DEV Community: João Pedro The latest articles on DEV Community by João Pedro (@joaoprd). https://dev.to/joaoprd https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1063957%2F008438a3-ed67-47e1-9e4d-05df51502bf6.jpg DEV Community: João Pedro https://dev.to/joaoprd en Guia Warcraft III de Etiqueta para Pull Requests João Pedro Fri, 16 Jan 2026 15:09:09 +0000 https://dev.to/joaoprd/guia-warcraft-iii-de-etiqueta-para-pull-requests-b29 https://dev.to/joaoprd/guia-warcraft-iii-de-etiqueta-para-pull-requests-b29 <p>Se os orcs e humanos fossem desenvolvedores, o Code Review seria assim:</p> <p><strong>Avisos e Erros:</strong></p> <ul> <li><p>"Can't build there": Quando a build quebra ou o código está no lugar errado.</p></li> <li><p>"Work complete": PR aprovado e mergeado.</p></li> </ul> <p><strong>No Meio do Caos (A vida de Dev):</strong></p> <ul> <li><p>"What?": Vendo aquele código legado sem sentido.</p></li> <li><p>"Me busy!" / "Leave me alone!": Quando pedem review no meio do foco.</p></li> <li><p>"No time for play!": Subindo correção de bug em produção.</p></li> <li><p>"Me not that kind of Orc!": Quando sugerem uma gambiarra técnica.</p></li> </ul> <p><strong>Aceitando Desafios:</strong></p> <ul> <li><p>"Ready to work!": Abrindo um novo PR.</p></li> <li><p>"Something need doing?": Caçando PRs na fila para revisar.</p></li> <li><p>"I can do that!" / "Be happy to!": Aplicando as sugestões do revisor.</p></li> <li><p>"Work, work!": Codando a próxima task.</p></li> <li><p>"Okie dokie!": O último comentário antes do Approve.</p></li> </ul> git webdev programming github Basic Server Hardening for Ubuntu/Debian: SSH Access and Firewall João Pedro Mon, 04 Aug 2025 22:54:01 +0000 https://dev.to/joaoprd/basic-server-hardening-for-ubuntudebian-ssh-access-and-firewall-g2e https://dev.to/joaoprd/basic-server-hardening-for-ubuntudebian-ssh-access-and-firewall-g2e <p>Contrary to what many tutorials suggest, simply changing the SSH port or installing Fail2Ban is not enough. This documentation shows the exact steps to harden the security of an Ubuntu/Debian server by configuring key-based authentication, disabling insecure defaults, and reducing the attack surface.</p> <p>Author: joaoprd | <a href="mailto:joaopedrord2001@gmail.com">joaopedrord2001@gmail.com</a></p> <h2> Create a Secure Administrator User </h2> <p>Create a user with sudo privileges:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>adduser whiterose usermod -aG sudo whiterose </code></pre> </div> <p>The user whiterose will be the only one authorized to connect via SSH after hardening.</p> <h2> Generate Public Key and Manually Configure SSH Login </h2> <p>Public key authentication avoids the use of passwords and is essential for a secure server. This step will be done manually, without using ssh-copy-id.</p> <h3> On the Client </h3> <p>Generate the RSA key pair (if it doesn’t already exist):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ssh-keygen -t rsa -b 4096 -C "whiterose@server" </code></pre> </div> <p>Press <code>Enter</code> to accept the default path (~/.ssh/id_rsa) and, if desired, set a passphrase for the private key.</p> <p>The generated keys:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Private: ~/.ssh/id_rsa → must never leave the client Public: ~/.ssh/id_rsa.pub → will be copied to the server </code></pre> </div> <p>Display the contents of the public key:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>cat ~/.ssh/id_rsa.pub </code></pre> </div> <p>Copy the displayed content (starts with ssh-rsa).</p> <h3> On the Server </h3> <p>Create the .ssh directory for the user whiterose (if it doesn’t exist):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo mkdir -p /home/whiterose/.ssh sudo chown whiterose:whiterose /home/whiterose/.ssh sudo chmod 700 /home/whiterose/.ssh </code></pre> </div> <p>Create (or edit) the authorized_keys file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo vim /home/whiterose/.ssh/authorized_keys </code></pre> </div> <p>Paste the public key copied from the client.</p> <h3> Set the correct permissions </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo chown whiterose:whiterose /home/whiterose/.ssh/authorized_keys sudo chmod 600 /home/whiterose/.ssh/authorized_keys </code></pre> </div> <p>From now on, the user whiterose will be able to connect via SSH using the private key corresponding to the uploaded public key.</p> <h2> Disable root login and password authentication in SSH </h2> <p>On the Ubuntu/Debian server, edit the SSH configuration file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo vim /etc/ssh/sshd_config </code></pre> </div> <p>Modify or add the following lines:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>PermitRootLogin no PasswordAuthentication no </code></pre> </div> <p>Restart the SSH service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo systemctl restart ssh </code></pre> </div> <p><code>!!! Only do this after confirming that public key access is working for the user whiterose !!!</code><br> </p> <h2> Enable Firewall (UFW) </h2> <p>Install and activate UFW:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo apt update &amp;&amp; sudo apt install -y ufw sudo ufw allow OpenSSH sudo ufw --force enable </code></pre> </div> <p>All unauthorized services will be blocked. Only SSH (port 22) will be accessible.</p> <h2> Fix Permissions of Sensitive Files </h2> <p>Adjust permissions of the /etc/shadow file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo chmod 640 /etc/shadow </code></pre> </div> <p>This ensures that only root and the shadow group have read access to password contents.</p> <h2> Install and Configure Fail2Ban (Protection Against Brute Force Attacks) </h2> <p>Fail2Ban monitors authentication logs and automatically blocks IPs that attempt malicious access to the server. Even with key-based authentication, it is important to protect the server against scanners and brute force attempts.</p> <h3> Installation </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo apt update &amp;&amp; sudo apt install -y fail2ban </code></pre> </div> <h3> Basic Configuration </h3> <p>Fail2Ban comes with default settings, but it’s recommended to create a local configuration file for customization (to avoid conflicts during updates):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local sudo vim /etc/fail2ban/jail.local </code></pre> </div> <h3> Recommended Adjustments (in jail.local) </h3> <p>In the [DEFAULT] section, modify existing fields or add the following:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[DEFAULT] ignoreip = (IPs that will never be banned) bantime = 1h maxretry = 3 findtime = 10m </code></pre> </div> <h3> Restart Fail2Ban </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo systemctl restart fail2ban sudo systemctl enable fail2ban </code></pre> </div> <h3> Check the logs </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo tail -f /var/log/fail2ban.log </code></pre> </div> <h2> Conclusion </h2> <p>By following these steps, you ensure a basic and effective protection for your Ubuntu/Debian server. Using SSH keys, disabling root login, enabling the firewall, and configuring Fail2Ban helps prevent common attacks and makes your system more secure.</p> ubuntu debian security network Hardening Básico de Servidor Ubuntu/Debian: Acesso SSH e Firewall João Pedro Mon, 04 Aug 2025 22:40:30 +0000 https://dev.to/joaoprd/hardening-basico-de-servidor-ubuntudebian-acesso-ssh-e-firewall-5lm https://dev.to/joaoprd/hardening-basico-de-servidor-ubuntudebian-acesso-ssh-e-firewall-5lm <p>Ao contrário do que muitos tutoriais sugerem, alterar apenas a porta SSH ou instalar Fail2Ban não é suficiente. Esta documentação mostra os passos exatos para endurecer a segurança de um servidor Ubuntu / Debian configurando autenticação por chave, desabilitando padrões inseguros e reduzindo a superfície de ataque.</p> <p>Autor: joaoprd | <a href="mailto:joaopedrord2001@gmail.com">joaopedrord2001@gmail.com</a></p> <h2> Criar usuário administrador seguro </h2> <p>Criar um usuário com privilégios sudo:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>adduser whiterose usermod -aG sudo whiterose </code></pre> </div> <p>O usuário whiterose será o único autorizado a conectar via SSH após o hardening.</p> <h2> Gerar chave pública e configurar login SSH manualmente </h2> <p>A autenticação por chave pública evita o uso de senhas e é essencial para um servidor seguro. Essa etapa será feita manualmente, sem o uso do ssh-copy-id.</p> <h3> No cliente </h3> <p>Gerar o par de chaves RSA (caso ainda não exista):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ssh-keygen -t rsa -b 4096 -C "whiterose@servidor" </code></pre> </div> <p>Pressione <code>Enter</code> para aceitar o caminho padrão (~/.ssh/id_rsa) e, se desejar, defina uma senha para a chave privada.</p> <p>As chaves geradas:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Privada: ~/.ssh/id_rsa → nunca deve sair do cliente Pública: ~/.ssh/id_rsa.pub → será copiada para o servidor </code></pre> </div> <p>Exibir o conteúdo da chave pública:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>cat ~/.ssh/id_rsa.pub </code></pre> </div> <p>Copie o conteúdo exibido (começa com ssh-rsa).</p> <h3> No servidor </h3> <p>Criar o diretório .ssh para o usuário whiterose (caso não exista):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo mkdir -p /home/whiterose/.ssh sudo chown whiterose:whiterose /home/whiterose/.ssh sudo chmod 700 /home/whiterose/.ssh </code></pre> </div> <p>Criar (ou editar) o arquivo authorized_keys:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo vim /home/whiterose/.ssh/authorized_keys </code></pre> </div> <p>Cole a chave pública copiada do cliente.</p> <h3> Ajustar permissões </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo chown whiterose:whiterose /home/whiterose/.ssh/authorized_keys sudo chmod 600 /home/whiterose/.ssh/authorized_keys </code></pre> </div> <p>A partir de agora, o usuário whiterose poderá se conectar via SSH utilizando a chave privada correspondente à pública inserida.</p> <h2> Desativar login root e autenticação por senha no SSH </h2> <p>No servidor Ubuntu / Debian deve-se editar o arquivo de configuração do SSH:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo vim /etc/ssh/sshd_config </code></pre> </div> <p>Modificar ou adicionar:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>PermitRootLogin no PasswordAuthentication no </code></pre> </div> <p>Reiniciar o serviço SSH:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo systemctl restart ssh </code></pre> </div> <p><code>!!! Faça isso somente após confirmar que o acesso com chave pública está funcionando para o usuário whiterose !!!</code><br> </p> <h2> Ativar firewall (UFW) </h2> <p>Instalar e ativar o UFW:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo apt update &amp;&amp; sudo apt install -y ufw sudo ufw allow OpenSSH sudo ufw --force enable </code></pre> </div> <p>Todos os serviços não autorizados serão bloqueados. Apenas SSH (porta 22) estará acessível.</p> <h2> Corrigir permissões de arquivos sensíveis </h2> <p>Ajustar permissões do arquivo /etc/shadow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo chmod 640 /etc/shadow </code></pre> </div> <p>Garante que apenas root e o grupo shadow tenham acesso de leitura ao conteúdo das senhas.</p> <h2> Instalar e Configurar Fail2Ban (Proteção contra Brute Force) </h2> <p>O Fail2Ban monitora logs de autenticação e bloqueia automaticamente IPs que tentam acessar o servidor de forma maliciosa. Mesmo com autenticação por chaves, é importante protegê-lo contra scanners e tentativas de força bruta.</p> <h3> Instalação </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo apt update &amp;&amp; sudo apt install -y fail2ban </code></pre> </div> <h3> Configuração Básica </h3> <p>O Fail2Ban já vem com configurações padrão, mas é recomendável criar um arquivo local para personalização (evitando conflitos em atualizações):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local sudo vim /etc/fail2ban/jail.local </code></pre> </div> <h3> Ajustes Recomendados (em jail.local) </h3> <p>Na seção [DEFAULT], modifique os campos se já existirem ou adicione:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[DEFAULT] ignoreip = (IPs que nunca serão banidos) bantime = 1h maxretry = 3 findtime = 10m </code></pre> </div> <h3> Reinicie o Fail2Ban </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo systemctl restart fail2ban sudo systemctl enable fail2ban </code></pre> </div> <h3> Verificar os logs </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo tail -f /var/log/fail2ban.log </code></pre> </div> <h2> Conclusão </h2> <p>Seguindo estes passos, você garante uma proteção básica e eficiente para seu servidor Ubuntu/Debian. Usar chave SSH, desativar o login root, ativar o firewall e configurar o Fail2Ban ajuda a evitar ataques comuns e deixa seu sistema mais seguro.</p> ubuntu debian security network GLPI - Closing Ticket with API João Pedro Tue, 13 Aug 2024 20:53:25 +0000 https://dev.to/joaoprd/glpi-closing-ticket-with-api-4mpk https://dev.to/joaoprd/glpi-closing-ticket-with-api-4mpk <p>Unlike what is described in the official GLPI documentation, the system does not work as expected and does not correctly respond to the provided parameters. The documentation found at <code>"https://YOUR_GLPI_DOMAIN.COM/apirest.php"</code> states that some parameters should be passed in the request body, but this doesn't always work. The only method that seems to work is passing the parameters directly in the URL.</p> <blockquote> <p><strong>Autor</strong>: joaoprd | <a href="mailto:joaopedrord2001@gmail.com">joaopedrord2001@gmail.com</a></p> </blockquote> <h2> Starting a Session </h2> <p>To initiate any call, we need the session_token and app-token. To generate the session_token, we make a request to <code>"https://YOUR_GLPI_DOMAIN.COM/apirest.php/initSession"</code> with the app-token and user_token parameters, which are available in the user account we are working with.</p> <p>The following request generates the session_token:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">--location</span> <span class="s1">'https://DOMINIO_GLPI.COM/apirest.php/initSession?app-token={YOUR-APP-TOKEN}&amp;user_token={YOUR-USER-TOKEN}'</span> </code></pre> </div> <h2> Ticket Search </h2> <p>With the <code>session_token</code> in hand, we can perform searches for tickets. However, according to the GLPI documentation, it appears that the endpoint does not function as per the provided examples, as it does not allow sending a payload to this endpoint, resulting in the following error:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">[</span> <span class="s2">"ERROR_JSON_PAYLOAD_FORBIDDEN"</span>, <span class="s2">"GET Request should not have json payload (http body); view documentation in your browser at /#ERROR_JSON_PAYLOAD_FORBIDDEN"</span> <span class="o">]</span> </code></pre> </div> <p>To circumvent this limitation, we will pass the parameters directly in the URL of the request, using the link <code>"https://YOUR_GLPI_DOMAIN.COM/apirest.php/search/Ticket"</code>. You must include the <code>app-token</code> and <code>session-token</code> to connect, and then add the desired filters to locate the necessary information.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">--location</span> <span class="nt">--globoff</span> <span class="s1">'https://DOMINIO_GLPI.COM/apirest.php/search/Ticket ?app-token={YOUR-APP-TOKEN} &amp;session_token={YOUR-SESSION-TOKEN} &amp;criteria[0][field]=1 &amp;criteria[0][searchtype]=contains &amp;criteria[0][value]=Verifica%C3%A7%C3%A3o%20diaria &amp;criteria[1][link]=AND &amp;criteria[1][field]=12 &amp;criteria[1][searchtype]=equals &amp;criteria[1][value]=2 &amp;glpilist_limit=1000'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'Content-Type: application/json'</span> </code></pre> </div> <p>"Criteria" refers to the filtering criteria, where fields are specific filters to be applied to find something. For example, "criteria[0][field]=1" is designated for the title, where we pass "criteria[0][searchtype]=contains" indicating that it contains "criteria[0][value]=Verifica%C3%A7%C3%A3o%20diaria", which, in this case, is 'Verificação diária' that was encoded. This is where the ticket title should be placed. Another filter is applied below in "criteria[1][link]=AND", where an AND is performed, indicating a new search following the previous one.</p> <p>To analyze all filtering options, you can make a request to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">--location</span> <span class="s1">'https://DOMINIO_GLPI.COM/apirest.php/listSearchOptions/Ticket?app-token={YOUR-APP-TOKEN}&amp;session_token={YOUR-SESSION-TOKEN}'</span> <span class="se">\</span> <span class="nt">--data</span> <span class="s1">''</span> </code></pre> </div> <p>Some example responses:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"common"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Características"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"1"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Título"</span><span class="p">,</span><span class="w"> </span><span class="nl">"table"</span><span class="p">:</span><span class="w"> </span><span class="s2">"glpi_tickets"</span><span class="p">,</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"name"</span><span class="p">,</span><span class="w"> </span><span class="nl">"datatype"</span><span class="p">:</span><span class="w"> </span><span class="s2">"itemlink"</span><span class="p">,</span><span class="w"> </span><span class="nl">"nosearch"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"nodisplay"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"available_searchtypes"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"contains"</span><span class="p">,</span><span class="w"> </span><span class="s2">"notcontains"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"uid"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Ticket.name"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"21"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Descrição"</span><span class="p">,</span><span class="w"> </span><span class="nl">"table"</span><span class="p">:</span><span class="w"> </span><span class="s2">"glpi_tickets"</span><span class="p">,</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"content"</span><span class="p">,</span><span class="w"> </span><span class="nl">"datatype"</span><span class="p">:</span><span class="w"> </span><span class="s2">"text"</span><span class="p">,</span><span class="w"> </span><span class="nl">"nosearch"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"nodisplay"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"available_searchtypes"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"contains"</span><span class="p">,</span><span class="w"> </span><span class="s2">"notcontains"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"uid"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Ticket.content"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"2"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ID"</span><span class="p">,</span><span class="w"> </span><span class="nl">"table"</span><span class="p">:</span><span class="w"> </span><span class="s2">"glpi_tickets"</span><span class="p">,</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"id"</span><span class="p">,</span><span class="w"> </span><span class="nl">"datatype"</span><span class="p">:</span><span class="w"> </span><span class="s2">"number"</span><span class="p">,</span><span class="w"> </span><span class="nl">"nosearch"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"nodisplay"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"available_searchtypes"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"contains"</span><span class="p">,</span><span class="w"> </span><span class="s2">"notcontains"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"uid"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Ticket.id"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="err">...</span><span class="w"> </span></code></pre> </div> <h2> Creating a Task </h2> <p>With the previous request, we performed the search for tickets, which will be returned in JSON format. With this information, we can handle the necessary tasks. In this specific documentation, we will close the ticket. However, before completely closing the ticket, we need to create a task linked to the ticket that must be completed.</p> <p>Some GLPI systems require specific methods for closing tickets. In the system I am working with, it is necessary to create a task and a solution before closing the ticket.</p> <p>Below is the request that creates the task in the ticket (remember that the ticket I am passing was generated in the previous search in "Ticket Search"). In my automation code, I implemented a loop to process all returned tickets, but that will not be covered in this documentation.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">--location</span> <span class="s1">'https://DOMINIO_GLPI.COM/apirest.php/TicketTask?session_token={YOUR-SESSION-TOKEN}'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'app_token: {YOUR-APP-TOKEN}'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'Authorization: user_token {YOUR-USER-TOKEN}'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'Content-Type: application/json'</span> <span class="se">\</span> <span class="nt">--data</span> <span class="s1">'{ "input": { "tickets_id": 2408020023, "taskcategories_id": 0, "content": "Verificação diária - Tarefa realizada.", "actiontime": 60, "state": 3 } } '</span> </code></pre> </div> <p>We should note that in all cases, we pass the app_token in the header, and the Authorization, which contains the user_token for API authentication.</p> <p>Key points to consider are the parameters passed in the request body:</p> <ul> <li>content: The content that will be added to the task.</li> <li>actiontime: The time spent on the task.</li> <li>state: The status the ticket will have after the task is created.</li> </ul> <h2> Closing the Ticket </h2> <p>With the task added to the ticket, it is only necessary to close the ticket, which follows the same process used to add the task.</p> <p>The following request is used:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">--location</span> <span class="nt">--request</span> PUT <span class="s1">'https://DOMINIO_GLPI.COM/apirest.php/Ticket/2408020023?session_token={YOUR-SESSION-TOKEN}'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'app_token: {YOUR-APP-TOKEN}'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'Authorization: user_token {YOUR-USER-TOKEN}'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'Content-Type: application/json'</span> <span class="se">\</span> <span class="nt">--data</span> <span class="s1">'{ "input": { "status": 6, "solution": "&lt;p&gt;Chamado finallizado&lt;/p&gt;", "content": "&lt;p&gt;Chamado finallizado&lt;/p&gt;", "solutiontypes_id": 3, "solutiontemplates_id": 5 } }'</span> <span class="s1">' </span></code></pre> </div> <p>The <code>status: 6</code> indicates the ticket is closed. For this, it is necessary to pass the <code>solution</code> and <code>content</code> as the texts for the solution. An important point in this request is the <code>solutiontemplates_id</code>, which must be created by the GLPI system administrator, with this ID serving as a reference for a standard solution.</p> glpi backend backenddevelopment api GLPI - Fechar ticket com API João Pedro Tue, 13 Aug 2024 20:29:28 +0000 https://dev.to/joaoprd/glpi-fechar-ticket-com-api-4a9l https://dev.to/joaoprd/glpi-fechar-ticket-com-api-4a9l <p>Diferente do que está descrito na documentação oficial do GLPI, o sistema não funciona como deveria e não responde corretamente aos parâmetros fornecidos. A documentação encontrada em <code>"https://DOMINIO_GLPI.COM/apirest.php"</code> informa que alguns parâmetros devem ser passados no corpo da requisição, mas isso nem sempre funciona. O único jeito que parece funcionar é passando os parâmetros diretamente na URL.</p> <blockquote> <p><strong>Autor</strong>: joaoprd | <a href="mailto:joaopedrord2001@gmail.com">joaopedrord2001@gmail.com</a></p> </blockquote> <h2> Iniciando sessão </h2> <p>Para iniciar qualquer chamada, precisamos do session_token e do app-token. Para gerar o session_token, fazemos uma requisição para <code>"https://DOMINIO_GLPI//apirest.php/initSession"</code> com os parâmetros app-token e user_token, que estão disponíveis na conta do usuário com a qual estamos trabalhando.</p> <p>A requisição abaixo gera o session_token:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">--location</span> <span class="s1">'https://DOMINIO_GLPI.COM/apirest.php/initSession?app-token={YOUR-APP-TOKEN}&amp;user_token={YOUR-USER-TOKEN}'</span> </code></pre> </div> <h2> Pesquisa de tickets </h2> <p>Com o <code>session_token</code> em mãos, podemos realizar pesquisas sobre os chamados. No entanto, de acordo com a documentação do GLPI, parece que o endpoint não funciona conforme os exemplos fornecidos, pois não é permitido enviar PAYLOAD para esse endpoint, resultando no seguinte erro:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">[</span> <span class="s2">"ERROR_JSON_PAYLOAD_FORBIDDEN"</span>, <span class="s2">"GET Request should not have json payload (http body); view documentation in your browser at /#ERROR_JSON_PAYLOAD_FORBIDDEN"</span> <span class="o">]</span> </code></pre> </div> <p>Para contornar essa limitação, vamos passar os parâmetros diretamente na URL da requisição, utilizando o link <code>"https://DOMINIO_GLPI.COM/apirest.php/search/Ticket"</code>. É necessário incluir o <code>app-token</code> e o <code>session-token</code> para se conectar, e em seguida, adicionar os filtros desejados para localizar as informações necessárias.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">--location</span> <span class="nt">--globoff</span> <span class="s1">'https://DOMINIO_GLPI.COM/apirest.php/search/Ticket ?app-token={YOUR-APP-TOKEN} &amp;session_token={YOUR-SESSION-TOKEN} &amp;criteria[0][field]=1 &amp;criteria[0][searchtype]=contains &amp;criteria[0][value]=Verifica%C3%A7%C3%A3o%20diaria &amp;criteria[1][link]=AND &amp;criteria[1][field]=12 &amp;criteria[1][searchtype]=equals &amp;criteria[1][value]=2 &amp;glpilist_limit=1000'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'Content-Type: application/json'</span> </code></pre> </div> <p>"Criteria" é a chamada de filtro, os fields são determidos filtros a serem colocados para encontrar algo. Por exemplo, "criteria[0][field]=1" é designado para o título onde passamos "criteria[0][searchtype]=contains" informando que contém "criteria[0][value]=Verifica%C3%A7%C3%A3o%20diaria", no caso seria 'Verificação diária' que foi encodado, mas ali seria o local a colocar o título do chamado. É feito outra filtragem abaixo em criteria[1][link]=AND, onde se é feito o AND informando uma nova pesquisa seguindo a anterior.</p> <p>Para analisar todas as filtragens pode-se fazer a requisição para:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">--location</span> <span class="s1">'https://DOMINIO_GLPI.COM/apirest.php/listSearchOptions/Ticket?app-token={YOUR-APP-TOKEN}&amp;session_token={YOUR-SESSION-TOKEN}'</span> <span class="se">\</span> <span class="nt">--data</span> <span class="s1">''</span> </code></pre> </div> <p>Alguns retornos para exemplo:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"common"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Características"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"1"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Título"</span><span class="p">,</span><span class="w"> </span><span class="nl">"table"</span><span class="p">:</span><span class="w"> </span><span class="s2">"glpi_tickets"</span><span class="p">,</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"name"</span><span class="p">,</span><span class="w"> </span><span class="nl">"datatype"</span><span class="p">:</span><span class="w"> </span><span class="s2">"itemlink"</span><span class="p">,</span><span class="w"> </span><span class="nl">"nosearch"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"nodisplay"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"available_searchtypes"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"contains"</span><span class="p">,</span><span class="w"> </span><span class="s2">"notcontains"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"uid"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Ticket.name"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"21"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Descrição"</span><span class="p">,</span><span class="w"> </span><span class="nl">"table"</span><span class="p">:</span><span class="w"> </span><span class="s2">"glpi_tickets"</span><span class="p">,</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"content"</span><span class="p">,</span><span class="w"> </span><span class="nl">"datatype"</span><span class="p">:</span><span class="w"> </span><span class="s2">"text"</span><span class="p">,</span><span class="w"> </span><span class="nl">"nosearch"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"nodisplay"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"available_searchtypes"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"contains"</span><span class="p">,</span><span class="w"> </span><span class="s2">"notcontains"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"uid"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Ticket.content"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"2"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ID"</span><span class="p">,</span><span class="w"> </span><span class="nl">"table"</span><span class="p">:</span><span class="w"> </span><span class="s2">"glpi_tickets"</span><span class="p">,</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"id"</span><span class="p">,</span><span class="w"> </span><span class="nl">"datatype"</span><span class="p">:</span><span class="w"> </span><span class="s2">"number"</span><span class="p">,</span><span class="w"> </span><span class="nl">"nosearch"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"nodisplay"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"available_searchtypes"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"contains"</span><span class="p">,</span><span class="w"> </span><span class="s2">"notcontains"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"uid"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Ticket.id"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="err">...</span><span class="w"> </span></code></pre> </div> <h2> Criação de tarefa </h2> <p>Com a requisição anterior, realizamos a busca dos chamados, que retornarão em formato JSON. Com essas informações, podemos realizar as tratativas necessárias. No caso específico desta documentação, vamos fechar o chamado. No entanto, antes de fechar o chamado completamente, precisamos criar uma tarefa vinculada ao ticket que deve ser concluída.</p> <p>Alguns sistemas GLPI requerem o fechamento de chamados de formas específicas. No sistema em que estou trabalhando, é necessário criar uma tarefa e uma solução antes de fechar o chamado.</p> <p>Abaixo está a requisição que cria a tarefa no ticket (lembre-se de que o ticket que estou passando foi gerado na busca anterior em "Pesquisa de tickets"). Em meu código de automação, foi implementado um loop para processar todos os tickets retornados, mas isso não será abordado nesta documentação.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">--location</span> <span class="s1">'https://DOMINIO_GLPI.COM/apirest.php/TicketTask?session_token={YOUR-SESSION-TOKEN}'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'app_token: {YOUR-APP-TOKEN}'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'Authorization: user_token {YOUR-USER-TOKEN}'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'Content-Type: application/json'</span> <span class="se">\</span> <span class="nt">--data</span> <span class="s1">'{ "input": { "tickets_id": 2408020023, "taskcategories_id": 0, "content": "Verificação diária - Tarefa realizada.", "actiontime": 60, "state": 3 } } '</span> </code></pre> </div> <p>Devemos observar que, em todos os casos, passamos o <code>app_token</code> no header, e o <code>Authorization</code>, que contém o <code>user_token</code> para autenticação da API.</p> <p>Pontos importantes a serem considerados são os parâmetros passados no corpo da requisição:</p> <ul> <li>content: O conteúdo que será inserido na tarefa.</li> <li>actiontime: O tempo gasto na tarefa.</li> <li>state: O estado que o chamado terá após a criação da tarefa.</li> </ul> <h2> Fechamento do chamado </h2> <p>Com a tarefa adicionada ao chamado, é necessário apenas realizar o fechamento do chamado, que segue o mesmo processo utilizado para adicionar a tarefa.</p> <p>Utiliza-se a seguinte requisição:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">--location</span> <span class="nt">--request</span> PUT <span class="s1">'https://DOMINIO_GLPI.COM/apirest.php/Ticket/2408020023?session_token={YOUR-SESSION-TOKEN}'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'app_token: {YOUR-APP-TOKEN}'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'Authorization: user_token {YOUR-USER-TOKEN}'</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s1">'Content-Type: application/json'</span> <span class="se">\</span> <span class="nt">--data</span> <span class="s1">'{ "input": { "status": 6, "solution": "&lt;p&gt;Chamado finallizado&lt;/p&gt;", "content": "&lt;p&gt;Chamado finallizado&lt;/p&gt;", "solutiontypes_id": 3, "solutiontemplates_id": 5 } }'</span> <span class="s1">' </span></code></pre> </div> <p>O <code>status: 6</code> indica o fechamento do chamado. Para isso, é necessário passar o <code>solution</code> e o <code>content</code> como os textos do corpo para a solução. Um ponto importante nessa requisição é o <code>solutiontemplates_id</code>, que deve ser criado pelo administrador do sistema GLPI, sendo esse ID um referencial para uma solução padrão.</p> glpi api backend backenddevelopment Signing VirtualBox Kernel Modules João Pedro Tue, 29 Aug 2023 16:58:42 +0000 https://dev.to/joaoprd/signing-virtualbox-kernel-modules-52bf https://dev.to/joaoprd/signing-virtualbox-kernel-modules-52bf <p>When facing issues with module signing and errors in the 'vboxdrv, vboxnetflt, vboxnetadp, vboxpci' modules, these were the steps I followed to enable VirtualBox on my Fedora 38 machine without disabling UEFI Secure Boot. </p> <p>And this method creates a layer of protection between VirtualBox and the kernel.</p> <h4>Installing the package <code>mokutil</code>:</h4> <p><code>sudo dnf update</code><br> <code>sudo dnf install mokutil</code></p> <p><code>mokutil</code> will be used to sign your own modules for use with UEFI Secure Boot and to add certificates to the kernel's trusted certificate keyring.</p> <h4>Creating folder for module signing and RSA key:</h4> <p><code>sudo su</code><br> <code>mkdir /root/signed-modules</code><br> <code>cd /root/signed-modules</code><br> <code>openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=VirtualBox/"</code><br> <code>chmod 700 MOK.priv</code></p> <h4>Creating the password for MOK (this password will be needed for the reboot):</h4> <p><code>sudo mokutil --import MOK.der</code></p> <h4>Restart the system and follow the MOK processes:</h4> <ul> <li><p>Select 'Enroll MOK<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fka9tjhyigbrkravojsj2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fka9tjhyigbrkravojsj2.png" alt="Image description" width="646" height="455"></a></p></li> <li><p>Select Continue<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpa3rmqc2ll3o9wzk9gk5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpa3rmqc2ll3o9wzk9gk5.png" alt="Image description" width="643" height="458"></a></p></li> <li><p>Select 'Yes' to add the keys<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxhrbv2izh6xovspmxam2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxhrbv2izh6xovspmxam2.png" alt="Image description" width="645" height="458"></a></p></li> <li><p>Enter the password created with mokutil"<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F23rpc6ed3mgjz1aa6y6j.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F23rpc6ed3mgjz1aa6y6j.png" alt="Image description" width="647" height="459"></a></p></li> <li><p>Proceed to reboot<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8cjfw4dgs88eenxdommy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8cjfw4dgs88eenxdommy.png" alt="Image description" width="642" height="457"></a></p></li> </ul> <h4>Creating the script to perform the signatures:</h4> <p><code>cd /root/signed-modules</code><br> <code>vi sign-virtual-box</code></p> <p>Add the following inside 'sign-virtual-box':<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#!/bin/bash for modfile in $(dirname $(modinfo -n vboxdrv))/*.ko; do echo "Signing $modfile" /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 \ /root/signed-modules/MOK.priv \ /root/signed-modules/MOK.der "$modfile" done </code></pre> </div> <p>Check for any errors in the script using the command:</p> <p><code>find /usr/src -name sign-file</code></p> <h4>Add permissions to the script and execute it:</h4> <p><code>chmod 700 sign-virtual-box</code><br> <code>./sign-virtual-box </code></p> <h4>Run VirtualBox:</h4> <p><code>modprobe vboxdrv</code></p> <h4>Final conclusions:</h4> <p>If the process doesn't work, an option is to disable Secure Boot, but for various reasons, it's not a recommended practice.</p> <p>Another option is to check the quality of the VMs you're trying to run. In some cases, they might be corrupted, or even the ISO you're trying to install from.</p> linux learning tutorial virtualmachine Assinando módulos VirtualBox Kernel João Pedro Tue, 29 Aug 2023 14:29:43 +0000 https://dev.to/joaoprd/assinando-modulos-virtualbox-kernel-3eg4 https://dev.to/joaoprd/assinando-modulos-virtualbox-kernel-3eg4 <p>Ao enfrentar os problemas de assinatura e erros nos módulos "vboxdrv, vboxnetflt, vboxnetadp, vboxpci". Essas foram as etapas que segui para ativar o VirtualBox em minha máquina Fedora 38 sem desativar o UEFI Secure Boot.</p> <h4>Instalar o pacote <code>mokutil</code>:</h4> <p><code>sudo dnf update</code><br> <code>sudo dnf install mokutil</code></p> <p><code>mokutil</code> será usado para assinar seus próprios módulos para usar com a Inicialização Segura UEFI, e adicionar certificados ao chaveiro de certificados confiáveis do kernel.</p> <h4>Criar pasta para assinatura de módulos e chave RSA:</h4> <p><code>sudo su</code><br> <code>mkdir /root/signed-modules</code><br> <code>cd /root/signed-modules</code><br> <code>openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=VirtualBox/"</code><br> <code>chmod 700 MOK.priv</code></p> <h4>Criar a senha para o MOK (será necessário esta senha para a reinicialização):</h4> <p><code>sudo mokutil --import MOK.der</code></p> <h4>Reinicie o equipamento e siga os processos do MOK:</h4> <ul> <li><p>Seleciona Enroll MOK<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhav7ymqaaa2ksyxfb9pi.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhav7ymqaaa2ksyxfb9pi.png" alt="Image description" width="646" height="455"></a></p></li> <li><p>Selecione Continue<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl59cc44tdt5at6l5k6vw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl59cc44tdt5at6l5k6vw.png" alt="Image description" width="643" height="458"></a></p></li> <li><p>Selecione Yes para adicionar as chaves<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyyyomhmx6ehl7cjenqfh.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyyyomhmx6ehl7cjenqfh.png" alt="Image description" width="645" height="458"></a></p></li> <li><p>Coloque a senha<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0e6cwtikmrpkqu9ugbuu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0e6cwtikmrpkqu9ugbuu.png" alt="Image description" width="647" height="459"></a></p></li> <li><p>Continue para o Reboot<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fas5plx6lof4ukggc2k0a.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fas5plx6lof4ukggc2k0a.png" alt="Image description" width="642" height="457"></a></p></li> </ul> <h4>Criar o script para fazer as assinaturas:</h4> <p><code>cd /root/signed-modules</code><br> <code>vi sign-virtual-box</code></p> <p>Adicione dentro de sign-virtual-box:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#!/bin/bash for modfile in $(dirname $(modinfo -n vboxdrv))/*.ko; do echo "Signing $modfile" /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 \ /root/signed-modules/MOK.priv \ /root/signed-modules/MOK.der "$modfile" done </code></pre> </div> <p>Verifique se há algum erro no script com o comando:</p> <p><code>find /usr/src -name sign-file</code></p> <h4>Adicione as permissões ao script e o execute:</h4> <p><code>chmod 700 sign-virtual-box</code><br> <code>./sign-virtual-box </code></p> <h4>Execute o VirtualBox:</h4> <p><code>modprobe vboxdrv</code></p> <h4>Conclusões finais:</h4> <p>Caso o processo não funcione, uma opção é desligar o Secure Boot, porém por diversos motivos não é uma prática recomendada. </p> <p>Outra opção é verificar a qualidade das VM's que está tentando rodar. Em alguns casos ela pode estar corrompida ou até mesmo a ISO na qual tenta instalar.</p> linux virtualmachine tutorial learning The Duality of Bitcoin: Privacy versus Transparency João Pedro Fri, 14 Jul 2023 12:34:45 +0000 https://dev.to/joaoprd/the-duality-of-bitcoin-privacy-versus-transparency-28ld https://dev.to/joaoprd/the-duality-of-bitcoin-privacy-versus-transparency-28ld <p>Bitcoin is one of the most well-known and widely used cryptocurrencies in the world. The decentralized and pseudonymous nature of Bitcoin makes transactions difficult to trace, but there are still ways in which they can be tracked. There are several techniques that investigators can use to trace Bitcoin transactions and identify criminals who use the cryptocurrency for illegal activities.</p> <h2>Public addresses</h2> <p>Every transaction in Bitcoin is recorded on a public address in the blockchain, making it visible to anyone. This allows transactions to be traced and investigated if associated with a person or company. Investigators can track the origin and destination of the funds by monitoring the public addresses used in illegal transactions.</p> <p>Transactions are permanently recorded on a ledger called the blockchain, which is public and can be accessed by anyone through a blockchain explorer, such as Blockchain.info. This means that all transactions ever made in Bitcoin can be viewed.</p> <h2>Blockchain analysis</h2> <p>Blockchain analysis is a technique that allows tracking Bitcoin transactions and identifying the Bitcoin addresses involved in a transaction. While the identity of the Bitcoin address owner is not known, blockchain analysis can be used to track the activity of a specific address and, in some cases, link that address to a person or entity.</p> <p>One way to track a Bitcoin address is by analyzing the blockchain to identify all the addresses that have sent or received Bitcoin from that specific address. If a person uses a Bitcoin address to transact on an exchange or trading platform, for example, it is possible to link that address to a user account on the exchange.</p> <p>Furthermore, blockchain analysis can also be utilized to track transaction patterns that may indicate illegal or suspicious activities, such as money laundering, drug trafficking, or terrorist financing.</p> <h2>User identification</h2> <p>While Bitcoin users are generally pseudonymous, it is still possible to identify individuals through transactions involving other fiat currencies, personal information, or connections to IP addresses. For example, if a person uses the same IP address to make a Bitcoin transaction and to connect to a social media account, it is possible to identify that person based on information from the social media account.</p> <h2>Cryptocurrency exchanges</h2> <p>Cryptocurrency exchanges are required to comply with anti-money laundering regulations, which may include collecting personal information from users and verifying their identity before allowing transactions. Investigators can use the information collected by cryptocurrency exchanges to trace transactions and identify users involved in illegal activities.</p> <p>One real example of how Bitcoin was traced and a criminal was arrested is the case of Silk Road. Silk Road was an online marketplace on the dark web that facilitated the sale of illegal products, including drugs, weapons, and counterfeit documents, in exchange for Bitcoin. The creator of Silk Road, Ross Ulbricht, also known as "Dread Pirate Roberts," was arrested in 2013 and sentenced to life imprisonment in 2015 on various charges, including conspiracy to commit money laundering, drug trafficking, and conspiracy to hack computers.</p> <p>Ulbricht's arrest was made possible through a coordinated investigation among multiple government agencies, including the FBI, DEA, and IRS. The agencies traced Bitcoin transactions on Silk Road and were able to identify some addresses belonging to Dread Pirate Roberts. They then conducted blockchain analysis to track the flow of Bitcoin between these addresses and other addresses associated with illegal activities on Silk Road. This allowed them to identify several suspicious transactions and eventually trace back to the Bitcoin address Ulbricht used to pay for the Silk Road server.</p> <p>Through the analysis of the IP address associated with that transaction and other information collected from online forums, investigators were able to identify Ross Ulbricht as the owner of the address. He was arrested in 2013 and subsequently convicted for his illegal activities on Silk Road.</p> <p>The Silk Road case illustrates how Bitcoin can be traced and how government agencies can work together to identify and apprehend criminals who use the cryptocurrency for illegal activities. While the pseudonymous and decentralized nature of Bitcoin may make transactions more difficult to trace, there are still various techniques and tools available to investigators and government agencies who aim to identify and apprehend criminals using cryptocurrency for illicit purposes.</p> <h2>Conclusion</h2> <p>Bitcoin is a fascinating technology that offers many benefits and opportunities for people around the world. However, like any technology, there are also risks and challenges associated with its use. The ability of Bitcoin to be traced and monitored by government agencies can be seen both as an advantage and a disadvantage. On one hand, it can help prevent illegal and criminal activities, but on the other hand, it can be viewed as an invasion of privacy and a threat to financial freedom.</p> <p>It is important for Bitcoin users to understand the implications and risks involved in its use and take steps to protect their privacy and financial security.</p> security bitcoin devops Join a Linux machine to the Active Directory João Pedro Fri, 14 Jul 2023 12:14:25 +0000 https://dev.to/joaoprd/join-a-linux-machine-to-the-active-directory-2bjd https://dev.to/joaoprd/join-a-linux-machine-to-the-active-directory-2bjd <p>Step-by-step guide to configure a Linux machine in an Active Directory domain:</p> <h2>Preparations and package installation</h2> <p>Start by updating the packages already present on the machine, and then proceed to install only what we actually need.</p> <p>Update the dependencies using the command:</p> <p>Debian<br><br> <code>sudo apt update</code></p> <p>RHEL<br><br> <code>sudo yum update</code></p> <p>And proceed with the installation of the packages:</p> <p>Debian<br><br> <code>sudo apt install -y realmd libnss-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob- mkhomedir packagekit</code></p> <p>RHEL<br><br> <code>sudo dnf install realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools -y</code></p> <h2>Configuring the realm</h2> <p>In short, Realm helps us discover and manage the domains we have on the machine.</p> <p>To start, we first need to discover the domain we are looking for.</p> <p>Use the following command:</p> <p><code>realm discover DOMAIN-NAME</code></p> <p>We will have a response similar to this.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy9i457beq0pyavlv4n3r.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy9i457beq0pyavlv4n3r.png" alt="Image description" width="739" height="269"></a></p> <p>Now that we have discovered the domain, we will need to log in to it with a user. Use the following command:</p> <p><code>sudo realm join -U USUARIO DOMINIO</code></p> <p>If no errors have occurred so far, we can verify if we are indeed connected by using the following command to check the user's permissions and groups.</p> <p><code>id USUARIO@DOMINIO</code></p> <p>Another method to verify if everything is going correctly is the following:</p> <p><code>realm list</code></p> <p>This way, we can verify if we are already connected to the desired domain.</p> <h2>Pam-configs (ubuntu)</h2> <p>The pam-configs configuration was only necessary on Ubuntu to ensure that the user's folder is created upon logging into the system.</p> <p>You just need to execute the command:</p> <p><code>sudo pam-auth-update --enable mkhomedir</code></p> <h2>Configuring SSSD</h2> <p>We need to access the file <code>/etc/sssd/sssd.conf</code> to make the modifications. In this file, we will change the <code>use_fully_qualified_names</code> option from <code>False</code> to <code>True</code>. With this option enabled, users will be in the format user@domain instead of just user.</p> <p>In our case, we will change it to True since we have only one AD. However, please note that this change should only be made if you are certain that no other domain will be added to the AD forest.</p> <p>In <code>fallback_homedir = /home/%u@%d</code>, we will modify it to <code>fallback_homedir = /home/%u</code>. By removing the "@%d" part, the user's folder will be created with only the username.</p> <p>In the <code>access_provider = ad</code> option, change it to <code>access_provider = simple</code>.</p> <p>Now let's add an option that is not present in our file, which is <code>simple_allow_groups</code>. In this option, we will add the groups we have in AD and want to grant access to the Linux machine.</p> <p>In our case, we have two groups: linuxuser and linuxadmin. To add them, we should include <code>simple_allow_groups = linuxuser, linuxadmin</code> in the file.</p> <p>As a result, the file will look like this:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcc1u45kakvjkvdln3gyn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcc1u45kakvjkvdln3gyn.png" alt="Image description" width="523" height="369"></a></p> <p>Note: in the places where it says 'Domain.local', you should use the domain you are integrating with the system. And in 'simple_allow_users = groups, linuxuser, linuxadmin', it is an option that will be added automatically in the next item.</p> <p>Thus, concluding the SSSD configuration process, we will allow access for users who are in the groups we added in simple_allow_groups. Use the following commands:</p> <p><code>realm permit [group]</code></p> <p>Example:</p> <p><code>realm permit linuxuser</code></p> <p><code>realm permit linuxadmin</code></p> <h2>SUDOERS</h2> <p>With the processes performed in the above steps, we will be able to access the machine using the AD user. However, the user won't have root access to the system. To solve this, we need to add the groups to the /etc/sudoers file. The result will be as follows:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fagt7h6amrr4ykwkujxt8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fagt7h6amrr4ykwkujxt8.png" alt="Image description" width="642" height="177"></a></p> <p>We added the %linuxuser group to allow all users in the linuxuser group to access the machine and obtain root access.</p> <h2>Conclusion</h2> <p>By following these steps, Active Directory users will be able to authenticate on the Linux machine and have the appropriate privileges. Always ensure to follow best security practices when performing these configurations.</p> linux devops security tutorial Atrelar máquina Linux ao Active Directory João Pedro Sun, 18 Jun 2023 16:22:40 +0000 https://dev.to/joaoprd/atrelar-maquina-linux-ao-active-directory-jnc https://dev.to/joaoprd/atrelar-maquina-linux-ao-active-directory-jnc <p>Passo a passo de como configurar uma máquina Linux em um domínio do Active Directory.</p> <h2>Preparações e instalação de pacotes</h2> <p>Comece atualizando os pacotes que já possuímos na máquina e, logo após, instale o que realmente precisamos. </p> <p>Atualize as dependências com o comando:</p> <p>Debian<br><br> <code>sudo apt update</code></p> <p>RHEL<br><br> <code>sudo yum update</code></p> <p>E prossiga com a instalação dos pacotes:</p> <p>Debian<br><br> <code>sudo apt install -y realmd libnss-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob- mkhomedir packagekit</code></p> <p>RHEL<br><br> <code>sudo dnf install realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools -y</code></p> <h2>Configurando o realm</h2> <p>De forma resumida, o Realm nos ajuda a descobrir e controlar os domínios que possuímos na máquina.</p> <p>Para começar, precisamos primeiro descobrir o domínio que estamos procurando. </p> <p>Utilize o seguinte comando:</p> <p><code>realm discover NOME-DO-DOMINIO</code></p> <p>Teremos uma resposta semelhante a esta:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy9i457beq0pyavlv4n3r.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy9i457beq0pyavlv4n3r.png" alt="Image description" width="739" height="269"></a></p> <p>Agora que descobrimos o domínio, precisaremos fazer login nele com um usuário. Utilize o seguinte comando:</p> <p><code>sudo realm join -U USUARIO DOMINIO</code></p> <p>Se até o momento não ocorreram erros, podemos verificar se realmente estamos conectados, utilizando o comando abaixo para verificar as permissões e grupos do usuário.</p> <p><code>id USUARIO@DOMINIO</code></p> <p>Outro método para verificar se está tudo ocorrendo corretamente é o seguinte:</p> <p><code>realm list</code></p> <p>Dessa forma, verificamos se já estamos conectados ao domínio desejado.</p> <h2>Pam-configs (ubuntu)</h2> <p>A configuração no pam-configs foi necessária apenas no Ubuntu para que a pasta do usuário seja criada no momento em que ele entra no sistema.</p> <p>Apenas é necessário executar o comando:</p> <p><code>sudo pam-auth-update --enable mkhomedir</code></p> <h2>Configurando SSSD</h2> <p>Devemos acessar o arquivo <code>/etc/sssd/sssd.conf</code> para realizar as modificações. Nele, vamos alterar a opção <code>use_fully_qualified_names</code> de <code>False</code> para <code>True</code>. Com essa opção ativada, os usuários estarão no formato user@domain, em vez de apenas user.</p> <p>No nosso caso, vamos alterar para True, pois possuímos apenas um AD. No entanto, observe que essa alteração deve ser feita somente se você tiver certeza de que nenhum outro domínio será adicionado à floresta do AD.</p> <p>Em <code>fallback_homedir = /home/%u@%d</code>, vamos modificar para <code>fallback_homedir = /home/%u</code>. Removendo o "@%d", a pasta do usuário será criada apenas com o nome do usuário.</p> <p>Na opção <code>access_provider = ad</code>, muda-se para <code>access_provider = simple</code>.</p> <p>Agora vamos adicionar uma opção que não está presente em nosso arquivo, que é o <code>simple_allow_groups</code>. Nessa opção, vamos adicionar os grupos que temos no AD e desejamos que tenham acesso à máquina Linux.</p> <p>No nosso caso, temos dois grupos: linuxuser e linuxadmin. Para adicioná-los, devemos incluir <code>simple_allow_groups = linuxuser, linuxadmin</code> no arquivo.</p> <p>Como resultado, o arquivo ficará da seguinte maneira:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcc1u45kakvjkvdln3gyn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcc1u45kakvjkvdln3gyn.png" alt="Image description" width="523" height="369"></a></p> <p>Observação: nos lugares onde está escrito "Domain.local", deve ser o domínio que você está integrando ao sistema. E em "simple_allow_users = groups, linuxuser, linuxadmin" é uma opção adicionada automaticamente no próximo item.</p> <p>Assim, finalizando o processo de configuração do SSSD, vamos permitir o acesso dos usuários que estão nos grupos que adicionamos em simple_allow_groups. Utilize os seguintes comandos:</p> <p><code>realm permit [group]</code></p> <p>Exemplo:</p> <p><code>realm permit linuxuser</code></p> <p><code>realm permit linuxadmin</code></p> <h2>SUDOERS</h2> <p>Com os processos realizados nos itens acima, já conseguiremos acessar a máquina utilizando o usuário do AD. No entanto, ele não terá acesso root no sistema. Para resolver isso, devemos adicionar os grupos dentro do arquivo /etc/sudoers. O resultado será o seguinte:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fagt7h6amrr4ykwkujxt8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fagt7h6amrr4ykwkujxt8.png" alt="Image description" width="642" height="177"></a></p> <p>Adicionamos o grupo %linuxuser para permitir que todos os usuários do grupo linuxuser possam acessar a máquina e obter acesso root.</p> <h2>Conclusão</h2> <p>Ao seguir essas etapas, os usuários do Active Directory poderão autenticar-se na máquina Linux e ter os privilégios adequados. Certifique-se sempre de seguir as melhores práticas de segurança ao realizar essas configurações.</p> linux devops security tutorial A Dualidade do Bitcoin: Privacidade versus Transparência João Pedro Wed, 12 Apr 2023 18:36:22 +0000 https://dev.to/joaoprd/a-dualidade-do-bitcoin-privacidade-versus-transparencia-hfc https://dev.to/joaoprd/a-dualidade-do-bitcoin-privacidade-versus-transparencia-hfc <p>Bitcoin é uma das criptomoedas mais conhecidas e amplamente utilizadas no mundo. A natureza descentralizada e pseudônima do Bitcoin torna as transações difíceis de rastrear, mas ainda assim existem maneiras pelas quais elas podem ser rastreadas. Existem várias técnicas que os investigadores podem usar para rastrear as transações de Bitcoin e identificar criminosos que usam a criptomoeda para atividades ilegais.</p> <h2>Endereços públicos</h2> <p>Cada transação em Bitcoin é gravada em um endereço público na blockchain, tornando-a visível para qualquer um. Isso permite que as transações sejam rastreadas e investigadas, se associadas a uma pessoa ou empresa. Investigadores podem rastrear a origem e o destino do dinheiro monitorando os endereços públicos usados em transações ilegais</p> <p>As transações são permanentemente registradas em um livro-razão chamado "Blockchain", que é público e pode ser acessado por qualquer pessoa por meio de um explorador de blockchain, como o Blockchain.info. Isso significa que todas as transações já realizadas em Bitcoin podem ser visualizadas.</p> <h2>Análise de cadeia de blocos</h2> <p>A análise de cadeia de blocos é uma técnica que permite rastrear as transações do Bitcoin e identificar os endereços de Bitcoin envolvidos em uma transação. Embora a identidade do proprietário do endereço de Bitcoin não seja conhecida, a análise da cadeia de blocos pode ser usada para rastrear a atividade de um endereço específico e, em alguns casos, vincular esse endereço a uma pessoa ou entidade.</p> <p>Uma maneira de rastrear um endereço de Bitcoin é analisando a cadeia de blocos para identificar todos os endereços que enviaram ou receberam Bitcoin desse endereço específico. Se uma pessoa usar um endereço de Bitcoin para realizar transações em uma exchange ou plataforma de negociação, por exemplo, é possível vincular esse endereço a uma conta de usuário na exchange.</p> <p>Além disso, a análise da cadeia de blocos também pode ser usada para rastrear padrões de transação que possam ser indicativos de atividades ilegais ou suspeitas, como lavagem de dinheiro, tráfico de drogas ou financiamento terrorista.</p> <h2>Identificação de usuários</h2> <p>Embora os usuários de Bitcoin sejam geralmente pseudônimos, ainda é possível identificar indivíduos por meio de transações que envolvem outras moedas fiduciárias, informações pessoais ou conexões com endereços de IP. Por exemplo, se uma pessoa usa o mesmo endereço de IP para fazer uma transação de Bitcoin e para se conectar a uma conta de mídia social, é possível identificar essa pessoa com base em informações da conta de mídia social.</p> <h2>Intercâmbios de criptomoedas</h2> <p>Os intercâmbios de criptomoedas são obrigados a seguir as regulamentações contra lavagem de dinheiro, o que pode incluir a coleta de informações pessoais dos usuários e a verificação de identidade antes de permitir transações. Os investigadores podem usar as informações coletadas pelos intercâmbios de criptomoedas para rastrear transações e identificar os usuários envolvidos em atividades ilegais.</p> <p>Um exemplo real de como o Bitcoin foi rastreado e um criminoso foi preso é o caso da Silk Road. A Silk Road foi um mercado online na dark web que facilitou a venda de produtos ilegais, incluindo drogas, armas e documentos falsificados, em troca de Bitcoin. O criador da Silk Road, Ross Ulbricht, também conhecido como "Dread Pirate Roberts", foi preso em 2013 e condenado a prisão perpétua em 2015 por uma série de acusações, incluindo conspiração para lavagem de dinheiro, tráfico de drogas e conspiração para hackear computadores.</p> <p>A prisão de Ulbricht foi possível graças a uma investigação coordenada entre várias agências governamentais, incluindo o FBI, a DEA e o IRS. As agências rastrearam as transações de Bitcoin na Silk Road e conseguiram identificar alguns endereços que pertenciam ao Dread Pirate Roberts. Eles então realizaram uma análise da cadeia de blocos para rastrear o fluxo de Bitcoin entre esses endereços e outros endereços associados a atividades ilegais na Silk Road. Isso permitiu que eles identificassem várias transações suspeitas e, eventualmente, chegaram ao endereço de Bitcoin que Ulbricht usou para pagar o servidor da Silk Road.</p> <p>Através da análise do endereço IP associado a essa transação e outras informações coletadas em fóruns online, os investigadores conseguiram identificar Ross Ulbricht como o proprietário do endereço. Ele foi preso em 2013 e posteriormente condenado por suas atividades ilegais na Silk Road.</p> <p>O caso da Silk Road ilustra como o Bitcoin pode ser rastreado e como as agências governamentais podem trabalhar juntas para identificar e prender criminosos que usam a criptomoeda para atividades ilegais. Embora a natureza pseudônima e descentralizada do Bitcoin possa tornar as transações mais difíceis de rastrear, ainda existem várias técnicas e ferramentas disponíveis para investigadores e agências governamentais que desejam identificar e prender criminosos que usam a criptomoeda para atividades ilegais.</p> <h2>Conclusão</h2> <p>O Bitcoin é uma tecnologia fascinante que oferece muitos benefícios e oportunidades para as pessoas em todo o mundo. No entanto, como com qualquer tecnologia, há também riscos e desafios associados ao seu uso. A capacidade do Bitcoin de ser rastreado e monitorado pelas agências governamentais pode ser vista tanto como uma vantagem quanto como uma desvantagem. Por um lado, isso pode ajudar a prevenir atividades ilegais e criminosas, mas, por outro lado, pode ser visto como uma invasão de privacidade e uma ameaça à liberdade financeira.</p> <p>É importante que os usuários de Bitcoin entendam as implicações e riscos envolvidos em seu uso e tomem medidas para proteger sua privacidade e segurança financeira.</p> security devops bitcoin linux