=^.^=

The BIOS has Corrupted hw-PMU Resources

Modern HP servers, among others, may display the following warning when booting RHEL7+ and associated flavours:

The BIOS has corrupted hw-PMU resources (MSR 30d is 330)

This can be safely ignored. However, if it bothers you, you can disable it thus:

  1. Boot machine to RBSU (F9).
  2. Press CTRL+A.
  3. Select "Service Options."
  4. Select "Processor Power and Utilization Monitoring."
  5. Select "Disable."
  6. Press F10 to save and exit.
  7. Reboot.

Per HPE advisory https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c03265132

Discover All Tenda Devices in ARP Database

Tenda makes embedded devices that are frequently compromised and/or used in DoS attacks. You can actively scan or sniff for the following list of vendor IDs live but I wrote an SQL backed multi-router ARP table reporting system for an ISP years back. This query will locate all clients operating such a device.

select distinct `ip` from `arp` where ( `mac` like 'E8:65:D4%' or `mac` like 'D8:32:14%' or `mac` like 'CC:2D:21%' or `mac` like 'C8:3A:35%' or `mac` like 'B8:3A:08%' or `mac` like 'B4:0F:3B%' or `mac` like 'B0:DF:C1%' or `mac` like '58:D9:D5%' or `mac` like '50:2B:73%' or `mac` like '50:0F:F5%' or `mac` like '08:40:F3%' or `mac` like '04:95:E6%' )

I have had enough problems with these devices that I suggest preemptively locating them, blocking typical remote management/access ports upstream and have all affected users return or upgrade their router. Follow up and remove corresponding upstream rules once the devices have been removed (use arping to verify) to recover netfilter resources.

Search All Files Recursively for a String

find / -xdev -type f -print0 | xargs -0 grep -H "string"
The -xdev argument ignores other filesystems mounted under the given path, avoiding /proc and /dev for example. If, for example, your /home folder is on a different partition, it won't be searched. Run the command again on that specific path.