Notes administration Linux Ubuntu Raspberry MacOsX Windows : 12/15/15

mardi 15 décembre 2015

Verify & Repair Permissions in OS X El Capitan via command line

To verify

sudo /usr/libexec/repair_packages --verify --standard-pkgs /

To repair

sudo /usr/libexec/repair_packages --repair --standard-pkgs --volume /

Finalisation installation EL CAPITAN os x 10.11

- Remove Apple HD Recovery

En mergeant la partition via diskutil mergePartitions

J'ai l'impression que la réactivité est meilleure depuis que j'ai réduis au minimum le nombre de partitions sur le disque et notamment en supprimant les partitions de recovery. A confirmer et éventuellement obtenir une explication logique à cela

Pour lister tous les services chargés :

launchctl list

launchctl print-disabled system 

Pour lister les services system disabled à true

enable | disable service-target

              Enables or disables the service in the requested domain. Once a service is disabled, it cannot be loaded in the specified domain until it is once

              again enabled. This state persists across boots of the device. This subcommand may only target services within the system domain or user and

              user-login domains.

list [-x] [label]

              With no arguments, list all of the jobs loaded into launchd in three columns. The first column displays the PID of the job if it is running.  The

              second column displays the last exit status of the job. If the number in this column is negative, it represents the negative of the signal which

              stopped the job. Thus, "-15" would indicate that the job was terminated with SIGTERM.  The third column is the job's label. If [label] is speci-

              fied, prints information about the requested job.

              -x       This flag is no longer supported.

print-disabled

              Prints the list of disabled services.

blame service-target

              If the service is running, prints a human-readable string describing why launchd launched the service. Note that services may run for many rea-

              sons; this subcommand will only show the most proximate reason. So if a service was run due to a timer firing, this subcommand will print that

              reason, irrespective of whether there were messages waiting on the service's various endpoints. This subcommand is only intended for debugging

              and profiling use and its output should not be relied upon in production scenarios.

     print domain-target | service-target

              Prints information about the specified service or domain. Domain output includes various properties about the domain as well as a list of ser-

              vices and endpoints in the domain with state pertaining to each. Service output includes various properties of the service, including information

              about its origin on-disk, its current state, execution context, and last exit status.

              IMPORTANT: This output is NOT API in any sense at all. Do NOT rely on the structure or information emitted for ANY reason. It may change from

              release to release without warning.

load | unload [-wF] [-S sessiontype] [-D domain] paths ...

              Load the specified configuration files or directories of configuration files.  Jobs that are not on-demand will be started as soon as possible.

              All specified jobs will be loaded before any of them are allowed to start. Note that per-user configuration files (LaunchAgents) must be owned by

              root (if they are located in /Library/LaunchAgents) or the user loading them (if they are located in $HOME/Library/LaunchAgents).  All system-

              wide daemons (LaunchDaemons) must be owned by root. Configuration files must disallow group and world writes. These restrictions are in place for

              security reasons, as allowing writability to a launchd configuration file allows one to specify which executable will be launched.

              Note that allowing non-root write access to the /System/Library/LaunchDaemons directory WILL render your system unbootable.

              -w       Overrides the Disabled key and sets it to false or true for the load and unload subcommands respectively. In previous versions, this

                       option would modify the configuration file. Now the state of the Disabled key is stored elsewhere on- disk in a location that may not be

                       directly manipulated by any process other than launchd.

              -F       Force the loading or unloading of the plist. Ignore the Disabled key.

              -S sessiontype

                       Some jobs only make sense in certain contexts. This flag instructs launchctl to look for jobs in a different location when using the -D

                       flag, and allows launchctl to restrict which jobs are loaded into which session types. Sessions are only relevant for per-user launchd

                       contexts. Relevant sessions are Aqua (the default), Background and LoginWindow.  Background agents may be loaded independently of a GUI

                       login. Aqua agents are loaded only when a user has logged in at the GUI. LoginWindow agents are loaded when the LoginWindow UI is dis-

                       playing and currently run as root.

              -D domain

                       Look for plist(5) files ending in *.plist in the domain given. This option may be thoughts of as expanding into many individual paths

                       depending on the domain name given. Valid domains include "system," "local," "network" and "all." When providing a session type, an

                       additional domain is available for use called "user." For example, without a session type given, "-D system" would load from or unload

                       property list files from /System/Library/LaunchDaemons.  With a session type passed, it would load from /System/Library/LaunchAgents.

                       Note that launchctl no longer respects the network domain.

              NOTE: Due to bugs in the previous implementation and long-standing client expectations around those bugs, the load and unload subcommands will

              only return a non-zero exit code due to improper usage.  Otherwise, zero is always returned.

- Turn off / Disable Apple Push Notifications

~~sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.apsd.plist~~

Bloqué avec littlesnitch

- com.apple.Safari.SafeBrowsing.Service

Bloqué avec littlesnitch

From : http://www.sitepronews.com/2014/10/01/googles-safe-browsing-service-killing-privacy/

Google Safe Browsing is a service through which Google provides lists of URLs (addresses) of websites that contain malware or phishing content. These lists of suspicious sites are continuously updated using Google’s web crawlers, programs that scour the web to index sites for Google’s search engine. Lists from the Google Safe Browsing service are used by browsers such as Google Chrome, Mozilla Firefox and apple Safari for checking web-pages users are trying to access against potential threats. The service issues alerts when they are about to open websites or content Google has classified as malicious. The warnings are display as ‘visual messages’ along with specific details relating to the malicious content concerned. The service is also designed to block the downloading of files infected with malware and, once a user’s computer has been infected, it can issue instructions on how to detect and remove the malware.

...

The Firefox and Safari browsers however use a second version of the API, Safe Browsing API v2, to exchange data with the server. This uses hashed URLs so the Google server never knows the actual URLs queried by the user. However the Safe Browsing API also stores a cookie on the user’s computer which the NSA (US National Security Agency) uses to identify individual computers. This is a mandatory requirement that many users feel is acceptable as it helps them feel safe. In addition, Google stores another cookie on the user’s computer that can be used to identify the IP addresses the user visits, ie can be used to track him or her. Google’s excuse is that the tracking cookie logs this data in order to prevent DDoS (distributed denial-of-service) attacks. That may be so. The API in the user’s browser (eg, Chrome) will ‘phone home’ every few hours to check for updates to its list of malicious sites. At the same time it sends a payload that includes the machine’s ID and the user’s ID.

Peut être activé ou désactivé dans les préférences de safari onglet Sécurité. Si la liste n'est pas mise à jour, le service se désactive de lui-même.

IMAgent is an OSX daemon which runs as part of FaceTime.

launchctl unload -w /System/Library/LaunchAgents/com.apple.imagent.plist

launchctl unload -w /System/Library/LaunchAgents/com.apple.icloud.findmydeviced.findmydev

ice-user-agent.plist

launchctl unload -w /System/Library/LaunchAgents/com.apple.icloud.fmfd.plist

launchctl unload -w /System/Library/LaunchAgents/com.apple.findmymacmessenger.plist

launchctl enable system/com.apple.imagent

launchctl disable system/com.apple.imagent

Little Snitch rules

...

`Préférences / Extensions...`

ajuster selon les besoins.

Avertissement

Ce blog est d'abord pour mon usage personnel. Il est une version on-line de mon carnet de notes qui était anciennement un cahier en papier.

Je ne garantis absolument aucune information publiée ici. J'hésite encore à rendre "privé" ce blog. Je le laisse public pour le moment. Si ces notes vous rendent service, tant mieux, sinon tant pis.

Attention, je suis un utilisateur expérimenté des systèmes unix. Ces notes souvent sommaires me suffisent à me souvenir de ce qu'il faut faire... ce ne sera pas forcément le cas pour vous. Inutile de m'en demander plus, je ne répondrai à aucune question.

Vous pouvez néanmoins laisser un commentaire si vous avez trouvé ici une information qui vous a été utile et donner un feedback sur ce qui a marché ou non pour vous.

Rechercher dans ce blog