|Home » Learning Curve
Cool Clever Stuff with CLIX
Two technologies endemic to every Apple/Unix OS X machine that should never incur an additional expense are access to search engines and other online resources through the Cocoa Services menu and command line operations. This article discusses using the latter for fun and profit.
The Command Line Interface for OS X
If you don't have CLIX on your box yet, you'd best wander over. Click here and get the download. It's about 200 KB and it's free. It will be easier to follow this discussion if you're running the program.
CLIX is a 'command line interface for OS X'. In a day when Bill Gates makes a big deal out of hiding the command line, Apple bring it back - and it's no mediocre command line either: it's an interface with the very powerful Unix 'shells'.
OS X boxes have 900+ Unix command line programs; all you have to do is access and get acquainted with them. There are things for system maintenance, for network management, and for fun. A bit of everything.
And whilst CLIX is a good way for Unix beginners to get to know Unix and test command line stuff, it's great for the professional too - it saves typing!
For it's one thing to 'know how' to write a complicated command line, consult manpages, figure out the syntax all over again - and it's quite another to have all your command lines stored conveniently in a CLIX file - scroll through, choose, run: it's that simple.
It's a time saver.
To make navigation through the extensive CLIX database easier, commands are divided up into a number of categories.
- .Global - global system preferences.
- Address Book - preferences for Apple's Address Book application.
- Calendar - access to Unix calendar data.
- Clean - generic system maintenance operations.
- Dashboard - turning it on, off; getting it to behave.
- Developer - arcane programming stuff.
- Dict - access to Unix dictionary data.
- Disk - generic disk maintenance operations.
- Disk Copy - preferences for Apple's Disk Copy application.
- Dock - preferences for Apple's Dock application.
- DVD Player - preferences for Apple's DVD Player application.
- Finder - preferences for Apple's Finder application.
- List - access to innumerable lists, Unix, Apple, and otherwise.
- Log - access to generic log files.
- Lproj - manage your language project files.
- Misc - access to Unix 'misc' data.
- Network - generic network maintenance operations.
- Purge - generic system maintenance operations.
- Quartz - showing OS X drawing in 'debug' mode.
- Safari - preferences for Apple's Safari application.
- Security - generic security audit and maintenance operations.
- Spotlight - turning it on, off; getting it to behave.
- System - generic system maintenance operations.
- Trash - operations for interfacing with the 'Trash'.
Naturally these categories are somewhat arbitrary; the idea is you will find new (and better) ways to categorise the commands on your own - or add others with new commands. But this discussion will concentrate on the commands categories 'out of the box'.
The 'Big Four'
Most of the Unix commands come from four standard Unix directories.
- /bin. Original repository for 'binary' files (programs).
- /usr/bin. An addition in the classic 'user' mount area.
- /sbin. Contains system (administration) programs.
- /usr/sbin. Additional system (administration) programs.
If you don't have these directories on disk, check with your installer and opt for the 'BSD subsystem'.
Darwin Open Source
The core of OS X is a variant of FreeBSD which is 'open source'. Apple aren't exactly stupid in making the code so accessible: if you haven't seen the arguments of Eric Raymond in favour of open source and explaining why it's so much better than closed proprietary source, look him up and read.
Security through obscurity never worked anyway, and Apple practice security through a good security model, and large portions of Darwin are legacy code coming down from academia and institutions like Lawrence Livermore. The bottom line? You have a lot of very good code at your disposal - infinitely better, for example, than the crumbs tossed to Windows users.
OS X is a tightly integrated system with both the solid Unix core and the dazzling Cocoa GUI working together. Sometimes your operations will blur out the distinction between the two; your advantage on OS X is that they work so well together.
OK - to the 'fun and profit' part.
OS X preferences are divided into a number of 'domains'; every user has access to 'global' settings. Many of these are stored in the file:
Which, because its name begins with a dot, is normally invisible.
Accessing preferences is normally done with the command line tool 'defaults', a NeXTSTEP addition to FreeBSD found in the Darwin core. Some of the cool clever stuff you can do here:
|Beep Feedback|| ||Turn beep feedback on and off, read current setting.|
|Colour Variant||Use Aqua or graphite, read current setting.|
|Scroll Bar||Use single or double scroll bar modes (four variations).|
Apple's Address Book application has a hidden debug menu. If it's cool and clever or not is another matter, but it's there.
Contains a lot of fun stuff.
|Birthday|| ||Find famous people born on a given day.|
|Computer||Find milestones in computer science for a given day.|
|History||Find historical events for a given day.|
|Holiday||Find international holidays for a given day.|
|LOTR||Find famous events in Lord of the Rings for a given day.|
|Music||Find milestones in music for a given day.|
|US Holiday||Find US holidays for a given day.|
The files in this directory are mostly linear databases; the CLIX commands are merely examples of how this data can be used. Remove the 'grep' pipes to see the full output.
Clean & Purge
Two big 'system maintenance' categories. Operations in the 'Clean' category only unlink files when they're to be removed; 'Purge' operations overwrite files before removing them.
These 'cleanup' operations target the following:
.DS_Store, .localized, .MCXLC, Apple Mail, 'recent folders', Project Builder and Xcode, library caches, Calculator, Camino, 'Desktop' files, DVD scripts, file panel prefs, Finder, Full Circle and Talkback, Dock icon caches, launch services caches, library logs, pref panes caches, receipts, Safari, search index (.FBCIndex) files, and /tmp.
Running all these, or combining them in a single shell script, should give you a 'clean machine'.
Funky stuff for the pro.
|GCC Specs|| ||Show default GNU Compiler Collection settings.|
|GCC Version||Show info on the GCC version installed as default.|
|Leaks||Find memory leaks in running applications.|
|Otool||Show object file data.|
|Otool Disassemble||Disassemble object files.|
|Size||Show the sizes of sections in object files.|
|Style||Show the 4BSD KNF style guide.|
Accesses the oft-overlooked resources in:
|Connectives|| ||Show 'connectives' (words that grammatically 'connect').|
|Proper Names||Show proper names.|
|Web2||Look up a word (currently 234937 entries).|
|Web2a||Look up a hyphenated noun or adverbial phrase (currently 76205 entries).|
The data in this directory is based on 'out of copyright' dictionary and similar resources. Yes, you have spell checking in fourteen languages simultaneously, but you also got these files for the price of your operating system, so use them! Again, remove the 'grep' pipes to see the raw output: the data can be put to many uses!
Generic disk maintenance.
|Check RAID|| ||Check a RAID set for errors.|
|Disk Free Space||Show free disk space.|
|Disk Info||Show fixed disk info.|
|Disk Usage||Show disk usage statistics.|
|Journaling||Turn 'Elvis' on and off.|
|Repair/Verify Disk||Repair/verify volume structure.|
|Repair/Verify Permissions||Repair/verify volume permissions.|
|Root Info||Show info on boot volume.|
|Show Mounts||Show mounted drive info.|
Many of these commands are obtuse - they're used so seldom it's hard to remember their syntax. And many of them have been incorporated into fancy shareware products with Xmas tree doodads - all you really needed was to remember a command line.
Apple's Disk Copy application has an 'expert mode'. If it's cool and clever or not is another matter, but it's there.
Lots of known and not so well known settings. All work with one or more - but not necessarily all - versions of OS X.
Autohide, Launch Animation, Magnification, Mineffect, Orientation, Persistent Apps, Pinning, QuitFinder, Shadow, Show All Files, and Show Hidden.
Apple's DVD Player application has a 'debug mode'. If it's cool and clever or not is another matter, but it's there.
Lots of known and not so well known settings. All work with one or more - but not necessarily all - versions of OS X.
Animate Info Panes, Animate Window Zoom, Finder Quit, Max Label Lines, Show All Files, and Zoom Rects.
Unix has lots of statistics stored all over the place. This is a big category. It also includes 'Aqua' stuff.
|.DS_Store|| ||List .DS_Store files in home area or on hard drive.|
|App Profile||List the contents of your app_profile directory.|
|Apps||List .app packages in home area or on hard drive.|
|Backups||List the contents of your backups directory.|
|Cron||List the contents of your cron directory.|
|Defaults Domains||List defaults domains in home area or on hard drive.|
|Frameworks||List frameworks in home area or on hard drive.|
|Libraries||List Library directories on hard drive.|
|NetInfo||List the contents of the NetInfo directory.|
|NIBs||List NIBs in home area or on hard drive.|
|Open Files||List open files.|
|Open LDAP||List the contents of your openldap directory.|
|Open Network Files||List open network files.|
|Open Unix Files||List open Unix domain socket files.|
|Partitions||List your fixed disk partitions.|
|Preferences||List all preferences directories on hard drive.|
|Property List||List property list files in home area or on hard drive.|
|Receipts||List contents of your Receipts directory.|
|Recent Folders||List 'recent folders' (two methods).|
|Root Home||List contents of the superuser's home area.|
|Samba||List contents of your samba directory.|
|Screen Savers||List screen savers in home area or on hard drive.|
|Spool||List contents of your spool directory.|
|Sudo||List contents of your sudo directory.|
|Trash||List contents of your Trash directory.|
|Trashes||List contents of your Trashes directory.|
|VM||List contents of your vm directory.|
Some of these are important to always have at the ready; there are no commands for deleting swap files in your vm directory because that's just a bad idea, despite snake oil salesmen trying to tempt with such a feature (you don't gain anything by it); having any other areas of your hard drive at your fingertips can be crucial.
Log files can be important - and they're all over the place. These commands not only let you see their contents but also clean or purge them.
Accesses the oft-overlooked resources in:
|Airport|| ||Show North America airport for given code or vice versa.|
|ASCII|| ||Show ASCII tables in octal, decimal, and hexadecimal.|
|Birth Token||Show birth flower and birth stone for a given month.|
|Boot Block Data||Show your boot block data in hex.|
|CD Boot Data||Show your CD boot data in hex.|
|Flowers||Show the meaning of a given flower.|
|Inter Phone||Show country and city codes for given countries or vice versa.|
|NA Phone||Show North America area codes for given cities or vice versa.|
|Units||Compare units of measurements.|
|Zip||Show US city for a given zip or vice versa.|
Again, these are 'database' files. The sample CLIX commands are very useful, but check the raw output by removing the 'grep' pipes.
As the Internet and Unix grew hand in hand, your OS X box is going to have a plethora of heavy duty network management tools.
|Addr|| ||Show info on dotted quad or network (hex) address.|
|Curl|| ||Show a web page.|
|Host|| ||Show info for a domain name or IP.|
|Netstat|| ||Show network status.|
|Netstat Protocols|| ||Show network status per protocol.|
|Netstat Routing Tables|| ||Show network status of routing tables.|
|NFS Status|| ||Show NFS status.|
|Ping Root-Servers|| ||Ping root-servers.|
|Samba Status|| ||Show current Samba connections.|
The 'DHS Threat Advisory' command was added only because some callous soul tried to profit by whipping up paranoia: the 'advisory condition' is a simple (and free) HTTP access.
The 'Ping' example is only one of many ways to check Internet connectivity; Hawkeye represents a more systematic approach. A good way to work this command into something viable is to assemble a list of IPs that are important in your part of the world and poll them at regular intervals. The root servers don't much appreciate your bombarding them either.
Netstat information is of course an excellent way to see what is going in and out of your computer.
This category has a single command - but if you haven't got CLIX yet, get it now and try this one - enough said.
Lots of interesting and very useful stuff, always with more to come. If nothing else at least try the 'debug menu' - very useful things there, such as user agent spoofing (pretending you're a Windows user at IIS sites), checking the data inside Safari's rendering engine, peeking into the memory caches, and more.
|Anti Alias Smooth Fonts|| ||Configure anti-aliasing and smooth fonts.|
|IE Favorites|| ||Read/set IE favourites import status.|
|Include Debug Menu|| ||Toggle Safari's Debug Menu.|
|Netscape/Moz Favorites|| ||Read/set Netscape/Moz favourites import status.|
|Recent Menu Limit|| ||Read/set the recent menu limit.|
|WebKit History Limit|| ||Read/set the history limit.|
|WebKit Fixed Font|| ||Configure Safari's fixed font.|
|WebKit Font|| ||Configure Safari's font.|
One of the most important categories. Remember: security is an 'iterative' process - conduct security audits regularly! At the very least, check your system for empty directories, empty files, compiled file systems, 'world-writables', SGIDs, SUIDs, and your authorization and sudoers files whenever you can.
|App Profile|| ||Inspect or remove activity tracking data.|
|Authorization|| ||Inspect your authorization file.|
|Effective GID|| ||Show effective group ID of current user or root.|
|Effective Group|| ||Show effective group of current user or root.|
|Effective UID|| ||Show effective user ID of current user or root.|
|Effective User|| ||Show effective user of current user or root.|
|File Systems Kernel|| ||Show all file systems compiled into the running kernel.|
|File Systems System|| ||Show all file systems compiled into the running system.|
|File Types|| ||List file types in all bin directories.|
|Find Block Files|| ||Find all block files on hard drive.|
|Find Character Files|| ||Find all character files on hard drive.|
|Find Empty Directories|| ||Find all empty directories on hard drive.|
|Find Empty Files|| ||Find all empty files on hard drive.|
|Find FIFOs|| ||Find all FIFOs (first in first out files) on hard drive.|
|Find SGIDs|| ||Find all set GID files on hard drive.|
|Find SUIDs|| ||Find all set UID files on hard drive.|
|Find Symlinks|| ||Find all symlinks on hard drive.|
|Find Sockets|| ||Find all socket files on hard drive.|
|Find World-Writable Files|| ||Find all world-writables (unprotected files) on hard drive.|
|GID, Groups, ID, UID, User|| ||Show ID and groups of current user or root.|
|NetInfo|| ||Show NetInfo dump; show, clean, and purge NetInfo log.|
|SGIDs, SUIDs|| ||List set GIDs and set UIDs in all directories.|
|sudo Commands|| ||List allowed and forbidden sudo commands.|
|sudo Kill, sudo Sure Kill|| ||Set sudo time stamp to epoch or remove it.|
|sudoers|| ||Inspect sudoers file.|
|Who|| ||Show system activity in utmp and wtmp.|
Why are these audits so important?
- The app_profile directory contains info on who has been doing what on your computer. You might want to remove this data for reasons of privacy, and you might want to check it from time to time to make sure no one has invaded that privacy.
- The authorization and sudoers files tell you who is allowed to do what on your computer. Normally that should only be you. If you are familiar with the contents of these files and if you review them regularly, you will notice if an interloper is keeping you company.
- So-called 'root kits' like to take over a system by compromising the kernel.
- Empty directories and files can be a sign of malfeasance and an attempt to cover it up.
- Set UID files are the most dangerous things on your system. Any files that do not need to be set UID should be altered to remove the threat of malicious privilege escalation.
- World-writable files serve no purpose but to let interlopers compromise you. Performing this audit can't be easier: your system should have no such files at all.
- The 'who' commands show you who is logged onto your system. Normally that should be only you. If it isn't - suspect the worst.
Another important - and extensive - category.
|Arch|| ||Show system architecture type (sparse output).|
|Banner|| ||Great for line printers? Makes a banner out of anything.|
|Cal|| ||Show calendar for current or any Gregorian or Julian month or year.|
|Crash Reporter|| ||Show crash reporter logs.|
|Crontab|| ||Show crontab file.|
|csh login logout|| ||Show csh login and logout files.|
|CUPS Logs|| ||Show, clean, and purge CUPS access and error files.|
|Daily|| ||Show daily script; show, clean, and purge daily output.|
|Date|| ||Show local and UTC date and time.|
|Defaults|| ||Show defaults for current user, root, and for launch services.|
|dmesg|| ||Display the system message buffer.|
|File Status|| ||Show status of all open files.|
|Finger|| ||Show user information.|
|FTP Users|| ||Show list of users disallowed FTP access.|
|Group Database|| ||Show single user mode group database.|
|Host Info|| ||Show data on local machine.|
|Host Name|| ||Show name of current host system.|
|hostconfig|| ||Show your hostconfig file.|
|Hosts|| ||Show single user mode hosts cache.|
|httpd|| ||Show current and default Apache configuration, 'magic' data, and users.|
|I/O Kit Registry|| ||Show and dump I/O Kit Registry with busy state and retain count.|
|I/O Kit Stats|| ||Show I/O statistics.|
|inetd|| ||Show the Internet server configuration database.|
|Kernel Extension|| ||Show the status of dynamically loaded kernel extensions.|
|Line Printer|| ||Show info and status on available line printers.|
|List Resource Fork|| ||Show resource fork information for a given file.|
|Machine|| ||Show type of local machine (sparse output).|
|Magic|| ||Show data used by 'file' program.|
|Mail Access|| ||Show mail access and database files.|
|Mail Log|| ||Show, clean, and purge mail log.|
|manpath|| ||Show path for man pages.|
|master.passwd|| ||Show master.passwd file for single user mode.|
|MIME Type|| ||Show MIME type for given file extension.|
|Modem Disconnect|| ||Force the modem to disconnect.|
|Modem Log|| ||Show, clean, and purge modem log.|
|Monthly|| ||Show monthly script; show, clean, and purge monthly output.|
|MOTD|| ||Show login 'message of the day' (eg 'Welcome to Darwin').|
|Networks|| ||Show single user mode networks database.|
|NVRAM Print|| ||Print NVRAM variables.|
|passwd|| ||Show single user mode password file.|
|Path|| ||Show command path.|
|Periodic|| ||Run periodic maintenance scripts; show settings.|
|Periodic|| ||Run periodic maintenance scripts.|
|plutil|| ||Check property list (preferences) files for corruption.|
|Process Status|| ||Show status of all processes.|
|Protocols|| ||Show list of Internet protocols.|
|Pstat|| ||Show info on open files, terminals, and active vnodes.|
|Saver Desktop|| ||Activate screen saver as desktop background.|
|secure.log|| ||Show, clean, and purge secure.log.|
|Services|| ||Show list of Internet services (well known port numbers).|
|Set|| ||Show environment variables.|
|Shells|| ||Show list of accepted shells for chpass.|
|Sync|| ||Force completion of pending disk writes (flush cache).|
|Timeslice|| ||Show standard timeslicing quantum.|
|System Control|| ||Show kernel state, hardware, kernel net statistics.|
|Toe|| ||Show table of terminfo entries.|
|Top|| ||Show system usage statistics.|
|ttys|| ||Show terminal initialisation information.|
|ttys.installer|| ||Show ttys installer.|
|uname|| ||Show operating system name.|
|uptime|| ||Show how long system has been running.|
|vm_stat|| ||Show Mach virtual memory statistics.|
|Versions|| ||Show system and build versions.|
|w|| ||Show present users and what they are doing.|
|Weekly|| ||Show weekly script; show, clean, and purge weekly output.|
|who|| ||Show who is logged in.|
|Window Resize|| ||Show and set window (sheet) resize time.|
If nothing else, try the 'Saver Desktop' command: the way it's set up in CLIX makes it easy to turn on, turn off, and impress your friends all at once!
This final category has commands for cleaning and purging the contents of the Trash directory. Obviously such commands are applicable to system maintenance scripts.