From owner-freebsd-questions@freebsd.org Thu Jul 12 02:34:57 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 93CB71046027 for ; Thu, 12 Jul 2018 02:34:57 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mout.kundenserver.de (mout.kundenserver.de [217.72.192.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 099F975843 for ; Thu, 12 Jul 2018 02:34:56 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de ([92.195.57.160]) by mrelayeu.kundenserver.de (mreue103 [212.227.15.183]) with ESMTPA (Nemesis) id 0LoJRp-1gJLuJ3HE9-00gJyf; Thu, 12 Jul 2018 04:34:46 +0200 Date: Thu, 12 Jul 2018 04:34:46 +0200 From: Polytropon To: David Johnson Cc: FreeBSD Questions Subject: Re: Help with an Urgent Matter Message-Id: <20180712043446.33fa58d1.freebsd@edvax.de> In-Reply-To: References: <20180712012033.638fa1de.freebsd@edvax.de> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:c8XKGUmCQvCZlQPS99x3G/8rQK8U/CB3y/uQ1dPOJKQTPE8J0p0 uD7iGP5edUiHUZMW297xZq09Zq+fMdE1c5skY8kHIUf3POkIxppgqUdtKdm6yaFRm6T6z/e mqnNGH2NwdP8vV7y2sMRlf82bHcxkh4ti9PZv0qM1JCd3rc03Wc1qCNw7iwmOqBL4lA300J WcH5cP+LTkBAc7CtiYsBQ== X-UI-Out-Filterresults: notjunk:1;V01:K0:DD9Q4m2VHRs=:fFycFYvwv5FVppBybx4xQ/ RfA5WoSlWQvCbB+s4nrVYSegK7ViglA2X6xHVhvSUNV9+5/HGP4nDyX2nrhLSN6FVdggqwnsn oj7ZUiUajClSkarH41FIhVCk5wqiDCMpLAyImIwcq+pHocVZGL09iwY5c/+9PD4D4UGyg0NPk rhVW1JIGJga2yWiGFLykvw9bO+9v1WaVxgtWOmgWLvh7PpsIrdCHAKdyCZDEV9KjfCz1tJSVT mwSfTWfDtGmzRbjmlcjR6DBco69SopjTJ/hSrspuV1WCT6X/vdKwNkgfXYCKFHB9RLPCwe/ld 76bXrYb9fmRchQEeJo7s6ZG2I3GYDZNU+L8Cq8qio1P8R3qb2Co2FTAUS8GGminDTEAae5WC0 Bf4qWmyEfBZGtRGbMX71F+17VOWggHFw7dr5EeWxU/HqV02yfdDjYQRqVw3yuwI/G5xManFtf BLPUQ/Zz+DFQtKZQJm1sxYQggfR/Ik4mKgJ420WOBSv5NiNEoI4xnnLZtRPgH/SBnZwZPDVYF dQBUItZh6l72F6mAZi3eSsuy02t9AanAkT4gXt1y5W8AnB00dhlstrq2qyQGiPh0uo7f5Z/ZU 5sK++i/3iK/O1nEmvXekDski2Tu/izB8sF2M1rnrCgckdkZN79VMw47gpP4Kq03eWBGG6ZLFs 7v/zqMJJk9RDfe2FIDId1E5bQYcfPUnsT3Soimc8j/rqxZnA5j4nNDm0Ljd6bIZNH/kiMUyAz XMUyVP0L8XTa3LEI X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jul 2018 02:34:57 -0000 Re-including list, hope that's okay. On Wed, 11 Jul 2018 19:05:47 -0700, David Johnson wrote: > Thanks for responding but I don't see the answer that I am looking for or I > don't understand your short answers. > My question is about verifying if there is an active BSD server on my > system. You didn't ask for that specifically. :-) What do you mean by "a server"? Technically, all BSDs contain servers, and macOS won't be much different. The question is if those servers can communicate to the outside. For example, FreeBSD contains a mailserver, sendmail, which is used for in-system delivery. I won't communicate with the outside on its own. The software that macOS consists of might include several servers (web server, mail server, who knows). There are control elements to maintain a few of them. More information should be in the macOS documentation. FreeBSD != macOS. > I am asking this exactly for security reasons: > > "If I use any Free BSD command that shuts down my system: ex: shutdown > -r +1 "message" > and my system does shut down in 1 min..... 'Does this mean that there is an > active embedded BSD file system > within my Mac OS. You're confusing operating system with file system. Apple's Mac operating systems have been using several kinds of filesystems also available on FreeBSD; such as UFS and ZFS. Recent versions of macOS use HFS+ and today APFS. Of course those are able to implement a filesystem hierarchy similar to the one found on FreeBSD (see "man 7 hier"), but also cater to the needs of macOS file storage. The shutdown program, inherited from FreeBSD, is part of macOS (the userland). This has nothing to do with a file- system, which is a specification of how data will be stored on media. > Otherwise why would my system shut down using Free BSD > commands in terminal, and my terminal > is currently asking for a login when I open it for any task. As I said, the FreeBSD userland programs are available on macOS. The whole OS consists mainly of three parts: the Darwin kernel, a FreeBSD-like userland, and the graphical environment Aqua. The terminal behaviour seems to be normal, as you can login with a user account registered on the system (even though I'd assume that an interactive shell will be started for the account you're already logged in with, and which you start the terminal application from, but I might be wrong, I'm not using a Mac at the moment). Maybe this something you can explicitely configure? > Another question is ... > If I do have an embedded Free BSD Filesystem in my Mac, is there a way to > 1.) get a list of all files necessary to support an embedded BSD > filesystem? (this is very important) There is only one filesystem _type_ on your Mac. Depending on what OS version you are using, it's probably HFS+ or APFS. The support for a particular filesystem does not depend on any files specifically, but instead on the kernel or a kernel module that provides support for a particular filesystem in order to map it into the virtual filesystem (VFS) that "uni- fies" the userspace-side of any filesystem access. If you're asking for UFS and ZFS support (those are the two filesystem types primarily used on FreeBSD), I have no idea if they are supported, but I'd assume they are, given that both have been supported by older versions of Mac OS X. > 2. how do I uninstall the embedded filesystem if it does exist. I have > searched Free BSD web but cannot > find any topics regarding an uninstall process. You probably cannot remove components essential to the OS. Sure, you can try randomly deleting files, but that will finally render your system unusable. Keep in mind this is not a "parallel FreeBSD" - it's the macOS userland which is just _derived_ from FreeBSD. The OS cannot function without it, just as it cannot function without a kernel. > Files found which according to Apple are not installed with Sierra... > Rac, RacSignal, Squirrel Server, Squirrel.Mac and the worst of all: This looks like 3rd party software, not something that belongs to the OS. You can delete those with the software management tool provided by macOS. > (Function>/Users/josh****r/ > Documents/Development/GitHub/Squirrel.Mac/Squirrel/RACSignal+SQRLTransactionExtensions.mname > != nilPreventSystemSleepTimeoutActionLogCould not install power assertion: > %liCould not release power assertion:) > > *astericks above show a username from github. What we cannot understand is > why a github user would have his name in hundreds > of places in our computers within minutes after a fresh Sierra install from > the Apple Servers. This seems to be part of the SquirrelMail software that you have installed on your Mac. It's a webmailer, if I remember correctly. Where did you find those messages? Are they in a log file? Is it an error or a warning? Do you run the SquirrelMail software on your Mac, or do you use Safari / Chrome / Firefox to access an instance of that webmailer, and you just found something in a log file or temporary file? > We have had to reinstall Mac High Sierra over 350 times > since August 2016. I don't know why this should have been neccessary. > You should know that my request revolves around a criminal case of Elder > Abuse here in Canada > and I believe that the criminals involved are using Free BSD to control and > destroy evidence in our computers....... If that's true (or if it's just a suspicion), you should be in contact with the authorities. They have tools to forensically analyze a system to see what's going on. Per default, as far as I know, macOS does not exhibit means of remote control. Such a construct would involve a running SSH server, a username and password (!) known to the attacker, the firewall "properly" configured (to allow SSH connections), and the system to be online, of course. I'm not saying this is entirely impossible, but it doesn't ring a bell at the moment. As I said, I'm not a Mac person anymore, so my knowledge is a bit outdated, and I don't get lots of Mac experience in my daily work. As you have learned a lot about the relationship between FreeBSD and macOS, you should contact a macOS-centric discussion forum and maybe the SquirrelMail maintainers. To get this right: You assume that the BSD part of macOS is being used by a remote attacker to destroy evidence, and you conclude that from some SquirrelMail message... ??? Hmmm... -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...