configure SSHGuard for OS X 10.8 and Higher

::UPDATE:: I’ve confirmed that this still works under Mavericks.
::UPDATE 2/15/2015:: Still works fine on Yosemite
::UPDATE 1/31/1016:: El Capitan appears to use socketfilterfw instead of pf, though pf is still installed. I’ll post when I have this working on El Cap.

These instructions use Homebrew and PF with SSHGuard on OS X 10.8.4 and higher (10.10 tested). Previous versions of OS X may use IPFW instead of PF and secure.log instead of system.log


$ brew install sshguard
$ su #(or use sudo from here-on out)$ vim /etc/pf.conf

(add the following lines – this assumes your ethernet and wifi interfaces are en0 and en1. You can also use en0 and en1 in the rules instead of setting up variables)


#############
# Variables #
#############
ext_if="en0"
wifi="en1"
loop_if="lo0"
############
# SSHGuard #
############
table <sshguard> persist
block in quick on $ext_if proto tcp from <sshguard> to any port 22 label "sshguard"
block in quick on $wifi proto tcp from <sshguard> to any port 22 label "sshguard"


$ (sudo) pfctl -f /etc/pf.conf #reloads the rules
$ (sudo) cp -fv /usr/local/opt/sshguard/*.plist /Library/LaunchDaemons #set sshguard to run at startup
$ (sudo) launchctl load /Library/LaunchDaemons/homebrew.mxcl.sshguard.plist #start sshguard

Here are the contents of homebrew.mxcl.sshguard.plist:


<!--?xml version="1.0" encoding="UTF-8"?>-->
<!--DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">-->
<plist version="1.0">
<dict>
<key>Label</key>
<string>homebrew.mxcl.sshguard</string>
<key>KeepAlive</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/opt/sshguard/sbin/sshguard
<string>-l</string>
<string>/var/log/system.log</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>

I’m including images of my terminal showing the contents of these files since WordPress seems to find new ways to break the formatting of this post every so often.

pf.conf:
Screenshot 2015-02-15 16.46.08

homebrew.mxcl.sshguard.plist:
homebrew_mxcl_sshguard_plist

If you don’t have homebrew installed, you should download the source and compile it for PF.

Advertisements

Script your OS X setup

I found a great bash script from Mathias Bynens on github that he uses to automate getting a new OS install just the way he likes it. It’s full of useful commands that you can use to tweak OS X to your delight. Just please don’t blindly run this script on your machine or you’ll potentially end up with behavior that you don’t like and don’t know how to undo.

I’m slowly working on molding his script into my own to keep in Dropbox and on a thumb drive so I don’t have to remember how to manually set up a new machine. When I’m finished, I’ll post what I come up with, but I thought it was worth sharing the original first.

.bash_profile or .bashrc in OS X?

I always forget which file to use when I want to change something in my environment. It doesn’t help that Terminal.app in OS X behaves a little differently than other *nix terminals. Thankfully, John Staiger posted a very clear explanation and a handy trick a few years back.

The short version is this: .bash_profile runs when you log in, .bashrc runs when you open a new terminal window EXCEPT in OS X which treats each new terminal window as a new login for some reason.

Staiger’s suggestion is to keep all your settings in .bashrc and just tell .bash_profile to call .bashrc so you don’t end up managing two files (click through for his .bash_profile contents). This works just fine, but I don’t know that I’ve even run into a situation in OS X where .bashrc would be loaded instead of .bash_profile so it’s probably just as easy to keep everything in .bash_profile and never create .bashrc.

I imagine the trick would be more helpful if you’re working in different distros and want to manage your environment the same way regardless of which OS you’re currently on.

Maxroam APN Settings for iPhone and Android

Dredged up from a cached Blogger entry for your reference. Your mileage may vary.

Maxroam Mobile General APN Settings:
APN: maxroam.com
Username: maxroam
Password: maxroam

Maxroam APN Settings for iPhone / iPad:
Go to Settings > General > Network > Mobile Data Network > APN and enter the following details
Cellular Data:
APN: maxroam.com
Username: maxroam
Password: maxroam
MMS:
APN: maxroam.com
Username: Blank
Password: Blank
MMSC: Blank
MMS Proxy: Blank
MMS Message Size: Blank
MMS UA Prof URL: blank

Maxroam APN Settings for Android:
Go to Menu -> Settings -> Wireless & networks-> Mobile networks -> Access Point Names -> New APN and key the following details
Name: Maxroam
APN: maxroam.com
Proxy: < Not Set >
Port: < Not Set >
Username: maxroam
Password: maxroam
Server: < Not Set >
MMSC: < Not Set >
MMS Proxy: < Not Set >
MMS Port: < Not Set >
MMS Protocol: < Not Set >
MCC: < Not Set >
MNC: < Not Set >
APN Type: < Not Set >

Transitioning From Google Reader

Just some quick thoughts. Here are the services I’m looking at as replacements:

  • NewsBlur – Seems pretty quick and full-featured and there’s a social commenting aspect that looks similar to Google Reader of days gone by, but the site has this Java-y non-native feel to it that I don’t like. The interface feels busy, but it might be something that I’ll appreciate for its utility later.
  • NetVibes – I tried NetVibes several years ago when I thought that having a personal web portal (or whatever they were called) would be an awesome thing and I wasn’t particularly impressed. The RSS reader seems a bit barebones, but it’s decently quick. It feels more non-nativey than NewsBlur, but doesn’t appear to have the social features or many features at all.
  • Prismatic – This might make a good tool for finding the latest news in groups of feeds that I don’t care to read completely, but it seems too magazine-ish for keeping track of sites where I read every post of that don’t post often and I have Flipboard for that.
  • The Old Reader – A clone of Google Reader before the social features were stripped out. Looks promising, but has been down more than up since I started trying to use it so I can’t say for sure yet.
  • Fever – I almost bought this right when it came out. I like idea of their approach to sorting, and Fever already integrates with Reeder (my RSS app of choice on Mac, iPad, and iPhone), but I’m a tiny bit wary of having to maintain my own installation of it. Costs $30 which is cheap as long as I end up using it.
  • Feedly – Looks pretty and I like the versatility of the different web views and the iOS app is really slick. It’s not super intuitive for someone who’s expecting a classic RSS or email interface, but I don’t mind learning a bit. Sharing options look nice.
  • NetNewsWire – I’ve tried this app multiple times over the course of many years along with apps like Shrook, NewsFire, Vienna, and I feel like there was one called NewsGator? But I never stick with it. I don’t really want to replace Reeder as my go-to native client.
  • Flipboard – I love Flipboard for browsing through high-volume feeds, but I never transitioned into using it for my main reads. I don’t think it’s really built for that.
  • I hope HiveMined ships soon so I can check that out, but it’s been a long time coming.

What’s likely to happen is that I’ll just jump on board with whoever Reeder builds-in support for. Right now that means Fever, but that only works on the iPhone app at the moment. Maybe as part of this transition I’ll offload some of my high-volume stuff into Flipboard and trim down my 130+ feeds. Otherwise, whatever holds the status quo will probably make me happy.

I will say that I very honestly miss the social functions in Google Reader. If someone manages to recreate that inside of a quality RSS reader (and I can get the right friends to use it), they will have my attention and my money).