Fixing Xcode command line tools after upgrade to macOS Catalina 10.15

Today I’ve updated to macOS Catalina 10.15. I’ve tried to setup zsh instead of bash and ran intro troubles with Xcode command line tools.

If I run

xcode-select -p
/Library/Developer/CommandLineTools

I’m seeing my previous installation in /Library/Developer/CommandLineTools. However, if I run

xcode-select --install

I’m seeing the installer which tries to fetch the latest Xcode command line tools. However, it always fails with

Unable to Download App. "Xcode" could not be installed. Please try again later.

I don’t intend to install the large Xcode from the appstore. So I’ve tried to delete the existing installation of the command line tools with

sudo rm -rf /Library/Developer

but the problem is still present.

Many people suggest to go to the developer.apple.com page and to search manually for the Xcode command line tools. I thought this wouldn’t work, because I’m only seeing the Xcode command line tools for Xcode 12.

However, we’re already at Xcode 12.1, so I thought this is the wrong download and is already outdated. But after I’ve installed the tools from this dmg, its working again and

xcode-select --install
xcode-select: error: command line tools are already installed, use "Software Update" to install updates

shows a suitable error message.

So lessons learned: using the latest major version of the command line tools installer seems to be sufficient.

Email notification for fail2ban events

So I’ve configured my fail2ban installation and I’m also able to send emails. But wouldn’t it be awesome if I’ll get notified via email about any fail2ban event?

We start with editing the /etc/fail2ban/jail.local file. Look for the destemail and action parameters and change them accordingly:

mta = sendmail
destemail = recipient@domain.name
senderemail = sender@domain.name
action = %(action_mwl)s

The action can be one of these, whereby I’ve chosen action_mwl:

  • action_: ban only the IP
  • action_mw: ban the IP and send email with whois information about the banned IP
  • action_mwl: ban the IP and send email with whois information about the banned IP and add relevant log lines to the email
  • action_cf_mwl: notify Cloudfare about the offending IP, ban the IP and send email with whois information about the banned IP

Do a restart of fail2ban:

sudo systemctl restart fail2ban

You’ll receive a lot of emails from fail2ban. This also includes any starts and stops of fail2ban as well as the ban notifications. You can limit this behavior by adding following content to the file /etc/fail2ban/action.d/mail-buffered.local:

[Definition]

# Option:  actionstart
# Notes.:  command executed once at the start of Fail2Ban.
# Values:  CMD
#
actionstart =

# Option:  actionstop
# Notes.:  command executed once at the end of Fail2Ban
# Values:  CMD
#
actionstop =

Now copy this file a few times with different file names:

sudo cp /etc/fail2ban/action.d/mail-buffered.local /etc/fail2ban/action.d/mail.local
sudo cp /etc/fail2ban/action.d/mail-buffered.local /etc/fail2ban/action.d/mail-whois-lines.local
sudo cp /etc/fail2ban/action.d/mail-buffered.local /etc/fail2ban/action.d/mail-whois.local
sudo cp /etc/fail2ban/action.d/mail-buffered.local /etc/fail2ban/action.d/sendmail-buffered.local
sudo cp /etc/fail2ban/action.d/mail-buffered.local /etc/fail2ban/action.d/sendmail-common.local

Do a restart of fail2ban:

sudo systemctl restart fail2ban

You should now only receive emails for ban events.

Protect SSH services with fail2ban

If you’ll open SSH on a server to the open internet, you’ll notice a lot of bots trying to login. You certainly should setup certificate based login, but banning offending IPs is also an important security measure.

I’ve installed fail2ban on my Raspbian installations and want to explain the installation and configuration. Its quite easy and the benefits are huge!

sudo apt-get install fail2ban

Create a copy of the original configuration file so that it won’t be overwritten by any updates:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Search for a block for [default]. You should set:

bantime = 10m
findtime = 10m
maxretry = 5

These are the general settings. The settings for sshd should be a little bit stricter. Search a block for [sshd]. You should set:

enabled = true
maxretry = 3

You can enable and start fail2ban now using systemctl:

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Verify its up and running:

sudo systemctl status fail2ban.service
sudo fail2ban-client status
sudo fail2ban-client status sshd

If you end up being locked out, you can unlog an offending IP address using this command:

sudo fail2ban-client set sshd unbanip <offenders IP>

Banned connections will be dropped immediately by the firewall and should be visible with a “connection refused”.

Disable macOS Catalina update notification in Mojave

macOS Catalina was released and is ready to install. If you’re using the previous macOS version called Mojave, you’ll get a notification badge on the system settings.

This little red notification badge is really annoying.

The following two commands were taken from the Apple support forum:

sudo softwareupdate --ignore "macOS Catalina"

If you want to install Catalina via the software update, you can reset the ignored updates with this command:

sudo softwareupdate --reset-ignored

This will hide successfully the Catalina update from the list of available updates in Software Update. However, it won’t remove the notification badge.

But fortunately you can even disable the badge by using these commands:

defaults write com.apple.systempreferences AttentionPrefBundleIDs 0
killall Dock

This will hide the badge until the next time you’ll scan for available software updates.

Disable WordPress Trackbacks to avoid spam

I’ve intended to disable all comment or trackback functionality to avoid having spam and dealing with it in form of anti-spam plugins like Akismet. While I already had comments disabled, Trackbacks were still active.

Even when you disable Trackbacks in the WordPress settings via “Settings / Discussion” under “Allow link notifications from other Weblogs (Pingbacks and Trackbacks)”, your existing pages needs manual update to take effect.

Connect to your MySQL database of your blog (e.g. with PHPMyAdmin) and execute these two queries:

UPDATE wp_posts set ping_status='closed' WHERE post_status='publish' AND post_type='post';
UPDATE wp_posts set ping_status='closed' WHERE post_status='publish' AND post_type='page';

 

I’ve found this information on Andreas blog, thank you!