Putty est un petit soft pour Linux et Windows qui permet de gérer les connexions SSH de ses serveurs. Autant dire que c’est devenu mon meilleur ami depuis des années. Mais sur Mac, point de Putty… En effet, il n’y en a pas vraiment besoin car nativement via le terminal d’OSX, il est possible de sauvegarder ses paramètres de connexion. Pour cela, lancez un terminal, cliquez sur le menu Shell puis « Nouvelle connexion distante » pour ajouter vos paramètres de connexions à vos serveurs chéris.
Puis juste pour le fun, et pour facilement passer de l’un à l’autre, je me suis mis en tête d’installer quand même Putty sous Mac OSX. Voici donc comment migrer un Putty Linux vers un Putty Mac (ou vice versa). Vous allez voir, c’est assez simple.
Tout d’abord, il faut installer XCode qui est le SDK OSX réservé aux développeurs. Rien de plus simple, il est en libre téléchargement ici.
Installez ensuite Mac Ports que vous trouverez ici. Mac Ports est un projet qui a pour but d’adapter sur Mac les grands classiques du logiciel open source tel que …. Putty (vous me suivez…) Ils en sont actuellement à plus de 6 000 logiciels portés. Pas mal !
Ouvrez ensuite un terminal et entrez la commande suivante : sudo port install putty
Laissez mouliner et hop, Putty sera installé sur votre ordinateur.
Récupérez ensuite le répertoire (caché) .putty dans votre /home/pseudo (sous Linux – Remplacez user par votre nom d’utilisateur) et placer le à l’identique dans le/Users/pseudo du Mac (et vice versa si vous voulez passer d’OSX à Linux)
Et voilà, le tour est joué ! Entrez la commande ‘putty’ dans un terminal et le logiciel se lancera avec tous vos paramètres.
De quoi gagner du temps, même si je pense qu’au final, c’est plus pratique de basculer progressivement de Putty vers le gestionnaire SSH natif d’OSX.
Petite parenthèse, si vous êtes sous Windows, vous pouvez exporter votre configuration Putty mais tout se passe en base de registre ce qui veut dire que vous ne pourrez faire de migration de Putty à Putty que sous Windows (et pas Windows <-> Mac ou Windows <-> Linux… En tout cas, pas à ma connaissance. Mais si vous avez une astuce à ce sujet, je serai ravi de la connaitre)
Faites Démarrer / Exécuter et entrez la commande suivante :
Récupérez ensuite le fichier putty.reg, placez vous sur le nouveau Windows et importez ce fichier dans la base de registre en double cliquant simplement dessus (ou en faisant « Fichier « -> « Importer » dans regedit). Et vous aurez récupéré votre conf Putty Windows.
There’re many reasons you might want to browse anonymously which can be accomplished by using Tor. The setup instructions on Tor’s website are quite scattered and outdated so here’re some steps to setup Tor on OS X with a simple automated script at the end.
I’m using OS X Yosemite (10.10) for the following instructions but it should work on almost any OS X version.
Tor Browser
The most simple way to surf anonymously with Tor is to just grab the Tor Browser bundle.
But it’s based on a super old version of Firefox. And there might be more you want to do anonymously on your machine than just browsing the web, like accessing resources via the Terminal or any other app. Or just use the browser you’re used to.
For this you need to have Tor installed on your system and additionally set specific Proxy values in your network preferences after you’ve started Tor.
Congratulations, you now have Tor running on your system. But none of your network traffic is routed through it yet.
In order for all your system traffic being routed through Tor you need to adjust your system’s network proxy settings whih you can either do visually in the System Preferences or programmatically via OS X’s builtin networksetup.
Set network proxy settings via System Preferences
You can do this under System Preferences > Network and creating a specific Tor network location for it:
From Location dropdown at the top, select Edit Locations…
Create a new location by hitting the plus button and name it Tor. Hitting Done will select the new location which is now ready to be configured
Go to Advanced > Proxies and activate SOCKS Proxy and add those values:
SOCKS proxy server: localhost
Port: 9050
After hitting OK & Apply at the initial network screen, you can easily switch to this newly created location from your menu bar under > Location whenever you start up Tor.
Switching to the Tor location routes all network traffic on your system through Tor. Note that you have to repeat those steps for every other network interface if you use, say, Wi-Fi and Ethernet interchangeably.
For quite some time I use my Ubuntu machine as a file and backup server for all Macs in my network which is perfectly accessible from the Finder in Mac OS X. There are some instructions available in the web for this task but all failed in my case so I wrote my own tutorial with all the steps needed for it to work properly.
So here’s my little Tutorial for connecting Mac OS X Leopard with Ubuntu and using your Ubuntu machine as a backup volume for Time Machine but all steps can be reproduced on every Linux box and they work with Mac OS X 10.4 Tiger too. At the end of this tutorial you will have a server which shows up in the Finder sidebar and behaves just like a Mac server when accessing it from your Macs. To be perfectly integrated with Mac OS X we’re going to use Apple’s Filing Protocol (AFP) for network and file sharing.
Although this Tutorial involves using the Terminal in Ubuntu and looks a bit geeky it’s very easy even for beginners. I have tried to explain all steps and Terminal commands so you may learn a bit about the Terminal too. At the end of the article you can download my Server Displays icon pack quickly made by me with custom icons for a Mac, Ubuntu and Windows server.
Personally I use a fresh installation of Ubuntu 8.04 Hardy Heron Desktop version (32bit on one machine, 64bit on the other) and Mac OS X Leopard (10.5.3 and later) to connect to them. On my Ubuntu boxes there’s no other file sharing protocol like samba (Windows sharing) or NFS activated.
Rumors are Apple will add some undocumented AFP commands with the Mac OS X 10.5.6 update which therefor won’t be supported by the current Netatalk package (and maybe never will). So be sure to check the latest comments on this article when the 10.5.6 update is out to see if this rumor is true and if there are problems caused by that.
Here are the steps involved in setting up your Ubuntu box as a Mac file server:
Modify and install Netatalk (Open Source AFP implementation)
Configure Netatalk
Configure shared volumes (and Time Machine volume)
In the Getting Started guide, you learned how to deploy a Linux distribution, boot your Linode and perform some basic administrative tasks. Now it’s time to harden your Linode to protect it from unauthorized access.
Update Your System–Frequently
Keeping your software up to date is the single biggest security precaution you can take for any operating system–be it desktop, mobile or server. Software updates frequently contain patches ranging from critical vulnerabilities to minor bug fixes, and many software vulnerabilities are actually patched by the time they become public.
Automatic Security Updates
There are opposing arguments for and against automatic updates on servers. Nonetheless, CentOS, Debian, Fedora and Ubuntu can be automatically updated to various extents. Fedora’s Wiki has a good breakdown of the pros and cons, but if you limit updates to those for security issues, the risk of using automatic updates will be minimal.
The practicality of automatic updates must be something which you judge for yourself because it comes down to what you do with your Linode. Bear in mind that automatic updates apply only to packages sourced from repositories, not self-compiled applications. You may find it worthwhile to have a test environment which replicates your production server. Updates can be applied there and reviewed for issues before being applied to the live environment.
Up to this point, you have accessing your Linode as the root user. The concern here is that roothas unlimited privileges and can execute any command–even one that could accidentally break your server. For this reason and others, we recommend creating a limited user account and using that at all times. Administrative tasks will be done using sudo to temporarily elevate your limited user’s privileges so you can administer your server without logging in as root.
Create the user, replacing example_user with your desired username, and assign a password:
useradd example_user && passwd example_user
Add the user to the wheel group for sudo privileges:
usermod -aG wheel example_user
Debian / Ubuntu
Create the user, replacing example_user with your desired username. You’ll then be asked to assign the user a password.
adduser example_user
Add the user to the sudo group so you’ll have administrative privileges:
adduser example_user sudo
With your new user assigned, disconnect from your Linode as root:
exit
Log back in to your Linode as your new user. Replace example_user with your username, and the example IP address with your Linode’s IP address:
ssh example_user@203.0.113.0
Now you can administer your Linode from your new user account instead of root. Superuser commands can now be prefaced with sudo; for example, sudo iptables -L. Nearly all superuser commands can be executed with sudo, and those commands will be logged to /var/log/auth.log.
Some of the more privacy conscious Mac users out there might put tape over their webcam or use apps like Oversight to detect camera activity. While either of those approaches can be satisfactory for many users (or considered totally paranoid and overboard to others), many advanced Mac users in the security community go a step further and just outright disable their Macs front-facing web camera. This article will show you how to completely deactivate the front FaceTime camera on a Mac.
To be clear, this aims to completely disable the software components behind the built-in camera on Macs which prevents it from being used by any application, this webcam is sometimes called the FaceTime camera or the iSight camera, or simply the front-facing camera. All modern Macs have this camera, it is located at the top of the display and embedded into the screen bezel. By disabling the Macs camera, any application that requires it’s usage will no longer function as intended because camera access will become impossible.
This is an advanced tutorial aimed at advanced users, it is not intended for novice or casual Mac users. This approach disables the Mac built-in camera by changing system level permissions for system level files directly relating to the camera components. If you are not comfortable modifying system files using the command line with super user privileges, do not proceed.
This tutorial applies to modern versions of MacOS including Sierra and El Capitan, you will need turn off rootless temporarily so that you can make modifications to the system folder, if you’re not sure how to do that, you can learn how to disable SIP on Mac OS here. You should aways backup a Mac before making any modifications to system software. Older versions of Mac OS X that wish to disable the iSight camera can follow these instructions instead to accomplish the same effect.
How to Disable the Web Camera on Mac
This is a string of commands that will completely disable the built-in Mac camera, meaning no applications will be able to use the front-facing camera at all. This is intended for advanced users only who thoroughly understand proper syntax and command line usage.
Back up the Mac if you have not done so already, then you will need to disable SIPfirst (and yes you should re-enable it when finished)
Open the Terminal app as found in /Applications/Utilities/
One by one on their own line and executed separately, issue the following five command strings into the command line and authenticate:
Exit Terminal when complete, don’t forget to re-enable SIP on the Mac as well
(Note you can also use chmod 200 instead of a-r if you prefer using numbers, the effect will be the same and permissions will be –w——-)
After the Mac camera has been disabled this way, if you attempt to open FaceTime, Skype, Photo Booth, QuickTime, iMovie, or any other app which uses the built-in camera, you will get a message stating “there is no connected camera” on the Mac – which is exactly what you would want to see if you disabled the camera intentionally.
You should not need to reboot for the changes to take effect, though you may need to relaunch some active applications with camera access.
How to Re-Enable the Camera on Mac
Just as before when disabling the camera, to re-enable the Mac camera this way you will likely need to temporarily disable SIP in Mac OS before beginning. Then the commands to issue one by one are as follows:
(Note you can also use chmod 755 instead of a+r if you prefer using numbers to return to -rwxr-xr-x, the effect will be the same)
You’ll notice the difference between the enabling and disabling commands are simply the permissions change chmod command flag – has turned into a +, indicating the file(s) have read access now whereas before they did not, which is what prevented the camera from working.
If this approach is insufficient for your privacy or security needs for whatever reason, you’d likely need to go a step further and actually disassemble your Mac hardware to physically disconnect any camera cables, a task which is quite advanced but undeniably the most effective approach if you want to completely disable the Mac camera and don’t ever want the Macs camera to be used.
Why would I want to disable the Mac camera?
Most Mac users would not want to disable their FaceTime / iSight camera. Typically only very advanced Mac users who have a specific reason to completely disable the built-in camera on their Mac would want to do this, whether they are systems administrators, security professionals, for privacy reasons, or otherwise. This is not intended for the average Mac user. If you’re an average, casual, or novice Mac user who is concerned about privacy and any possible camera shenanigans, try putting tape on your web cam, like the FBI director does, which is much lower tech and less involved, easy to reverse, and quite effective since obviously if something is obstructing the camera lens than it is not usable.