hey, i was hoping that someone who has the knowledge, time and most of all desire, could please help me figure out how to strip down my system to only the necessary items needed to operate based on my needs (not many). i have done research and read many books but cant find the answers i am looking for. this may be a tall order, im not sure, if it is too involved i understand and you need not post. if someone wants to try to take it on please be open minded their is a method to my madness that i will explain if you are interested in helping me. Any takers?
Help With Stripping Leopard...
- Thread starter CuteCari
- Start date
- Status
ElDiabloConCaca
U.S.D.A. Prime
If you're wary of people trying to do malicious things to your computer, you can "harden" the security of your system by reading this:
http://www.net-security.org/secworld.php?id=6187
Even though different services are installed on your computer doesn't mean that they're running or active. For example, your system has the ability to be an FTP server, allowing people to log in remotely and upload/download files. This system is not turned on by default, and cannot be enabled without you specifically enabling it in the Sharing pane of the System Preferences. There's no need, and no security, and no speed enhancement that would result from removing it from your system.
Your system is running in tip-top shape, at maximum speed, and at a very high level of security out-of-the-box, when you first installed it, or when it came pre-installed on your Mac when you bought it. I suggest reading the linked paper above and following its recommendations on hardening the security of your computer.
http://www.net-security.org/secworld.php?id=6187
Even though different services are installed on your computer doesn't mean that they're running or active. For example, your system has the ability to be an FTP server, allowing people to log in remotely and upload/download files. This system is not turned on by default, and cannot be enabled without you specifically enabling it in the Sharing pane of the System Preferences. There's no need, and no security, and no speed enhancement that would result from removing it from your system.
Your system is running in tip-top shape, at maximum speed, and at a very high level of security out-of-the-box, when you first installed it, or when it came pre-installed on your Mac when you bought it. I suggest reading the linked paper above and following its recommendations on hardening the security of your computer.
Mikuro
Crotchety UI Nitpicker
There are three things I recommend removing for any Mac user interested in saving disk space:
1. iLife apps. GarageBand, iMovie and iDVD (and their associated files in /Library) take up 10+GB. I've never used any of those apps, so I trashed them. I forget exactly where all the files are, but I think most are somewhere in /Library/Application Support.
2. Printer drivers. Mac OS X comes with about a gigabyte of them. Unless you routinely use hundreds of different printers, you do not need all of them. Go to /Library/Printers and trash what you don't need. (Personally I just trashed everything and then installed the drivers for my particular printer from the printer's CD.)
3. Foreign languages. Lots of applications and system components include up to dozens of localizations. If you don't use them, they just waste space. This is not so easy to do, since there's no central location of these files. There are some apps like Monolingual that help make this easy.
The cleanest way to accomplish all three of these is to perform an "erase and install" of OS X and de-select the print drivers and localizations during the installation process. There may be other things you can exclude in the installer, as well. (You may be tempted to exclude the "BSD Subsystem" during OS X's installation, but I would advise against that, since it's needed for quite a lot.)
One thing to keep in mind is that when you install Mac OS X updates, those pesky localizations may reappear, so an app like Monolingual could be necessary even if you excluded them during installation.
Exactly how small are you hoping to make OS X, and what functionality is required?
(Edit: After seeing ElDiablo's post, I wonder: have I completely misinterpreted your question? Apologies if I have.)
1. iLife apps. GarageBand, iMovie and iDVD (and their associated files in /Library) take up 10+GB. I've never used any of those apps, so I trashed them. I forget exactly where all the files are, but I think most are somewhere in /Library/Application Support.
2. Printer drivers. Mac OS X comes with about a gigabyte of them. Unless you routinely use hundreds of different printers, you do not need all of them. Go to /Library/Printers and trash what you don't need. (Personally I just trashed everything and then installed the drivers for my particular printer from the printer's CD.)
3. Foreign languages. Lots of applications and system components include up to dozens of localizations. If you don't use them, they just waste space. This is not so easy to do, since there's no central location of these files. There are some apps like Monolingual that help make this easy.
The cleanest way to accomplish all three of these is to perform an "erase and install" of OS X and de-select the print drivers and localizations during the installation process. There may be other things you can exclude in the installer, as well. (You may be tempted to exclude the "BSD Subsystem" during OS X's installation, but I would advise against that, since it's needed for quite a lot.)
One thing to keep in mind is that when you install Mac OS X updates, those pesky localizations may reappear, so an app like Monolingual could be necessary even if you excluded them during installation.
Exactly how small are you hoping to make OS X, and what functionality is required?
(Edit: After seeing ElDiablo's post, I wonder: have I completely misinterpreted your question? Apologies if I have.)
jbarley
One more, for the road!
Satcomer
In Geostationary Orbit
There is not a lot of "Adware" installed on a new Mac instead of all the junk a new PC comes with pre installed.
First is lock that Mac down and use ONLY a REGULAR account, not an Admin account on that Mac. Then to prevent a person from not getting to certain site without their knowledge (without installing software on your Mac) then you need to use the DNS service called OpenDNS.com and get a free account to control YOUR DNS to block certain sites (like Phishing, adult, etc.) Plus you can assign person blocks to webs sites that you choose with a free OpenDNS account.
Then for the paranoid buy the program called Little Snitch to monitor ALL outgoing traffic from you Mac.
Lastly you can get a lock down routine straight from the professional guide (for Panther(10.3.x) but you will get the idea) from the NSA Security configuration. Warning this is locking a Mac down SUPER HARD.
First is lock that Mac down and use ONLY a REGULAR account, not an Admin account on that Mac. Then to prevent a person from not getting to certain site without their knowledge (without installing software on your Mac) then you need to use the DNS service called OpenDNS.com and get a free account to control YOUR DNS to block certain sites (like Phishing, adult, etc.) Plus you can assign person blocks to webs sites that you choose with a free OpenDNS account.
Then for the paranoid buy the program called Little Snitch to monitor ALL outgoing traffic from you Mac.
Lastly you can get a lock down routine straight from the professional guide (for Panther(10.3.x) but you will get the idea) from the NSA Security configuration. Warning this is locking a Mac down SUPER HARD.
thanks, im going to read all of the security info yall gave me and ill get back to you if i have any problems or if it doesnt solve my issues.
i am looking for super super lock down, i would even prefer to delete everything! that is not needed, such as all text files, programs, scripts, sync crap, backing up ability, etc and much more including any additions for the new wireless, or virufull, remote world we live in and any other petri dishes that reside on my system. i have mastermind magicians stalking my poor baby computer and they are relentless. i have a ton of security and none of it is working to prevent, find yes, prevent no, is disable-able yes!
i disabled remote capabilities, and am working on other things but with my current situation, i dont even trust that. i have leopard by the way.
just a foot note for to whom it may concern: please dont even waste your time telling me that unix & macs are "secure", they are completely not secure by any means of the word. there have been unix viruses for 35 years, the only reason they were not prevelent for a while was because of the market share... that time has past, now what? should i just live with my new friends and just pretend im famous?????????
im going to check out that security stuff, if anyone has any other suggestions, mass deletion perhaps, please share. thx!!!
does anyone know how to check for software keyloggers on your system?
i am looking for super super lock down, i would even prefer to delete everything! that is not needed, such as all text files, programs, scripts, sync crap, backing up ability, etc and much more including any additions for the new wireless, or virufull, remote world we live in and any other petri dishes that reside on my system. i have mastermind magicians stalking my poor baby computer and they are relentless. i have a ton of security and none of it is working to prevent, find yes, prevent no, is disable-able yes!
i disabled remote capabilities, and am working on other things but with my current situation, i dont even trust that. i have leopard by the way.
just a foot note for to whom it may concern: please dont even waste your time telling me that unix & macs are "secure", they are completely not secure by any means of the word. there have been unix viruses for 35 years, the only reason they were not prevelent for a while was because of the market share... that time has past, now what? should i just live with my new friends and just pretend im famous?????????
im going to check out that security stuff, if anyone has any other suggestions, mass deletion perhaps, please share. thx!!!
does anyone know how to check for software keyloggers on your system?
ElDiabloConCaca
U.S.D.A. Prime
If you have everything disabled in your "Sharing" pane of the System Preferences, then I've got another question:
Do you live with anyone? Or does anyone else have physical access to your computer? A significant other, perhaps?
Do you live with anyone? Or does anyone else have physical access to your computer? A significant other, perhaps?
Mikuro
Crotchety UI Nitpicker
You may be interested in Little Snitch, which lets you block network connections on a per-application basis.
Also, check out this link to learn how to fix a recently-discovered vulnerability: http://www.thetechherald.com/articl...e-Remote-Desktop-Agent-exploit-caught-in-wild
Also, check out this link to learn how to fix a recently-discovered vulnerability: http://www.thetechherald.com/articl...e-Remote-Desktop-Agent-exploit-caught-in-wild
g/re/p
I can haz cigar?
are you hitting on me ::love::.... pretty smooth.
jk
. no, no one is aloud to touch my computer for fear of giving them a flesh eating bacteria... i dont want to be held responsible for them suddenly contracting a viral brain infection, i need to save my money for unbridled geekery!even if you disable everything in sharing, it can be undisabled and you wont even know it... i deleted airport off completely and when i searched with Tidy Up (one of the best programs i have used; nothing can hide from it), airport was still installed and functioning, just in a hidden manner. so none of that disabling really works if someone wants it to be enabled (i know i can remove the airport card but i have apple care so i can only open up the things that are not noticeable if opened; i am not the most organized with my disassembly and usually get off track and start disassembling things i shouldnt if i dont know whats inside, its an obsessive behavior that i have a hard time controlling.
i ran a terminal script to disable remote management and i THINK it worked, and i am going to write a script for securing the terminal so it cant be used by anyone other than me or at least without my knowlege. the only thing about that is i need to edit the .bashrc file, i know what to write but im not sure how to find it in terminal and then how to open it for editing...do i just use text edit or do i use the terminal or some other editing program... can you help me with that, i cant find instructions on the internet to open and edit it? im not a programer (yet) but am learning a little bit at a time (i want to program a mirror on my iphone
if anyone has any other terminal scripts or file edits that may help, that would be great also. can you delete everything that has to do with ARD and still have the computer run properly? those are the things i need to know... automator, etc. i would say i am in the "expert" category on windows virus removal and virus detection in general (mac & windows), i know virus activities and capabilities like the back of my hand, but im not as familiar with what is under the (software) hood in macs, hardware wise i am a brilliant genus heehee.
this is ghey that i cant figure it out but i was trying to put a pic in my avatar, it is a pic of me and it meets all of the criteria but wont save through uploading it off of my computer or using my photobucket url, do you know why, i tried everything and it says cant save image.
yeah, i used little snitch for a little while but one of the programs that is not secure is the mds responder, but you cant block it completely or else some of your web pages wont work, so when to not allow it is confusing. also, when it shows you the ip address, i didnt know which ones were ok and which ones werent (a common problem with security programs as im sure you know, so i just watched them connect and got anxiety.)
when all of this started happening, i actually (finally because i dont like to tattle on hackers) turned in the remote virus and the root virus to mac... they didnt know they existed and it was hell trying to explain it to them, i had my iphone infected as well. since i gave it to them, they have come out with "fixes", or "non-fixes" (as i call them) and virus programs created defs for them that dont work either. im not even kidding, i almost checked myself into a mental hospital because no one believed me, the "experts" and "professionals" said no no no, no way, not scientifically possible... i was diagnosed as a paranoid schizophrenic... mmmhmm, o-kay geniuses. any thoughts or advice about little snitch? does paranoid android work for anything?
nixgeek
Mac of the SubGenius! :-)
I thought I was going through a bit of deja vu while reading the thread.
In all honesty, I also thought CuteCari's original post was regarding ways of stripping down an installation of Leopard just as Mikuro did. Mikuro pretty much covered what I would have said, but I see that EDCC was correct in his assessment of the original post.
thanks for the roll eyes but that is not the answer i need unfortunately, i want bones... do you have a link for that?
if you didnt mean that as roll eyes, i apologize... it is kinda of cute. whatever. thanks.
the nsa security page is interesting and i would like to implement the actions that i had not already implemented, oh, i just saw the tiger instructions, would you say everything would work the same for leopard (have you read it or needed to, just curious incase i have any questions?) this is great... it may answer all of my questions. i better get started reading! very helpful thank you so much. yea or nay on the leopard question?
can someone also answer this really quick... i know, its stupid... thanks.
this is ghey that i cant figure it out but i was trying to put a pic in my avatar, it is a pic of me and it meets all of the criteria but wont save through uploading it off of my computer or using my photobucket url, do you know why, i tried everything and it says cant save image.
this is ghey that i cant figure it out but i was trying to put a pic in my avatar, it is a pic of me and it meets all of the criteria but wont save through uploading it off of my computer or using my photobucket url, do you know why, i tried everything and it says cant save image.
nixgeek
Mac of the SubGenius! :-)
Others have also reported this issue when trying to upload a picture for their avatar even when meeting the site's requirements. I think ScottW is having a look at the issue. There's another thread about it somewhere here.
EDIT: Here's the thread in question...
http://macosx.com/forums/site-discussion/302501-avatar-problem.html
Mikuro
Crotchety UI Nitpicker
My advice on Little Snitch is not to be discouraged by the constant warnings. After a few days marking certain things as "always allow" or "always deny", it will not be a major nuisance.
True, you cannot make it 100% secure, since it's always possible to exploit one of the programs that you must allow access, like mDNSResponder.
There's only so much you can do with software. Do you have a good hardware firewall?
As for editing files, you can do it with command-line tools like vi or nano (using sudo when necessary to edit root-owned files). Personally, I like to use TextWrangler, which is a nice friendly GUI app that lets you open invisible files and also save files that require root privileges (prompting you for a password, of course). If you need to make your own .bashrc file, make sure to set the line break style in TextWrangler to "Unix (LF)" (there's a menu at the bottom of the window, next to the scroll bar).
At this point I wonder if I should go back on my previous recommendation of keeping the BSD subsystem. I'm honestly not sure what all would break if you removed it. It's worth looking into, though.
True, you cannot make it 100% secure, since it's always possible to exploit one of the programs that you must allow access, like mDNSResponder.
There's only so much you can do with software. Do you have a good hardware firewall?
As for editing files, you can do it with command-line tools like vi or nano (using sudo when necessary to edit root-owned files). Personally, I like to use TextWrangler, which is a nice friendly GUI app that lets you open invisible files and also save files that require root privileges (prompting you for a password, of course). If you need to make your own .bashrc file, make sure to set the line break style in TextWrangler to "Unix (LF)" (there's a menu at the bottom of the window, next to the scroll bar).
At this point I wonder if I should go back on my previous recommendation of keeping the BSD subsystem. I'm honestly not sure what all would break if you removed it. It's worth looking into, though.
i feel the need to clarify this for my stalkers....
i did turn the viruses in (i had to so i would not be committed and so they would replace my iphone and computer) but relax...
I DID NOT GIVE ANY OTHER INFORMATION OR ANY NAMES; IT WAS COMPLETELY ANONYMOUS...
i would never do that! ::angel::
i did turn the viruses in (i had to so i would not be committed and so they would replace my iphone and computer) but relax...
I DID NOT GIVE ANY OTHER INFORMATION OR ANY NAMES; IT WAS COMPLETELY ANONYMOUS...
i would never do that! ::angel::
i just wrote you a long post... it timed out and i lost it, damn! ill rewrite it tomorrow. nite nite.
- Status