Performing System Backups

 < Day Day Up > 

Keeping Software Updated

An important part of maintaining a functioning and secure system is staying on top of the operating system updates. With a BSD core, Tiger needs more frequent attention than the Classic Mac operating system. Critical security utilities such as SSH are revised regularly and, unless updated, might open your system to outside attack. Updates in mid-2004 fixed holes in Safari and Help Viewer that could potentially allow malicious scripts to run without warning on your system. Although it might be tempting to let Tiger coast for a few months and perform all the updates at once, doing so is not wise. A machine with a full-time Internet connection is vulnerable from the moment that a new software exploit is found and very likely will be compromised.

For example, consider my home cable-connected computer, which logs each connection attempt made:

 12/27/2004 03:38:28 Host: www.allstat.com/216.168.220.18 Port: 137 UDP Blocked 12/27/2004 03:51:47 Host: 211.109.221.80/211.109.221.80 Port: 27374 TCP Blocked 12/27/2004 04:22:09 Host: 71dial170.xnet/213.233.71.170 Port: 27374 TCP Blocked 12/27/2004 07:46:43 Host: 92dial132.xnet/213.233.92.132 Port: 27374 TCP Blocked 12/27/2004 08:03:51 Host: 65.103.240.60/65.103.240.60 Port: 1433 TCP Blocked 12/27/2004 08:10:57 Host: pc172.jeleniag/217.96.243.172 Port: 22 TCP Blocked 12/27/2004 09:49:30 Host: rrcs-central-24-12/24.123.46.10 Port: 515 TCP Blocked 12/27/2004 10:35:34 Host: 64dial26.xnet.ro/213.233.64.26 Port: 27374 TCP Blocked 12/27/2004 12:53:05 Host: 211.137.136.118/211.137.136.118 Port: 111 TCP Blocked 12/27/2004 14:15:47 Host: 6535208hfc65.tampa/65.35.208.65 Port: 137 UDP Blocked 12/27/2004 15:00:20 Host: Sherbrooke-HSE/65.93.184.161 Port: 27374 TCP Blocked 12/27/2004 19:01:57 Host: 210.0.179.119/210.0.179.119 Port: 21 TCP Blocked 12/27/2004 19:51:48 Host: 67-92-203-151/67.92.203.151 Port: 1433 TCP Blocked 12/27/2004 20:26:33 Host: AC83C299.ipt.aol/172.131.194.153 Port: 23 TCP Blocked 12/27/2004 21:05:20 Host: 66.84.150.13/66.84.150.13 Port: 1433 TCP Blocked 12/27/2004 23:19:13 Host: 195.113.153.9/195.113.153.9 Port: 21 TCP Blocked 12/27/2004 23:32:48 Host: 61-220-153-179/61.220.153.179 Port: 1433 TCP Blocked 

In the course of one day, there are more than 15 connection attempts. Some are innocuous simple probes for Internet sharing services such as Kazaa whereas others are attempts to connect to well-known services, such as telnet, SSH, and FTP, presumably for the purpose of exploitation. On a production computer with a real Internet connection running real services, you might experience hundreds of inappropriate connection attempts a day, and unless you want to spend your time reinstalling Tiger, you should keep your system updated and prepared to handle the threat.

Checking for Updates

Tiger automates the process of upgrading software through the use of the Software Update System preferences pane (path: /Applications/System Preferences), shown in Figure 29.1.

Figure 29.1. The Software Update pane controls automatic system updates.


Use the check box to choose whether to run the software update application automatically or invoke it manually. If you've chosen an automatic install, use the pop-up menu to select a schedule (Daily, Weekly, Monthly) for the update library to be queried. If you want the system to automatically download updates in the background so that they can be installed faster, click Download Important Updates in the Background.

NOTE

The Tiger software update mechanism does not automatically install any updates. An administrative user must confirm the update process before it will be carried out.


To force the system to look for updates immediately, click the Check Now button or choose Software Update from the Apple menu at any time. Your computer contacts Apple and detects available software packages.

If updates are found, a system update application is launched, as shown in Figure 29.2.

Figure 29.2. Check the items that you want to install.


Downloading Updates

Click the check box in front of each package that you want to install. Packages that will require a reboot are denoted by a small arrow icon in their listing. (All updates to the base operating system require a reboot before becoming active.) When you've finished selecting packages, click Install to start the updates. You will be prompted for an administrator password before continuing.

During each installation, the system displays a status bar for the update. If a component hasn't already been downloaded in the background, it could take quite awhile for the system to download and install; you might want to take a break during this process.

For some software packages, you might see a license agreement during the installation. In addition, the installation is likely to pause for a long period of time while it optimizes your installed packages. This is completely normal, albeit slightly annoying. Just wait patiently even if the update seems to be taking an unusually long time.

NOTE

For those who want to put the update on a CD or file server, Apple offers normal file downloads for all the available system updates. To download an update file to your desktop through the Software Update application, select the item in the update list; then choose Update, Download Only or Install and Keep Package from the menu. The former will download the updates without installing them; the latter will download the update packages and install them on the local computer.


TIP

In the event of an installation failure, Apple suggests manually forcing an update, and then reselecting and reinstalling the failed upgrade. I've found that downloading the update package to the desktop and installing manually often works.


Disabling Unnecessary Updates

If there are updates that don't apply to your system, select them and choose Update, Ignore Update from the menu (or press Delete). This prevents Software Update from attempting to install them in the future.

To show updates that you've previously made inactive, choose Software Update, Reset Ignored Updates.

NOTE

When you choose to ignore an update, the system will ignore the update and any future versions of the same type of update. If you choose to ignore an iPod update, for example, all iPod updates will be ignored.


Reviewing Installed Files

Many users, for good reason, want to keep track of what software has been installed on their system. Opening the Software Update preferences pane and clicking the Installed Updates button displays a log of installed updates. Figure 29.3 shows this listing.

Figure 29.3. The Software Update pane displays a list of installed update packages.


In some cases, packages that are partially installed might be listed even though they weren't completely installed. To make Mac OS X forget about an update so that it can be reinstalled, open the directory /Library/Receipts. This folder contains receipt files for all software installed using Apple's built-in Installer program. The receipts are named based on the updated package; for example, Security Update July 2003 has the receipt file SecurityUpd2003-07-14.pkg.

Throwing out a receipt file will usually effectively convince Mac OS X that the update was never installed.

Listing the Bill of Materials with lsbom

The receipt files, in addition to keeping track of which packages have been installed, also contain a bill of materials (BOM). The BOM tracks every file that was updated or installed. Users can access the BOM using the command-line lsbom command. You'll need to dig deep into the receipt files, accessing a directory with this pattern: <receipt package>.pkg/Contents/Resources/<receipt package>.bom. For example, to view the BOM for the Tiger Seed Update 8A323A receipt file:

 brezup:jray jray $ sudo lsbom /Library/Receipts/TigerSeedUpdate8A323A.pkg/Contents/Archive.bom .       41775   0/80 ./System        40755   0/0 ./System/Library        40755   0/0 ./System/Library/CoreServices   40755   0/0 ./System/Library/CoreServices/SystemVersion.plist 100644  0/0  506  921025735 ./System/Library/Frameworks     40755   0/0 ./System/Library/Frameworks/ApplicationServices.framework       40755   0/0 ./System/Library/Frameworks/ApplicationServices.framework/Versions      40755   0/0 ./System/Library/Frameworks/ApplicationServices.framework/Versions/A    40755   0/0 ... 

The lsbom command can limit its output to only specific types of files contained in the BOM, such as directories or files, by using flags such as -d and -f, respectively. The Apple lsbom documentation, contained in Table 29.1, displays many of the available options and filters for viewing BOMs as documented in the man page.

Table 29.1. Command Documentation Table for lsbom

Option

Description

-b

List block devices

-c

List character devices

-d

List directories

-f

List files

-l

List symbolic links

-m

Print modified times (for plain files only)

-s

Print only the path of each file

-x

Suppress modes for directories and symlinks

-arch

-archVal when displaying plain files that represent fat mach-o binaries; print the size and checksum of the file contents for the specified archVal (either "ppc" or "i386")

-p <param>

Print only some of the results (each option can only be used once):

c

32-bit checksum

f

Filename

F

Filename with quotes (that is, "/usr/bin/lsbom")

g

Group ID

G

Group name

m

File mode (permissions)

M

Symbolic file mode (that is, "dr-xr-xr-x")

s

File size

S

Formatted size

t

Mod time

T

Formatted mod time

u

User ID

U

Username

/

User ID/group ID

?

Username/group name


BOM files can be useful in determining what has changed on your system. If you've modified the location of system software or configuration files, a system update might modify or move these files. Viewing the BOM can tell you exactly what happened during a system update.

Updating from the Command Line

In Tiger, all the functionality of the Software Update utility can be accessed through the command-line program softwareupdate. Invoking sudo softwareupdate -l produces a list of the available updates:

 brezup:jray jray $ softwareupdate -l Software Update Tool Copyright 2002-2004 Apple Software Update found the following new or updated software:    * 4082         Hard Disk Update (1.0), 840K [recommended] 

Each package is listed with a number (called a label) by which you can refer to the update and a flag as to whether the update is recommended.

To install an update, simply invoke softwareupdate -i followed by the label for each update. You can specify as many updates on a single line as you want, and each will be downloaded and installed in turn:

 softwareupdate -i <update label> <update label> ... 

For example:

 brezup:jray jray $ sudo softwareupdate  -i 4082 Software Update Tool Copyright 2002-2004 Apple Downloading Hard Disk Update Downloading Hard Disk Update    0..10..20..30..40..50..60..70..80..90..100 Expanding Hard Disk Update Installing Hard Disk Update     0..10..20..30..40..50..60..70..80..90..100 Done. 

If an update requires a system restart to become active, you will be prompted to reboot after the installation has completed. You can reboot from the command line by typing sudo /sbin/reboot.

NOTE

Failing to reboot after installing an update that requires a restart might result in unusual and unpredictable system behavior.


As we mentioned, softwareupdate can perform all the same functions as the GUI equivalent in fact, it is more flexible than the GUI. The basic syntax for softwareupdate is always softwareupdate <options> [<label> ...] . Table 29.2 contains a list of the available arguments and their use.

Table 29.2. The softwareupdate Utility Can Perform All Your Update Tasks from the Command Line

Option

Description

-l

List all available updates.

-d

Download the updates.

-i <label> ...

Install the named updates.

-i -a

Install all the available appropriate updates.

-i -r

Install only the recommended updates usually security and serious bug fixes.

-i -u <url> ...

Install updates from a URL. Unless you are distributing updates via Tiger Server, you won't need this.

--ignore <label>

Ignore the named update (current and future versions). Configured on a per-user basis.

--reset-ignored

Reset the ignored updates so that they appear when updates are listed. Configured on a per-user basis.

--schedule [on|off]

Turn automatic update checking on and off. Configured on a per-user basis.


     < Day Day Up > 


    Mac OS X Tiger Unleashed
    Mac OS X Tiger Unleashed
    ISBN: 0672327465
    EAN: 2147483647
    Year: 2005
    Pages: 251

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net