How-To: Use SSH to Investigate Folder Sizes

Andrew Flocchini — Tue, 04 May 2010 15:14:01 +0000

Sometimes users can let their Home folder get out of hand and slowly kill any remaining hard drive space. I like to use Apple Remote Desktop if I need to find out who’s using up too much space with their Home folder. I don’t want to just remote in if someone’s working on the machine so SSH works perfectly for this.

Enable SSH

If SSH isn’t enabled on your target machine, send this command through Apple Remote Desktop as root.

/sbin/service ssh start

This will enable SSH until the machine is rebooted.

Start an SSH session

Open up Terminal and make a connection to the target machine using its IP address.

ssh 10.0.0.1

If you’re in an Active Directory environment like me, enter the password that matches your current username you’re logged in with. Otherwise your SSH command will need to pass along a username that exists on the target computer. Something similar to the following.

ssh 10.0.0.1 -l admin

Explore the hard drive

Once you’ve successfully made your connection, check out the disk space with the following command.

df

For our situation, the disk0s2 is what we’re looking at. The HDD is getting pretty full.

In my situation, I know that the most space is probably being wasted in the Users directories so lets head there and get an idea of what’s going on.

cd /Users/

Now let’s run the DU command and see what users have the biggest folder.

sudo du -sh *

You will be prompted for your password, and it may seem to go slowly, but you will get a nice list showing you the size of everyone’s Home folder.

Looks like we’ve found some Home folders that need to be purged. This is also easy to do using Finder but sometimes you can’t disturb the machine and Terminal is perfect for that.

Unpatched Flaw In Apple Remote Desktop Brings About Trojans & Community Fixes

Bob Rudis — Tue, 24 Jun 2008 21:36:23 +0000

Much ado has been made this week regarding the recent Apple Remote Desktop Root Privilege Escalation Vulnerability. The short story is that there is a flaw in a piece of software that Apple ships & installs with every Leopard instance which enables a local user to run scripts with root privileges (meaning they can do anything on the system).

As you may have read, this flaw is not capable of being exploited remotely, but multiple variants of a new Trojan (dubbed “AppleScript-THT”) are floating around the internets which wreak all sorts of havoc on your system once infected. Some install keystroke logging, usurp your iSight camera to take pictures or even capturing screenshots (some do much worse).

The Washington Post has a great blog post which gives a great amount of detail on the problem and even mentions a few solutions. The quickest way (until Apple releases a patch) to protect yourself is to open up a Terminal window and enter the following text:

osascript -e 'tell app "ARDAgent" to do shell script "chmod 0555 /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent"';

If that was successful, then you should not see “root” when you paste this into the Terminal window:

osascript -e 'tell app "ARDAgent" to do shell script "whoami"';

SecureMac has updated MacScan to account for these new beasts and DAT updates from other vendors are forthcoming.

Until Apple releases a patch and you install it be very careful what you download and execute, both from your browser or chat clients.

If you have any questions or concerns, please drop a note in the comments and I will monitor this thread closely over the coming days to try to help as much as possible. Watch for a TAB post when Apple issues a fix.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

GigaOM » Apple

How-To: Use SSH to Investigate Folder Sizes

Enable SSH

Start an SSH session

Explore the hard drive

Unpatched Flaw In Apple Remote Desktop Brings About Trojans & Community Fixes