On Aug 16, 2012, at 8:19 AM, JohnV wrote:
> iMac intel
>
> In playing with security/firewall settings while reading aricles on Mac
> vulnerabilities, I changed a setting and now, when I fire up the iMac
> (10.6.8) , after logging in, I get a stacked set of identical windows, each
> asking if I want to ALLOW or DENY a named application to have access. I
> clicked on DENY on each but would appreciate a clue about what these things
> ARE.
>
You went and fiddled with things you do not comprehend, Grasshopper, and now
it's broken. 8-)
Go forth and undo your doings. These are all things that OS X normally uses
behind the scenes to do things.
Google is your friend, man is your less friendly, but very knowledgeable local
geeky 'friend'.
Denying these services means you : cannot share files, cannot connect to
Windows shares, cannot print.
This is a common consequence of encountering scary security and vulnerability
articles with not enough understanding of the underlying processes and systems
involved.
There are a lot of FUD-ish articles out there that make it sound as if your Mac
is merely seconds away from being completely taken over by Albanian criminal
hacker terrorists intent on using your mac to trade child porn, nuclear secrets
and celebrity email passwords, and getting you thrown in Gitmo while stealing
every cent you own and taking out 14 billion dollars in loans in your name from
banks run by Russian mobsters, who WILL pay to invent a time machine to go back
in time to threaten castrating your grandfather before your father was born to
force you to pay back the loans...
Out of the box, if nothing is turned on in the Sharing pane, your Mac is pretty
much immune to outside attacks as is. If you're connected behind a typical DSL
or Cable router using NAT, your mac is pretty much immune to outside attacks as
is.
All of these things are parts of services that are called when you have stuff
in the sharing pane ticked.
> krb5kdc
Kerberos, used for authentication by a host of services
NAME
krb5kdc - Kerberos V5 KDC
SYNOPSIS
krb5kdc [ -a ] [ -x db_args ] [ -d dbname ] [ -k keytype ] [ -M mkey-
name ] [ -p portnum ] [ -m ] [ -r realm ] [ -4 v4mode ] [ -n ]
DESCRIPTION
krb5kdc is the Kerberos version 5 Authentication Service and Key Dis-
tribution Center (AS/KDC).
>
> nmbd
Look, you cannot share with Windows systems now.
NAME
nmbd - NetBIOS name server to provide NetBIOS over IP naming services
to clients
SYNOPSIS
nmbd [-D] [-F] [-S] [-a] [-i] [-o] [-h] [-V] [-d <debug level>]
[-H <lmhosts file>] [-l <log directory>] [-p <port number>] [-s <con-
figuration file>]
DESCRIPTION
This program is part of the samba(7) suite.
>
> smbd
Now you cannot mount volumes from Windows servers, either (or linux ones, or
many NAS boxes)
NAME
smbd - server to provide SMB/CIFS services to clients
SYNOPSIS
smbd [-D] [-F] [-S] [-i] [-h] [-V] [-b] [-d <debug level>]
[-l <log directory>] [-p <port number(s)>] [-P <profiling level>]
[-O <socket option>] [-s <configuration file>]
DESCRIPTION
This program is part of the samba(7) suite.
>
> cupsd
The CUPS (heart of the printing system in OS X) central dispatcher. Since the
Mac uses 'network' printing even to use locally attached printers, preventing
cupsd from doing it's thing, means you cannot print.
cupsd(8) Apple Inc. cupsd(8)
NAME
cupsd - cups scheduler
SYNOPSIS
cupsd [ -c config-file ] [ -f ] [ -F ] [ -h ] [ -l ] [ -t ]
DESCRIPTION
cupsd is the scheduler for CUPS. It implements a printing system based
upon the Internet Printing Protocol, version 2.1. If no options are
specified on the command-line then the default configuration file /pri-
vate/etc/cups/cupsd.conf will be used.
>
> AppleFileServer
Now you cannot share files with other Macs.
NAME
AppleFileServer -- Apple File Protocol server.
SYNOPSIS
AppleFileServer
DESCRIPTION
How to run the AppleFileServer
Running on MacOS X Desktop
The AppleFileServer is typically launched using the Sharing
Preference. Launch System Preferences. Select Sharing. Select
the Services tab. Select Personal File Sharing and click start.
--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group
Institutions do not have opinions, merely customs
--
You received this message because you are a member of G-Group, a group for
those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs.
The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette
guide is at http://www.lowendmac.com/lists/netiquette.shtml
To post to this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/g3-5-list
