Tag Archives: daemon

Enable Remote Logging on Mac OS X

Posted on by
1

Background

It is often desirable to collect the system logs from various devices onto a central “logging host”.  This can simplify monitoring needs considerably as tools and scripts need only work on a single host.  It also provides some security benefits as hackers will have a harder time masking their activities if they do not have access to the logging host.

On Mac OS X, there is a logging daemon (the Unix standard syslogd utility) that can be used to write both local logs and receive logs from remote hosts.  Unfortunately, the ability to receive remote logs is turned off in the default installation.  However, it is a trivial task to enable this functionality.

Setup (for 10.5 and older systems)

  1. Login as administrator to the logging host
  2. Open a terminal session using the Terminal utility
  3. Navigate to the LaunchDaemons directory
    cd /System/Library/LaunchDaemons
  4. Edit the com.apple.syslogd.plist file
    sudo vi com.apple.syslogd.plist
  5. Remove the comment delimiters (<!-- and -->) surrounding the NetworkListener block and save the changes
    <!--
 <key>NetworkListener</key>
 <dict>
 <key>SockServiceName</key>
 <string>syslog</string>
 <key>SockType</key>
 <string>dgram</string>
 </dict>
-->
  6. Stop the currently running instance of the syslog daemon
    sudo launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
  7. Restart the syslog daemon to pick up the changes in the LaunchDaemon configuration
    sudo launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist

The logging facility on the log host should now be available for remote devices to use.

Setup (for 10.6 and later systems)

  1. Login as administrator to the logging host
  2. Open a terminal session using the Terminal utility
  3. Navigate to the LaunchDaemons directory
    cd /System/Library/LaunchDaemons
  4. Convert the com.apple.syslogd.plist to XML format
    sudo plutil -convert xml1 com.apple.syslogd.plist
  5. Edit the com.apple.syslogd.plist file
    sudo vi com.apple.syslogd.plist
  6. Add the NetworkListener dict entry after the end of the BSDSystemLogger dict entry and save the changes
    <key>NetworkListener</key>
<dict>
<key>SockServiceName</key>
<string>syslog</string>
<key>SockType</key>
<string>dgram</string>
</dict>
  7. Convert the com.apple.syslogd.plist file back to the binary format
    sudo plutil -convert binary1 com.apple.syslogd.plist
  8. Stop the currently running instance of the syslog daemon
    sudo launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
  9. Restart the syslog daemon to pick up the changes in the LaunchDaemon configuration
    sudo launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist

The logging facility on the log host should now be available for remote devices to use.

Setup (using the Property List Editor)

Apple provides the Property List Editor utility as part of its developer tools.  The developer tools are usually a separate install from the operating system and is frequently not installed on systems.  If it is present, then using the Property List Editor may be the most convenient means of modifying the com.apple.syslogd.plist file.

  1. Login as administrator to the logging host
  2. Launch the Property List Editor utility (typically located in /Developer/Applications/Utilities)
  3. Open the /System/Library/LaunchDaemons/com.apple.syslogd.plist file
  4. Select the “Sockets” dictionary entry and “Add Item” to create a new key in the “Sockets” dictionary
  5. Change the name of the item to “NetworkListener” and set its type to “Dictionary”
  6. Select the “NetworkListener” dictionary entry and “Add Item” to create a new key in the “NetworkListener” dictionary
  7. Change the name of the item to “SockServiceName”, its type to “String” and its value to “syslog”
  8. Select the “NetworkListener” dictionary entry and “Add Item” to create another new key in the “NetworkListener” dictionary
  9. Change the name of the item to “SockType”, its type to “String”, and its value to “dgram”
  10. Save the file and quit the Property List Editor utility.  The property list should resemble the following example:Example Property List for com.apple.syslogd.plist
  11. Open a terminal session using the Terminal utility
  12. Navigate to the LaunchDaemons directory
    cd /System/Library/LaunchDaemons
  13. Stop the currently running instance of the syslog daemon
    sudo launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
  14. Restart the syslog daemon to pick up the changes in the LaunchDaemon configuration
    sudo launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist

Mac OS X launchd Tips & Tricks

Posted on by
Reply

Background

The launchd utility is the replacement for inet, xinet, rc, crond, at and other system utilities that Apple is endorsing for Mac OS X.

Daemon and Agent Directories

There are a number of designated directories intended to contain the launchd property list files.  Apple designates a Launch Agent as an application or service that is run only when the specified user(s) are logged into the system.  A Launch Daemon is an application or service that is run independently of any logged in users.

~/Library/LaunchAgents

Per-user agents added by the user

/Library/LaunchDaemons

System-wide daemons added by the administrator

/Library/LaunchAgents

Per-user agents added by the administrator

/System/Library/LaunchDaemons

System-wide daemons provided by Mac OS X

/System/Library/LaunchAgents

Per-user agents provided by Mac OS X

Loading and Unloading a launchd entry

Properly configured property list files will be loaded automatically at system boot time.  However, it is not necessary to reboot your system to load or unload a Launch Daemon entry.

When updating a system-level daemon entry, it may be necessary to perform the commands while logged in as an Administrator and using the sudo command.

To add an entry:

launchctl load /Library/LaunchDaemons/service.plist

To remove an entry:

launchctl unload /Library/LaunchDaemons/service.plist

Examples

Setting up rsync as a daemon

Posted on by
Reply

Background

The Unix utility rsync is a powerful tool for synchronizing data.  It can be used to quickly and efficiently copy files both locally and remotely.  It is best known for its delta-transfer capability which can greatly reduce the size of the data copied which results in a much faster copying process.

Setting up rsync as a daemon provides your system with an automated means of running the rsync process on-demand.  Essentially, it provides instructions to the operating system on how to respond when faced with an incoming rsync connection.  The daemon can be configured to limit access, require encryption, restrict permissions, etc. in order to ensure it provides a safe, reliable service.  When run as a daemon, rsync is often referred to as rsyncd.

Special Notice

Improper use of rsync can permanently damage your files. The standard installation of rsync installed with Mac OS X Server was not designed to handle the resource forks that are sometimes associated with Macintosh files.  Using rsync on files with these properties may result in irrecoverable file loss.  Use of rsync should be limited to files known to be “safe” (e.g. Unix utilites and data files).

Setup

There are several steps necessary to setup rsync as a daemon process.  First, a property list file (.plist) must be created specifying the appropriate arguments for the operating system’s LaunchDaemon process to instantiate rysncd.  A configuration file (.conf) must also be created providing additional rsyncd runtime arguments.  The configuration file may also include module files for easier control over individual settings.  Finally, a secrets file (.scrt) should be created to provide an additional layer of security to the rsync daemon.

A newer version of rsync is also available through MacPorts.  It may be installed in addition to the version that comes with Mac OS X.  The standard version of rsync can be found at /usr/bin/rsync, while the MacPorts version is installed by default as /opt/local/bin/rsync.

Property List File

The property list file is read by the LaunchDaemon process and contains instructions for starting the rsyncd process.  The supplied rsync.plist file is suitable for installation on standard Mac OS X Server installations.  It must be modified to reflect the alternate path (/opt/local/bin/rsync) if using the MacPorts-installed version of rsync.

  1. Login as Administrator.
  2. Download the rsync.plist file and make any necessary modifications.
  3. Copy the rsync.plist file to the /Library/LaunchDaemons directory. 
    sudo cp rsync.plist /Library/LaunchDaemons
  4. Set the owner, group, and permissions on the rsync.plist file. 
    sudo chown root:wheel /Library/LaunchDaemons/rsync.plist
sudo chmod 644 /Library/LaunchDaemons/rsync.plist
  5. Load the property list file with the Launch Daemon 
    sudo launchctl load /Library/LaunchDaemons/rsync.plist

Configuration File

The configuration file is read by rsync upon launching and provides environment, security, and other configurable parameters.  It also provides the definitions for rsync module.  Each module exports a directory tree as a symbolic name and can define not only the directory tree but also any unique permissions, patterns, or other configuration options.

In the example configuration, the file and directory structure specifications are detailed in separate files which are included by the main configuration file.  This permits each module’s list of targets to be maintained independently.

There are a number of available configuration options of which the sample configuration file illustrates only a few.  For more information, see the man page for rsyncd.conf.

  1. Login as Administrator.
  2. Download the example rsyncd.conf file.
  3. Edit the rsyncd.conf file and make any necessary changes for your installation.
  4. Copy the rsyncd.conf file to the /etc directory. 
    sudo cp rsyncd.conf /etc
  5. Set the owner, group, and permissions on the rsyncd.conf file. 
    sudo chown root:wheel /etc/rsyncd.conf
sudo chmod 640 /etc/rsyncd.conf

Module Files

Module files are an extension of the main configuration file and are simply an easy method of isolating module-specific settings.  The modules files are included by the main configuration file.  A typical usage is to define the list of files and directories that are to be included (or excluded) in the rsync operation.  The example rsyncd.core module file includes several important directories that are not backed up by Apple’s Time Machine.

Secrets File

The secrets file can be used to store authentication information for restricting access to any defined rsync modules.  The usernames specified in the secrets file do not need to be actual users.

The format for the secrets file is simple:  username:password (one entry per line).  Bear in mind that some systems may have restrictions on the characters, length, or capitalization for either component.

  1. Login as Administrator.
  2. Download the example rsyncd.scrt file.
  3. Edit the rsyncd.scrt file and add the usernames and passwords for your system.
  4. Copy the rsyncd.scrt file to the location specified in your rsyncd.conf file 
    sudo cp rsyncd.scrt /etc
  5. Set the owner, group, and permissions on the file. 
    sudo chown root:wheel /etc/rsyncd.scrt
sudo chmod 600 /etc/rsyncd.scrt