Archive for the ‘How-To’ Category

How-To fix Sophos Central Endpoint “Installation Failed” on macOS Sierra

Tuesday, October 17th, 2017
Sophos Central Endpoint Installation Failed

“Installation Failed. Contact your computer system administrator or Sophos Technical Support for further assistance.”

If you get this error while trying to (re)install Sophos Endpoint or even Sophos Home and in /var/log/install.log you see something like:

2017-10-17 10:47:56-06 hulk Sophos Bootstrap[5051]: [SMESophosBootstrapAppDelegate.m:1656] System verified 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEInstallController.m:237] Installing saas version 9.6.5 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEInstallController.m:857] Upgrading the "saas" product 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEAggregateInstallStrategy.m:93] "installer.prepare.stopProcesses" success: YES 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMERemoveFilesStrategy.m:110] Removing files belonging to components: [prepare] 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEAggregateInstallStrategy.m:93] "installer.prepare.removeComponents" success: YES 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEAggregateInstallStrategy.m:93] "installer.prepare.removeKeychains" success: YES 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEReceiptClient.m:199] Failed to launch receipt at /Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/tools/InstallationDeployer. launch path not accessible 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEReceiptClient.m:56] Failed to launch receipt. 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEReceiptClient.m:199] Failed to launch receipt at /Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/tools/InstallationDeployer. launch path not accessible 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEReceiptClient.m:73] Failed to launch receipt. 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEBuildInstallPlanStrategy.m:115] Failed to connect with receipt 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEAggregateInstallStrategy.m:93] "installer.localPayload.buildPlan" success: NO 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEAggregateInstallStrategy.m:93] "installer.localPayload.cacheManifestComponents" success: NO 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEAggregateInstallStrategy.m:93] "installer.localPayload.remoteRemove" success: NO 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEAggregateInstallStrategy.m:93] "installer.localPayload.createUsersAndGroups" success: NO 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEAggregateInstallStrategy.m:93] "installer.localPayload.installComponents" success: NO 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEAggregateInstallStrategy.m:93] "installer.localPayload.processStart" success: NO 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEAggregateInstallStrategy.m:93] "installer.localPayload.distributeNotifications" success: NO 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEAggregateInstallStrategy.m:93] "installer.writeReceipt" success: NO 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEInstallController.m:467] "installer" success: NO 2017-10-17 10:48:36-06 hulk Sophos Bootstrap[5051]: [SMESophosBootstrapAppDelegate.m:1131] Received failure notification: (1) 2017-10-17 10:48:36-06 hulk Sophos Installer[5087]: [SMEInstallController.m:347] Successfully sent the installer telemetry 2017-10-17 10:48:37-06 hulk Sophos Installer[5087]: [SGCServerAuthenticator.m:159] Server connection successfully validated 2017-10-17 10:48:38-06 hulk Sophos Installer[5087]: [SGCCDFSBroker.m:306] Feedback json file was successfully uploaded (status code: 201). 2017-10-17 10:48:38-06 hulk Sophos Installer[5087]: [SMEInstallController.m:377] Failed to update saas to 9.6.5 2017-10-17 10:48:38-06 hulk Sophos Installer[5087]: [SophosDistantObject.m:219] An exception was encountered while messaging the server: SophosNilProxyException.

a passible cause is that the file "/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/tools/InstallationDeployer" permissions are incorrect and the file is not marked as executable as per the cause described on Sophos’ Community blog https://community.sophos.com/products/sophos-home/f/sophos-home-for-mac/89938/sophos-home-not-working-unable-to-uninstall—trapped-by-sophos-what-to-do/326016#326016 to fix the issue run the following commands from the command-line:

cd /Library/Application\ Support/Sophos/saas/Installer.app/Contents/MacOS/tools/
sudo chmod a+x InstallationDeployer

then run the Sophos Antivirus installer again and the process should complete successfully.

How-To unlock MAGIC-SIM stuck in DUAL-MODE (007) on an iPhone 6

Monday, January 12th, 2015

The MAGIC-SIM DUAL-MODE (aka 007 mode) is not working well on any iPhone model.
Once activated it will take away the `STK menu` from your SIM Applications list with no apparent way to roll back to normality. At this point the MAGIC-SIM is practically useless.

The only one to restore the STK menu without the need to use a non-Apple mobile, is very simple by the way, but surely not intuitive (especially because not documented anywhere):

  1. Go to iPhone’s ‘Settings’ application
  2. Enter the ‘Phone’ settings
  3. Edit the ‘My Number’ option: type there 007
  4. The MAGIC-SIM will receive the input and immediately restore the STK menu in the SIM Application list

Enjoy!

 

 

How-To Add A Reset Button To A Raspberry Pi Model A and B Rev 1

Wednesday, May 22nd, 2013

Here are the instructions to create a Reset Button for your RaspberryPi Rev.1 which can also ‘wake’ the RPi from halt/shutdown state.

RaspberryPI Power Button

RaspberryPI Power Button

While on the new RaspberryPi Rev.2 is present a new set of pin called P6 header that provide a way to implement a reset switch, there is NO such option on the Rev. 1 boards (256MB RAM version released before Sept. 2012), therefore we will have to use the standard GPIO (P1 header) to create our reset button.

This solution do not involve any software, and is based on the concept to short-to-ground one of the GPIO 5V pin, for which you will require:

  • 1 Button/Switch
  • 2 female-to-female pin cable

Assembly procedure:

  1. Connect one of the pin cables to the the P1-02 GPIO pin (5V0 or PIN #3)
  2. Connect the other pin cable to the P1-06 GPIO pin (GND or PIN #5)
  3. Connect the the two pin cables to the button.
RaspberryPi GPIO

RaspberryPi GPIO

Every time you push the button it will create a short between the 5V and the Ground pins of the GPIO and that will cause an hard-reset of the RPi so avoid doing so when the system is running and you can shut it down in a cleaner way.

In case the RPi is shut-down this button will work as a Power-On/Wake switch.

Useful links:
RaspberryPi General Purpose Input/Outpu (GPIO)

How-To Create An Encrypted DMG File From Command-Line in OSX

Tuesday, May 21st, 2013

You can create an secure encrypted DMG disk image from the command-line in Mac OS X using ‘hdiutil’, type the following instrcution in the Terminal application:

#hdiutil create -encryption AES-256 -fs HFS+ new.dmg -srcfolder /path/to/your/folder
  • Substitute ‘/path/to/your/folder’ with the actual path of the folder containing the files that you want to secure.
  • You can use ‘MS-DOS’ in place of ‘HFS+’ for the FileSystem type. Other formats are available.
  • You can change the encryption type to AES-128

How-To Install an Apple (Wireless and USB) Keyboard in Windows 7

Friday, February 15th, 2013

I recently discovered a new small utility that helps to use a Apple Keyboard and most of its special ‘Fn’ keys with Windows.

This utility is called AppleWirelessKeyboard that you can download from this link:
http://uxsoft.cz/projects/applewirelesskeyboard/AppleWirelessKeyboard.exe

Despite it’s name (that specifically mentions ‘Wireless’) I found that this utility makes also Apple USB keyboards to work properly.

I have tested it with Windows 7 and a (not so recent) Apple USB Keyboard without a numeric pad.

Installation

  1. Create a folder called AppleWirelessKeyboard in
    C:\Program Files\AppleWirelessKeyboard\
  2. Download the AppleWirelessKeyboard.exe utility into the AppleWirelessKeyboard folder.
  3. Create a link for the downloaded AppleWirelessKeyboard.exe to
    C:\Users\<your user>\AppData\Microsoft\Windows\Start Menu\Programs\Startup
  4. now you can manually launch the utility and at any following system start-up the utility will be automatically activated.

Please leave comments with your testimonials about what models and what systems the utility is compatible with.

Ciao

How-To order a GiffGaff Nano SIM from Nanogaff

Thursday, February 7th, 2013

Nanogaff is a community-powerds distribution system for GiffGaff Nano SIM cards.
This is the link where you can order your Nano SIM: http://nanosim.giffgaffapps.com

Here is also the link on how to swap you standard or micro SIM to the Nano SIM, via the SIM swap procedure:

http://community.giffgaff.com/t5/Learn-giffgaff-Top-Tips/What-is-SIM-Swap/ta-p/7320084

How-To fix the GPG error: “The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY”

Wednesday, February 6th, 2013

These are the few command-line instruction to fix the GPG Error (NO_PUBKEY) that may appear when trying to run the ‘apt-get update’ command on a APT based system:

“GPG error: http://some.site.com stable Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY SOMEGPGKEY

This issue may reveal itself when you want to source packages from a repository that is unknown by your copy of the GPG  database, therefore APT will consider the repository as an untrusted source.

If you are sure that the repository is safe, you can circumvent the error manually adding the site’s public key to your GPG database using the following commands:

don’t use sudo if you act as root
$ gpg --keyserver subkeys.pgp.net --recv SOMEGPGKEY
$ gpg --export --armor SOMEGPGKEY | sudo apt-key add -

Comments and feedbacks and ‘like’ are welcome as always!

How-To Cancel My UK and European eFAX account and subscription

Wednesday, January 9th, 2013

To cancel your UK eFAX account you will need to call the customer service via phone:
The UK eFax Customer Service number is +44 (0)800 6899 336

You will need to provide:

  1. Your eFAX number in the form 442xxxxxxxx.
  2. The full name associated to the account.
  3. The last 4 digits of the associated credit card number.

For other European eFAX accounts call one of the numbers listed below:

  • Austria: 0179576212
  • Netherlands:  0800 020 0377
  • Belgium: 0800 80 872
  • France: 0825120319
  • Germany: 0800 000 3164
  • Spain: 902 02 14 65
  • United Kingdom: 0800 6899 336
  • Italy: 02694 30 336
  • Switzerland: 044 800 9941
  • Portugal: 00351 214 245 140
  • International (Ireland): 00353 1 656 4910

Note: the on-line chat and the phone numbers available on the website will redirect you the US customer service that will NOT able to assist you in cancelling a UK account.

Additionally, the UK eFax Customer Service email address is [email protected].

How-To Fix Cadaver Showing “WARNING: Untrusted server certificate presented” on Mac OS X

Tuesday, October 2nd, 2012

Here is explained how to compile Cadaver to support root CA certificates with ‘homebrew’ or Mac OS X.

Cadaver is a command line webdav client tool. It’s available on Mac through the ‘homebrew‘ subsystem for OS X.
It has the capability to connect you to webdav services via both http and https protocols, with the same ease you would use a ftp client.

While using ‘cadaver’ to connect to a webdav repository via https (SSL encrypted http), you may experience the odd request from the tool to accept the SSL certificate offered by the site you are connecting to because it is recognised as ‘Untrusted’, although the same certificate is not expired yet and is recognised as trusted by any other tool webdav client you may use (i.e. browsers or graphical tools like Cyberduck). This is the message that will be thrown “WARNING: Untrusted server certificate presented”.

This annoying behaviour prevents you to use ‘cadaver’ in system scripting because it will require a human interaction at any execution.

The reason behind this obvious error, are apparently connected to the fact that ‘cadaver’ relies on the ‘libneon’ libraries to handle the SSL encrypted connections and such libraries, in the instance of OS X, are not able to interact with Certificate Authorities Certificates installed in the system, therefore there are not able to verify the ‘trusted’ status of any certificate they come across.

On a GNU/Linux system showing the same warning,  it’s probably enough to install the ‘ca-certificates’ packager otherwise another possible solution is to recompile the ‘libneon’ libraries making sure to specify the right path to the ‘root CA certificates’ during the configuration.

On a Mac OS X the ‘libneon’ libraries are not available via ‘homebrew’, then installed version of cadaver is using it’s own copy of them. That means we will have to force ‘homebrew’ to recompile an reinstall ‘cadaver’ including a copy of the ‘root CA certificates‘. To do so we will use ‘curl’ sources and modify cadaver’s homebrew formula formula.

You may skip the stage 1 and 2 in case you have already a curl’s certificate bundle installed at/usr/share/curl/curl-ca-bundle.crt

  1. Download and unarchive the Curl sources:
    $ wget http://curl.haxx.se/download/curl-7.22.0.tar.bz2
    $ tar xvjf curl-7.22.0.tar.bz2
  2. Retrive the ‘root CA certificates’ using a script included in curl’s sources directory:
    $ cd curl-7.22.0/lib/ 
    $  ./mk-ca-bundle.pl
  3. Install the ‘root CA certificates’ :
    $ sudo mkdir -p /usr/share/curl/
    $ sudo cp ca-bundle.crt /usr/share/curl/curl-ca-bundle.crt
  4. modify cadaver’s homebrew formula to include the ‘root CA certificates’ during the compilation:
    $ brew edit cadaver

    add this  string  – “–with-ca-bundle=/usr/share/curl/curl-ca-bundle.crt”, – to the ‘def install’ section of the formula (including the double-quotes and the comma), as follow:

    def install

    system “./configure”, “–prefix=#{prefix}”,

    “–with-included-neon”,

    “–with-ca-bundle=/usr/share/curl/curl-ca-bundle.crt”,

    “–with-ssl”

     

  5. Remove the current installation of ‘cadaver’:
    $ brew remove cadaver
  6. Re-Install ‘cadaver’ that will be recompiled with a link to the ‘root CA certificates’:
    $ brew install cadaver

    Mind that the ‘root CA certificates’ will not be hard-coded in ‘cadaver’, only their path will be hardcoded, so DO NOT move the ‘curl-ca-bundle.crt’ from it’s location otherwise you will experience again the ‘WARNING: Untrusted server certificate presented’ issue.

At this point you should be able to use cadaver with https webdav repositories without been requested to accept every single SSL certificate.

 

How-To Remove The Password From a SSL Certificate Key File

Tuesday, September 11th, 2012

In case you find yourself with a SSL Certificate for your your domain and need to use it in systems where automatic processed will restart the web server (i.e. Apache 2), I guess you have discovered that a serious problem arise: the web server will not restart properly until you provide the password for the certificate.

As far as you consider secure the system from theft of the certificate, a workaround to this problem is to generate a copy of the SSL Certificate Key stripped of the password, you can achieve that executing this following command:

~$ sudo openssl rsa -in my_domain_certificate_with_password.com.key -out my_domain_certificate_without_password.com.key

At this point you just need to update the virtualhost configuration on your webserver to use the new key file (or remove the key file protected by password overwriting it with the key file NOT protected by password).

This information has been sourced from:
http://chrisschuld.com/2008/08/removing-the-password-on-an-apache-ssl-certificate/

Any comment and advise is welcome as always