Category Archives: How To

How to remove OSSEC Agent on macOS Sierra

I’ve been trying to find a way to remove OSSEC on one of my Macs. Most documentation is a bit outdated and references files from yesteryear, so here’s how to do it on macOS Sierra in 2018.

These instructions were written with OSSEC 2.8 in mind. I’m not familiar with later versions.

Removing the three system users

The OSSEC Agent creates three system users that come up when your Mac is started. They’re called ossec, ossecm and ossecr. OSSEC uses these to run its various scrips and services.

To remove them on macOS, head over to System/Library/CoreServices/Applications and start the Directory Utility app. Unlock the little icon at the bottom left with your password to make changes (that lock icon only comes up when you click on Services or Search Policy).

Select the Directory Editor and search for “ossec”.  You should find the three system users. Select them and remove them using the little minus icon at the bottom left.

Removing files

We’ll have to remove all files from /var/ossec and the configuration file from /etc/ossec-init.conf.

Since OSSEC was likely installed from source, there are no handy graphic utilities to help us. Instead execute the following commands from the command line:

Removing System Daemons

While we find daemons in /etc/init.d on Linux distributions, they’re stored in .plist files in both /Library/LaunchAgents and /Library/LaunchDaemons. In the latter we find one like this:

The exact name will depend on your user name and machine name. Remove this file, then restart your system.

Further Reading

  • https://groups.google.com/forum/#!topic/ossec-list/ErhxXhQl5YE
  • https://en.wikipedia.org/wiki/Directory_Utility
  • https://stackoverflow.com/questions/15735320/osx-s-etc-init-d-equivalent
  • https://raymii.org/s/tutorials/Uninstall_OSSEC.html
  • https://github.com/ossec/ossec-hids

How to embed images in GitHub Readme Files

In this screencast I’ll show you how to add images to your GitHub Readme files. You can use the Markdown or HTML syntax for this, I’ll show you both versions. Make sure to upload images to your own repository and provide the relative path to them.

Here’s the syntax:

In Markdown

In Markdown syntax, use the following example to embed an image:

In HTML

GitHub also supported the HTML syntax, which uses the standard IMG tag. Pasting HTML code in a website is always a little tricky, but let me try:

Should you have spaces in your file names, you can replace them with %20, just like in standard HTML (like “file%20name”).

Now go and make those Readme.md files look handsome!

Catch this episode on my WP Guru Podcast:

How to fix the “Occasional White Screen of Death” Error in WordPress

In this video I’ll show you how to fix an odd phenomenon I’d like to call “The Occasional White Screen of Death”. Here’s what happened: Continue reading How to fix the “Occasional White Screen of Death” Error in WordPress

Catch this episode on my WP Guru Podcast:

How to mount and unmount drives in macOS and OS X from the command line

Unmounting external drives on a Mac is usually done quick and simple by either dragging drive icon to the trash, or by using the eject symbol in a Finder window. Mounting usually happens automatically when a new drive is inserted into a USB port or SD card slot.

However, there is a way to do this via the command line, of which I am a big fan. Fire up a Terminal session and see how to do it.

Listing available drives

To see what’s currently attached to your Mac, let’s use the diskutil command, followed by the word list. You’ll see output like this:

Attached drives are listed with their physical locations on the left (i.e. /dev/disk0, /dev/disk1, etc), as well as with their respective partitions if available on the right (like disk0s1, disk1s2, etc). Make a mental note of the latter: you’ll see that we have a physical disk (like disk0), on which several partitions may have been created. It is those partitions we’ll mount and unmount, NOT the physical drive.

Unmounting an attached hard drive

On my system I have two internal hard disks (disk0 and disk1), and one external USB drive (disk2). Let’s unmount that USB drive now:

Note how we use the unmount command. We need to specify the location of the partition with its full path (i.e. /dev/disk2s1).

Mounting an attached hard drive

To mount the drive again, without having to take it out and plugging it in again, I can issue this command:

Apache: How to block all other IPs except for your own

Sometimes I have to work on WordPress sites that are too busy to display the admin interface. This can happen if there’s more traffic than the server can cope with. In such cases, we may need to tell every visitor to come back later while we carry out some maintenance.

But how? Thanks to an Apache command to block all IP addresses, except for our own. We can even display a “maintenance” page while we’re hard at work behind the scenes.

Let’s see how. Add the following to your .htaccess file in the web root directory, replacing 12.34.56.78 with your own IP address:

Save the file on the server and see the site speed up as of by magic. No more requests but your own shall be processed henceforth.

Thanks to MickeyRush and b101101011011011 for this solution on Stack Overflow:

  • http://stackoverflow.com/questions/4400154/htaccess-deny-all-allow-only-one-ip

How do I find my own IP?

There are several services that will display the IP you’re currently connecting from. Head over to http://whatsmyip.org, or type “my ip” into Google.

Does this work with NGINX too

I’m sure the principle does, but I know very little about NGINX configuration. The above directive is for Apache only. If you know how this works in NGINX, please leave a comment below.

How to find your starred questions (favourites) in Stack Overflow

Stack-Favourites

You can mark questions in the Stack Exchange network simply by clicking the little star icon. A yellow star means you’ve marked it as a favourite, a grey one means you haven’t. It’s a convenient bookmarking system.

But where can you see a list of what you’ve starred? It’s not exactly obvious, so let me show you how to access your favourited questions and up voted answers. I’m using Stack Overflow as an example, but the principle is the same on all Stack Exchange sites.

  • head over to your Stack Overflow profile (click on your badge at the top)
  • find favorites at the bottom
  • now select added to see your starred/favourited questions
  • or select votes to see which answers you’ve up-voted

Hope this helps!

  • http://meta.stackexchange.com/questions/54276/where-are-my-starred-questions

How to open up your Samsung NC10

Here’s a great video by Floppydonkey on how to open up your Samsung NC10 (and NC150). This comes in handy if you’d like to replace the hard disk.

The tools we need are a small philips head screwdriver, a small flat screwdriver or spudger, and a tough finger nail.

In a nutshell, and VERY CAREFULLY:

  • turn your little buddy over onto a soft surface (lid closed, top down so that the back is facing you, headphone sockets face left)
  • take off the battery
  • loosen all screws, including those marked KEYBD (leave the ones for the memory flap)
  • where the battery once was, take the flat screwdriver and pop the two black plastic clips, just next to the two metal parts (inwards). Those are the two main clips that hold the tiny plastic body together.
  • take a tough fingernail and pop the back of the laptop where the battery sat (between those metal clips)
  • once done, lift the right side of the back first, leaving the headphone sockets
  • this is a bit fragile, but the whole back will lift off to the left
  • take out the cover from the headphone sockets
  • you’re done!

The hard drive is held with one screw, simply take it out and slide the hard disk to the right, off the connector. It’s enclosed in a shelf of sorts, which is held onto the drive with two screws opposed the connector.

Put everything back together in reverse order.

Good luck!

What are the credentials to your AirPort Time Capsule

AIrPort Time Capsule

There is something I keep forgetting time and time again: the credentials to my AirPort Time Capsule. It serves as my router, Time Machine Backup disk and even as shared storage for internal use, thanks to an attached USB drive.

All our Macs connect to both drives automatically and without fail – but every once in a while we want to access something on the shared drive, either via Windows or another app like GoodReader. And every time I forget what those credentials are – particularly the user name.

Because there just isn’t a dialogue to set it up.

The password is fairly obvious because it’s something you’ve added when you set the device up. Chances are you can remember it. You can even reset it by pressing the reset button at the back of the device for one second – but not longer, or it’ll reset to factory settings). AirPort Utility will help guide you through this.

But the user name? What is it? Something generic maybe? The name of the attached drive? Steve Job’s daughter?

Turns out there isn’t one. Put anything you like. Seriously. I know it’s weird, and it’s just not how a computer brain works. The user name can’t just be arbitrary – but on Time Capsule it is. So use any user name you like.

It doesn’t matter what as long as you put something into that field. Your uncle’s boyfriend’s pet name, or the day of the week. Anything. Just for heaven’s sake don’t leave it blank or the universe as we know it will seize to exist in a moment’s notice.

But I guess nobody tells you this in the shiny brochure.

And in case I forget how to connect those drives in Windows, here’s a quick reminder for completion:

 

Connecting to the Time Capsule drives (Windows)

Technically you can connect to the Time Capsule drives via two protocols: Samba and AFP. The latter however is only used on Apple computers. So with Windows and Linux, Samba it is.

In Windows we can map a network drive by heading over to the

  • Windows Explorer
  • find My Computer (Windows 7)
  • or This PC (Windows 8.1)
  • select Map Network drive at the top of the window

This will bring up a dialogue that shows a drive letter drop down and asks for a server path:

Screen Shot 2014-09-16 at 20.27.51

The browse option won’t find your Time Capsule – instead find the IP address on your network (usually it’s 10.0.1.1, but AirPort Utility will verify this for you in the “LAN IP” field). Add it into the path/folder field like this:

 

 

Two backslashes, followed by your IP address, followed by your drive name. If you don’t specify a drive name the operation will fail. If your drive name has spaces (like “Shared Data”) then just write them out – no need to escape them. CapItaLisAtiON is important here though.

Hit finish and your drive should be accessible.

To find your drive names, consult your friend the AirPort Utility. GoodReader on iOS will find those names automatically – but Windows does not.

And that’s that: another puzzle solved. There is no user name when accessing a Time Capsule drive.

How to enable automatic user logins on Mac OS X Yosemite

Screen Shot 2014-08-23 at 17.49.01By default Yosemite doesn’t like users to auto-login when the system starts. Instead you have to select a user, type in the password, and then the system starts to boot. Not necessarily what we want.

To disable this feature you usually head over to

  • System Preferences
  • Users and Groups
  • Login Options

and pick your default user from that handy drop down menu. Notice however that this is greyed out on Yosemite:

Screen Shot 2014-08-23 at 17.47.59

So what gives?

Turns out that this option is not available if you’ve agreed to encrypt your disk via FileVault. And it makes sense too: otherwise your hard disk data could be accessed upon boot without a password, rendering this feature useless.

Hence, to bring back automatic logins, turn off FileVault under

  • System Preferences
  • Security and Privacy
  • FileVault

Screen Shot 2014-08-23 at 17.56.24

According to this system, I can do that in about 32 days…

Notice that if you use your iCloud password as the login password, auto-logins are also disabled. In which case, change your login password to a “separate password”, switch off FileVault and voila – auto logins are back at your disposal.

Screen Shot 2014-08-23 at 18.02.06

  • http://forums.macrumors.com/showthread.php?t=1757742

How to clear your Browser Cache

Apple SafariWeb Browsers like to save websites that you’ve visited earlier to speed up how quickly they can be displayed.

Everything that should be downloaded from the web is saved as local files (up to a point), and if a browser sees that you’re visiting site again that you’ve just been to, he serves the saved files rather than request them from the web again.

You can clear this cache and force the browser to load the results from the web. Eventually the cache clears itself, but it depends on “when the browser feels like it”.

Safari

If you’re using Safari, you can clear the cache by heading to Safari – Reset Safari. Tick “reset all website data” is usually enough, but you can clear several other things while you’re there too (like the history).

Screen Shot 2014-07-25 at 17.33.20

Firefox

On Firefox this option is option is rather hidden under Firefox – Preferences – Advanced – Network, and under Cached Web Content there’s a button “clear now”. It’s always good to have a second browser installed just so you can check up on the other one (and trust neither).

Screen Shot 2014-07-25 at 17.33.20

Alternatively, hold down CMD on Mac (or CTRL on Windows) and reload a page – this sometimes works on a “per page” basis, especially if you don’t trust what you’re seeing.

iOS also has this option under Settings – Safari – Clear History and Website Data.

Just something to keep in mind when you’re seeing unexpected results.

Thanks to Jerry and his new book for this article – I just explained this to him in an email and thought this would make an excellent blog post 😉