Slashdot Mirror
Securing Mac OS X
LogError writes "This paper addresses operating system hardening in terms of patching, administration roles, and setting passwords. It also provides information on Mac OS X network security: namely, basic firewall configuration and hardening of network services such as FTP, SSH, and Apache."
1. Put on oversized trench-coat
2. walk into the apple store
3. Insert Mac OS X into trench-coat
4. Walk calmly to your car
5. Drive home
Latewire
bah, everybody knows that OS X is full of holes. users needing security should switch to windows.
I've learned my one thing for the day: an admin can control who can and who cannot execute the sudo command.
/etc/sudoers file by typing: sudo visudo Insert a hash (#) character, in front of the line
/usr/bin/kill, but only with the privileges of user tim. See the sudoers man page for more details on tightening access controls through sudo."
"Sudo
Since the root user is disabled, it is not possible to use the su command to obtain root privileges; instead, OS X makes use of the sudo program. By default Panther allows all administrative users access to the sudo command and it allows these users to run any program with sudo. In some circumstances, this may contravene system usage policies. In these cases, it is possible to disallow sudo access to the administrator group and instead, enable it on a per user basis.
From the terminal, edit the
%admin ALL=(ALL) ALL
To allow only the user 'bob' access to sudo add the line:
bob ALL = (ALL) ALL
Make sure that at least one user has permissions to run sudo before saving the file! Access controls within the sudoers file can be specified minutely, for example, it is possible to grant the user james access to the file
Who'da thunk?
d a v e
"Hmmm...upgrades."