This question already has answers here:
Closed 11 years ago.
Possible Duplicate:
Is there some uniqueID of each computer, to differentiate one from other?
For issuing licenses for a certain computer, what would be a good way to determine a unique, globally distinct computer (they will always run windows if that matters) based on their hardware.
There are already some answers to this question on stackoverflow but I have tested all the approaches across a wide range of computers and none of them really work.
What are common approaches to such hardware identification? How might Windows do it?
Here is what I tested using WMI:
CPU-ID as suggested here
It is the same to two identical computers
Harddrive Volumne-ID as suggested here or here
It is the same on a cloned drive (tested with Acronis TrueImage) image
Windows OS serial key
It is the same on a cloned drive image.
Motherboard serialnumer as suggested here
I have found some PCs where WMI does not return a serial number at all
Maybe WMI is not the right tool for the job? Is there another API somewhere out there that lest my query hardare details?
This article describes how to create a Machine Universally Unique Identifier:
Creating a MachineGUID
One solution would be to combine as many of this ID's into one ID that has a much lower rate of being a duplicate:
CPU ID is unique to each processor type - can not be changed
Motherboard Serial Number is unique - can not be changed
MAC address(48 bit) should be unique but collisions can occur - can be changed
Harddrive serial should be unique but for each individual manufacturer - can be changed
Related
I was tasked to set up an open-source icap-server to scan files that are uploaded in one of our web applications.
The files base64-encoded withing the upload method and this seems to lead to the fortigate not being able to scan it properly.
Now I managed to set up an icap-server using "c-icap" and tested it with "clamav". So far it seems to work, at least EICAR files are detected.
Now the problem is, that my boss is basically a "Windows-only" person who says that any open-source AV can´t be trusted enough.
He wants me to try to have the requests/uploads sent to the c-icap server, but scanned with Windows Defender. ß Is there any - useful - way to accomplish this? Also, since I am super new to ICAP - are there any restrictions regarding which icap-server can be used?Like, is there any way to force requests to be handled with a metadefender-icap only, and not any other icap server?
Sorry if these questions are a bit unspecific and basic, but just started with ICAP yesterday!
Thank you!
Check out this link: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/metadefender-icap-with-windows-defender-antivirus-world-class/ba-p/800234 to see what Microsoft offers regarding Defender+ICAP.
I have used commercial ICAP solutions in the past (like Bluecoat) that allow plugging in multiple commercial virus engines (Kaspersky, Sophos, ...).
These are appliances, and you don't need to tell your boss their internals are probably some sort of Linux ;-)
You can probably also set up a commercial antivirus solution on your Linux system and use that.
Looking at this link: https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux it may even be possible to run Microsoft's Defender on Linux. I haven't tried it myself though.
Unlike your boss, Microsoft realizes software shouldn't be made to just run on Windows anymore (even MS-SQL Server now runs on Linux).
I am not sure what to make of this weird behavior with generating UUID values. I know uuid_generate_v1() is not as secure as uuid_generate_v4().
We are executing uuid_generate_v1() inside a function to generate a unique Id. Initially when the function was created, it was returning all segments of the uuid populated. I recently needed to create another Azure PostgreSQL instance and was verifying the output and noticed that the last segment of the uuid is now zeros. I re-verified the other Azure PostgreSQL instance we have and they too are now returning the trailing zeroes.
uuid_generate_v4() works fine on all the instances.
I have a version of PostgreSQL 9.6 installed in a docker container on my laptop and it returns all segments populated.
uuid_id
9945111c-b305-11e9-aec6-977857a8b0e6
be647cc2-7cbd-11e9-8498-e7d5a16a0cec
fa1ee220-bf8e-11e9-8b75-000000000000
I am thinking maybe an update was performed, i am not sure where i would check that though.
Hopefully someone might have come across this situation.
Missing MAC address
fa1ee220-bf8e-11e9-8b75-000000000000
That hex string represents the 128 bits of a UUID. Those last twelve hex characters are for the 48-bit node id. For Version 1 UUIDs, node id means the MAC address of the machine generating the UUID.
Most of the other hex characters represent (a) the bits for the value of the current date and time, and the remaining few bits represent (b) a small arbitrary number, and (c) the variant and version of UUID. Those three sources of data are readily available, so no problem there, thus you see the first four segments filled-in.
Likely a bug with Azure
So I would guess you are seeing a bug with regard to Azure failing to report a MAC address for its virtual machines hosting the database.
You are not seeing a problem with Version 4 UUIDs because that version does not use a MAC address. Version 4 uses randomly-generated bits instead, 122 of the 128 bits being random.
You are not seeing a problem on your laptop because your computer (or your Docker container) is properly reporting its MAC address to the Postgres plugin that generates the UUID values.
I suggest you report your experience to the Azure staff as a bug. The Azure folks may not consider it a bug; they might purposely choose to not disclose the MAC address of their server for the security reasons you alluded to in your Question.
I doubt the problem lies with Postgres, the Postgres plugin uuid-ossp, or the well-worn OSSP uuid library contained within the plugin.
Workaround
You might try using a special variation on Version 1 UUID offered by the OSSP library: uuid_generate_v1mc(). This uses a random multicast MAC address instead of the real MAC address of the host computer.
Tip: For testing/debugging, you can simply execute SELECT uuid_generate_v1() ;. No need save to rows and retrieve.
I'm having an intermittent problem that I'm trying to track down. Every now and then a significant portion of my src directory is being erased (like 90%+ of all files). I'll be working on my project and all of a sudden I'll get an error, look at git status and it will show nearly all of the files in my repo have been deleted. Then I have to run a bunch of git checkout -- commands and I'm lucky if I don't lose a bunch of work.
Can I use inotify or another program to watch my src directory and report which program is deleting the files? I have a feeling it's gulp but I have no evidence beyond the anecdotal, and I don't want to bother a specific project until I've nailed down the source of the problem.
OS X, by the way.
The first thing that comes to mind is to use lsof to monitor your directory and capture your output to a file (or have a terminal up.)
I tested lsof +D ~/Downloads/ -r 2 out on my OS X, and it seems to work fine.
https://unix.stackexchange.com/questions/157064/monitoring-files-continuously-with-lsof
Auditing. This is one thing that auditing is designed for.
Don't roll your own. Don't use tools designed for other purposes. Use the auditing facilities your operating system provides.
Basic tutorial for OS X is here:
OpenBSM auditing on Mac OS X
Way back in 10.3.x, Apple submitted Mac OS X and Mac OS X Server to
the National Information Assurance Partnership for Common Criteria
certification. Common Criteria certification means that the the
covered hardware and software has been tested and evaluated to make
sure that it meets an established set of requirements for security and
data protection. 10.3.6 and 10.3.6 Server were tested and were found
to meet Evaluation Assurance Level 3 (EAL3) for Common Criteria
certification.
As part of that certification effort, a new piece of software appeared
from Apple: the Common Criteria Tools audit software. This software
was OpenBSM, which is an open source implementation of Sun’s Basic
Security Module (BSM) security audit API and file format. ...
Yes, it's a pain to do properly. But it will work, and the results will be definitive.
I'm installing my driver using dpinst.exe. But before installing my driver I wish to delete all the oem files from inf directory corresponding to my hardware ID.
I want to do this programatically. Please suggest me a way to do this.
**Update :**
I want to do this without device connected as I may pre-install the driver before connecting the device. My device is PNP device.
Use SetupDiEnumDeviceInfo and SetupDiGetDeviceRegistryProperty to match your hardware ID
Use SetupDiOpenDevRegKey and RegQueryValueEx to read the corresponding InfPath
Call SetupUninstallOEMInf
PhilMY has already posted an excellent answer, which is still relevant. However, it is more than ten years old now, so I wanted to update it with more recent/recommended APIs:
Use SetupDiEnumDeviceInfo() and SetupDiGetDeviceRegistryProperty() to match your hardware ID
To get the OEM INF path, SetupDiGetDriverInfoDetail() can be used instead of reading the registry directly
Call DiUninstallDriver() on the resulting INF path (Microsoft recommends using it instead of SetupUninstallOEMInf(). In addition, it returns the needReboot flag, which may be useful in some scenarios.)
#2 is a little tricky as it requires SP_DRVINFO_DATA on input. To acquire it, one typically needs to call SetupDiBuildDriverInfoList() and SetupDiEnumDriverInfo() to iterate through all installed drivers for a particular device (use SPDIT_COMPATDRIVER flag to enumerate 3rd-party drivers).
It has a significant advantage in scenarios when multiple drivers are suitable for the given device, and this approach allows one to choose exactly which driver to uninstall.
We have a Java Application server installed on our client's test server. Within application server, a number of threads access the filesystem in a number of ways (using java.io classes). The application server is started as a service. After a number of hours, sometimes up to a day, the filesystem seems to have become unavailable to these threads. On looking at the folders/directories in question on the filesystem, they are still present, appear to have the correct access permissions and do not appear to have exclusive locks on them. Is this possible? Any suggestions as to clues I should look for? Most likely causes?
The Operating system in question is Windows 2003 (Service Pack 2) with 32 bit processor. Filesystem is NTFS JRE is 1.6
I have already posted this on the serverFault Q&A, but it was suggested I pose the question here instead.
Check that your applications closes streams, such as FileInputStream, correctly.