September 17th, 2012
Over the years I have stored a file that has many of the day to day commands that I use to administer the computers at my workplace. After 4 years of saving these commands I am giving back and creating the ultimate post to aid all new sys admins out there.
The Adaptive Firewall
The most basic task you can do with the firewall is to disable all of the existing rules. To do so, simply run afctl (all afctl options require sudo) with a -d option:
afctl -d
When run, the adaptive firewall’s rules are disabled. To re-enable them, use the -e option:
afctl -e
To remove a specific IP address that has been blacklisted, use the -r option followed by the IP address (rules are enforced by IP)
sudo /usr/libexec/afctl -r ###.###.###.0/24
To add an IP to the blacklist, use the -a option, also followed by the IP
sudo /usr/libexec/afctl -a ###.###.###.0/24
To permanently add a machine to the whitelist, use -w with the IP
sudo /usr/libexec/afctl -w ###.###.###.0/24
Recover a corrupt open directory
10.5, 10.6, and 10.7 have a recover tool that will help you recover a damaged or corrupt ldap directory.
sudo db_recover -h /var/db/openldap/openldap-data/
Reset a corrupt open directory
Note, this should only be done in the event that there is no possible way to recover or restore the OD. This will completely destroy your servers open directory.
sudo slapconfig -destroyldapserver
mkpassdb -dump
Change computer name
Change the computer name over ARD or SSH.
networksetup -setcomputername
Cleanup files from users computers
We do not allow .torrent files on users computers, so I run this via ARD every morning on the entire network. I later adapted these commands to a script that runs on login.
rm -vrf ~/Downloads/*.torrent
rm -vrf ~/Desktop/*.torrent
rm -vrf ~/Documents/*.torrent