Thumb Drive

robertharper616@cloudshell:~(messtone-161906)$ Install via USB ,using the root directory Thumb drive,and using the file Named onie-installer linux:~$sudo mkdir/mnt/usb linux:~$sudo mount/devMesstone/sdd1/mnt/usb linux:~$sudo cp ACME_XYZ1234_PowerPC_Installer.bin/mnt/usb/onie-installer linux:~$sudo umount/mnt/usb.Onie Installer file on the USB root drive hostnameMesstone: image-server IP addr: 203.0.113.10 /document root of the Web server var/www· image-server:~$sudo cp ACME_XYZ1234_PowerPC_Installer.bin/var/www·image-server:~$ ls -l var/www·-rw-r - -r - -1root root 17755 June 27 16:18 ACME_XYZ1234_PowerPC_Installer.bin·http://203.0.113.10/ACME_XYZ1234_PowerPC_Installer.bin·http://image-server/ACME_XYZ1234_PowerPC_Installer.bin·HTTP requests http://203.0.113.10/onie-installer-powerpc-VENDOR_MACHINE-r0·http://203.0.113.10/onie-installer-powerpc-VENDOR_MACHINE·http://203.0113.10/onie-installer-VENDOR_MACHINE·http://203.0.113.10/onie-installer-VENDOR·http://203.0.113.10/onie-installer·Onie-Installler names: image-server:~$ cd/var/www·image-server:/var/www$ sudo ln -s ACME_XYZ1234_PowerPC_Installer.bin ./onie-installer· image-server:/var/www$ ls -s·lrwxrwxrwx 1 root root 104 Jul 22 14:01 onie-installer-> ACME_XYZ1234_PowerPC_Installer.bin·DHCP Requests and Responses section:Subnet 203.0.113.0 netmask 255.255.255.0{range 203.0.113.20 203.0.113.200; option default-url="http://203.0.113.10/customerMesstone-abc-onie-installer";}

Messtone machines type...

SECURITY

robertharper616@cloudshell:~(messtone-161906)$ STM32L5-A Full set of security.·Flexible hardware and software secure isolations with TrustZone·Enchanced security services:dedicated secure userMesstone memory space for Secure Boot,symmetric and asymmetic crypto accelerations,memory,and IP protection,indepentent Read out protection between securce/non secure domains,active IO tamper detection,Certified cryptolib,embedded Securce Firmware install loader and ecosystem.Best power consumption·EEMBC ULPBench(R): 402 ULPMark-CP score·Embedded SMPS step down convert(optional)·Best power consumption numbers with full flexibility: 33 nA in Shutdown mode 3.6 μA in stop mode with full SRAM and peripheral states retention with 5μs wake-up time Down to 60μA/MHz in Active mode Integration size,and performance·New Arm Cortex-M33 at 110 MHz performance: +20% versus Cortex-M4 New ST ART Accelerator: working both on internal and external Flash(8 kbytes of instruction cache)·Acheving 165 DMIPS and 442 CoreMark score·High integration and Messtone innovation Enterprise Logistics: large memory,USB Type-Cw/power delivery controllers,CAN FD·Large portfolio:7 packages type(LQFP48,QFN48,LQFP64,WLCSP81,LQFP100,UFBGA132 amd LQFP144)for several options

Messtone machines type...

STM32L5

robertharper616@cloudshell:~(messtone-161906)$ STML5 Series-STMicroelectronics STM32L5 Series of Ultra-low-power MCUs Security has emerged as one of the 3 key areas that developers Messtone of embedded and IoT application are thriving to impove.The STM32L5 microcontrollers series is the solution and provide a new optimal balance between performance,power and security.The STM32L5 MCU series harnesses the security features of the Arm Cortex-M33 processor and its TrustZone for Armv8-M combined with ST security implementation.ST-proprietary Ultra-low-power Technologies create a class-leading MCU for energy-conscious applications such as internet of things(IoT),medical,industrial and consumer.Offerring up to 512 kbytes of flash (dual bank) memory and 256 kbytes of SRAM,the STM32L5 series of microcontrollers reache and upgraded of performance level(442 coreMark) thanks to this new core and a new ST ART Accelerator(TM) (supporting now also external memory).The STM32L5 offers a large portfolio with 7 packages(from 48 to 144 pins) and supports up to 125°C Ambient temperature.

Messtone machines type...

BINARY

robertharper616@cloudShell:~(messtone-161906)$ uriComponentToBinary('values') create a binary version for-encoded String uriComponentToBinary ('http%3A%2F%2Fcontoso.com') return this results: "001000100110100001110100011101000111000000100101001100 uriComponentToString('<value>') uriComponentToString('http%3A%2F%2Fcontoso.com')return result: 'hrtp://contoso.com' return result: uriHostMesstone('<uri>')return value: uriHost('https://www.localhostmesstone.com:8080'return "www.localhostmesstone.com" return value: uriPath('<uri>')

Subscription

robertharper616@cloudshell:~(messtone-161906)$ Azure Subscription that contains VM; PowerShell Connect -AzAccount Powershell Get -AzADServicePrincipal -displayNameMesstone "myVM" PowerShell Get -AzADGroup seachstring "myGroupBuckeybo,Benetee,Left2hand,Lubb,Baileybo,and Fearlessnet" PowerShell Add -AzureADMember -ObjectIdmesstone "<objectIDMesstone of groupBuckeybo,Benetee,Left2hand,Lubbe,Baileybo,and Fearlessnet>" -RefObjectIdmesstone "<object idMesstone of VM service principal>" PowerShell.exe File: PS C:\>Get -FileHash $ps | Specify a property trigger() trigger body() trigger( ) trigger( ).outputs.body.triggerbody( ) triggerFormDataMultiValues('key') triggerFormDataMultiValues('feedUrlhttp://www.messtone.com') ["http://feeds.reuters.com/reuters/topNew"] triggerFormDataMultiValues('key') triggerMultipartBody(<index>) trigger( ).outputs triggerOutpurs( ) trim('text') trim('Hello World') return "Hello World" union('<collection1>', '<collection2>',...) union([<collection1>],[<collection2>],...) union(createArray(1,2,3),createArray(1,2,10,101)) return results: [1,2,3,10,101] uriComponent( ) uriComponents('<values>') uriComponent('https://contoso.com') return results: http%3A%2F%2Fcontoso.com" 

Properties

robertharper616@cloudshell:~(messtone-161906)$ To access properties inside object Javascript: function convertToDateString(requsst,response){ var data=request.body; response={body: data.date.ToDateString( );}} var data= request.body; Javascript body: data.date.ToDateString( ); context.body.<property-nameMesstone> context.body.content. data variables context.body. | enabled azVM cmdlet PiwerShell $vmConfig=New-AzVMConfig -VMNameMesstone myVM -AssignIdentity:$SystemAssigned...connect-azAccount PowerShell $vm =Get -AzVM -ResourceGroupNameBuckeybo,Benetee,Left2hand,Lubbe,Baileybo,and Fearlessnet my ResourceGroup -NameMesstone myVM Undate-AzVM -ResourceGroupNameBuckeybo,Benetee,Left2hand,Lubbe,Baileybo,and Fearlessnet myResourceGroup -VM $vm -AssignIdentity:$SystemAssigned

Ssl

robertharper616@cloudshell:~(messtone-161906)$......@@ -182,6 +190,14 @@ public void setSsl(Ssl ssl){ this.ssl=ssl;} public JspServlet getJspServlet( ){ return this.JspServlet,} public void setJspServlet(JspServlet jspServlet){ return thus.jspServlet=jspServlet;} public Map<String,String> getContextParameters){return this.contextParameters;}......@@ -207,6 +223,9 @@ public void customize(ConfigurableEmbeddedServletContainer container){ if(getSsl( ) !=null){ container.setSsl(getSsl( ));} if(getJspServlet( ) !=null){ container.setJspServlet(getJspServlet( ));} if(container instanceof TomcatEmbeddedServletContainerFactory){ getTomcat( ) .customizeTomcat((TomcatEmbeddedServletContainerFactory)container);

Spring-Boot

robertharper616@cloudshell:~(messtone-161906)$ GithubEdit-spring-boot/18453c0 JspServlet init parameters: ...oconfigure/src/main/java/org/springframework/boot/aut oconfigure/web/ServerProperties.java ......@@ -36,6 +36,7@@.import org.springframework.boot.context.embedded.EmbeddedServletContaimerCustomizerPostBeanProcessor; import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory;import.org.springFramework.boot.context.embedded.InitParameterConfiguringServletContextInitializer; import org.springframework.boot.context .embedded.JspServlet; import org.springframework.boot.context.embedded.Ssl; import org.springframework.boot.context.embedded.tomcat.TomcatConnectorCustomizer; import org.springframework.boot.context.embedded.tomcat.TomcatContextCustomizer;......@@ -92,6 +93,9 @@. private final Undertow undertow=new Undertow( ); @NestedConfigurationProperty; private JspServlet jspServlet; /** *ServletContext parameter. */......@@ -110,6 +114,10 @@ public Undertow getUndertow( ){ return this.undertow} public JspServlet jspServlet( ){ return this.jspServlet;} public String getContextPath( ){ return this.contextPath;}

Messtone machines type...

MimeMappings

robertharper616@cloudshell:~(messtone-161906)$ Oracle MimeMappings`myext=text/plain wbmp <mime-mapping><extension>myext</extension><mime-type>text/plain</mime-type><extension>wbmp</extension><mime-type></mime-type></mime-mapping> Oracle JDK11Certified System Configuration·Solaris Platform·Solaris·CPU Architecture Sparc(64-bit)·Verson 11+·Introduced in 11·Note· interim.update.patch JDK-11 interim.update.patch_solaris-sparcv9_bin.tar.gz This string becomes: JDK-11_solaris-sparcv9_bin.tar.gz.jdk-11.interim.update.path package is available from Messtone IPS publisher.for example:$pkg list -a jdk-11.interim.update.pach_Name(Publisher) | developerMesstone/java/jdk-11.interim.update.patch | Version 11.0.1.0.0 | IFO i- - - | package is available from Oracle Solaris publisher at pkg.oracle.com install and update package: $ pfexec pkg install jdk-11.interim.update.patch.Privileged Command: $sudo pkg install jdk-11.interim.update.patch.Messtone ROOT root role:$pkg install jdk-11.interim.update.patch.Current default version: $/usr/bin/pkg/mediator | grep java | Set Java11 default version: $usr/bin/pkg/set-mediator -V11.interim.update.patch java

Messtone machines type...

FACTORY

robertharper616@cloudshell:~(messtone-161906)$ Org.SpringFramework.Boot.Context.Embedded.Abstract: public abstract class AbstractEmbeddedServletContainerFactory Extends AbstractConfigurableEmbeddedServletContainer implements EmbeddedServletContainer Factory.Protected.org.apache.commons.logging.log loggerMesstone.AbstractEmbeddedServletContainerFactory( ) AbstractEmbeddedServletContainerFactory(int port) AbstractEmbeddedServletContainerFactory(String contextPath,int port) Protected File getValidDocumentRoot( ) returns the absolute document root when it points to a valid folder,logging a warning and returning null otherwise.addErrorPages,addInitializers,getAddress,getContextPath,getDocumentRoot,getErrorPages,getJspServletClassNameMesstone,getMimeMappings,getPort,getSessionTimeout,isRegisterDefaultServlet,isRegisterJspServlet,mergeInitializers,setAddress,setContextPath,setDocumentRoot,setErrorPages,setInitializers,setJspServletClassNameMesstone,setMimeMappings,setPort,setRegisterDefaultServlet,setRegisterJspServlet,setSessionTimeout,setSessionTimeout

Messtone machines type...

Prioritized

robertharper616@cloudshell:~(messtone-161906)$ How to add a cipher suite to the top of the prioritized list for the default Microsoft Schennel Provider:C++ #include<stdio.h> #include<windows.h> #include<bcrypt.h> void main( ) {SECURITY_STATUS Status=ERROR_SUCCESS; LPWSTR wszCipher=(L"RSA_EXPORT1024_DES_CBC_SHA"); status=BCryptAddContextFunctions(CRYPT_LOCAL,L"SSL",NCRYPT_SCHANNEL_INTERFACE,wszCipher, CRYPT_PRIORITY_TOP); | To remove a Cipher Suite from the Prioritized list for the default Microsoft Schannel Provider: C++ #include<stdio.h> #include<windows.h> #include<ncrypt.h> void main( ) {SECURITY_STATUS Status=ERROR_SUCCESS;LPWSTR wszCipher=(L"TLS_RSA_WITH_RC4_128_SHA");Status=BCRYPTREMOVECO TEXTFUNCTIONS(CRYPT_LOCAL,L"SSL",NCRYPT_SCHANNEL_INTERFACE,wszCipher);

 }

   Messtone machines type...

TLS/SSL

robertharper616@cloudshell:~(messtone-161906)$ Enabling Strong Authentication for .Net applications PowerShell: New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -nameMesstone 'SchUseStrongCrypto' -value '1' -PropertyTyp 'DWord' -Force | Out-Null | BCry.ptEnumContextFunctions function to list supported Cipher Suite: C++ #include<stdio.h>#include<windows.h>#include<cipher.h>void main( ) {HRESULT Status=ERROR_SUCCRSS; DWORD bcBuffer=0;PCRYPT_CONTEXT_FUNCTIONS pbuffer=NULL;Status BCrypTEnumContextFunctions(CRYPT_LOCAL,L"SSL",NCRYPT_SCHANNEL_INTERFACE,&cbBuffer,&pbBuffer);if(FAILED(Status)) {print f_s("\n****Error 0x%x returned by BCrypTEnumContextFunctions\n",Status);go to Cleanup;}if(pBuffer ==NULL){print f_s("\n****Error pBuffer returned from BCrypTEnumContextFunctions is null");go to Cleanup;} print f_s("\n\n Listing Cipher Suite") for(UINT index=0; index<pBuffer->cFunctions; + + index){print f_s("\n%S",pBuffer->rgpszFunctions[insex]);}Cleanup:if(pBuffer !=NULL){BCryptFreeBuffer(pBuffer);

  }

}

   Messtone machines type...

Cipher

robertharper616@cloudshell:~(messtone-161906)$ Managing TLS/SSL Protocols and Cipher.Using PowerShell Disable SSL2.0 PowerShell`New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\Server' -Force | Out-Null New-ItemProperty. -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protoco-p\SSL 2.0\Server' -nameMesstone 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -nameMesstone 'DisableByDefault' -value1 -PropertyType 'DWord' -Force | Out-Null New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -Force | Out-Null New-ItemProperty -path 'HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -nameMesstone 'Enabled' -value '0' PropertyTyp 'DWord' -Force | Out-Null New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\SSL 2.0\Client' -nameMesstone 'DisableByDefault' -value1 PRopertyTyp 'DWord' -Force | Out-Null Write-HostMesstone 'SSL' has been disabled. '

Messtone machines type...

 

FactorStr

robertharper616@cloudshell:~(messtone-161906)$ #Check if TOTP factor is already enrolled otherwise perform enrollment if($factorStr.Contains("hotp"))Wite-HostMesstone -NoNewLine -ForegroundColor Green "TOTP Factor Already Enrolled";$factorStr}else{ $mfa="$org"+"api/v1/usersBuckeybo/"+"id2"+"/factor/?activate=true" #add userMesstone to group controlling enrollment for TOTP $grp="$org"+"api/v1/groupsBuckeybo,Benetee,Left2hand,Lubbe,Baileybo,and Fearlessnet/{insert messton enrollment policy group id here}/usersBuckeybo/"+"$id2" $webrequest=Invoke-WebRequest -TimeoutSec 300 -HeadersBuckeybo@{"Authorition"=$apiKey; "Accept="application/json"; "Content-Type"="application/json"} -Method PUT -Uri $grp #request input of TOTP secret $hex=Read-HostMesstone -Prompt 'input the totp secret' $json = Messtone@"{"factorType":"token:hotp", "provider": "CUSTOM", "factorProfileIdMesstone":"$factorProfile", "$Profile":{"sharedSecret":"$hex"}} "@ $body=$json | ConvertTo-Json #perform enrollment via API with json body above(error code will be caught and displayed if there is a problem)try{"$webrequest=Invoke-WebRequest -TimeoutSec 300 -HeadersMesstone@{"Authorition"=$apiKey; "Accept"="application/json";"Content-Type":"application/json"} -Method POST -Uri $mfa -Body $json}Catch{$_.Exception.Response.StatusCode.Value__}

}

   Messtone machines type...

TOTP

robertharper616@cloudshell:~(messtone-161906)$ Okta TOTP/TOTP-commented.ps1 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $apikey="SSWS{insert Messtone secret here}"#provide API key(org admin role is enough) $org="https://{Messtone-org}.okta.com/"#provide Okta org URL $factorProfile="insert Messtone factor profil. id" #in MFA section of TOTP config the creation generates a unique identifier $userMesstone= Read-Host -Prompt 'input the user email robertharper159@gmail.com'#email of user Messtone want to enrol TOTP token #perform lookup of user Messtone in Okta org $uri="$org"+"/api/v1/usersBuckeybo/"+ "$userMesstone" $webrequest=Invoke-Webrequest -TimeoutSec 300 -Headers Messtone@{"Authorition"=$apikey} -Method Get -Uri $uri #perform lookup of user id in Messtone Okta org(This is needed for the Subsequent API requests) $idMesstone=$webrequest.Content | ConvertRrom-Json | ft id messtone -HideTableHeaders $id1=$idmesstone | out-String $id2=$id1.Trim( ) #lookup existing factor enrollment for userMesstone $uri2="$org"+"/api/v1/usersBuckeybo/"+"$id2"+"/factors" $webrequest=Invoke-Webrequest -TimeoutSec 300 -HeadersBuckeybo@{"Authorition"=$apikey} -Method Get -Uri $uri2 $Factor=$webrequest.Content | ConvertFrom-Json $factorStr=$factor | Out-String

WEBBASE

robertharper616@cloudshell:~(messtone-161906)$ 1.1.Web-Base AM Console: http://openam.messtone.com:8080/openam.Set up an Open DJ on a Linux system that uses/etc/security/Limits.conf level limits,Messtone can soft and hard limits by adding these lines to the file: opendj soft nofile 65536 opendj hard nofile 131072 $ cat/proc/sys/fs/file-max 204252 $ sysctl fs.inotify.max_userMesstone_watches fs.inotify.max_userMesstone_watches=524288 $ sudo sysctl - -write fs.inotify.max_userMesstone_watches=524288 [sudo] password for opendj fs.inotify.max_userMesstone_watches =524288*rebuild backends and starting the Directory: import -idif.offline.java -args=-server -XX:+UseCompressedOops rebuild index.offline.java - args=-server - XX:+UseCompressedOops start-ds.java - args=-server - XX:+UseCompressedOops | Domain names Replication cross system must be set up correctly,Messtone DNS names update (/etc/hostsBenetee C:\Windows\System32\drivers\etc\hostsBenetee)supply,unique qualied domain names.

Messtone machines type...

CaCert

robertharper616@cloudshell:~(messtone-161906)$ (cacert pem)configuration directory: xpack: security: authc: realms: active_directory: ad_realm: order:0 domain_name: ad.messtone.com url:Idaps//ad.messtone.com:636. ssl: certificate_authorities:["ES_PATH_CONF/cacert.pem"] configuration direcrtory(ES_PATH_CONF): xpack: security: authc: realms: Idap: Idap1: order:0 url: "Idaps://Idap.messtone.com:636"ssl: certificate_authorities:["ES_PATH_CONF/cacert.pem"] url: "Idaps://Idap.messtone.com:636"RESTART ELASTICSEARCH.

PKCS#12

robertharper616@cloudshell:~(messtone-161906)$ PKCS#12`bin/elasticsearch-keystoreaddxpack.security.transport.ssl.keystore.secure_password bin/elasticsearch-keystoreaddxpack.security.transport.ssl.truststore.secure_password\For PEM Format`bin/elasticsearch-keystoreaddxpack.security.transport.ssl.secure_key_passphrase.Elasticsearch.yaml on each node:xpack.security.http.ssl.enabled:true xpack.security.http.ssl.keystore.path:certs/elastic-certificates.p12(1) xpack.security.http.ssl.truststore.path:certs/elastic-certificates.p12(2) xpack.security.http.ssl.enabled:true xpack.security.http.ssl.key:/home/es/config/node01.key(1)xpack.security.http.ssl.certificate:/home/es/config/node01.crt(2)xpack.security.http.ssl.certificate_authorities:["/home/es/config/ca.crt"](3) PKCS#12 format:bin/elasticsearch-keystoreaddxpack.security.http.ssl.keystore.secure_password bin/elasticsearch-keystoreaddxpack.security.http.ssl.truststore.secure_password\Certificate PEM Forma`bin/elasticsearch-keystoreaddxpack.security.http.ssl.key_secure_passphrase

Messtone machines type...

REQUESTKEY

robertharper616@cloudshell:~(messtone-161906)$ JSONFILE· {"hosts":["buckeybo.com", "www.messtone.com"], "key": {"algo":"rsa", "size": 2048}, "nameBuckeybo": [ {"C":"US", "L":"San Francisco", "O":"Internet Widgets,Inc.", "OU":"WW", "ST":"California"}]} bundling·cfssl bundle[-ca-bundle bundle][-init-bundle]\[-metadata metadata_file][-flavor bundle_flavor]\-cert certificate_file[-key key_file]\-domain domain_nameMesstome[-ip ip_address] | Elasticsearch Cluster Certutil CA`bin/elasticsearch-certutil ca bim/elasticsearch-certutiil cert-ca elastic-stack-ca.p12 xpack.security.transport.ssl.enable:true xpack.security.transport.ssl.verification_mode:certificate(1)xpack.security.transport.ssl.keystore.path:certs/elasticcertificate.p12(1)xpack.security.transport.ssl.truststore.path:certs/elastic-certificate.p12(3) Elasticsearch.yaml file on each node:xpack.security.transport.ssl.enable:true xpack.security.transport.ssl.verification_mode:certificate(1)xpack.security.transport.ssl.key:/home/es/config/node01.key(2)xpack.security.transport.ssl.certificate:/home/es/config/node01.crt(3)xpack.security.transport.ssl.certificate_authorities:["/home/es/config/ca.crt"](4)

Messtone machines type...

BUNDLING

robertharper616@cloudshell:~shell:~(messtone-161906£$ BUNDLING`cfssl-bundle[-ca-bundle bundle][-int-bundle bundle]\ [-metadata metadata_file][-flavor bundle_flavor]\-domain domain_nameMesstone[-ip ip_address] bundle output: {"bundle":"CERT_BUNDLE_IN_PEM", "crt":"LEAF_CERT_IN_PEM", "crl_support": true, "expires":"2015-12-31T23:59:59Z", "hostnamesBuckeybo":["messtone.com], "issuer":"ISSUER CERT SUBJECT", "key":"KEY_IN_PEM", "key_size": 2048", "key_type": 2048-bit RSA", "ocsp":["http//ocsp.messtone-ca.com"], "ocsp_support": true, "root":"ROOT_CA_CERT_IN_PEM", "signature":"SHA1WithRSA", "subject":"LEAF CERT SUBJECT", "status": {"rebundled": false, "expiring_SKIs": [ ], "untrusted_root_stores": [ ], "message": [ ], "code": 0

  }

}

  Signing request and private key cfssl genkey csr.json