CHIPSEC notes

The following is some quick notes on using CHIPSEC to compare the EFI whitelist on your current machine with the BIOS Dell provides

Quick notes.

  1. Install prerequisites (Uses python 2)
  2. Git clone Chipsec
  3. Install (Had to use a -i option, is in the manual)
  4. Run (Use spaces like below)

Extract Bios ROM from Dell EXE
Use the BIOS exe to output a .rom file that you can use in Linux. Run the following command from Windows command prompt, accept the security request. Change the EXE to the BIOS you downloaded.

Alienware_17_R2_1.5.0.EXE /writeromfile

The BIOS rom is named dell.rom in the following commands

Get list of Computer ROM

Should create fw.bin file and efilist.json file from local machine

sudo python chipsec_main.py -m tools.uefi.whitelist

Get list from Dell rom

sudo python chipsec_main.py -m tools.uefi.whitelist -a generate efilist.json dell.rom

Compare the current ROM against the one downloaded from Dell

sudo python chipsec_main.py -m tools.uefi.whitelist -a check efilist.json fw.bin

For some reason Ubuntu was not recognizing the last three options after the -a as individual options unless there was a space in between them.  All the examples online show that they had commas between them.  Which should work, so wonder if it was an environment variable problem or something.

The tell tell sign was the [*] Module arguments Line only shows 1 argument, needs 3.

Other links

Install instructions here.
https://github.com/chipsec/chipsec/wiki/Installing-CHIPSEC-in-Linux

LUV Linux download
https://01.org/linux-uefi-validation

Manual
https://github.com/chipsec/chipsec/blob/master/chipsec-manual.pdf

Setting up Proxy over SSH on Linux

Initiate a ssh connection to the server or device you want to use as a proxy. You can change the port to something else if so desired.

ssh username@ipaddress -D 1880

Log in and leave the session running

You can now setup your computer or browser to use the Proxy.
Specify SOCKS Host, hostname is either localhost or 127.0.0.1, the port is 1880.

Firefox example below.

Find IP address from command line on Linux

Using ip command

ip add

example output

bob@localhost:~$ ip add
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno1: mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 38:ea:a7:13:a4:fe brd ff:ff:ff:ff:ff:ff
inet 192.168.1.21/24 brd 192.168.1.1 scope global dynamic noprefixroute eno1
valid_lft 513sec preferred_lft 513sec
inet6 13ac::98fe::ae78:d1ff/64 scope link noprefixroute
valid_lft forever preferred_lft forever
bob@localhost:~$

ifconfig

You may need to install net-tools to use

ifconfig  

example output

bob@localhost:~$ ifconfig 
eno1: flags=4163 mtu 1500
inet 192.168.200.58 netmask 255.255.255.0 broadcast 192.168.1.21
inet6 13ac::98fe::ae78:d1ff prefixlen 64 scopeid 0x20
ether b8:ac:6f:91:01:e8 txqueuelen 1000 (Ethernet)
RX packets 184950632 bytes 9487577263452
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 128473456 bytes 234612443785
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Using the hostname command

hostname -I

Output is just the IP address. Example below

192.168.1.21

Vim config file .vimrc

Line numbers

Turn line numbers on

:set nu

Turn line numbers off

:set nu!

Color Scheme

:colorscheme evening

Syntax Highlighting

Turn Syntax highlighting on

:syntax on

Turn Syntax highlighting off

:syntax off

Highlight all search terms

:set hlsearch

https://vim.fandom.com/wiki/Highlight_all_search_pattern_matches

You can add the following to your ~/.vimrc in Linux or ~\.vimrc in Windows so the options are used every time you run vim.

colorscheme evening 
syntax on
set hlsearch
set nu


Setup Samba share on Ubuntu

In the following commands change <user_name> and <share_name> to the user you want and the name of the share directory.

Install samba and samba client

sudo apt-get install samba smbclient

Setup Samba user

sudo useradd -m  <user_name>  --shell /bin/false &&  
sudo passwd <user_name>
sudo smbpasswd -a <user_name>

Create Share Directory

sudo mkdir "/home/<user_name>/<share_name>
sudo chown <user_name>:<user_name> /home/<user_name>/<share_name

Make share directory

mkdir /home/<user_name>/<share_name>

Configure Samba conf

Add the following to the bottom of the /etc/smb.conf file. Change the <folder_name>, <user_name> etc to the ones created above.

[<folder_name>] 
path = /home/<user_name>/
<folder_name> valid
users = <user_name>
read only = no

Bash script

You can use the following bash script to automatically install and setup a samba share. Create a file called smb.sh and paste the following in

!/bin/bash

# incredigeek.com
# Ubuntu Samba share auto setup
#
sambaUser="smbuser"
smbFolder="smb_share"
sudo apt-get install samba smbclient
sudo useradd -m ${sambaUser} --shell /bin/false
echo "Enter the password you want to use for the smb user. 4 times."
sudo passwd ${sambaUser}
sudo smbpasswd -a ${sambaUser}
sudo mkdir "/home/${sambaUser}/${smbFolder}"
sudo chown ${sambaUser}:${sambaUser} /home/${sambaUser}/${smbFolder}
sudo echo "[${smbFolder}]" >> /etc/samba/smb.conf
sudo echo "path = /home/${sambaUser}/${smbFolder}" >> /etc/samba/smb.conf
sudo echo "valid users = ${sambaUser}" >> /etc/samba/smb.conf
sudo echo "read only = no" >> /etc/samba/smb.conf
sudo systemctl restart smbd
echo "Samba setup script finished"
echo "Access via $(hostname -I)/${smbFolder} ; username = ${sambaUser} ; password = whatever you put in"

Make executable

chmod +x smb.sh

Execute script

sudo ./smb.sh