Archive for August, 2010

Configuring PHP in IIS on Windows Server 2003

Thursday, August 19th, 2010

By default, a site configured in IIS 6 will not support PHP. An extension mapping must be created so that IIS will know how to handle php scripts.

This assumes that PHP has been installed on the server in question.

1. Right-click on the site in question and choose Properties.
2. In the Properties box, click on Home Directory, and then Configuration
3. Under Application Extensions, click Add.
4. Either enter or browse to the PHP executable, php5isapi.dll.
5. Under extension, enter “.php”

You have the option to limit the HTML methods that PHP scripts will have access to. The limitations you impose depend on the security requirements of the client, but GET, HEAD, and POST should be enough for most PHP applications. Verbs should be separated by a comma, for example: GET,HEAD,POST

6. Save your changes, and restart IIS.

iPhone Security Updates

Friday, August 13th, 2010

US-CERT has issued the following regarding the latest iOS patches:

Systems Affected

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with “SA10-224A Feedback VU#274718″ in the subject.

* Apple iOS for iPhone, iPad, and iPod touch devices

Overview

Apple has released iOS 4.0.2 Update and iOS 3.2.2 Update to correct multiple vulnerabilities affecting components of Apple iOS. Apple iOS is used by iPhone, iPad, and iPod touch devices. As a result of convincing a user to view a specially crafted web page, attackers could take control of your device, gain access to your sensitive information, or crash your device.

Solution

Install the updates on Mac OS X and then use iTunes to download and install updates.

Description

Apple iOS 4.0.2 Update and iOS 3.2.2 Update address two vulnerabilities affecting iOS, including a vulnerability detailed in US-CERT Vulnerability Note VU#275247.

References

* iOS 4.0.2 Update for iPhone and iPod touch - http://support.apple.com/kb/HT4291

* iOS 3.2.2 Update for iPad – http://support.apple.com/kb/HT4292

* Updating your iPhone, iPad, or iPod touch -
http://support.apple.com/kb/ht1414

* Vulnerability Note VU#275247 -
https://www.kb.cert.org/vuls/id/275247

Hiding a Restore Partition With jamf

Monday, August 9th, 2010

The jamf command that is placed inside the /usr/sbin directory has a number of things it does really well. Many of the tasks exposed in Casper Admin can be tapped into using shell scripts.

One nice option that the Casper Suite has for the mobile users in many an enterprise is the ability to restore a given machine to a known good working state. Casper addresses this using a concept known as a restore partition. The restore partition can be used to deploy a base set of packages to a client, or maybe just a functional operating system that hooks back into the JSS, or JAMF Software Server. Because you want the restore partition to be somewhat undefiled, you can hide it. Then, if a user needs to boot to the restore partition, they would simply boot the computer holding down the option key and select Restore (or whatever you have named it).

The /usr/sbin/jamf command can then be used to hide that restore partition using the hideRestore option. For example, assuming that the restore partition is named Restore, the following command will hide it:

/usr/sbin/jamf hideRestore

But, you might find that you want to deploy multiple hidden partitions. So let’s say that you had another for running disk tools. In our environment we could call it 318Tools. So to hide it as well, we would use the same command, but with the -name option followed by the name of the other partition we would like to hide, like so:

/usr/sbin/jamf hideRestore -name 318Tools

Overall, there are a number of uses other than simple patch management with the Casper Suite, and this is just one of the small things you can do with the jamf command, an integral part of the Suite.