Tag Archives: Troubleshooting

VMware Player error on Linux

Recently I decided I needed to spend more time on Linux. I am using a Dell Latitude 7480 with 16GB RAM and a 500GB SSD. I installed Linux then I tried to install the latest version of VMware player 16.0.2.

VMware Player Installing

The installation would say it was “successful”, but there would be a bunch of errors.

VMware installation errors

When I started VMware Player, it behaved as expected—prompting for licence agreements etc.

VMware Player Licence Agreements

I created a virtual machine and tried to start it. I then received the following error. “Could not open /dev/-vmmon: No such file or directory. Please make sure that the kernel module ‘vmmon’ is loaded.”

This error would make me curse for hours! I followed various guides telling me to install different packages, gcc, essentials, etc. Then, I saw posts telling me I was using the wrong Linux. Initially, I had installed Ubuntu 21.04. Instead I tried Ubuntu 20.04 LTS, with similar results. It appeared something was wrong with VMware and the Kernal.

After much testing without success, I managed to get lucky. I was in the laptop UEFI/BIOS settings and thought to change “Secure Boot -> Secure Boot Enable” and set it to “Disabled” I was grasping at straws. However, after rebooting, I could now start virtual machines without error! VMware Player is currently working for me. I hope other people who experience this error find this blog post before burning too much time.

Problems with my AnyCubic 3D Printer

Earlier in the year, my AnyCubic Kossle Linear Plus failed. The LCD would power up, but the display would be blank. I also could not access it via USB. Thinking it was the Trigorilla logic board that had failed, I ordered a new board. Once it arrived, I had the same problem.

I then made a rookie mistake. I checked the power supply and found that it displayed 28v instead of 12v. I then spent some time troubleshooting my power supply. It was only when talking with my father that I triple checked it with him looking over my should. He pointed out that when measuring for 12 DC, I should have my multimeter sent to DC instead of AC. It was embarrassing but a good reminder. When you see strange results, double-check your tools and techniques.

Knowing my power supply was good, I just needed to check why I couldn’t access the control boards via USB. I assumed the firmware had become corrupted or blank or something similarly strange was going on. I spend hours searching/googling and reading on the internet without any luck.

Checking out the Trigorilla, I could see what appeared to be an ISP connector, and the documentation confirmed it. I have a little USB ISP Programmer from Jay Car. https://www.jaycar.com.au/isp-programmer-for-arduino-and-avr/p/XC4627, and I thought it was time to start playing with it.

XC4627 – ISP Programmer for Arduino and AVR

Usually, I would use my Mac, but I needed Windows because of the range of tools to work with the logic boards. Also, all the forums and blogs people were using either Windows or Linux. I was using the software AVRDUDES from https://blog.zakkemble.net/avrdudess-a-gui-for-avrdude/, in particular, the portable executable https://blog.zakkemble.net/download/AVRDUDESS-2.13-portable.zip

I haven’t used the original AnyCubic Kossel firmware in years. I have switched to the Marlin 2.0 firmware. Still being a relative 3d printer newbie, I did not roll my own. I followed the instructions created by Lukas Pomykal on his website, https://www.lpomykal.cz/kossel-marlin-firmware/ . This made a file “Marlin.ini.with_bootloader.mega.hex”. This hex file is the firmware I would be uploading to the printer.

Using the USB ISP programmer was a time sink. I had compiled the firmware using Arduino IDE, and I had a hex file ready. Every time I tried to upload, I would get a cryptic error and warning messages from avrdude. “Warning. Cannot set sck period. Please check for usbasp firmware update” or “Verification failure, first mismatch at byte 0x0000 0x08 != 0x0C”

avrdudess verification error

I thought I had the latest firmware on the USB ISP but decided to make sure. I have a copy of the device created by Thomas Fischl, https://www.fischl.de/usbasp/ . I downloaded the newest firmware and went searching for how to perform the update. I used my Arduino Uno with the ‘ArduinoISP’ sketch. 

Once the update completed successfully, I tried to do the firmware update again, with the same result, “Verification failure”.

I then decided to ignore the USB ISP and use my Arduino with the ISP sketch. I selected programmer = ‘Atmel AVR ISP’, Port (-P) = ‘COM4’, Baud rate (-b) = ‘19200’, selected the Marlin.ini.with_bootloader.mega.hex file. I connected the 6 pins as per the below table.

Arduino UnoISPTrigorilla
D13SCK3
D12MISO1
D11MOSI4
D10RESET5
+5vVCC2
GNDGND6
Wiring connections

Then I held my breath and hit the ‘Program’ button. Success! “261406 bytes of flash verified”

Feeling victorious, I returned the Trigorilla board to the 3d printer and re-wired everything. The LCD screen appeared precisely as it was supposed to!

Success … ?

I made the mistake of getting too excited. I knew I needed to recalibrate the printer and started the process. I attached the levelling probe and found my troubles were not over. The printer head began to move in odd ways, up toward the printer’s top instead of down towards the print bed.

The printers behaviour perplexed me for over a day. I was chatting with my son, and I remembered that the Kossel has two different probe options! I reopened the firmware source and found the section about test probes. I followed the instructions and referenced the images and found that, indeed, the firmware was configured with a different probe than what I had. I made the change, then recompiled the firmware and re-flashed it.

Finally, after way too long, my printer was working again and, at the moment, appears to be working 100%. I’ve published this hoping that other people find it helpful with troubleshooting their Kossel/AnyCubic printer.

Disabling time sync on a Mac guest VM

So I wanted to run some old software which wouldn’t work in 2019 and with newer Mac OS versions. On my iMac I have VMware Fusion installed so I installed Mac OS Sierra and installed VMware Tools so I could drag and drop files between the hots and VM. In VMWare Fusion I went to advanced and disabled time sync. Should be pretty simple.

On reboot the guest virtual machine was still adjusting time.

So I opened up terminal, “sudo su -” to give myself full admin rights and searched for the VMware tools “find / -name “VMware*” and found the cli program in “/Library/Application Support/VMware Tools/vmware-tools-cli”

I ran the program “./vmware-tools-cli timesync status” found it was disabled.

I adjusted the time and date and then rebooted the VM. The time and date resynchronises to the current date and time again. 

I did a lot of reading and searching. I reset the time and date to the past and ran “/Library/Application Support/Vmware Tools/services.sh –restart” and watched as the time and date reset to current. Ok, so now I knew the program causing it. It was calling “launchctl load \” and pointing it to the config file ‘/Library/LaunchDaemons/com.vmware.launchd.tools.plist’ Reading the plist file I could see it was starting vmware-tools-daemon.

I did more searching and found the following VMware document

Click to access vmware-tools-user-guide.pdf

This is where I found out a very important detail about the above “Synchronise Time” option above. This option is for periodic time synchronisation. Every minute it will check the guest virtual machine and make sure the time is correct.

However time synchronisation will happen after certain operations are done;

  • When you start the VMware Tools daemon, such as during a reboot or power on operation
  • When you resume a virtual machine from a suspend operation
  • After you revert to a snapshot
  • After you shrink a disk

To fully disabled time synchronisation you need to edit the VMX file. Shut down the virtual machine and then find the VM file for it. Then control click / right click on the file and select “Show Package Contents” you should then see a list of files which make up the package. Control click / right click on the .vmx file and select “Open with” and select TextEdit. How add the below text to disable all synchronising.

tools.syncTime = “FALSE”
time.synchronize.continue = “FALSE”
time.synchronize.restore = “FALSE”
time.synchronize.resume.disk = “FALSE”
time.synchronize.shrink = “FALSE”
time.synchronize.tools.startup = “FALSE”

After this adjust the time and date then restart the guest virtual machine. Your guest VM should now maintain its own time and date.

Home Security Onion experiences – Part 1

Recently my partner was complaining about very poor internet performance from her computer. I looked at it for a while but without a baseline to compare it to I had no idea what was normal. I thought it was time I starting using security onion to do some snooping on my home network. I had a few spare Mac Mini’s but they were all much older 32bit CPU models. That was fine but I really wanted to play with ELK as well. Looking on eBay I saw that the Mac Mini were holding their value way to well for what I wanted. So I purchased an Intel NUC, Celeron J3455 (4 Core @ 1.5Ghz) with 8GB RAM. I dropped a spare 500gb SSD in to it. I figure for a 3 user house hold that should have more than enough grunt to do the job. I do classify my house hold as a high-tech house. Each person with smart phones, tablets, work/study computers and gaming rigs, etc.

Being a Mac user at home I needed to find a app to convert the .iso file into a bootable USB. I found that UNetbootin (https://unetbootin.github.io) did the job rather nicely. I did have some initial problems with the Verbatim 8GB USB stick. It would not boot. Having a look at the USB stick it appeared there was only 80MB of files on it. Which didn’t seem right. I used a SanDisk 8GB with UNetbootin and there was 2GB of files and it installed Security Onion all ok. So just a warning about old & cheap USB drives.

20190101-BrokenUSB

Installed and rebooted, I called my host seconion. Then ran the Setup, which configured the networking. I was going to admin the NUC over wireless and have it capture everything over the copper. I just needed to figure out which interface was which. I opened up the ‘Network’ window under the top right hand corner. This showed me a Wi-Fi connection but didn’t name the interface. Checking the wired connection displayed the MAC address for it. Opening up a terminal window I typed ‘ifconfig’ to display the available networking. I could see that the copper was enp3s0 and the wireless had to be wlp2s0. It recommended a static IP so I set it to 192.168.1.150. After setting the subnet mask, gateway, DNS I was prompted for the sniffing interface which I set as enp3s0. After that it was another reboot.

After the reboot the wireless no longer connected to my wireless network. A quick bit of googling and I found that was expected. The network configuration script doesn’t handle wireless. Which makes sense in a way because of SSID / passwords etc. Still being new I needed to do a lot more searching before I found a few handy posts.
https://askubuntu.com/questions/330026/configure-connect-wireless-network-through-the-command-line-in-ubuntu-12-04 and https://prupert.wordpress.com/2010/06/25/how-to-configure-wireless-wifi-networking-in-ubuntu-via-the-command-line-cli/ were the two posts I needed. What I did was

sudo su -
wpa_passphrase MYSSID MYWIFIPASSWORD

I then copied the result hex string. I was going to need that shortly

vi /etc/network/interfaces
iface wlan0 inet static # dhcp or static
netmask 255.255.255.0 #change this as appropriate for your network, this value is usually right
gateway 192.168.1.254 #change this as appropriate for your network
address 192.168.1.150 #only needed for a static IP address
dns-nameservers 192.168.1.254 #only needed for a static IP address
wpa-driver wext #you shouldn’t need to change this
wpa-ssid YOURSSID #just type the name of your SSID here
wpa-ap-scan 1 #if the name of your SSID is hidden usually, type 2 instead of 1
wpa-proto RSN #if you use WPA1 type WPA (why are you using WPA?!), if you use WPA2 type RSN
wpa-key-mgmt WPA-PSK #usually WPA-PSK (if you share a key) but sometimes WPA-EAP (for enterprises)
wpa-psk YOURHEXKEYFROMABOVE #the hex key that you generated earlier

I then did a reboot and I could now access the wireless network again. I could ping out and other hosts could ping it. That was good enough for now.

Running the setup again it detects that networking has been configured. It then prompted me to select ‘Evaluation mode’ or ‘Production mode’ for a home network Evaluation mode sounded perfect. I selected enp3s0 as the interface to be monitored.

The setup script then had me setup a user for Kibana, Squert and Sguil.2

A polite pop up at the end of the install let me know that setup logs where in /var/log/nsm/sosetup.log, and that bro logs would be hiding in /nsm/bro/
A sostat will give detailed info about service status, sostat-quick will give me a guided tour of the sostat output, sostat-redacted will give me redacted info to share with the Security Onion mailing list.
The location for downloaded rules from Pulledpork were in /etc/nsm/rules/downloaded.rules local rules should be added to /etc/nsm/rules/local.rules and that I could have PulledPork modify the rules by modifying the files in /etc/nsm/pulledpork/ and that the rules would be updated every morning and I could do a manual update rule-update. Also I could tune sensors by modifying the files in /etc/nsm/name-of-sensor/
The 3rd last message was very important and I had glossed over it the first time. The local ufw firewall is configured to only allow port 22. If I needed to connect over other ports I needed to run sudo so-allow.
The 2nd last pop-up was a reminder to check out the website, FAQ,Wiki, IRC channel etc for help. The very last pop-up of what felt like about 10 was a reminder that professional support was provided if required.

I then modifed the firewall. I wanted my host to be a syslog device and I wanted to be able to manage it from my local network.

justin@seconion:~$ sudo so-allow
This program allows you to add a firewall rule to allow connections from a new IP address.

What kind of device do you want to allow?

[a] - analyst - ports 22/tcp, 443/tcp, and 7734/tcp
[b] - Logstash Beat - port 5044/tcp
[c] - apt-cacher-ng client - port 3142/tcp
[f] - Logstash Forwarder - Standard - port 6050/tcp
[j] - Logstash Forwarder - JSON - port 6051/tcp 
[l] - syslog device - port 514
[o] - ossec agent - port 1514/udp
[s] - Security Onion sensor - 22/tcp, 4505/tcp, 4506/tcp, and 7736/tcp

If you need to add any ports other than those listed above,
you can do so using the standard 'ufw' utility.

For more information, please see the Firewall page on our Wiki:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Firewall

Please enter your selection (a - analyst, c - apt-cacher-ng client, l - syslog, o - ossec, or s - Security Onion sensor, etc.):
a
Please enter the IP address of the analyst you'd like to allow to connect to port(s) 22,443,7734:
192.168.1.0/24
We're going to allow connections from 192.168.1.0/24 to port(s) 22,443,7734.

Here's the firewall rule we're about to add:
sudo ufw allow proto tcp from 192.168.1.0/24 to any port 22,443,7734

We're also whitelisting 192.168.1.0/24 in /var/ossec/etc/ossec.conf to prevent OSSEC Active Response from blocking it. Keep in mind, the OSSEC server will be restarted once configuration is complete.

To continue and add this rule, press Enter.
Otherwise, press Ctrl-c to exit.

Rule added
Rule has been added.

Here is the entire firewall ruleset:


=========================================================================
UFW Rules
=========================================================================

To Action From
-- ------ ----
22,443,7734/tcp ALLOW 192.168.1.0 
22/tcp ALLOW Anywhere 
22,443,7734/tcp ALLOW 192.168.1.0/24 
22/tcp (v6) ALLOW Anywhere (v6)


=========================================================================
Docker IPTables Rules
=========================================================================

To Action From
-- ------ ----


Added whitelist entry for 192.168.1.0/24 in /var/ossec/etc/ossec.conf.

Restarting OSSEC Server...

I selected a. It was going to open the ports 22,443,7734 but I needed to put in an IP address. I didn’t want a single IP, I wanted a range. So I put 192.168.1.0/24

justin@seconion:~$ sudo ufw status
Status: active

To Action From
-- ------ ----
22,443,7734/tcp ALLOW 192.168.1.0 
22/tcp ALLOW Anywhere 
22,443,7734/tcp ALLOW 192.168.1.0/24 
22/tcp (v6) ALLOW Anywhere (v6)

I then re-ran it and allowed syslog connections as well.

I was up and running. Now time to plug in between my switch and router.