useradds from command line

[mervTormel]

sao,

a google: [ "x.500" ] will give you a veritable plethora of links about the x.500 directory service.

nicl note: Support for X.500-style data organization, naming, and access is
still experimantal and under active development.

--
( ObSong: throw a nicl on the grass, save a fighter pilot's ass )

[sao]

Thanks MervTormel.

The nicl x500 mode already has several commands that can be used, I wanted to know if somebody knew more about the current development.

---------------
I was checking the command for the daily job at system crontab because I read somewhere that the daily script also performs one of the most important tasks of any in these scripts: backing up the NetInfo database. And if you need to restore it, you can do so using NetInfo Manager and the backed-up database, called local.nibak.

Then I run:

%more /etc/daily

and find the following in the etc/daily file:


if [ -d /var/db/netinfo ]; then
echo ""
echo "Backing up NetInfo data"
cd /var/db/netinfo
for domain in *.nidb; do
domain=$(basename $domain .nidb)
nidump -r / -t localhost/$domain > $bak/$domain.nidump;
done
fi

Can this be useful as part of the script packages?

Cheers...

[sao]

Wow!, in Macintosh Security at:

http://www.securemac.com/macosxnidump.php

I read the following article :

nidump Security Issue in Mac OS X
nidump is a Mac OS X data extraction program which defaulty allows readable access to the Mac OS X password file. This was first discussed when the program malevolence was released - malevolence calls commands to dump the content of the passwd file. You may do this job by hand by executing one command:
nidump passwd . ***or *** /usr/bin/nidump passwd .

There is also another readable file which can be read by any text editor to retrieve account information: /var/backups/local.nidump
When a user does this they can use the hash file in a password cracking utility to decrypt the passwords, including root account!

The Fix:
Currently the only fix is to change the permissions and restrict who may use this application. To restrict nidump execute the following command at the command line:
chmod 550 /usr/bin/nidump

What is Malevolence?
Malevolence is a simple application created by Marukka which extracts login/password information from the system in a unshadowed format. It has been discovered there a numerous ways to obtain the passwd information from netinfo including simply typing the command command "nidump passwd ."
Once you have the encrypted password file it may be decrypted with a method refered to as cracking or using a bruteforce attack.
Directions:
Malevolence is very easy to use, in either Terminal.app or though a telnet session just run Malevolence and it will create a file called "index.html" in the same directory as Malevolence. Then just open up the web browser of your choosing and view the index.html file that Malevolence created.

Download Malevolence (requires Mac OS X user account)

http://www.securemac.com/file-library/Malevolence.sit

Cheers...

[mervTormel]

Quote: Originally posted by sao if [ -d /var/db/netinfo ]; then ... Can this be useful as part of the script packages?

looks to me like our work is half done for us.

to recover, would you niload /var/backups/$domain.nidump ?

re: malevolence, anybody run this? i don't even like typing it.

sao, thanks for the great research and links.

[sao]

Quote: originally posted by MervYormel: to recover, would you niload /var/backups/$domain.nidump ?

If I would know...

niload /var/backups/$domain.nidump

probably would work.

Cheers...

[pmccann]

Malevolance looks like it just gulps down the "nidump passwd ." command that sssss and I were chucking around above, and then runs "crack" or something similar on the output. That is, it just runs through a standard list of known words, combinations of words, punctuations, six-digit strings (aka birthdays!) etc etc. It'll spit out any "cracked" username/password pairs unless I'm misreading things quite badly. Ow, I'm getting really bad wrist pain in typing during the last week or two, so I'll quit while I'm behind. I will attempt to fudge out something for nidb backups (just for fun).

mT: If you've made your own backup I think you simply untargz if required, then move the backed up version over the top of your original (/var/db/netinfo/local.nidb), and maybe you need to kick netinfod/lookupd in the guts; actually thinking about it again, I imagine that rebooting might be a decent and/or essential idea in such circumstances.

On the other hand, looks like the /etc/daily script uses the flat-file format for backups, thus requiring some contortions to push it back into place properly. Thankfully someone has documented these contortions in recipe format:

http://www.westwind.com/reference/OS...o-recover.html

Cheers,
Paul

[sao]

pmccann,

did you tried Malevolence 2.0 at:

http://www.msec.net/software/index.html#malevolence2

what about:

niload /var/backups/local.nidump

By the way, great link about "Recovering NetInfo Domains from Backup"

Cheers...

[hschickel]

mT - great catch on NETINFOSERVER=-YES-

How did you figure that out? I've been wondering about that for at least a month? How does your unixy mind work?

Hugh

[sao]

Just finished reading the article from the link of pmccann.

It looks then, that it will work with:

"niload -r / . </var/backups/local.nidump"

Cheers...

[hschickel]

Sao,

That method works great with the subdirectories. I've never personally tested it with the whole shebang. I've always assumed it would work though. Thanks also for finding the backup locale. Its good to know that it was always there and that manual backups are not absolutely necessary.

Hugh

PS - NetInfo changes are effective immediately (unlike the flat files which need a reboot) - I would wonder if that would also be the case if you loaded the whole shebang (food for thought.)

[pmccann]

Well... I just downloaded that thing, and it works as advertised; in case anyone else wants to give it a go, you just go to the directory in which the "malevolance" file sits, and enter "./malevolance". I chose "special" from the resulting list (because we've already covered the nidump approach).

For what it's worth, looks like my guess was incorrect: it just gives you the password contents, but doesn't attempt to do the cracking for you. (Not surprising in a 24K download!!).

I have no idea whether your command would work for restoration (and don't want to try at this stage!!). I sort of suspect that doing it to a live system is going to lead to a nasty experience, but maybe I'm just paranoid? Let us know if you're daring! I'm always interested to read about other people's (mis)adventures.

For what it's worth, I'm a bigger fan of simply copying the thing *sans* translation to raw format. Then you can just shift your backup into place (after booting single user, fsck -y ing, "/sbin/mount -uw /" ing so that it's writeable) and bring up the system from there. UBE.

Oh yeah: forgot to mention my favourite typo from this thread. sao's post re malevolance contains the neologism "defaulty". Must stash that for later!

Cheers,
Paul

[mervTormel]

Quote: Originally posted by hschickel How did you figure that out? I've been wondering about that for at least a month?

hugh, i started hunting thru /etc/rc* for references to nibindd and dint find anything, so i started hunting in /System/Library/StartupItems/

there, i found that
/System/Library/StartupItems/DirectoryServices/DirectoryServices
is a script with the following...

Code:

...
##
# If nibindd is not required, we just start the local NetInfo daemon.
##
if [ "${NETINFOSERVER}" = "-YES-" ]; then
    nibindd
else
    cd /var/db/netinfo
    netinfod -s local
    cd /
fi...

Quote: How does your unixy mind work?

not very well, considering. i'm an old VMS systems admin, and i learned long ago that things have hooks somewhere.

paul, sao, thanks for the coverage. i agree with paul, i would want something without translation, that could be dropped into place in safe mode. the raw mode seems a bit too dicey.

i hear the moany strains of a package of scripts here to manage this sorta thing; something that creates your backups regularly, and makes it easier to drop them into place _if_ you need them.

perhaps a new topic is in order...

[stetner]

Quote: Originally posted by hschickel PS - NetInfo changes are effective immediately (unlike the flat files which need a reboot) - I would wonder if that would also be the case if you loaded the whole shebang (food for thought.)

Most flat file changes are effective immediatly in UNIX. IE hosts, passwd, group, services, inetd.conf, inittab etc.

That said, a number of *daemons* do read files once on startup and just run with what they got (lean and mean). In those cases, 95% of them have code to re-read config file. In a lot of cases it is triggered by sending a 'SIGHUP' to them, but always check the man page for the right info.

IE if you change the /etc/inetd.conf file, inetd will continue to spawn daemons like ftpd with whatever args they had in the original file. but, do a :

sudo kill -HUP <INETD_PID>

where <INETD_PID> is the process id of inetd, and it will read the new file and merrily continue on its way with the new file.

[sao]

Thanks pmccann,

I just copied and pasted the article from the Macintosh Security page:

http://www.securemac.com/macosxnidump.php

The credit for the invention "defaulty" goes to them.

Now, talking about typos, my favorite one in this thread, is from yourself, check it up how you wrote the name of the file "malevolence".


No entry found for malevolance.
1 suggestion found:
malevolence


ma·lev·o·lence **Pronunciation Key**(m-lv-lns)
n.
1. The quality or state of being malevolent.
2. Malicious behavior.

Cheers...

[pmccann]

Hi Sao,

maybe I'm just being thick, but I don't get what's interesting (or even amusing) about my invent-Tori (miss Spelling) of malevolence. Can you explain? Not that I mind: I just don't know what I'm missing! The pronunciation would fit my "malevolance" just as well as the correct spelling.

Regards,
Paul

(tossing up whether to whack this thread with a script for rotating backup versions of files and folders. Hmmm... Maybe.)

[sao]

pmccann,

Didn't mean anything by pointing out the misspelling. Just thought it was funny next to the typo in my post.

Also, as English is not my mother tongue, a misspelling or a typo sound similar to me. Sorry about that.

Hope you find a good opportunity to use the word "defaulty".


Cheers...

[pmccann]

Hi again,

sorry, if that last message of mine came off sounding like an interrogation. Must have been a bad day at the forums (but you got fed to the lions). Consider the bright lights turned off!

OK, so I have a script that will rotate to a given number of backup copies, and will also produce a simple date+time-stamped copy of things. So I'd better test how certain things look in these forums before posting it. In particular...

Backslash (bane of macosxhints proper!): \b, \n, \012

If that works I'll try and chuck the script below (and cross my fingers that I'm not in for a late night editing session!).

Cheers,
Paul

(Update: that worked OK, so no excuses now. Brief comments to follow script proper.)

[pmccann]

#!/usr/bin/perl -w
use strict;
######### Introduction #################################################
# This script runs in two modes: without any flags it creates (up to) the given
# number of copies of the listed files, deleting any "overflow". If you give
# it the -t flag it produces a timestamped copy of each of the listed files:
# these timestamped copies are not part of the rotation, but exist
# independently until deleted. See the comments below for more details

######### Configuration #################################################

my $store = '/Users/pmccann/junk/tbup/';
# the storage directory; create this before running the script

my @backups = ( '/Users/pmccann/vital/file',
'/Users/pmccann/vital/spaced dir/',
'/Users/pmccann/vital/a very long filename with some spaces');
# we rotate or timestamp these files and/or dirs
# (add as many as you like, comma separated)

my $num_to_keep = 6;
# max number of "extra" rotated backups of each file/dir kept in $store
# files/dirs will be labelled file.0, ..., file.$num_to_keep (.0 = newest)

######### Common Startup #################################################

my $dated = 0; # This will be set to "1" if the -t flag is used (see below)
my ($datestring,$backup,$base);
-d $store or die "Make the backup directory first!\n\n";
$store.=($store=~/\/$/)?'':'/'; # add a slash if the user forgot to!

if (@ARGV){ # there's something on the command line besides the script name!
die<<EOM unless ($#ARGV==0 and $ARGV[0] eq '-t'); # we only allow "-t"

Usage: $0 [-t]
Including the -t flag produces an (independent) timestamped copy. No flag
will rotate the backups, and any other flag produces this message.

EOM
my ($year,$mon,$mday,$hour,$min,$sec) = (localtime)[5,4,3,2,1,0];
$datestring = sprintf("%02d-%02d-%02d_%02d-%02d-%02d",
$year-100,$mon+1,$mday,$hour,$min,$sec);
# eg 02-03-04_13-26-07 for 1.26.07pm on 4th March 2002
$dated = 1;
}
chdir($store) or die "Could not change to $store: $!";
foreach $backup (@backups){
($base) = ($backup=~m|/([^/]*)/?$|); # basename of file or dir $backup
-e $backup or die "The file to back up, $backup, does not exist!\n\n";
if ($dated){ # we are only making a timestamped copy of the files
system(qq(/bin/cp -R "$backup" "$store$base$datestring"))
and die "timestamp: $backup to $store$base$datestring : $!";
# Note that "system" uses the system's return values, not perl's!!!
} else { # we need to do through the full rotation shenanigans
rotate_me($backup);
}
}

######### Rotated Backup: Set up Arrays ######################################

sub rotate_me{
my $backup = shift;
my @mapped = map {[$_,/$base\.(\d+)?/]} grep /$base\.(\d+)/, glob('*');
# @mapped is an array of anonymous array references, each of which points to
# a relevant filename, and the number hanging on the end of that filename.
my @valid = map {$_->[0]} grep {$_->[1]<$num_to_keep} @mapped;
# these are the files that we wish to rotate (ie, number on the end is OK)
my @too_old = map {$_->[0]} grep {$_->[1]>=$num_to_keep} @mapped;
# these will be deleted (ie, number on the end is "too big". Time to go!)
my @sorted_valid = map {$_->[0]} sort {$b->[1] <=> $a->[1]}
map {[$_,$_=~/(\d+)$/]} @valid;
# We have to rename the files "top down", hence the sort. Otherwise
# base.0 moves on top of base.1, then is dumped onto base.2, and so on.

######### Rotated Backup: Action! #############################################

# must remove too_old dir's before attempting renaming
if (scalar(@too_old)){ # that is, if @too_old is non-empty
if (-d $backup){ # contents of @too_old should be backup *directories*
system("/bin/rm -rf \"$_\"") foreach (@too_old);
}else{ # we're dealing with simple files, so use quick delete
unlink(@too_old);
}
}
foreach my $filename (@sorted_valid){ #iterate existing backups
(my $newname = $filename)=~s/(\d+)$/$1+1/e; # bump up the final number
rename("$store$filename","$store$newname") or die "rename $filename: $!";
}
system(qq(/bin/cp -R "$backup" "$store$base")); # make the new copy
rename("$store$base","$store${base}.0") or die "Renaming to ${base}.0: $!";
# just rename the new copy "$base.0"
}

[pmccann]

Yuck! That looks a lot longer here than in BBEdit!

The script has a very simple purpose: keep the n most recent copies of any "unix" files or directories that you need to backup. It will also produce an independent (ie "unrotated) timestamped copy of those files on request. It *won't* try to do anything fancier than that: in particular, it won't preserve resource forks or file metadata (creator/type/creation date etc etc). Just the file data, a la the standard cp routine (which gets called).

As you can tell, I've commented things pretty extensively, so there's not much left to say. Just cut and paste the whole shebang into a file, save it as "bmu" for example (as in "back me up"), in your /Users/username/bin directory. Make that directory if you don't already have such a thing. It's probably worth noting that the "#!/usr/bin/perl -w" line **must** be the first line in your file.

Then just change the details in the configuration section. You should certainly not trust the script without giving it at least a cursory once-over. I'm happy to explain any bits that look dodgy. Try backing up some junk files first, before you trust anything important to it. In particular, before running it under sudo!! So when might you need to do such a heinous thing? Among other times, to back up the netinfo database, which is what started this thing in the first place.

Sorry, I'm rambling on again. Make the thing executable via

% chmod u+x bmu

and let your shell know that it has been added by entering:

% rehash

You should then be right to go. Just enter:

% bmu

to make one of the "rotating" backups. (They're not really rotating, the oldest one just falls off the end of the stack!). Alternatively, enter:

% bmu -t

for a timestamped copy of all the files. Note that no other files that might exist in the backup directory are affected at all.

Let me know if it does or doesn't work as you expect. I could probably wrap up "psync" instead of using "cp -R" if necessary (this would preserve the mac-like nature of files), but as a bare-bones script it's probably OK as is. Could definitely be made prettier in spots, and probably more efficient, but so could almost everything!!

Regards,
Paul

[sao]

Wow, pmccann, thanks...great work...!

I'm trying to digest and understand the script right now. If I can make it work it will be very helpful indeed!

I will probably try it tomorrow(now is 2.30 AM in Singapore) and let you know how it went.

I had already some questions, but I will ask later.

Wish I would know Pearl...Is it very hard to study for a "lone beginner"?

Thanks again...

Cheers...