Page 6 of 6 FirstFirst 123456
Results 51 to 57 of 57
Discuss Xtreme OS X Security at the Using Leopard - Hackint0sh.org; - p.23: Restoring from Preconfigured Disk Images One of the most efficient ways to deploy ...
  1. #51
    Professional Array bofors's Avatar

    Join Date
    May 2006
    Posts
    80
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default

    - p.23: Restoring from Preconfigured Disk Images

    One of the most efficient ways to deploy secure computers is to configure a model
    computer first, using all of the security settings requested by your organization. Create
    a disk image of the computer after thoroughly testing the computer’s settings, making
    sure that the computer meets your organization’s standards. You can then deploy this
    image without having to manually configure individual settings on each computer
    .
    You can use NetBoot or Apple Software Restore (ASR) to restore your computer from a
    network-based disk image. With NetBoot, you can restore an image directly from the
    network. With ASR, you can restore an image deployed by an ASR server, or you can
    save that image to disk. By saving the image to disk, you can verify its validity before
    using it. If you’re deploying multiple computers simultaneously, ASR can be much more
    efficient.
    For information about how to use NetBoot, see the system imaging and software
    update administration guide. For information about how to use ASR, enter man asr in a
    Terminal window. For information about how to use Disk Utility to create disk images,
    see the system imaging and software update administration guide
    .


    The idea of creating disk images for OSx86 is particularly useful given the number of extra steps required to set them up. I have three OSx86 machines here and a fourth at my parents house, so this is something I am particularly interested in. From a security prespective, reinstalling OS X (with new passwords and user account names) is a strong defense and something I do regularly. This will make it even easier.

    I am going to focus on this now and see if I can get it working with Disk Utility.app here. I did download Apple Software Restore (ASR) last night, but it would not execute on my Hackist0sh (ASR is old software, I assume it is Carbon).

    Here is the set of Apple "server" documentation and guides: http://www.apple.com/server/documentation/

    Here is Apple's System Imaging and Software Update Administration guide: http://images.apple.com/server/pdfs/...ate_v10.4C.pdf

    (attached)
    Attached Files
    Last edited by bofors; 03-12-2007 at 06:19 PM.


  2. #52
    Professional Array bofors's Avatar

    Join Date
    May 2006
    Posts
    80
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default

    http://rentzsch.com/tidbits/intelbas...ncompatibility

    Intel-based Mac Boot Incompatibility - Wolf Rentzsch
    ...
    This is easier said then done. You can’t just boot off the System Installation DVD — that’s where you run into the “You cannot install Mac OS X on this volume. Mac OS X cannot start up from this volume.” blocker. Instead, you need to install onto a different partition on your internal hard drive. Once installed, use Disk Utility’s “Restore” tab to perform a block-level from the internal partition to the “Intel” partition.

    I tried just just copying from the original internal partition using Disk Copy, but that yielded a crippled system (falling into console mode with launchd sputtering about nibindd spawning too quickly). It seems block-level mode is necessary, at least with Disk Utility. I also tried SuperDuper, but that crashed on launch. I suspect I need an Intel-compatible version.

    Now you’ll have one drive with two mutually exclusive systems on it. You’ll kernel panic if you select the wrong one for the system you’re one, but that shouldn’t cause any damage. Just restart, hold down the option key and use the firmware volume picker to select the partition which matches your machine’s architecture.

    Now, the question that comes to mind is, if Intel-based Macs can indeed boot from APM drives, why does the Mac OS X Installer go out of its way to not allow installation on APM drives? Right now I’m guessing a quality control issue was discovered late in the game and Apple made the decision to just block that route than hold up to fix it. But that’s just a guess.

    Update: Joe Jackson writes:

    Been there, done that. ;-) Your system copy was crippled because a bunch of files that need to be owned by “root” were owned by your normal user account. Disk Utility’s Restore feature botched the permissions because the external drive was mounted with the “Ignore ownership on this volume” turned on when the restore was done. Here’s the best part: if you tell Disk Utility to “Erase Destination” when doing a restore, it also turns the “Ignore ownership” option back on for external drives. Disk Utility reports the state of that option at the bottom of the window, but doesn’t let you change it.

    So you don’t need to use a block-level copy to make copied systems work. Just erase the external disk first, use the Finder Get Info window to turn “Ignore ownership” back off, then use Disk Utility to perform a restore without the “Erase Destination” option. I did it that way, and it worked fine.


    So, I am currently testing this method of creating a bootable disk image with Disk Utility on BIOS OSx86.

    EDIT: Ok, this actually seems to work on 10.4.8 with internal drives with a couple tricks. Here is what I did...

    (1) Booting from a working 10.4.8 installation, I created disk image of another one on the same machine (both internal drives) with the default New Image options in Disk Utility (i.e. compressed, no encryption).

    (2) Disk Utility->Images->Scan Image For Restore (apparently this does some things that are necessary for checksumming and such, without this step the restore does not execute).

    (3) Disk Utility->Restore (I found it necessary to check the Erase Destination box to switch Disk Utility to block copy mode, I did not skip checksum)

    (4) Disk Utility->Repair Disk Permissions (without this step I would get kernel panics on boot).

    (5) Reboot on restored drive, Disk Utility->Repair Disk Permissions (interestingly enough, there were incorrect permissions on the restored drive after booting off of it).

    Caveats: I could not use the Disk Utility -> Restore function off of the Jas 10.4.8 Install DVD that I have, but I think it might be necessary to format and partitions with that version of Disk Utility.

    I am going to be working with creating a master boot disk image for my machines more and perhaps using it with an external FireWire drive, but there does not seem to be much point of that because of the Disk Utility -> Restore function off of the Jas 10.4.8 Install DVD does not seem to work. Instead, it looks like I will have to restore boot disk images by temporally connecting them internally (which is no problem). This will save me a lot time in the future, now I can set up an OSx86 installation with everything installed (but my every changing complex user account names and passwords for security) and then just restore to my machines whenever I wish in a single fast step. Awesome...
    Last edited by bofors; 03-13-2007 at 12:10 AM.

  3. #53
    Professional Array bofors's Avatar

    Join Date
    May 2006
    Posts
    80
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    12

    Default

    Quote Originally Posted by bofors View Post
    [b][i]
    I just fixed permission on one of my OSx86 10.4.8 install and interestingly enough something odd came. I need to look into later. If anybody has anything to say about this, please speak up.

    Code:
    The privileges have been verified or repaired on the selected volume
    Repairing permissions for “System2”
    Determining correct file permissions.
    parent directory ./Users/Shared/SC Info does not exist
    Permissions differ on ./private/var/log/secure.log, should be -rw------- , they are -rw-r----- 
    Owner and group corrected on ./private/var/log/secure.log
    Permissions corrected on ./private/var/log/secure.log
    I just did this again and look what came up:

    Code:
    Repairing permissions for “System2”
    Determining correct file permissions.
    User differs on ./mach_kernel, should be 0, owner is 501
    Group differs on ./mach_kernel, should be 0, group is 80
    Permissions differ on ./mach_kernel, should be -rw-r--r-- , they are -rwxr-xr-x 
    Owner and group corrected on ./mach_kernel
    Permissions corrected on ./mach_kernel
    Permissions differ on ./private/var/log/secure.log, should be -rw------- , they are -rw-r----- 
    Owner and group corrected on ./private/var/log/secure.log
    Permissions corrected on ./private/var/log/secure.log
    
    Permissions repair complete
    The privileges have been verified or repaired on the selected volume
    WTF?

    So not only are my secure.log permission being messed with, but also mach_kernel itself? Hmm...

  4. #54
    Rookie Array

    Join Date
    May 2006
    Posts
    14
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Bofors nice to see you up and working again, i find these idea of xtreme osx sexurity exciting, i will be around tying to follow your investigations and discoverys, i hope to help some in the future.
    BTW have you tried this Clone app: ?

    MBR/HFS+ HD Clonetool
    version .06a
    by Goodtime
    completed on Dec. 3, 2006
    Last edited by aberracus; 03-27-2007 at 03:48 AM.

  5. #55
    eto
    eto is offline
    Newbie Array eto's Avatar

    Join Date
    Nov 2006
    Posts
    1
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    um .. i always thought kernel perms were 644 root:wheel


  6. #56
    Senior Professional Array semthex's Avatar

    Join Date
    Oct 2006
    Location
    Vatican City :-P
    Posts
    150
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    15

    Default

    This guide is really nice to read and worth a download, even if it's from the NSA. There are many things covered I not have been aware of before. Also pretty cool is the posibility to jump the after install registration.
    Defenetly worth to read
    For support and more infos go to irc.osx86.hu
    Your happy hackint0sh IRC network.

  7. #57
    Newbie Array

    Join Date
    Apr 2007
    Posts
    2
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by bofors View Post
    I just fixed permission on one of my OSx86 10.4.8 install and interestingly enough something odd came. I need to look into later. If anybody has anything to say about this, please speak up.

    Code:
    The privileges have been verified or repaired on the selected volume
    Repairing permissions for “System2”
    Determining correct file permissions.
    parent directory ./Users/Shared/SC Info does not exist
    Permissions differ on ./private/var/log/secure.log, should be -rw------- , they are -rw-r----- 
    Owner and group corrected on ./private/var/log/secure.log
    Permissions corrected on ./private/var/log/secure.log
    Well, i tried the Disk Utility.app's Verify Disk on my MacBook, and i got the same as well... in addition, i also got these, relating to Flash, Macromedia & Java... any ideas on whether i should repair them or not?

    Code:
    Group differs on ./Developer/ADC Reference Library/documentation/Java/Reference/1.4.2/appledoc/api, should be 80, group is 0
    Permissions differ on ./Developer/ADC Reference Library/documentation/Java/Reference/1.4.2/appledoc/api, should be drwxrwxr-x , they are drwxr-xr-x 
    Group differs on ./Developer/ADC Reference Library/documentation/Java/Reference/1.4.2/appledoc, should be 80, group is 0
    Permissions differ on ./Developer/ADC Reference Library/documentation/Java/Reference/1.4.2/appledoc, should be drwxrwxr-x , they are drwxr-xr-x 
    Group differs on ./Developer/ADC Reference Library/documentation/Java/Reference/1.4.2/doc/api, should be 80, group is 0
    Permissions differ on ./Developer/ADC Reference Library/documentation/Java/Reference/1.4.2/doc/api, should be drwxrwxr-x , they are drwxr-xr-x 
    Group differs on ./Developer/ADC Reference Library/documentation/Java/Reference/1.4.2/doc, should be 80, group is 0
    Permissions differ on ./Developer/ADC Reference Library/documentation/Java/Reference/1.4.2/doc, should be drwxrwxr-x , they are drwxr-xr-x 
    Group differs on ./Developer/ADC Reference Library/documentation/Java/Reference/1.4.2, should be 80, group is 0
    Permissions differ on ./Developer/ADC Reference Library/documentation/Java/Reference/1.4.2, should be drwxrwxr-x , they are drwxr-xr-x 
    
    Permissions differ on ./Developer/ADC Reference Library/indexes/AppleRefList, should be -rw-rw-r-- , they are -rw-r--r-- 
    Permissions differ on ./Developer/ADC Reference Library/indexes/pbHelpIndex.cstore/control, should be -rw-rw-r-- , they are -rw-r--r-- 
    Permissions differ on ./Developer/ADC Reference Library/indexes/pbHelpIndex.cstore/strings, should be -rw-rw-r-- , they are -rw-r--r-- 
    Permissions differ on ./Developer/ADC Reference Library/indexes/pbHelpIndex.cstore, should be drwxrwxr-x , they are drwxr-xr-x
     
    Permissions differ on ./Library/Application Support/Macromedia, should be drwxrwxr-x , they are drwxrwxrwx 
    User differs on ./Library/Internet Plug-Ins/Flash Player.plugin/Contents/MacOS, should be 0, owner is 501
    User differs on ./Library/Internet Plug-Ins/Flash Player.plugin/Contents/Resources, should be 0, owner is 501
    User differs on ./Library/Internet Plug-Ins/Flash Player.plugin/Contents, should be 0, owner is 501
    User differs on ./Library/Internet Plug-Ins/Flash Player.plugin, should be 0, owner is 501
    Permissions differ on ./Library, should be drwxrwxr-t , they are drwxrwxr-x 
    Permissions differ on ./private/var/log/secure.log, should be -rw------- , they are -rw-r-----

 

 
Page 6 of 6 FirstFirst 123456

Similar Threads

  1. MacNN: JBL ships OnBeat Xtreme iOS dock with Bluetooth
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 11-17-2011, 11:00 PM
  2. MacNN: Planon intros DocuPen Xtreme X-Series
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 11-04-2009, 11:10 PM
  3. MacNN: First Look: See2 Xtreme, USB video card
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 08-28-2008, 10:40 PM
  4. Xtreme OS X Security
    By bofors in forum Genuine Mac Support
    Replies: 3
    Last Post: 07-13-2008, 12:33 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 04:51 PM.
twitter, follow us!