Interesting course as part of Infosec 2015.
- Install libpam-radius-auth
sudo apt-get install libpam-radius-auth
- Configure libpam-radius-auth with your radius servers and secrets
sudo pico /etc/pam_radius_auth.conf
- Set permissions on /etc/pam_radius_auth.conf
sudo chmod 0600 /etc/pam_radius_auth.conf
auth sufficient pam_radius_auth.soto
/etc/pam.d/loginand then the following as desired just above the line reading @include common-auth
- Add try_first_pass to auth line in /etc/pam.d/common-auth
auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass
- Make user locally with disabled password
sudo useradd -m USERNAME
or to add a user and add to the sudo group
sudo useradd -m -G sudo USERNAME
The one caveat that I’ve found with this is that when logging in with local users to the local console you are prompted for a password twice, this is fixed via step 5 but note that if you run pam-auth-update this change will be overwritten.
In order to activate an IOS device when behind a firewall allow the following traffic
https 126.96.36.199 nwk-unbrick2.apple.com
If you allow port 80 and 443 access out of your network then accessing the Apple App Store from behind your firewall it’s a doddle.
However if you have a more locked down area of a network but have iPads etc that need App Store access here’s what you need to allow port 80 and 443 access to:
188.8.131.52/16 Apple's Class B Subnet includes phobos.apple.com address(es) 184.108.40.206/23 Akamai Technologies CDN
I appreciate this is a bit of a wide range of addresses, but unless you want to be having to packet capture and analyze where the App store is heading too that week it’s a reasonable. I doubt anyone would give up a class B IPv4 range nowadays.
Hope that helps some of you out!
Seeing as there is already the capability to run a built in ftp server on OS X why bother downloading and potentially paying for one?
Starting the OS X FTP Server
sudo -s launchctl load -w /System/Library/LaunchDaemons/ftp.plist
Stopping the OS X FTP Server
sudo -s launchctl unload -w /System/Library/LaunchDaemons/ftp.plist
You could even easily knock up an Automator app to start and stop this (sod it I might even make one myself).