📚 MacOS Basics


Created: 28.09.2020

Firewall

You can set specific rules to limit the traffic.

FireVault

No recovery once this password is lost.

Partitions

It has a hidden partition installed (MacOS recovery). It replaces the installation disks that came with older PCs. Restart and hold down R-key. It doesn’t touch the user directories, only reinstalls the OS. If this option is not available, Internet-recovery will be laucnhed.

Disk Utility

When erasing data choose from the three options:

  • Just mark all as deleted, files are recoverable;
  • Re-write three times;
  • Re-write seven times;

Gatekeeper

Prevents third-party application from being installed.

SMC

The SMC is the system management controller. It’s responsible for a number of processes, including the cooling fans, keyboard, and LED lights. It also affects the power supply of your Mac. [1]

To reset it, power on and hold the Shift, Control, and Option keys while simultaneously holding the power button for 10 seconds.

PRAM

This stands for parameter random access memory. This essentially stores information about your control settings and is powered by a battery to ensure that your settings remain the same even if you turn your computer off. [1]

If the Mac’s running slow or keep getting overheated even if there is not much system resources in use, reset it by rebooting and pressing Command, Option, P, and R until you hear the startup beep for the second time.

Disk Arbitration Daemon

When you insert a disk, diskarbitrationd probes the disk to determine its file-system format, checks the disk for issues, mounts the file system, and updates the disk arbitration table. Writes to system.log.

disktool

Not working on macOS Big Sur, 11.2.3, M1, returning diskutil: please use diskutil(8) instead of disktool diskutil: interrupted

diskutil

This command line utility is usually used for all the things that can normally be accomplished with Mac OS X application Disk Utility.

drutil

For interacting with CD and DVD burners.

mount and umount

Mostly used for network volumes. You will also need to refresh disk arbitration with disktool r (which is not available on the latest Mac versions) after using either of the two commands.

volinfo.database

Keeps track of the volumes. sudo su && cat /var/db/volinfo.database to see the list of volumes’ UIDs.

fstab

Doesn’t exist by default. To create it run sudo vifs and then quit saving the file (Esc > Shift + ZZ). Now, /etc/fstab exists. Allows mounting file systems in particular locations at system startup.

Important note here.

Because of disk arbitration, the device files on Mac OS X are not static. [1]

So, if you want to mount a disk to a specific location like disk /dev/disk0s1 to mount at / , this won’t work, since you might get another disk number the next time the system reboots. Create a label in fstab instead (for example, LABEL=Disk2 /Disk2 hfs rw 0 0).

SIP

System Integrity Protection. Introduced in El Capital OS (10.11). Restricts user actions on protected parts of the OS (System, usr, bin, sbin, pre-installed apps). SIP prevents imaging of a live system. Can be disabled:

# Boot into recovery mode by pressing CMD+R on restart
# Open Terminal
csrutil disable
# Restart

Later versions protect a whole separate read-only volume.

Anti-malware Mechanisms

Apple integrated its own frameworks (XProtect and, more recently, Endpoint Security) and YARA antivirus signatures.

References

[1] Zapping The PRAM: How, When, and Why To Reset The PRAM and SMC On Your Mac, Team Recompute on 29th Apr 2019