Wednesday, April 27, 2016

What is com.apple.Dont_Steal_Mac_OS_X (7.0.0) kext is doing on OS X systems ?

When you run kextstat command to see the list of kernel extensions loaded in the system, you might come across kext named com.apple.Dont_Steal_Mac_OS_X (7.0.0) being loaded all the time. You might me wondering what is the role of this kernel extension. com.apple.Dont_Steal_Mac_OS_X  prevents OS X from being used on non approved Intel hardware – as OS X is licensed only for use of approved Apple Intel hardware. This kext is used to control software piracy of OSX on non Apple supported hardwares. Hence its role is to detect and fail the OSX installation on non apple certified hardwares. 

Tuesday, February 23, 2016

How to disable default certificate verification in Python 2.7.9 and above permanently on Mac?

Python from 2.7.9 and above now verifies the SSL certificate prior establishing the connection to server. This might cause problem in few servers which do not support certificate validation yet. In these circumstances the HTTPS connection requests fails due to new changes in python. For more information on the new changes please read more at : https://www.python.org/dev/peps/pep-0476/. This link describes the ways to establish ssl connection without certificate verification. In my case i was not using the httplib modules API directly hence i had to find out a crude approach to disable the SSL certificate  verification. I would not recommend the below change unless it is really required to do it as you might be opening a set of vulnerabilities as specified in this article.  However the below sample code tells you how disable SSL certificate  verification completely on your system. 

1. Open Terminal
2. Open with sudo privileges the following file [ Note: You may be required to disable System Integrity Protection(SIP) on your mac to edit these files if your system is running OS X 10.11 + , Please read my post on How to Disable System Integrity Protection(SIP) ]


    sudo vim /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py


Look for following Piece of Code:

class HTTPSConnection(HTTPConnection):
        "This class allows communication via SSL."

        default_port = HTTPS_PORT

        def __init__(self, host, port=None, key_file=None, cert_file=None,
                     strict=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
                     source_address=None, context=None):
            HTTPConnection.__init__(self, host, port, strict, timeout,
                                    source_address)
            self.key_file = key_file
            self.cert_file = cert_file
            if context is None:
                context = ssl._create_default_https_context()
            if key_file or cert_file:
                context.load_cert_chain(cert_file, key_file)
            self._context = context


Comment the highlighted line and add following line below the commented line.

                context = ssl._create_unverified_context()



Finally the change should be reflected as below:


class HTTPSConnection(HTTPConnection):
        "This class allows communication via SSL."

        default_port = HTTPS_PORT

        def __init__(self, host, port=None, key_file=None, cert_file=None,
                     strict=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
                     source_address=None, context=None):
            HTTPConnection.__init__(self, host, port, strict, timeout,
                                    source_address)
            self.key_file = key_file
            self.cert_file = cert_file
            if context is None:
                #Comment the below line and un-comment the commented line to revert to original state.
                context = ssl._create_unverified_context()
                #context = ssl._create_default_https_context()
            if key_file or cert_file:
                context.load_cert_chain(cert_file, key_file)
            self._context = context




Note: Above change to the python source is not recommended unless required. Proceed with caution. 



Tuesday, February 09, 2016

How to disable USB ports on Mac OS X Mavericks, Yosemite or El Capitan ?

We might wonder how to disable the USB ports on Mac to prevent data copy to external USB mass storage devices. The USB kext on os x is loaded at the time of start of the system, this can be loaded / unloaded using kextload or kextunload command. To disable USB port on Mac , follow below steps:

On Macs running Mountain Lion, Mavericks  and Yosemite:

  1. Unmount any connected USB devices to the system by running below command                  $diskutil unmount /Volumes/USBDISK.
  2. Now unload the USB related kernel extensions in the following order using kextunload command.
           sudo kextunload -b com.apple.driver.AppleUSBCardReader

           sudo kextunload -b com.apple.driver.AppleUSBODD

           sudo kextunload -b com.apple.iokit.IOUSBMassStorageClass


       This will unload the USB kext and disable the USB ports for storage devices on Mountain Lion, Mavericks  and Yosemite.

On Mac running El Capitan:

  1. Unmount any connected USB devices to the system by running below command                  $diskutil unmount /Volumes/USBDISK.
  2. Now unload the USB related kernel extensions in the following order using kextunload command.
          sudo kextunload -b com.apple.iokit.IOUSBMassStorageDriver

      
      This should disable the USB ports for external storage devices.




To load back the USB kext or Enable USB ports follow below steps :

      On Macs running Mountain Lion, Mavericks  and Yosemite:

       1. Run the kextload command to load above unloaded kexts in reverse order of unload.

           sudo kextload -b com.apple.iokit.IOUSBMassStorageClass

           sudo kextload -b com.apple.driver.AppleUSBODD

           sudo kextload -b com.apple.driver.AppleUSBCardReader

      This will enable the USB port on the OSX system for storage devices.


    On Macs running El Capitan (11.0.x):

      1. Run the kextload command to load above unloaded kexts in reverse order of unload.
  
           sudo kextload -b com.apple.iokit.IOUSBMassStorageDriver

           sudo kextload -b com.apple.driver.AppleUSBCardReader (If your Mac has card reader)
           sudo kextload -b com.apple.driver.AppleUSBODD


        This will enable the USB port on the OSX system for storage devices.



   
           






Thursday, February 04, 2016

How to format an external hard disk or USB disk whose size is > 32GB as FAT32 ?

Formatting an external disk or usb disk of size more than 32 GB is a problem ? Then use the this tool available at below link. with this tool you can format the disk of size 2TB.
OR

How to create local RHEL DVD repository for package installations ?

This blog tells you how to create a local repository from a RHEL installer DVD iso image.


Firstly please note that  RHEL is not a free software.  To get access to the fully up-to-date repositories (RHN) a  paid subscription is required.Without this subscription it will not be possible to get security updates and the newest versions of packages. An alternative for using RHEL would be CentOSor Scientific Linux. Both are free and almost identical to RHEL. The below steps should only be used for testing, studying or evaluation purposes. The steps below are based on RHEL server 6.4 but the basics are the same for other versions.

Pre Conditions prior performing the following setup steps.
- RHEL installed system,
- ~4-8 GB free space on disk.


All the below steps are to be executed with root privileges.

1. A directory needs to be created which will contain the repository with following command:
    $ mkdir /mnt/rhel_repo

2. Mount the DVD disk or iso image with following command.
    
    $ mount /dev/dvd /media
     
    If an image is used instead of a DVD you can mount it as follows (with following command):
    
    $ mount -o loop /path/to/rhel.6.4.iso /media

3. Copy the contents from the DVD to the newly created directory with following command:
  
    $ cp -ar /media/. /mnt/rhel_repo/

4. Set up the system to use the freshly created repository with following command:
    $ cd /etc/yum.repos.d/
    $ rm *.repo
    $ vi rhel64dvd.repo


    # add the following information:

    [rhel-dvd-server]
     name=Red Hat Enterprise Linux - DVD Server Repository
     baseurl=file:///mnt/rhel_6.4_dvd/Server
     enabled=1
     gpgkey=file:///mnt/rhel_6.4_dvd/RPM-GPG-KEY-redhat-release
     gpgcheck=1


     [rhel-dvd-lb]
     name=Red Hat Enterprise Linux - DVD Load Balancer Repository
     baseurl=file:///mnt/rhel_6.4_dvd/LoadBalancer
     enabled=1
     gpgkey=file:///mnt/rhel_6.4_dvd/RPM-GPG-KEY-redhat-release
     gpgcheck=1


      [rhel-dvd-ha]
      name=Red Hat Enterprise Linux - DVD High Availability Repository
      baseurl=file:///mnt/rhel_6.4_dvd/HighAvailability
      enabled=1
      gpgkey=file:///mnt/rhel_6.4_dvd/RPM-GPG-KEY-redhat-release
      gpgcheck=1

5.  Disable RHN and activate DVD repository:
      $ vi /etc/yum/pluginconf.d/rhnplugin.conf
      # make sure enabled is set to 0 (enabled = 0)


6. Now run the following command in Terminal.
    $ yum clean all

    Loaded plugins: product-id, security, subscription-manager
    This system is not registered to Red Hat Subscription Management. You can use subscription-             manager to register.
    Cleaning repos: rhel-dvd-ha rhel-dvd-lb rhel-dvd-server
    Cleaning up Everything


    $ rpm --import /mnt/rhel_6.4_dvd/RPM-GPG-KEY-redhat-release

5. Now following yum update command to update the yum repositories.

    $ yum update
  
    Output :
    Loaded plugins: product-id, security, subscription-manager
   This system is not registered to Red Hat Subscription Management. You can use subscription-             manager to register.
    Setting up Update Process
    No Packages marked for Update


    From this point on you can use yum to search, install and remove packages that are available on         the local system.

    The following message will still be visible but it can be ignored.
   
    This system is not registered to Red Hat Subscription Management.