Ukulawula okuphephile kwe-PowerShell nge-Just‑Enough‑Administration (JEA)

Ukusetshenziswa kwe-PowerShell remoting sekuyinto ebaluleke kakhulu kunoma iyiphi indawo Windows Ukunikeza ukufinyelela okukude kwesimanje kodwa ngaphandle kokulawula kufana nokushiya okhiye besikhungo sedatha etafuleni. Yilapho umdlalo ungena khona. Ukuphatha Okwanele (i-JEA), ungqimba lokuphepha olukuvumela ukuthi unikeze imisebenzi ngaphandle kokunikeza amalungelo okuphatha kwesobunxele nakwesokudla.

Nge-JEA ungamisa izindawo zokufinyelela ezikude ezilinganiselwe kakhulu lapho abasebenzisi abathile besebenzisa khona kuphela imiyalo ukuthi ugunyazile, ngaphansi kwama-akhawunti anamalungelo engeziwe, kodwa ngaphandle kokwazi iziqinisekiso zangempela noma ukukwazi ukuphambuka kuskripthiFuthi konke lokhu kwaqoshwa emibhalweni eqoshiwe futhi izingodo imininingwane eyobe isikuvumela ukuthi uhlole ukuthi ubani owenze ini, nini futhi kuphi.

Kuyini Ukuphatha Okunokwanele (i-JEA) futhi kungani kubalulekile?

I-Just-Enough-Administration ubuchwepheshe bokuphepha obusekelwe ku-PowerShell esebenzisa imodeli yokuphatha enikezwe igunya elifanele kakhulu. Empeleni, i-JEA ikuvumela ukuthi uveze ama-endpoints akude lapho kutholakala khona isethi evaliwe yama-cmdlet, imisebenzi, izikripthi, kanye nemiyalo yangaphandle echazwe nguwe.

Ngenxa yale ndlela, ungakwazi kunciphisa kakhulu inani lama-akhawunti anamalungelo aphezulu Kumaseva akho, ungasebenzisa ama-akhawunti abonakalayo noma ama-akhawunti esevisi aphethwe yiqembu (i-gMSA) enza izenzo ezinelungelo egameni labasebenzisi abajwayelekile. Umsebenzisi ungena ngemvume ngeziqinisekiso zakhe ezijwayelekile, futhi ngeseshini ye-JEA, uqala imiyalo eyenziwa ngemuva kwezigcawu ngamalungelo aphezulu.

Esinye isisekelo esibalulekile se-JEA yikhono lokwenza ukuchaza ngokunembile lokho indima ngayinye engakwenzaAmafayela okwazi indima achaza ukuthi yimaphi ama-cmdlet, imisebenzi yangokwezifiso, imiyalo yangaphandle, noma abahlinzeki be-PowerShell abonakalayo. Okunye akukho kumsebenzisi: abakwazi ukwenza ama-scripts ngendlela ehlelekile, ukuzulazula ngokukhululeka ohlelweni lwamafayela, noma ukufinyelela izinsizakalo noma izinqubo ongazichazanga.

Ngaphezu kwalokho, zonke izikhathi ze-JEA zingalungiselelwa ukukhiqiza imibhalo ephelele kanye nemicimbi yokuhlolwa kwezimaliUkuthwebula imiyalo, amapharamitha, okukhiphayo, amaphutha, ubunikazi bomsebenzisi, kanye nezikhathi zokusebenzisa akusizi nje kuphela ukuhlangabezana nezidingo zomthetho kodwa futhi kubaluleke kakhulu lapho kuphenywa isigameko sokuphepha noma ukwehluleka kokusebenza.

Izingozi zama-akhawunti anelungelo kanye nendlela i-JEA ewanciphisa ngayo

Ama-akhawunti endawo, esizinda, noma omphathi wohlelo lokusebenza anezimvume eziphakeme asho ukuthi esinye sezimbangela zengozi ezinkulu kakhulu kunoma iyiphi inhlanganoUma umhlaseli ethola enye yalezi ziqinisekiso, angahamba eceleni kwenethiwekhi, andise amalungelo, futhi athole ukufinyelela kudatha ebalulekile, izinsizakalo ezibalulekile, noma aqede zonke izinhlelo.

Ukususa amalungelo akulula ngaso sonke isikhathi. Isibonelo esivamile yileso iseva ephethe i-DNS kanye nesilawuli sesizinda se-Active DirectoryIthimba le-DNS lidinga amalungelo okuphatha endawo ukuze lixazulule izinkinga zesevisi ye-DNS, kodwa ukuwafaka eqenjini labaPhathi beDomain kubanika amandla okulawula lonke ihlathi kanye nokufinyelela kunoma yimuphi umthombo kulowo mshini. Lesi yisibonelo esivamile sokudela ukuphepha ukuze kube lula ukusebenza.

I-JEA ixazulula le nkinga ngokusebenzisa ngokuqinile umgomo welungelo elincaneEsikhundleni sokwenza abaphathi besizinda sabaphathi be-DNS, ungakha i-endpoint ye-DNS JEA ezinikele eveza kuphela ama-cmdlet adingekayo ekususeni i-cache, ukuqala kabusha isevisi, ukubuyekeza amalogi, noma imisebenzi efanayo. Lokhu kuvumela opharetha ukuthi benze umsebenzi wabo ngaphandle kokuhlola i-Active Directory, ukuzulazula ohlelweni lwamafayela, ukusebenzisa izikripthi ezingahleliwe, noma ukusebenzisa izinsiza ezingaba yingozi.

Uma ulungiselela amaseshini e-JEA ukuthi uwasebenzise ama-akhawunti abonakalayo anezimvume zesikhashanaLesi sinyathelo sithakazelisa nakakhulu: umsebenzisi uxhumana neziqinisekiso ezingenamalungelo futhi, kusukela kuleso sikhathi, angenza imisebenzi evame ukudinga amalungelo omlawuli. Lokhu kuvumela abasebenzisi abaningi ukuthi basuswe emaqenjini abaphathi bendawo noma besizinda, balondoloze imisebenzi ngenkathi benza indawo yokuhlasela ibe lukhuni kakhulu.

Imiqondo yokuphepha esekela i-JEA

I-JEA ayizange ivele ezeni: Kusekelwe ezimisweni eziningana zokuphepha ezisekelwe kahle kanye namamodeli. okuwunikeza ukuvumelana nokuqina. Esokuqala yisimiso esishiwo ngenhla selungelo elincane, esinquma ukuthi abasebenzisi kanye nezinqubo kufanele babe nezimvume ezibalulekile kuphela emisebenzini yabo.

Insika yesibili enkulu iyimodeli Ukulawulwa Kokufinyelela Okusekelwe Ezindimeni (RBAC)I-JEA isebenzisa i-RBAC ngamafayela okwazi indima, lapho uchaza khona ukuthi indima ethile ingenzani ngaphakathi kweseshini ekude. Isibonelo, indima yedeski losizo ingabhala uhlu lwezinsizakalo, ibuke imicimbi, futhi iqalise kabusha isevisi ethile, kuyilapho indima yokuphatha i-SQL Server ingenza kuphela ama-cmdlet ahlobene... yolwazi nokuningi okuthe xaxa.

La Isisekelo sobuchwepheshe se-JEA yi-PowerShell kanye nengqalasizinda yayo yokulawula kudeI-PowerShell inikeza ulimi, ama-cmdlet, kanye nesendlalelo sokuxhumana okude (i-WinRM/WS-Management), futhi i-JEA inezela uhlelo lwama-endpoints anqunyelwe, ama-akhawunti abonakalayo, kanye nokulawula okuhlanganisiwe kokuthi yimiphi imiyalo etholakalayo.

Omunye umqondo obalulekile yi- ukuphathwa okukhawulelwe, kufana ne- ukufinyelela okunikezwe kumodi ye-kiosk ye-Windows 11Esikhundleni sokunikeza umqhubi igobolondo eligcwele, i-JEA yakha iseshini lapho ulimi lokubhala luvinjelwe khona (ngokuzenzakalelayo, i-NoLanguage), ukudalwa kwemisebenzi noma iziguquguquko ezintsha kuvinjelwe, ama-loop nama-conditional avinjelwe, futhi isethi yama-cmdlet avunyelwe kuphela avunyelwe ukwenziwa. Lokhu kunciphisa kakhulu ikhono lomhlaseli okwazi ukufinyelela kuleyo seshini.

Izingxenye ezibalulekile: amafayela e-.psrc kanye ne-.psc

Enhliziyweni yanoma yikuphi ukuthunyelwa kwe-JEA kunezinhlobo ezimbili zamafayela: amafayela wekhono lendima (.psrc) kanye namafayela okulungiselela iseshini (.pssc)Ndawonye ziguqula igobolondo lenhloso ejwayelekile libe yindawo yokugcina eyenzelwe kahle abasebenzisi abathile.

Kufayela lekhono lendima olichazayo ukuthi yimiphi imiyalo etholakala kule ndimaPhakathi kwezinto ezibaluleke kakhulu yilezi:

• Ama-Cmdlets Abonakalayo: uhlu lwama-cmdlet avunyelwe, ngisho nokukwazi ukukhawulela amapharamitha.
• Imisebenzi Ebonakalayo: imisebenzi eyenziwe ngokwezifiso elayishiwe kuseshini.
• I-VisibleExternalCommands: ama-executable angaphandle athile afinyelelwayo.
• I-VisibleProviders: Abahlinzeki be-PowerShell (isibonelo, i-FileSystem noma i-Registry) bayabonakala kuseshini.

Ngakolunye uhlangothi, amafayela okucushwa kweseshini ye-.pssc, Bachaza i-JEA endpoint kanjalo futhi bayixhumanisa nezindima.Izinto ezifana nalezi ezilandelayo zimenyezelwe lapha:

• Izincazelo Zendima: ukumaka abasebenzisi noma amaqembu okuphepha ngamakhono endima.
• Uhlobo Lwesikhathi: lapho i-'RestrictedRemoteServer' ivame ukusethwa khona ukuze iqinise iseshini.
• Uhlu Lwemibhalo Ebhaliwe: ifolda lapho kugcinwa khona imibhalo yeseshini ngayinye.
• I-RunAsVirtualAccount kanye nezinketho ezihlobene, njengokuthi i-akhawunti ebonakalayo ingeziwe yini emaqenjini athile.

I-JEA ivele ngendlela yokuthi Ama-endpoints okulawula kude e-PowerShell abhaliswe ohlelweniLezi zindawo zokugcina zakhiwe futhi zinikwe amandla ngama-cmdlets afana nalawa Ifayela Elisha le-PSSessionConfiguration, Bhalisa‑I-PSSessionConfiguration noma amathuluzi okuqopha njenge-JEA Helper Tool, okwenza kube lula ukukhiqiza amafayela e-.pssc kanye ne-.psrc ngaphandle kokubhekana nobunzima obukhulu nge-syntax.

Umjikelezo wokuphila weseshini ye-JEA

Uma kusethwa indawo ephelele ye-JEA, inqubo ivame ukulandela uchungechunge lwezinyathelo ezinengqondo ezithi Baguqula uhlelo lokulawula kude oluvulekile lube uhlelo olulawulwa ngokuqinile.Uchungechunge olujwayelekile luthi:

Okokuqala, udala i-a iqembu lezokuphepha noma amaqembu amaningana ezimele izindima ofuna ukuziphathisa (isibonelo, i-HelpdeskDNS, i-Web Operators, i-SQL Operators). Ukusebenzisa amaqembu akuyona impoqo, kodwa kwenza ukuphathwa kube lula kakhulu njengoba indawo ikhula.

Bese kuba khona eyodwa noma ngaphezulu ezilungiselelwe amafayela wekhono lendima .psrc Lokhu kubhala izenzo ezivunyelwe: ama-cmdlet, imisebenzi, izikripthi, imiyalo yangaphandle, ama-alias, abahlinzeki, kanye nemikhawulo eyengeziwe (amapharamitha athile, izindlela ezivunyelwe, njll.). Lapha, isibonelo, ungavumela wonke ama-cmdlet aqala ngo-Get-, akhawulele i-Restart-Service kusevisi ye-Spooler, futhi agunyaze kuphela umhlinzeki we-FileSystem.

Okulandelayo kukhiqizwa ifayela lokucushwa kweseshini .pssc kusetshenziswa i-New-PSSessionConfigurationFile. Ichaza izinketho ezifana ne-SessionType = RestrictedRemoteServer, indlela ye-TranscriptDirectory, ukuthi ama-akhawunti abonakalayo ayasetshenziswa yini, kanye nebhulokhi ye-RoleDefinitions exhumanisa amaqembu namakhono endima, isibonelo, 'DOMAIN\HelpdeskDNS' = @{ RoleCapabilities = 'HelpdeskDNSRole' }.

Njengoba ifayela le-.pssc selivele lilungisiwe, indawo yokugcina ibhalisiwe kusetshenziswa Bhalisa‑I-PSSessionConfiguration -Igama JEASeseshini Igama -Indlela Indlela\Ifayela.pscKusukela ngaleso sikhathi kuqhubeke, uma ukucushwa okutholakalayo kufakwe kuhlu ne-Get-PSSessionConfiguration, indawo entsha yokuxhuma izobonakala ilungele ukwamukela ukuxhumana.

Abasebenzisi baxhuma kule ndawo yokuphela besebenzisa amakhompyutha abo Faka i-PSSession -Iseva Yegama Lekhompyutha -Igama Lokucushwa JEASigama Leseshini noma nge-New-PSSession bese kuba yi-Invoke-Command. Lapho ingena, iseshini isebenzisa ngokuzenzakalelayo imikhawulo echazwe emandleni omsebenzi ohlobene nomsebenzisi.

Phakathi neseshini, Ukulawula kude kwe-PowerShell kusebenzisa i-WinRM eneziteshi ezibethelweUkuqinisekiswa okuhlanganisiwe (ngokuvamile ama-Kerberos esizindeni) kanye nemithetho yomlilo echazwe yisevisi. Okuyisisekelo salokhu, uma i-RunAsVirtualAccount ivuliwe, kudalwa i-akhawunti ebonakalayo yesikhashana, yengezwe emaqenjini adingekayo, futhi ibhujiswe lapho iseshini iphela.

Ekugcineni, lapho kuvalwa iseshini ye-JEA, Okubhaliwe kokuhlolwa kwezimali kanye nemicimbi kuyalondolozwa Lezi zingodo zishiya umkhondo ocacile wemiyalo esetshenzisiwe, imiphumela, kanye nomongo womsebenzisi. Zingathunyelwa noma zihlotshaniswe ngaphakathi kohlelo lwe-SIEM ukuze kutholakale izexwayiso nokuhlaziywa okwengeziwe.

Ukulawula ukufinyelela kwe-PowerShell, ukulawula ukufinyelela, kanye nokuqinisa

Ukulawula Ukulawula I-PowerShell, okusekelwa yisevisi Ukuphathwa Kwesilawuli kude seWindows (i-WinRM) Iphrothokholi ye-WS-Management ivumela ukwenziwa kwemiyalo kanye nezikripthi ezikude okuhlanganisiwe. Iyithuluzi elinamandla lokwenza ngokuzenzakalela, ukuphathwa kweseva enkulu, ukulungisa amaphutha, kanye nokusekelwa okukude.

Okuzenzakalelayo, abaphathi bendawo kanye namalungu eqembu labasebenzisi be-Remote Management Bangasebenzisa ama-endpoints ajwayelekile e-PowerShell. Ezindaweni eziningi, leli khono lisetshenziswe ukuvumela abasebenzisi abangebona abalawuli ukuthi basebenze imisebenzi ekude, okungeyona ingozi ngokwemvelo, kodwa uma kungalawulwa kahle, kuvula indlela ebalulekile yokusebenzisa kabi.

Ukuze kuqiniswe isimo sokuphepha, isu elivamile lihilela Vimbela ukufinyelela okukude kwe-PowerShell kuma-akhawunti omlawuli kuphela. Noma, okungcono nakakhulu, hlanganisa lowo mkhawulo nama-endpoint e-JEA anikeza abasebenzisi abathile ukufinyelela okudingekayo kuphela. Lokhu kungafezwa ngokusebenzisa:

• Ama-GPO achaza ukuthi yimaphi amaqembu angasebenzisa i-WinRM kanye nama-endpoints azenzakalelayo.
• Imithetho yomlilo evumela i-WinRM kuphela kuma-subnet noma kumakhompyutha okuphatha.
• Ukususa iqembu labasebenzisi bokuphathwa okude kuma-ACL ama-endpoints ajwayelekile.

Ngaphezu kwalokho, ungakhetha Vimba i-PowerShell ngokuphelele kubasebenzisi abangebona abalawuli usebenzisa izixazululo ezifana ne-AppLocker. Ngale ndlela, uvimbela umsebenzisi ojwayelekile ekusebenziseni izikripthi ezinonya endaweni, kodwa usavumela ama-akhawunti anelungelo ukuthi asebenzise i-PowerShell emisebenzini yokuphatha kanye neyokuzenzakalela.

I-JEA uma iqhathaniswa nezinye izindlela zokukhawulela ze-PowerShell

Kunezindlela eziningana zokukhawulela lokho abasebenzisi abangakwenza nge-PowerShell remoting, kanye I-JEA ifaneleka njengenketho encane futhi eguquguqukayo ngaphakathi kobubanzi obuhlanganisa izindlela ezibanzi ezifana nalezi:

Ngakolunye uhlangothi, ukusetshenziswa kwe I-GPO yokulawula ukuthi ubani ofaka ama-endpoints azenzakalelayo e-PowerShellI-Microsoft PowerShell ingakhawulelwa kubaphathi, noma ingabhaliswanga kuwo wonke umuntu, okuphoqa ukusetshenziswa kwama-endpoint athile. Lokhu kuyasiza ekukhawuleleni ukufinyelela ngendlela "enamandla amakhulu", kodwa akuxazululi inkinga yobuningi: noma ngubani othola ukufinyelela angenza cishe noma yini.

Ngakolunye uhlangothi, kunezindlela zokulawula izinhlelo zokusebenza ezifana Izinqubomgomo Zokukhawulela i-AppLocker noma iSoftwareLezi zindlela zikuvumela ukuthi wenqabe ukusetshenziswa kwe-PowerShell.exe noma i-pwsh.exe kubasebenzisi abajwayelekile, kungaba ngendlela, umshicileli, noma i-hash. Le ndlela iwusizo ekuqiniseni izindawo zokusebenza nokuvimbela noma yimuphi umsebenzisi ukuthi aqalise i-PowerShell, kodwa inemikhawulo lapho ufuna othile enze imisebenzi yokuphatha elinganiselwe kusuka ku-akhawunti yakhe yomsebenzisi.

Enye inketho yilezi Ama-endpoints avinjelwe ngaphandle kokufinyelela i-JEA epheleleUngakha ukucushwa kweseshini ngokwezifiso okukhawulela ama-cmdlet, imisebenzi, namamojula, kodwa ngaphandle kokuthembela kakhulu kumodeli oyisibonelo, ama-akhawunti abonakalayo, noma i-RBAC ehlelekile enikezwa yi-JEA. Kuyindlela ephakathi nendawo efanele izimo ezilula, kodwa engakhuliswa kakhulu ezindaweni ezinkulu.

I-JEA ihlanganisa okungcono kakhulu emhlabeni ohlukahlukene: ukulinganiselwa komyalo oqinile, i-RBAC, ukulawulwa kokusetshenziswa kwamalungelo aphezulu, kanye nokubhaliswa okupheleleLokhu kwenza kube yisisombululo esinconywayo uma udinga ukuvula i-PowerShell remoteing kwabangebona abaphathi, kodwa ngaphandle kokubanika indawo ephelele yokuphatha.

Izici ezithuthukisiwe: sebenzisa njengenye i-akhawunti kanye nelogi

Elinye lamakhono anamandla kakhulu e-JEA yi- sebenzisa imiyalo njengenye i-akhawunti enelungelo elikhulu ngaphandle kokudalula iziqinisekiso zakhoLokhu kuxazulula inkinga evamile yokuthi "Ngizokunika iphasiwedi yale nsizakalo ukuze ukwazi ukwenza u-X", engashintshi futhi igcine iyingozi enkulu.

Izimo zesizinda zivame ukusetshenziswa Ama-Akhawunti Esevisi Aphethwe Yiqembu (i-gMSA) Lokhu kuvumela ama-endpoint e-JEA ukuthi enze izenzo ngaphansi kobunikazi besevisi obuphethwe ngumphakathi, ngokushintshaniswa kwephasiwedi okuzenzakalelayo futhi ngaphandle kokuba noma yimuphi umqhubi azi imfihlo. Kwezinye izimo, kusetshenziswa ama-akhawunti e-virtual esikhashana asendaweni yomshini, adalwe ngokungahleliwe lapho umsebenzisi exhuma futhi ebhujiswa ekupheleni kweseshini.

Ngokombono wokuhlola, iseshini ngayinye ye-JEA ingahlelwa ukuze khiqiza kokubili imibhalo ye-PowerShell kanye nokufakwa kwelogi yemicimbi ecebileUlwazi oluvame ukuqoqwa luhlanganisa:

• Umlando ophelele wemiyalo namapharamitha afakiwe.
• Imiphumela ekhiqizwe kanye nemiyalezo yamaphutha.
• Isitembu sesikhathi sokuqala nokuphela kweseshini, kanye nobude bayo.
• Ubunikazi bomsebenzisi ongene ngemvume kanye nendima/umthamo owabelwe.

Uma uhlanganisa lezi zimpawu nemisebenzi ye Ukungena ngemvume kweModule ye-PowerShell kanye Iskripthi Vimba ukuloga nge-GPOFuthi ngokuthumela ama-log ku-SIEM, uthola ukubona okuqinile okwenzekayo ezindaweni zakho zokuphatha. Lokhu kubalulekile kokubili ekuhambisaneni nomthetho (ukuhlolwa kwe-SOX, i-ISO 27001, njll.) kanye nokutholwa kwezehlakalo kanye nokusabela.

Amacala ajwayelekile okusetshenziswa kwe-JEA ezindaweni zangempela

I-JEA iyakhanya ikakhulukazi uma udinga Ukunikeza imisebenzi ethile kakhulu emaqenjini okungafanele abe ngabaphathiEzinye izibonelo ezivame kakhulu ekusebenzeni yilezi:

Endaweni yokusekela ubuchwepheshe, unganikeza ochwepheshe abasezingeni eliphezulu Ukufinyelela kwe-JEA ukuqala kabusha izinsizakalo, ukubuka izingodo zomcimbi, nokuhlola isimo senqubo kumaseva, kodwa ngaphandle kwekhono lokufaka isofthiwe, ukuguqula ukucushwa okubalulekile, noma ukufinyelela i-Active Directory. Indima evamile yedeski losizo ingafaka phakathi ama-cmdlet afana ne-Get-Service, i-Restart-Service yezinsizakalo ezithile, i-Get-EventLog kwimodi yokufunda kuphela, kanye namanye ama-cmdlet okuxilonga inethiwekhi.

Emaqenjini okusebenza noma okuthuthukisa, ungalungiselela izindima ezigxile emisebenzini ethile njengokuphathwa kwe-IIS noma ukulungiswa kwewebhusayithiIsibonelo, ukuvumela ukufinyelela kuma-cmdlet okuphathwa kwe-Application Pool, ukuqala kabusha iwebhusayithi, ukubuza amalogi kusuka kufolda elinganiselwe, kanye nokuphathwa kwesitifiketi sezinsizakalo ezithile, ngenkathi kukhishwa noma yiliphi ikhono lokuqalisa kabusha iseva yonke noma ukuguqula izinqubomgomo zokuphepha.

Ezindaweni ezihlanganisiwe kanye namafu, i-JEA ivame ukusetshenziswa nciphisa lokho iqembu ngalinye elingakwenza ngakho imishini engokoqobo, isitoreji noma amanethiwekhiUngadalula ama-endpoints akuvumela ukuthi uphathe ama-VM kuphela omnyango, ushintshe imithetho ye-firewall yesigaba esithile, noma uphathe isethi ethile yama-akhawunti esevisi, ugcine ukufinyelela kuhlukile kwezinye izingqalasizinda.

Ngesikhathi esifanayo, i-JEA ifanelana kahle kakhulu ne- Amasu Okuphathwa Kokufinyelela Okuyimfihlo (i-PAM)lapho izikhathi zamalungelo akhethekile zinikezwa okwesikhashana, zilodwa, futhi zihlanganiswe nobunikazi bomuntu siqu, kugwenywe ama-akhawunti abiwe futhi kuncishiswe ingozi ehambisana nesenzo ngasinye samalungelo akhethekile.

I-athikili ehlobene:

Ungakukhawulela kanjani ukufinyelela kumafolda abelwe ku-Windows isinyathelo ngesinyathelo

Isaka

Umbhali oshisekayo ngomhlaba wamabhayithi nobuchwepheshe ngokujwayelekile. Ngiyathanda ukwabelana ngolwazi lwami ngokubhala, futhi yilokho engizokwenza kule bhulogi, ngikubonise zonke izinto ezithakazelisayo kakhulu ngamagajethi, isofthiwe, ihadiwe, izitayela zobuchwepheshe, nokuningi. Inhloso yami ukukusiza ukuthi uzulazule emhlabeni wedijithali ngendlela elula nejabulisayo.