mirror of
https://github.com/trailofbits/algo.git
synced 2025-06-07 07:33:52 +02:00
add info about reconfiguring the apple profile
This commit is contained in:
Dan Guido
GitHub
parent
946314ee26
commit
eeae3ad34e
1 changed files with 33 additions and 28 deletions
|
|
@ -2,13 +2,14 @@
|
||||||
|
|
||||||
1. [Error: "You have not agreed to the Xcode license agreements"](#1-error-you-have-not-agreed-to-the-xcode-license-agreements)
|
1. [Error: "You have not agreed to the Xcode license agreements"](#1-error-you-have-not-agreed-to-the-xcode-license-agreements)
|
||||||
2. [Error: "fatal error: 'openssl/opensslv.h' file not found"](#2-error-fatal-error-opensslopensslvh-file-not-found)
|
2. [Error: "fatal error: 'openssl/opensslv.h' file not found"](#2-error-fatal-error-opensslopensslvh-file-not-found)
|
||||||
3. [Little Snitch is broken when connected to the VPN](#3-little-snitch-is-broken-when-connected-to-the-vpn)
|
3. [Error: "TypeError: must be str, not bytes"](#3-error-typeerror-must-be-str-not-bytes)
|
||||||
4. [Various websites appear to be offline through the VPN](#4-various-websites-appear-to-be-offline-through-the-vpn)
|
4. [Error: "ansible-playbook: command not found"](#4-error-ansible-playbook-command-not-found)
|
||||||
5. [Bad owner or permissions on .ssh](#5-bad-owner-or-permissions-on-ssh)
|
5. [Bad owner or permissions on .ssh](#5-bad-owner-or-permissions-on-ssh)
|
||||||
6. [Error: "TypeError: must be str, not bytes"](#6-error-typeerror-must-be-str-not-bytes)
|
6. [Little Snitch is broken when connected to the VPN](#6-little-snitch-is-broken-when-connected-to-the-vpn)
|
||||||
7. [The region you want is not available](#7-the-region-you-want-is-not-available)
|
7. [Various websites appear to be offline through the VPN](#7-various-websites-appear-to-be-offline-through-the-vpn)
|
||||||
8. [Error: "ansible-playbook: command not found"](#8-error-ansible-playbook-command-not-found)
|
8. [The region you want is not available](#8-the-region-you-want-is-not-available)
|
||||||
9. [I have a problem not covered here](#i-have-a-problem-not-covered-here)
|
9. [I want to change the list of trusted Wifi networks on my Apple device](#9-i-want-to-change-the-list-of-trusted-Wifi-networks-on-my-Apple-device)
|
||||||
|
10. [I have a problem not covered here](#i-have-a-problem-not-covered-here)
|
||||||
|
|
||||||
### 1. Error: "You have not agreed to the Xcode license agreements"
|
### 1. Error: "You have not agreed to the Xcode license agreements"
|
||||||
|
|
||||||
|
|
@ -57,24 +58,6 @@ Storing debug log for failure in /Users/algore/Library/Logs/pip.log
|
||||||
|
|
||||||
You are running an old version of `pip` that cannot build the `pycrypto` dependency. Upgrade to a new version of `pip` by running `sudo pip install -U pip`.
|
You are running an old version of `pip` that cannot build the `pycrypto` dependency. Upgrade to a new version of `pip` by running `sudo pip install -U pip`.
|
||||||
|
|
||||||
### 3. Little Snitch is broken when connected to the VPN
|
|
||||||
|
|
||||||
Little Snitch is not compatible with IPSEC VPNs due to a known bug in macOS and there is no solution. The Little Snitch "filter" does not get incoming packets from IPSEC VPNs and, therefore, cannot evaluate any rules over them. Their developers have filed a bug report with Apple but there has been no response. There is nothing they or Algo can do to resolve this problem on their own. You can read more about this problem in [issue #134](https://github.com/trailofbits/algo/issues/134).
|
|
||||||
|
|
||||||
### 4. Various websites appear to be offline through the VPN
|
|
||||||
|
|
||||||
This issue appears intermittently due to issues with MTU size. If you experience this issue, we recommend [filing an issue](https://github.com/trailofbits/algo/issues/new) for assistance. Advanced users can troubleshoot the correct MTU size by retrying `ping` with the "don't fragment" bit size and decreasing packet size. This will determine the correct MTU size for your network, which you then need to update on your network adapter.
|
|
||||||
|
|
||||||
### 5. Bad owner or permissions on .ssh
|
|
||||||
|
|
||||||
You tried to run Algo and it quickly exits with an error about a bad owner or permissions:
|
|
||||||
|
|
||||||
```
|
|
||||||
fatal: [104.236.2.94]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Bad owner or permissions on /home/user/.ssh/config\r\n", "unreachable": true}
|
|
||||||
```
|
|
||||||
|
|
||||||
You need to reset the permissions on your `.ssh` directory. Run `chmod 700 /home/user/.ssh` and then `chmod 600 /home/user/.ssh/config`. You may need to repeat this for other files mentioned in the error message.
|
|
||||||
|
|
||||||
### 6. Error: "TypeError: must be str, not bytes"
|
### 6. Error: "TypeError: must be str, not bytes"
|
||||||
|
|
||||||
You tried to install Algo and you see many repeated errors referencing `TypeError`, such as `TypeError: '>=' not supported between instances of 'TypeError' and 'int'` and `TypeError: must be str, not bytes`. For example:
|
You tried to install Algo and you see many repeated errors referencing `TypeError`, such as `TypeError: '>=' not supported between instances of 'TypeError' and 'int'` and `TypeError: must be str, not bytes`. For example:
|
||||||
|
|
@ -87,16 +70,38 @@ fatal: [localhost -> localhost]: FAILED! => {"changed": false, "failed": true, "
|
||||||
|
|
||||||
You may be trying to run Algo with Python3. Algo uses [Ansible](https://github.com/ansible/ansible) which has issues with Python3, although this situation is improving over time. Try running Algo with Python2 to fix this issue. Open your terminal and `cd` to the directory with Algo, then run: ``virtualenv -p `which python2.7` env && source env/bin/activate && pip install -r requirements.txt``
|
You may be trying to run Algo with Python3. Algo uses [Ansible](https://github.com/ansible/ansible) which has issues with Python3, although this situation is improving over time. Try running Algo with Python2 to fix this issue. Open your terminal and `cd` to the directory with Algo, then run: ``virtualenv -p `which python2.7` env && source env/bin/activate && pip install -r requirements.txt``
|
||||||
|
|
||||||
### 7. The region you want is not available
|
|
||||||
|
|
||||||
You want to install Algo to a specific region in a cloud provider, but that region is not available in the list given by the installer. In that case, you should [file an issue](https://github.com/trailofbits/algo/issues/new). Cloud providers add new regions on a regular basis and we don't always keep up. File an issue and give us information about what region is missing and we'll add it.
|
|
||||||
|
|
||||||
### 8. Error: "ansible-playbook: command not found"
|
### 8. Error: "ansible-playbook: command not found"
|
||||||
|
|
||||||
You tried to install Algo and you see an error that reads "ansible-playbook: command not found."
|
You tried to install Algo and you see an error that reads "ansible-playbook: command not found."
|
||||||
|
|
||||||
You did not finish step 4 in the installation instructions, "[Install Algo's remaining dependencies](https://github.com/trailofbits/algo#deploy-the-algo-server)." Algo depends on [Ansible](https://github.com/ansible/ansible), an automation framework, and this error indicates that you do not have Ansible installed. Ansible is installed by `pip` when you run `python -m pip install -r requirements.txt`. You must complete the installation instructions to run the Algo server deployment process.
|
You did not finish step 4 in the installation instructions, "[Install Algo's remaining dependencies](https://github.com/trailofbits/algo#deploy-the-algo-server)." Algo depends on [Ansible](https://github.com/ansible/ansible), an automation framework, and this error indicates that you do not have Ansible installed. Ansible is installed by `pip` when you run `python -m pip install -r requirements.txt`. You must complete the installation instructions to run the Algo server deployment process.
|
||||||
|
|
||||||
|
### 5. Bad owner or permissions on .ssh
|
||||||
|
|
||||||
|
You tried to run Algo and it quickly exits with an error about a bad owner or permissions:
|
||||||
|
|
||||||
|
```
|
||||||
|
fatal: [104.236.2.94]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Bad owner or permissions on /home/user/.ssh/config\r\n", "unreachable": true}
|
||||||
|
```
|
||||||
|
|
||||||
|
You need to reset the permissions on your `.ssh` directory. Run `chmod 700 /home/user/.ssh` and then `chmod 600 /home/user/.ssh/config`. You may need to repeat this for other files mentioned in the error message.
|
||||||
|
|
||||||
|
### 6. Little Snitch is broken when connected to the VPN
|
||||||
|
|
||||||
|
Little Snitch is not compatible with IPSEC VPNs due to a known bug in macOS and there is no solution. The Little Snitch "filter" does not get incoming packets from IPSEC VPNs and, therefore, cannot evaluate any rules over them. Their developers have filed a bug report with Apple but there has been no response. There is nothing they or Algo can do to resolve this problem on their own. You can read more about this problem in [issue #134](https://github.com/trailofbits/algo/issues/134).
|
||||||
|
|
||||||
|
### 7. Various websites appear to be offline through the VPN
|
||||||
|
|
||||||
|
This issue appears intermittently due to issues with MTU size. If you experience this issue, we recommend [filing an issue](https://github.com/trailofbits/algo/issues/new) for assistance. Advanced users can troubleshoot the correct MTU size by retrying `ping` with the "don't fragment" bit size and decreasing packet size. This will determine the correct MTU size for your network, which you then need to update on your network adapter.
|
||||||
|
|
||||||
|
### 8. The region you want is not available
|
||||||
|
|
||||||
|
You want to install Algo to a specific region in a cloud provider, but that region is not available in the list given by the installer. In that case, you should [file an issue](https://github.com/trailofbits/algo/issues/new). Cloud providers add new regions on a regular basis and we don't always keep up. File an issue and give us information about what region is missing and we'll add it.
|
||||||
|
|
||||||
|
### 9. I want to change the list of trusted Wifi networks on my Apple device
|
||||||
|
|
||||||
|
This setting is enforced on your client device via the Apple profile you put on it. You can edit the profile with new settings, then load it on your device to change the settings. You can use the [Apple Configurator](https://itunes.apple.com/us/app/apple-configurator-2/id1037126344?mt=12) to edit and resave the profile. Advanced users can edit the file directly in a text editor. Use the [Configuration Profile Reference](https://developer.apple.com/library/content/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html) for information about the file format and other available options. If you're not comfortable editing the profile, you can also simply redeploy a new Algo server with different settings to receive a new auto-generated profile.
|
||||||
|
|
||||||
### I have a problem not covered here
|
### I have a problem not covered here
|
||||||
|
|
||||||
If you have an issue that you cannot solve with the guidance here, [join our Slack](https://empireslacking.herokuapp.com/) and ask for help in the #tool-algo channel. You may also [file an issue](https://github.com/trailofbits/algo/issues/new) that describes the problem and we'll do our best to help you.
|
If you have an issue that you cannot solve with the guidance here, [join our Slack](https://empireslacking.herokuapp.com/) and ask for help in the #tool-algo channel. You may also [file an issue](https://github.com/trailofbits/algo/issues/new) that describes the problem and we'll do our best to help you.
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue