"pcscd PC/SC Smart Card Daemon" ?
-
If you don't want it and don't use it, why did you go out of your way to enable it?
It's off by default which is what you'll want. After applying the patch, leave the box unchecked and then reboot.
-
@jimp said in "pcscd PC/SC Smart Card Daemon" ?:
If you don't want it and don't use it, why did you go out of your way to enable it?
See the initial post above, I am still trying to get rid of it exactly because I don't use it :)
It's off by default which is what you'll want. After applying the patch, leave the box unchecked and then reboot.
I did that and still see the red "pcscd PC/SC Smart Card Daemon" in the Service Status. Is it expected? If the answer is yes, why ?
-
The service is still there/defined but disabled. Several other services work the same way. Though it may not take much to hide it in this case. It's not a problem.
-
@jimp said in "pcscd PC/SC Smart Card Daemon" ?:
The service is still there/defined but disabled. Several other services work the same way. Though it may not take much to hide it in this case. It's not a problem.
OK I take that and thank you!
Before it was not possible to disable it.
It's just odd to see something disabled if you don't use it and even know where it's coming from.
-
To hide it - is it something that can be done locally?
-
@chudak said in "pcscd PC/SC Smart Card Daemon" ?:
To hide it - is it something that can be done locally?
We, for example, are not as bothered by this as you are
-
I already added a note to the Redmine stating we'll need to hide the service. I'm not certain how long that might take or how much effort it will be. Probably not much but don't quote me on that.
It is cosmetic only, it doesn't hurt anything. Not many people sit on the service status screen so it doesn't matter. If it bothers you in the widget you can hide it in the widget (hit the wrench in the titlebar of the service status widget, scroll down, uncheck it, save.)
-
@daddygo I guess you've never been through a security audit. Allow me to give you a sneak peak:
Some Overseas Checklist Drone: "Why is this red error on your firewall appliance configuration evidence?"
Overworked Administrator: "That feature is disabled."
Drone: "Why do you not use this feature of your firewall appliance?"
Admin: "Because we do not use smartcards as part of our authentication process."
Drone: "Why do you not use smartcards as part of your authentication process?"
Admin: "Because there is no hardware support for it and, in this context, it offers no advantages and makes no sense."
Drone: "I will be leaving this as an open issue for the configuration of your firewall appliance. Enabling all features for full protection from your firewall appliance is needful."What could (or should) the green/red little icon in the 'Service Status' widget represent? Conformity to the configuration, e.g. if pcscd is not enabled, green shows it correctly stopped and red indicates an error state in which it is operating.
Assuming that doesn't happen, here's a horrifying patch to make it disappear and prevent you from having to "please to be doing" anything:
--- a/usr/local/www/widgets/widgets/services_status.widget.php 2021-05-28 07:35:21.000000000 -0400 +++ b/usr/local/www/widgets/widgets/services_status.widget.php 2021-07-28 08:44:17.790560000 -0400 @@ -31,6 +31,11 @@ $services = get_services(); +// horrifying patch for papering over pcscd +if ($pewpew = array_search('pcscd', array_column($services, 'name'))) { + array_splice($services, $pewpew, 1); +} + $numsvcs = count($services); for ($idx=0; $idx<$numsvcs; $idx++) {
-
@izaac Oh man that is so true! ;) Sad but true!!
-
@izaac said in "pcscd PC/SC Smart Card Daemon" ?:
I guess you've never been through a security audit.
No, really, never... maybe teach me how it's done
as Jimp wrote, it's pointless to make a big deal of it, but if you need it just shout it out here..Thank you for your follow up
-
@daddygo come on dude don't be so serious - that was seriously funny, and spot on.. hehehe
We all get it - but he does have a point about some of the nonsense that can come out of those drone based audits, how many checks can be tallied up without a clue.. But hey these items were discovered that causes extra work and pain for zero reason..
I recall one that just got my dander up.. On why the servers screen savers were not set to lock after 1 minute in the server room
Because its a locked room, in a secured building - and only admins have access to the room.. And 1 minute timeout is counterproductive to actual work.. So its set to 10 minutes..
-
@izaac @chudak Let's try that again, but now with more system status page, since the widget does let you mask via UI:
--- a/usr/local/www/status_services.php 2021-05-28 07:35:21.000000000 -0400 +++ b/usr/local/www/status_services.php 2021-07-28 09:14:03.699292000 -0400 @@ -64,6 +64,11 @@ $services = get_services(); +// horrifying patch for papering over pcscd +if ($pewpew = array_search('pcscd', array_column($services, 'name'))) { + array_splice($services, $pewpew, 1); +} + // $debugsvcs = array('name' => 'captiveportal', 'description' => 'Captive Portal', 'zone' => '14'); // array_push($services, $debugsvcs);
Just drop it into the System_Patches package with a Path Strip Count of '1' and a Base Directory of '/', if you're unfamiliar.
-
@johnpoz said in "pcscd PC/SC Smart Card Daemon" ?:
come on dude don't be so serious - that was seriously funny, and spot on.. hehehe
Nope John, it's not a good day for me, but I don't take it seriously...
either I'm being rude lately or people are so snappy
- yesterday was the same - only with someone else
I don't miss it :)
-
@daddygo said in "pcscd PC/SC Smart Card Daemon" ?:
it's not a good day for me
Sorry to hear that. Hope things work out. -
@izaac said in "pcscd PC/SC Smart Card Daemon" ?:
Sorry to hear that. Hope things work out.
that felt good to me / pls. forgive my initial indignation, THX
I'm just nervous about my flight (will be on Friday), stupid PCR tests + digital COVID passport, but finally after 1.5 years I can see my parents
-
@daddygo -- yeah we recently got to see our grandkids after like 1.5 years of only alexa video calls and facetime..
Get your visit in -- seems more and more lock downs coming for sure..
We are wondering if scheduled trip in oct will have to be rescheduled yet again because of future lock downs.. Surges again all over - yet they are still running lollapalooza here in chicago with expected 100k people a day.. That sure seems like a super spreader event to me.. The world is crazy right now...
So understandable how people can be on edge, etc. I didn't really see your comments or rude or anything - just that you were not seeing his humor maybe.. I thought it was funny as shit! hehehe
-
@johnpoz said in "pcscd PC/SC Smart Card Daemon" ?:
Get your visit in -- seems more and more lock downs coming for sure..
Jeah, people think they got two injections and COVID is gone...
Our parents live 4000 km from me and my family..., we are very happy now that maybe our plane will take off on Friday.Here in EU it's still a lot of administration, tomorrow morning at 8 o'clock test, then the test will be in the database, then we are anxious to get a negative result in the Android App, digital COVID license.
(before that, I flew every 3-4 weeks)12 changes in the last 10 months on a flight which was booked at the end of 2020, it's a joke, but it's true.
Seriously, only after 1.5 years I'm going to get to my hometown(?!), + I can't see the end of my works, as I haven't been to our Hungarian data centre for 1.5 years either.
It's a long ToDo list, but somewhere deep in my heart I'm happy to be travelling. :)
Yes and the damn "D" variant is here too, this will only give me a headache in September when we will come back to Portugal.
BTW:
yes this "lockdown" may have killed the "humour" out of me, hahaha, - no definitely not -
Everybody have a nice day !
PS: On a more positive note - pfsense and this forum are great way for us to socialize at least virtually !
-
@chudak said in "pcscd PC/SC Smart Card Daemon" ?:
pfsense and this forum are great way for us to socialize at least virtually
I am not religious, but I have to say โ Amen Bro
-
@daddygo said in "pcscd PC/SC Smart Card Daemon" ?:
Jeah, people think they got two injections and COVID is gone...
And don't forget the added bonus of better wifi connection after the chip has finished setting in ;)
-
@johnpoz said in "pcscd PC/SC Smart Card Daemon" ?:
don't forget the added bonus of better wifi connection
Hey isn't that more like 5G telecom towers?
Hmmm,... people are angry at the towers, because their spreading the COVID :) -
@izaac said in "pcscd PC/SC Smart Card Daemon" ?:
@izaac @chudak Let's try that again, but now with more system status page, since the widget does let you mask via UI:
--- a/usr/local/www/status_services.php 2021-05-28 07:35:21.000000000 -0400 +++ b/usr/local/www/status_services.php 2021-07-28 09:14:03.699292000 -0400 @@ -64,6 +64,11 @@ $services = get_services(); +// horrifying patch for papering over pcscd +if ($pewpew = array_search('pcscd', array_column($services, 'name'))) { + array_splice($services, $pewpew, 1); +} + // $debugsvcs = array('name' => 'captiveportal', 'description' => 'Captive Portal', 'zone' => '14'); // array_push($services, $debugsvcs);
Just drop it into the System_Patches package with a Path Strip Count of '1' and a Base Directory of '/', if you're unfamiliar.
I had an "off by one" issue :
The array_search() returned "8" (for me) but it was element ninth that had to be removed.+ array_splice($services, $pewpew+1, 1);
-
This is in an internal PR which will be merged soon:
diff --git a/src/etc/inc/service-utils.inc b/src/etc/inc/service-utils.inc index e74acbfb1fb8334a8f7fc717bf58d5449ad8593d..c0a891ced023cc7abaf87bbba1c9611d03c482a6 100644 --- a/src/etc/inc/service-utils.inc +++ b/src/etc/inc/service-utils.inc @@ -270,12 +270,14 @@ function get_services() { $services[] = $pconfig; } - $pconfig = array(); - $pconfig['name'] = "pcscd"; - $pconfig['description'] = gettext("PC/SC Smart Card Daemon"); - $pconfig['enabled'] = is_service_enabled("pcscd"); - $pconfig['status'] = get_service_status($pconfig); - $services[] = $pconfig; + if (isset($config['ipsec']['pkcs11support'])) { + $pconfig = array(); + $pconfig['name'] = "pcscd"; + $pconfig['description'] = gettext("PC/SC Smart Card Daemon"); + $pconfig['enabled'] = is_service_enabled("pcscd"); + $pconfig['status'] = get_service_status($pconfig); + $services[] = $pconfig; + } if (is_array($config['ntpd']) && ($config['ntpd']['enable'] != 'disabled')) { $pconfig = array();
-
@gertjan said in "pcscd PC/SC Smart Card Daemon" ?:
but it was element ninth that had to be removed.
the whole world can see how a small thing can generate a big question..
no one, but no one, is so concerned about the NSO scandal...
(I hate the politic, - personally)this is also informatics, in my reading I hope..
(pcscd PC/SC Smart Card Daemon)BTW:
before anyone attacks this souvenir of my opinion, excuse me -
@johnpoz said in "pcscd PC/SC Smart Card Daemon" ?:
And don't forget
hello everyone, I just received, now... (2 minutes ago)
hahaha, I'm going home!!! - finaly
-
Nice. Take care!
-
@stephenw10 said in "pcscd PC/SC Smart Card Daemon" ?:
Nice. Take care!
Thanks for everyone huhuhuhuhuh, I'm traveling
I can finally hug my mum, who is 69 years old, the greatest mom!+++edit:
I know everyone's mum is great! :)
-
@anthonys Thanks a bunch! - Had my memory ramping up to the hilt (96%) within a few days, even killing DNS for lack of space. Then I found around 1 G used up for pcscd. Followed your suggestion, and immediately everything was down to normal.
I for one call that a real bugger!
-
Hello!
Current setup is pfsense 2.5.2 as a virtual appliance. I'm connected via RDP on a server on the LAN side. Basically i noted some freezing rdp issues. Than i started to ping and i saw timeout so the issue is with pfsense. As you can see i'm running out of memory. Since a reboot can easily fix this, my question is can i troubleshoot it? Any idea what is happening? the /usr/local/sbin/pcscd is eating almost 60% of ram and the swap is gone...
why it is even running the pcscd process?edit: ok i see it is a known problem but why they have not fixed it yet :)
-
It's fixed in 2.6 and 21.09. Before then you can apply patch to 2.5.2 if you are affected:
https://redmine.pfsense.org/issues/11933#note-7Steve
-
@albgen said in "pcscd PC/SC Smart Card Daemon" ?:
but why they have not fixed it yet :)
Because a newer version isn't released yet.
The code is merged.
Merged to into what becomes later on a future version of pfSense.But why wait ?
You saw the code jimp posted (above).
Stop the pcscd process manually first.
Install the patches pfSense package.
Create a patch.
Copy paste the code jimp showed (see above)
Give it a description - like the URL of the forum thread.
Now : Ok - Test - and Apply.
Done.Example :
When you created the patch, you wind up having this :
Now,
Test,
Apply.
Solved. -
@gertjan @stephenw10 thanks guys
-
@gertjan said in "pcscd PC/SC Smart Card Daemon" ?:
Create a patch.
Done
Copy paste the code jimp showed (see above)
Done
Give it a description - like the URL of the forum thread.
Done
Now : Ok - Test - and Apply.
APPLY is missing ... Hmmmm
-
@fireodo said in "pcscd PC/SC Smart Card Daemon" ?:
APPLY is missing
Did you Fetch (download) it? (docs) Or, if it doesn't show Apply it might not have been entered correctly, and the package is smart enough to not let you break things. The very first one I did I accidentally pasted in he wrong URL and ran into that.
If nothing else you can just stop the service (Status/Services page) until 21.09 is out. Presumably your router won't restart that often...
-
@steveits said in "pcscd PC/SC Smart Card Daemon" ?:
Presumably your router won't restart that often...
Indeed. I will wait ...
-
Indeed if it doesn't show 'apply' that means it cannot be applied.
What are version are you trying to patch?
You are using this commit ID in the patch?
afcc0e9c97c1993ae6b95f886665fcb4375d26c7
Steve
-
@stephenw10 said in "pcscd PC/SC Smart Card Daemon" ?:
What are version are you trying to patch?
2.5.2
You are using this commit ID in the patch? afcc0e9c97c1993ae6b95f886665fcb4375d26c7
Yes.
-
Hmm, that should work, I just retested it to be sure. The only reason it wouldn't is if you already have some other changes to the files it's trying to patch.
Steve
-
@stephenw10 said in "pcscd PC/SC Smart Card Daemon" ?:
The only reason it wouldn't is if you already have some other changes to the files it's trying to patch.
You're probably right - its not so important for me ...
Edit1: Found the culprit (its me) - I changed the rc.bootup manually with the modifications that came with the patch some time before ...
Edit2: I revert the changes I made and now the Patch applies correctly.
Sorry!
-
@jimp Just noting that saving the page with the newly present box unchecked was enough to stop the service. It did not require a reboot.