19 Sep Sept 2016 – Mac Managers Meeting
Sept, 21st 2016 – University of Utah, Mac Managers Meeting
The University of Utah, MacAdmins Meeting is held monthly at the Marriott Library on the 3rd Wednesday of each month at 1 PM Mountain Time. Presentations cover Apple technology and integration in a heterogeneous university enterprise environment. This months meeting will be held on Wed, Sept 21st, and we provide live broadcasted and archives that will be made available 2-3 days after the meeting.
If you have suggestions on presentations, questions or comments, please your the Contact Us option.
Pacifist by Charles Srstka – CharlesSoft
Pacifist is a shareware application that opens Mac OS X .pkg package files, .dmg disk images, and .zip, .tar, .tar.gz, .tar.bz2, and .xar archives and allows you to extract individual files and folders out of them. This is useful, for instance, if an application which is installed by the operating system becomes damaged and needs to be reinstalled without the hassle of reinstalling all of Mac OS X, or if you want to inspect a downloaded package to see what it will install before installing it. Pacifist is also able to verify existing installations and find missing or altered files, and Pacifist can also examine the kernel extensions installed in your system to let you see what installer installed them, and whether the installer was made by Apple or a third-party.
For more information about Pacifist, see this web site:
Charles Srstka is a bit of a Renaissance man. His many interests include technology—particularly Macintosh computers, which he has used since age 5— and music, in which he holds a doctorate degree in piano performance from Northwestern University. Since 2002, he has developed the popular Mac shareware program Pacifist, which has been a staple in the toolboxes of Mac admins and power users across the globe. He also is also the author of TimeTracker, a still-in-progress tool for monitoring the actual disk space taken up by Time Machine backups. He still enjoys occasionally firing up his copy of Mini vMac to play a game of Crystal Quest from time to time. He is currently living in the Chicago area, where he continues to work on both his software and his dedication to musical performance.
To view archived presentation, click here.
Aggregating Log Data by Victor Vrantchan – Kolide
This presentation will discuss some strategies for aggregating log data from all your devices, securing the connection between client and server and analyzing logs to extract meaningful information.
For more information about Kolide, see web site:
Kolide is a security platform on top of Facebook’s osquery that helps you ask your infrastructure tough questions so you can get the answers and take decisive action.
For the past 5 years Victor Vrantchan has been a system administrator managing Mac devices in EDU environments. Now he is working at Kolide to create a server for managing fleets of osquery clients.
To view archived presentation, click here.
Wireless EAP-TLS Onboarding by Clayton Barlow – University of Utah
The Protected Extensible Authentication Protocol, also known as Protected EAP or simply PEAP, is a protocol that encapsulates EAP within a potentially encrypted and authenticated Transport Layer Security (TLS) tunnel. When you use EAP with a strong EAP type, such as TLS with smart cards or TLS with certificates, both the client and the server use certificates to verify their identities to each other. Certificates must meet specific requirements both on the server and on the client for successful authentication.
EAP-TLS is natively supported in Mac OS X 10.3 and above, wpa_supplicant, Windows 2000 SP4, Windows XP and above, Windows Mobile 2003 and above, Windows CE 4.2, and Apple’s iOS mobile operating system.
Clayton will discuss a secure and automated onboarding process to implement wireless EAP-TLS used on campus.
Clayton Barlow is the Enterprise Architect for the University of Utah. He has been with the University for 5 years and has been instrumental in many of the infrastructure upgrades such as DNS/DHCP/IPAM, NAC and the Campus Backbone Upgrade. Prior to joining the University he was a Technology Consultant and Architect for a variety of companies around the world. He is a TOGAF certified architect with a bachelor in CIS and numerous other professional certifications.
To view archived presentation, click here.
Automatic Disabling SIP With OS X El Capitan Upgrade by Topher Nadauld, University of Utah
System Integrity Protection (SIP), sometimes referred to as rootless, is a security feature implemented in OS X El Capitan. It protects certain system processes, files and folders from being modified or tampered with by other processes even when executed by the root user or by a user with root privileges (sudo). Apple says that the root user can be a significant risk factor to the system’s security, especially on systems with a single user account on which that user is also the administrator. System Integrity Protection is enabled by default, but can be disabled.
Since we haven’t migrated completely to our new client management system, called Casper Suite, we decided to temporarily disable SIP since it conflicts with our current client management system called Radmind. Radmind operates as a tripwire with the ability to detect any modifications to the file system and reverse those changes to a known state. We also had hardware that required running the latest OS, OS X El Capitan that needed to be deployed.
We didn’t want to touch every system, to disable or enable System Integrity Protection (SIP), so, we developed a automated method of disabling system during OS X El Capitan upgrade. This process will be discussed at this presentation. For more information, check out the blog here.
To view archived presentation, click here.
Open Discussion
Questions, comments, problems and fixes.
Directions
Note, due to scheduling conflicts with our usual meeting location, we will be meeting at the Marriott Library room 1705F located inside the Faculty Center located north of Mom’s Cafe.
For directions to the University of Utah monthly Mac Managers Meetings see the following web page.
No Comments