u, access -u, use -u

–time=WORD Show time as WORD instead of modification time:
atime, access, use, ctime or status;
also use this as a sort key if –sort=time

-t sort by modification time

-T, –tabsize=COLS assume tab stops at each COLS instead of 8

-u sort by last access time; with -l: show atime

-U do not sort; list entries in directory order

-v sort by version

-w, –width=COLS assume screen width instead of current value

-x list entries by lines instead of by columns

-X sort alphabetically by entry extension

-1 list one file per line

–help display help and exit

–version output version information and exit
The most common options are -a (all files) and -l (long or details)

Tab completion is supported and can be configured with .inputrc

When output to file the files are listed one per line.

By default, colour is not used to distinguish types of files. That is equivalent to using –color=none.
Using the –color option without the optional WHEN argument is equivalent to using –color=always.
With –color=auto, color codes are output only if standard output is connected to a terminal (tty).

Examples

# List the contents of your home directory
$ ls ~

# list everything in a vertical list:
$ ls -al

total 109
drwxr-xr-x 18 root root 4096 Jun 9 21:12 ./
drwxr-xr-x 18 root root 4096 Jun 9 21:12 ../
drwxr-xr-x 2 root root 4096 Jun 9 21:14 bin/
drwxr-xr-x 3 root root 1024 Jun 9 20:32 boot/
drwxr-xr-x 6 root root 36864 Jul 12 10:26 dev/
drwxr-xr-x 34 root root 4096 Jul 12 10:25 etc/
^
the first column is the file type
d = directory
f = file

# List the directories in the current directory:
$ ls -d */

# List all subdirectories:
$ ls *

List all files, one per line, including subdirectories – using find
$ find ~/Documents/ -type f

The default behaviour of ls is to only pass color control codes to tty output –color=auto.
To pipe the output to a second command complete with color codes then set –color=always

$ ls -lAXh –color=auto|less -R

A list of environment variables that affect ls (colour, column width, blocksize etc)

“If the doors of perception were cleansed every thing would appear to man as it is, infinite” ~ William Blake

audit service retention time

audit service retention time
The check displays the amount of time the audit system is configured to retain audit log files. The audit system will not delete logs until the specified condition has been met. To view the current setting, run the following command:

sudo grep ^expire-after /etc/security/audit_control

If this returns no results, or does not contain 7d or a larger value, this is a finding.

—->
Edit the /etc/security/audit_control file, and change the value for ‘expire-after’ to the amount of time audit logs should be kept for the system. Use the following command to set the ‘expire-after’ value to ‘7d’:

sudo sed -i.bak ‘s/.*expire-after.*/expire-after:7d/’ /etc/security/audit_control; sudo audit -s
sudo sed -i.bak ‘s/.*expire-after.*/expire-after:365d/’ /etc/security/audit_control; sudo audit -s

//////////////////////

audit service should be configured to immediately print messages to the console
By default, auditd only logs errors to syslog. To see if audit has been configured to print error messages to the console, run the following command:

sudo grep logger /etc/security/audit_warn

If the argument ‘-s’ is missing, or if audit_warn has not been otherwise modified to print errors to the console or send email alerts to the SA and ISSO, this is a finding.

—->

To make auditd log errors to standard error as well as syslogd, run the following command:

sudo sed -i.bak ‘s/logger -p/logger -s -p/’ /etc/security/audit_warn; sudo audit -s

//////////////////////

audit service should shut down the computer if it is unable to audit system events

To view the setting for the audit control system, run the following command:

sudo grep ^policy /etc/security/audit_control | grep ahlt

If there is no result, this is a finding.

—->

Edit the /etc/security/audit_control file, and change the value for policy to include the setting ‘ahlt’. To programmatically do this, run the following command:

sudo sed -i.bak ‘/^policy/ s/$/,ahlt/’ /etc/security/audit_control; sudo audit -s

//////////////////////

Auditing successful and unsuccessful attempts to elevate privileges

The options to configure the audit daemon are located in the /etc/security/audit_control file. To view the current settings, run the following command:

sudo grep ^flags /etc/security/audit_control

If the ‘lo’, ‘ad’, and ‘aa’ options are not set, this is a finding.

—->

To set the audit flags to the recommended setting, run the following command to add the flags ‘lo’, ‘ad’, and ‘aa’ all at once:

sudo sed -i.bak ‘/^flags/ s/$/,lo,ad,aa/’ /etc/security/audit_control; sudo audit -s

A text editor may also be used to implement the required updates to the /etc/security/audit_control file.

//////////////////////

If events associated with non-local administrative access or diagnostic sessions are not logged, a major tool for assessing and investigating attacks would not be available.

In order to view the currently configured flags for the audit daemon, run the following command:

sudo grep ^flags /etc/security/audit_control

Administrative actions and changes to configuration settings are logged by way of the ‘ad’ flag. If ‘ad’ is not listed in the result of the check, this is a finding.

—->

To make sure the appropriate flags are enabled for auditing, run the following command:

sudo sed -i.bak ‘/^flags/ s/$/,ad/’ /etc/security/audit_control; sudo audit -s

A text editor may also be used to implement the required updates to the /etc/security/audit_control file.

//////////////////////

auditing privileged functions

In order to view the currently configured flags for the audit daemon, run the following command:

sudo grep ^flags /etc/security/audit_control

Privileged access is logged via the ‘ad’ flag. If ‘ad’ is not listed in the result of the check, this is a finding.

—->

To make sure the appropriate flags are enabled for auditing, run the following command:

sudo sed -i.bak ‘/^flags/ s/$/,ad/’ /etc/security/audit_control; sudo audit -s

A text editor may also be used to implement the required updates to the /etc/security/audit_control file.

more auditing privileged functions

In order to view the currently configured flags for the audit daemon, run the following command:

sudo grep ^flags /etc/security/audit_control

Attempts to log in as another user are logged by way of the ‘lo’ flag. If ‘lo’ is not listed in the result of the check, this is a finding.

—->
To make sure the appropriate flags are enabled for auditing, run the following command:

sudo sed -i.bak ‘/^flags/ s/$/,lo/’ /etc/security/audit_control; sudo audit -s

A text editor may also be used to implement the required updates to the /etc/security/audit_control file.

 

 

links: https://www.scip.ch/en/?labs.20150108

Email settings

Email settings
Server settings ยป Email settings

Mail Server Settings
Mail host:
smtp.gmail.com

Email security
X Enable TLS

Google’s Gmail Outgoing Mail (SMTP) Server settings
https://support.google.com/mail/answer/7126229?hl=en&visit_id=1-636296667856054854-1257014222&rd=1

*** Look for Google blocking
Review blocked sign-in attempt
and whitelist in google if necessary and you accept the risks!

I found toggling this google setting helped achieve whitelist-like status, that and using stronger TLS helps
https://myaccount.google.com/lesssecureapps

Login Background

http://docs.splunk.com/Documentation/Splunk/6.5.2/AdvancedDev/CustomizeLogin

Steps
Log into the Splunk instance and navigate to Settings > System > Server Settings > Login Background.
Select one of the following options.
Background option Description
Custom image To use a custom background, upload the image file and click Choose.
Default image Use the default background image.
No image Do not display an image on the login page.
Use the Preview screen to preview the login page customization.
Click Save.
Restart the Splunk instance to view the changes.

Add a custom logo

Use a custom favicon