Never been to CodeSnippets before?

Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world (or not, you can keep them private!)

8 total

On This Page:

  1. 1 Change the Finder's umask to 077 for new folders
  2. 2 Overwrite free disk space on Mac OS X
  3. 3 prevent script execution upload directories php shtml
  4. 4 Update to ClamAV 0.94
  5. 5 Protect .svn directories using htaccess
  1. 6 Protect .svn directories server-wide (Apache)
  2. 7 FIND INSECURE 777 PERMISSION FILES ON CPANEL SERVER
  3. 8 Using HTTP conditions and url.access-deny to have Lighttpd block some user agents and referers

Change the Finder's umask to 077 for new folders

to shell security osx mac bash unix finder file create folder defaults umask permission plist new secure by jvs on Aug 24, 2009 

# change the Finder's umask for all user accounts (on Mac OS X)

# cf. http://www.makemacwork.com/secure-finder-permissions.htm
sudo defaults write /Library/Preferences/com.apple.finder umask -int 077     # creates a new preferences file
defaults read /Library/Preferences/com.apple.finder
#defaults delete /Library/Preferences/com.apple.finder umask
ls -l /Library/Preferences/com.apple.finder.plist


# change the Finder's umask for your user account only

defaults write com.apple.finder umask -int 077
defaults read com.apple.finder umask
#defaults delete com.apple.finder umask
ls -lh ~/Library/Preferences/com.apple.finder.plist

# alternative
defaults -currentHost read -g
defaults -currentHost read "Apple Global Domain"
defaults -currentHost write -g umask -int 077
#defaults -currentHost delete -g umask
ls -lh ~/Library/Preferences/ByHost/.GlobalPreferences.*.plist


defaults read -g
defaults read /Library/Preferences/.GlobalPreferences
ls -lh /Library/Preferences/.GlobalPreferences.plist

Overwrite free disk space on Mac OS X

to shell security osx mac bash unix disk Space overwrite erase free by jvs on Apr 17, 2009 

# cf. Secure deletion: a single overwrite will do it, 
# http://www.h-online.com/news/Secure-deletion-a-single-overwrite-will-do-it--/112432


man 8 diskutil | less -p secureErase


df -l

/usr/bin/sudo -H -i

#/usr/sbin/diskutil secureErase freespace 1 /dev/diskNsNN       # single pass randomly erase the disk
#/usr/sbin/diskutil secureErase freespace 2 /dev/diskNsNN       # US DoD 7 pass secure erase
#/usr/sbin/diskutil secureErase freespace 3 /dev/diskNsNN       # Gutmann algorithm 35 pass secure erase


/bin/df -l | /usr/bin/awk '/^\/dev/{print $1}' | xargs stat -x

IFS=$'\n'
for devdisk in $(/bin/df -l | /usr/bin/awk '/^\/dev/{print $1}'); do
   [[ ! -b "$devdisk" ]] && echo "No block device: ${devdisk}" && continue
   /usr/sbin/diskutil secureErase freespace 1 "$devdisk"
done
IFS=$' \t\n'

exit

prevent script execution upload directories php shtml

to security linux administration by deckard on Nov 25, 2008
// description of your code here

<Directory "/Library/MediaWiki/web/images">
   # Ignore .htaccess files
   AllowOverride None
 
   # Serve HTML as plaintext, don't execute SHTML
   AddType text/plain .html .htm .shtml
 
   # Don't run arbitrary PHP code.
   php_admin_flag engine off
 
   # If you've other scripting languages, disable them too.
</Directory>

Update to ClamAV 0.94

to shell security osx mac bash unix update clamav virus clamd scanner by jvs on Oct 24, 2008
Compile ClamAV from source on Mac OS X, but apply the following changes to /private/var/clamavadmin/clamd.conf.
# cf. man 5 clamd.conf after update

# delete the following two lines in /private/var/clamavadmin/clamd.conf
ArchiveMaxFileSize 100M
ArchiveMaxCompressionRatio 0

# add the following two lines to /private/var/clamavadmin/clamd.conf
MaxFileSize 300M
MaxScanSize 150M

References:
- What's New: ClamAV 0.94
- What's New: ClamAV 0.94.1

Protect .svn directories using htaccess

to apache sysadmin freebsd svn security subversion htaccess config linux cvs by jamiew on Jan 22, 2008
// block access to .svn dirs
// should be done server-wide if you can (another snippet) 

<IfModule mod_rewrite.c>
  RewriteRule ^(.*/)?\.svn/ - [F,L]
  ErrorDocument 403 "Access Forbidden"
</IfModule>

Protect .svn directories server-wide (Apache)

to apache sysadmin svn security subversion htaccess server config cvs protection hidden by jamiew on Jan 22, 2008
// protect ".svn" and "CVS" dirs (could add more)
// for server-wide protection; goes in httpd.conf
// there's a separate snippet for .htaccess-based code

<DirectoryMatch "^/.*/(\.svn|CVS)/">
  Order deny,allow
  Deny from all 
</DirectoryMatch>

FIND INSECURE 777 PERMISSION FILES ON CPANEL SERVER

to security permissions by alexming on Jun 27, 2007
// FIND INSECURE 777 PERMISSION FILES ON CPANEL SERVER

find /home/*/public_html/ -perm 0777 -ls
find /home*/public_html/ -uid 99 -ls

Using HTTP conditions and url.access-deny to have Lighttpd block some user agents and referers

to lighttpd http conditionals url.access-deny blocks security by jason on May 26, 2005 
# deny access for Indy Library a Tester
$HTTP["useragent"] =~ "Indy" { url.access-deny = ( "" ) }
 
# deny access for a hydrocodone containing refer 
$HTTP["referer"] =~ "hydrocodone" { url.access-deny = ( "" ) }
8 total

On This Page:

  1. 1 Change the Finder's umask to 077 for new folders
  2. 2 Overwrite free disk space on Mac OS X
  3. 3 prevent script execution upload directories php shtml
  4. 4 Update to ClamAV 0.94
  5. 5 Protect .svn directories using htaccess
  1. 6 Protect .svn directories server-wide (Apache)
  2. 7 FIND INSECURE 777 PERMISSION FILES ON CPANEL SERVER
  3. 8 Using HTTP conditions and url.access-deny to have Lighttpd block some user agents and referers