Part 1: Basic settings after a fresh installation(obvious points for many, but not all)
I will start this article with the basic settings as the first part of the article, I will add more later on. You have bought a new mac or have just reinstalled the operating system, let’s assume at once that it is a white system, you should not work even with an encrypted host operating system! Trivial things that should be done by itself: disable geolocation, enable FileVault , do not allow recovery of disk key or account password through Apple ID. Don’t forget to put a password on your macbook’s firmware!!! Without it, it will be possible to run OS in single user mode or reinstall console, as well as to conduct so called DMA attack to pull disk password from memory. It is possible to set it via Command R at switching on your PC, after that menu item Set Firmware Password is at the top. The main thing is not to forget or lose this password, because without it the OS cannot be reset completely, and also if something goes wrong with the current OS (or you kill the filewolf key) your notebook will become a brick!
It is obligatory to install Little Snitch 3, where we can configure separately the network behavior of each individual piece of software. Snitch also supports profiling: for example, if you work via VPN only from 3G modem, but from home provider you visit only white sites, then we make two profiles. One of them says that when you connect via 3G network, only virtual machine daemon should be allowed into Internet, and when you connect to local WiFi, everyone except virtual machines should be allowed into network.
You should not put VPN connection on the main OS, as it is additional palsy presence of specware on your computer, as well as other problems in the form of falling off the VPN at the unnecessary moment and the attempts to climb to the Apple servers through the working channel, it is enough to put a VPN inside the virtual machine. (Look for provider who allows more than 1 connection to his VPN, they happen). Thus it`s killing several birds with one stone – no spetsware on white OS and also with Little Snitch protecting against sudden loops in VPN (in Snitch we indicate the rule to let virtual machine to IP of VPN provider ONLY)
It is best to run from virtual machines, as mentioned above. Machines should ideally be on external drives, or at least in a truecrypt/corestorage container on a disk. It is just in this scenario can safely use the computer not only for work, but also to take them on vacation, without fear if something checks I personally use Parallels, because when properly configured, it is still the fastest of all (according to tests from the Internet). I also can use it as a virtual machine for OS X.
Fallacious paths in the system to watch out for:
/private/var/log/ full system logs, writes ALL! what software from the flash, where did you run the script disk, etc. Disable completely, you can either clean up occasionally or direct to an empty drive in RAM /private/var/tmp/ temporary systems, possibly not dangerous /private/tmp/ temporary systems, possibly not dangerous /Library/Logs/ logs of daemons and agents, which have root access (including Parallelce, Snitch, Virtualbox etc.) /Library/Application Support/CrashReporter/ logs the crashes of rooted software (the ones with root access) /Library/Preferences/ rooted software settings. For example, this is where Parallels stores the list of virtual machines, license, DHCP licks and other stuff
/private/var/vm/ this is where the swap files and the hibernation file of the axis sit. There are 2 options: disable swap if you are not using virtual machines, or periodically clean the swapfile files. It is not a good idea to clean these files when running a virus! Better to do it before system shutdown or before startup via autorun scripts /.Spotlight-V100 database of files in system , for search Spotlight, not very scary shit if turn off spotlight(ever used it? I haven’t)
$HOME/.bash_history command line history $HOME/.ssh/ SSH connection keys to the daeds e.g. $HOME/Library/Logs/ logs of non-root and non-root software $HOME/Library/Application Support/CrashReporter/ common software crash reports $HOME/Library/Caches/ software caches $HOME/Library/Containers/ sandbox contents of software, 99% of the time only Upstore software is stored here (settings, resources, downloadable content, etc.) $HOME/Library/Application Support/ almost the same as Containers but without sandbox. Here e.g. Psi and Psi store logs, settings, OTR keys (I suspect Adium sits in the same place) $HOME/Library/Preferences/ software settings, in most cases these are just window layouts, localization etc. But sometimes more. $HOME home folder, e.g. /Users/Vasia
Another issue that concerns many people is the following: Even when virtual machines are on a disabled encrypted disk, I still see the full list when I enable Parallels(VirtualBox)! Here is an example of what to do, since I didn’t use VirtualBox for a long time: The list of virtual machines can be found in /Library/Preferences/Parallels/ (all files (3) except for the license). The same windows configuration and defaults cache sits in /$HOME/Library/Preferences/com.parallels.* (5 files by mask). Either write a script or do it manually: After Parallels is turned off with black machines, move these files to the Trucrypt container. Then before starting up again, put all the files back.
======================== SZY: The article will be supplemented and additional issues will be revealed gradually. Writing style sucks, never wrote articles ))
The rights to this article belong to the author. Reprinting, use of individual parts, etc. for personal purposes on other resources is only permitted with the author’s agreement. Copyright (C) 2015 Docmaster
best sites to buy cc for carding