How to fix “inaccessible” virtual machines in VMware ESX

Posted by & filed under VMware ESX.

vmware website products

How to fix “inaccessible” virtual machines in VMware ESX

Occasionally my storage goes offline, this can put VMware ESXi into a bit of a spin if your VM guests are hosted on the storage that went offline. The guests on the datastore will be greyed out with “(inaccessible)” next to them. There is a quick and easy way to fix this, by restarting the management service on the host(s) that the vm guests reside on. (Run these commands without the “#”).

  1. Shell or console onto the host
  2. #/etc/init.d/hostd restartesx, restart, hostd, services, inaccessible
  3. exit
  4. Close the vsphere client
  5. Open the vsphere client

This won’t take effect immediately (up to 5 minutes), but it will come back.

You can check to see if the hostd service is running:

  1. #ps aux | grep hostd

If that doesn’t work you can try and reboot your vCenter server or at the very least, restart the services on the vCenter server. If that doesn’t work you will have to migrate the guests off the physical host and restart the host. Obviously the latter is drastic so only perform that action should you have no other options.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Cisco “Exit Interface Failed Test” using SDM or CCP

Posted by & filed under Cisco.

cisco, website, products

Cisco “Exit Interface Failed Test” using SDM or CCP

When doing Cisco connectivity tests, you can stumble upon vague error messages that leave you feeling a little inadequate.

I encountered one recently when reconfiguring my Dialer0 outside interface for a DSL connection, it ended up being so simple so I thought I’d share it with the world.

I was using the Cisco Configuration Professional (CCP) software but I believe the SDM software can report the same thing.

Exit Interface Failed Test

Log into router

  1. enable
  2. configure terminal
  3. ip routing
  4. exit

Re-run the test, it should have fixed it.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

How to block telnet and SSH on outside interface on Cisco routers

Posted by & filed under Cisco.

cisco, website

How to block telnet and SSH on outside interface on Cisco routers

By default, a lot of Cisco routers allow Telnet and SSH on the outside interface, this can cause a large security risk of being brute force attacked. Ideally Telnet should be blocked completely as it is an unsecure protocol and SSH should only be allowed from the inside interfaces or even better, certain IP addresses internally.

Before running this, make sure you actually have to deny Telnet and SSH from the outside!

The following commands assume the inside interface is “10.11.10.0” network with a 0.0.0.255 subnet, if not, change to your range.  You can add all this to a different access list if you want, it doesn’t have to be on “10”.

All commands need to be run without the “#” in front

Log into router

#en
#configure terminal
#access-list 10 permit 10.11.10.0 0.0.0.255
#line vty 0 4
#access-class 10 in
#exit
#copy running-config startup-config

Test to see whether this took affect by trying to Telnet or SSH to your outside interface from a different internet connection.

How to Shrink a Thin VMDK on ESXi 5.x Offline

Posted by & filed under VMware ESX.

vmware, website

How to Shrink a Thin VMDK on ESXi 5.x Offline

Over time virtual machine guests will grow in size if provisioned as a thin disk due to files being copied or log files being generated, once the files are unallocated (deleted or moved) the vmdk still reserves the location as used thus causing excessive white space. If you have a large datastore with a low cost per gigabyte then this isn’t so much of a problem but if you have a lot of virtual machines on a SSD which is still quite costly per gigabyte then you will want to reduce the size of them (like me).

I highly recommend doing a backup of the whole virtual machine to a separate datastore before preforming these steps. You can use a product called Veeam to do this, there is a free version with limited features but still works perfectly. You can find Veeam here

Firstly check what the allocated and actual size of the guest are:

  1. Log into shell or console of ESX physical host
  2. cd /vmdk/volumes/%disk%/%folder%
  • %disk% = the disk name
  • %folder% = the folder the vmdk file resides in
  1. ls –lh *.vmdk
  2. du –h *.vmdk

SDelete

Note: This process will make the VMDK start expanding to it’s maximum size so make sure you have enough space on that datastore or any guests that reside on it will shutdown!

You can download SDelete by Sysinternals here

  1. Log into Windows server
  2. Download SDelete
  3. Run SDelete
  4. SDelete – %:      (% = Drive letter)SDelete
  5. Shutdown the VM guest, if you don’t you will not be able to get a lock on the vmdkPunchzero Failed Lock
  6. vmkfstools -K %vm.vmdk>Punchzero Pending
  7. du -h *.vmdk

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

How to install and configure fail2ban on Linux

Posted by & filed under Hardening, Linux & Unix.

fail2ban-logo

How to install and configure fail2ban

Reducing your attack area is ideal but in the situations where you need to expose services to the wild, you should reduce the effectiveness of attacks, this is where Fail2Ban comes in handy, it constantly reads logs you specify in the configuration file for multiple user pass attempts, if detected it blocks the source IP for a set amount of time.

A Blerb from the Fail2Ban Wiki site:
Fail2Ban scans log files and bans IPs showing the malicious signs of too many password failures. Generally Fail2Ban updates firewall rules to reject the IP address for a specified amount of time, although any other actions can be triggered such as sending an email. Fail2Ban comes with filters for various services such as Apache, SSH, FTP etc.

Installation

Requirements: Python > 2.3

Source

  1. Log into the server
  2. su – root
  3. wget the source file
  4. tar xvf *.tar.gz

Debain

  1. Log into the server
  2. su – root
  3. apt-get update
  4. apt-get install fail2ban

Configuration

Configuration files will be located at /etc/fail2ban.

/ETC/FAIL2BAN/JAIL.CONF

The DEFAULT allows a global definition of the options; they can be overwritten in each jail afterwards.

ignoreip = (configured with 127.0.0.1 as a local loopback, I would suggest configuring other local network addresses that you will be connecting from and any outside addresses)

maxretry = (by default 5, maximum number of failed login attempts before a host is blocked by fail2ban)

bantime = (by default 600 and is calculated by seconds, host is blocked if caught by fail2ban)

SERVICE CONFIGURATIONS

Fail2ban can be configured on many different services; an example enabled by default in jail.conf is ssh:

[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
action = iptables

  • enabled: true/false – Enables or disables checking the ssh logs
  • port: service port – (referenced in /etc/services)
  • filter: – Name of the filter to be used by the service to detect matches. This name corresponds to a file name in ‘/etc/fail2ban/filter.d’, without the “.conf” extension.
  • Logpath: – The log file that fail2ban checks for failed login attempts
  • Action: – This options tells fail2ban which action to take once a filter matches. This name corresponds to a file name in /etc/fail2ban/action.d without the “.conf” extension.

Filters

The directory for filters is located in /etc/fail2ban/filter.d
Filters contain expressions that are used to detect break-in attempts, password failures for the different services.

Actions

The directory for actions is located in /etc/fail2ban/actions.d
Actions contain different scripts defining actions to be taken when a break-in attempt is triggered. Multiple actions can be defined by adding addition “actions” lines.

Example:

action = iptables
action = sendmail

Service Control

Once all configured, you can stop and start the Fail2Ban service daemon. All commands without the “#”!

# /etc/init.d/fail2ban stop
# /etc/init.d/fail2ban start

You can also check the status of the service

# /etc/init.d/fail2ban status
“Status of authentication failure monitor:fail2ban is running”

You can restart the service instead of executing the stop and start command

# /etc/init.d/fail2ban restart

If you have only changed the configuration, you can reload it to make it effective without restarting the services

# /etc/inid.d/fail2ban/force-reload

My Testing

I installed and configured this on my own shell and ran Hydra against it from BackTrack, the results where interesting to say the least, it looked like it didn’t affect Hydra at all but after stopping the attack and trying to shell to the server, the connection was refused.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

How to disable root SSH logins

Posted by & filed under Hardening, Linux & Unix.

linux, website

How to disable root SSH logins

One of the biggest security holes you could open on your Linux server is to allow directly logging in as root through ssh, because any cracker can attempt to brute force your root password and potentially get access to your system.

It’s much better to have separate account that you regularly use and simply sudo to root when necessary. Before we begin, you should make sure you have a regular user account and that you can “su” or “sudo” to root from it.

To fix this problem, we’ll need to edit the “sshd_config” file, which is the main configuration file for the sshd service. The location will sometimes be different, but it’s usually in /etc/ssh.

  1. Find sshd_config
    1. find . -name “sshd_config”
  2. Open the file up while logged in as root
    1. vi /etc/ssh/sshd_config
  3. Find the section containing the line “PermitRootLogin”
    1. /permitrootlogin
  4. Make the line look like this to disable root login through ssh
    1. PermitRootLogin no
  5. Save and close
    1. :wq
  6. Restart sshd service
    1. /etc/init.d/ssh restart

Now nobody can brute force your root login, at least. This reduces the surface attack area dramatically as someone attacking your shell would have to guess many thousands of usernames then dictionary attack all of them.

This is just one of the steps to harden your shell, others include Fail2Ban and Public/Private keys, I will cover these in other blog posts.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Five Handy & Hidden Windows 7 Features

Posted by & filed under Microsoft.

MS LogoIt happens with most things that come to market, there are usually a hidden secret or other uses for certain products, software is no exception, it’s always been there, you just have to know how to “access” it.

God Mode

Ever wanted one place that has all your settings for Microsoft Windows 7? To turn on “GodMode”, create a new folder on your desktop (or anywhere else) and name it: “GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}. Don’t include the final period. A folder called “GodMode” will be created which will contain 270 items from virtually every configurable location around Microsoft Windows.GodMode Configuration Items

Enhanced Calculator

So I bet you are thinking what could possibly be so great about an “enhanced” calculator… that is exactly what I thought. Under the View menu, you have a wide selection of unit conversions (temperature, weight, area) etc. It even has worksheets to calculate mortgage payments, car fuel economy and vehicle lease.Enhanced Calc - Mortgage

Reliability Monitor

When your computer is flaking out, reliability monitor might help. Search for “reliability” from the start menu and click “View reliability history”.Reliability Monitor

Wipe Free Disk Space

When you delete files or folders from Windows, they aren’t actually “deleted” – this shouldn’t be a surprise to you I hope! There is a built in utility into Windows (even XP and Vista) that will overwrite all the free space on the hard drive, insuring any files you have deleted stay deleted. Launch the command prompt and type “cipher /w:X” where X is the drive letter you wish to run this across.cipher

Virtual WiFi

Microsoft Windows 7 has a built in adapter called “Microsoft Virtual WiFi Miniport Adapter”. This virtual adapter can act as a software-based access point; it takes wired or wireless network connections and makes it available as a separate wireless network.

This lets you create your own hotspot from whatever network you’re connected to, which can be handy in many different scenarios, including when you want to connect multiple devices to a WiFi network that charges for access. To take advantage of this feature you will need a copy of the free connectify software

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Vi Cheatsheet

Posted by & filed under Linux & Unix.

Linux logo

Quitting

😡 Exit, saving changes
:q Exit as long as there have been no changes
ZZ Exit and save changes if any have been made
:q! Exit and ignore any changes

Inserting Text

i Insert before cursor
I Insert before line
a Append after cursor
A Append after line
o Open a new line after current line
O Open a new line before current line
r Replace one character
R Replace many characters

Motion

h Move left
j Move down
k Move up
l Move right
w Move to next word
W Move to next blank delimited word
b Move to the beginning of the word
B Move to the beginning of blank delimted word
e Move to the end of the word
E Move to the end of Blank delimited word
( Move a sentence back
) Move a sentence forward
{ Move a paragraph back
} Move a paragraph forward
0 Move to the beginning of the line
$ Move to the end of the line
1G Move to the first line of the file
G Move to the last line of the file
nG Move to nth line of the file
:n Move to nth line of the file
fc Move forward to c
Fc Move back to c
H Move to top of screen
M Move to middle of screen
L Move to bottom of screen
% Move to associated ( ), { }, [ ]

Deleting Text

x Delete character to the right of cursor
X Delete character to the left of cursor
D Delete to the end of the line
dd Delete current line
:d Delete current line

Yanking Text

yy Yank the current line
:y Yank the current line

Changing Text

C Change to the end of the line
cc Change the whole line

Putting Text

p Put after the position or after the line
P Put before the position or before the line

Markers

mc Set marker c on this line
`c Go to beginning of marker c line.
‘c Go to first non-blank character of marker c line.

VMWare ESX 5.x Host Commands

Posted by & filed under VMware ESX.

vmware-logo

You don’t need to manage VM guests using just the vSphere fat client or vSphere Web Client, you can manage VM’s from the host command line (CLI).

This is a short brief list of some of the more common commands to use, there are however a lot more that I am not going to spend hours documenting…

Before you do, you need to know the vmid of the VM guest which can be done below.

Physical Host Management

Power Off Physical Host

poweroff

Reboot Physical Host

reboot

Virtual Machine Management

getallvms

vim-cmd vmsvc/getallvms

Displays the following information for all VM’s on physical host:

  • Vmid
  • Name
  • File
  • Guest OS
  • Version

Power Control Options

vim-cmd vmsvc/<power.type> vmid<em></em>

Power Types:

  • power.on = power on
  • power.off = hard power off
  • power.reboot = hard reboot
  • power.suspend = graceful suspend (vmtools needs to be installed)
  • power.shutdown = graceful shutdown (vmtools needs to be installed)
  • power.reset = graceful restart (vmtools needs to be installed)
  • power.getstate = query power state

Disk Management

vim-cmd vmsvc/device.<type>
  • device.add vmid size controller_number unit_number datastore = add disk
  • disk.remove vmid controller_number unit_number delete file = remove disk
  • get.datastores vmid = get list of datastores for vm

Snapshot Options

vim-cmd vmsvc/<snapshot.type> vmid snapshotid
  • snapshot.get = get snapshot information
  • snapshot.create = create snapshot
  • snapshot.remove  = remove snapshot
  • snapshot.removeall = remove all snapshots

Templating

vim-cmd vmsvc/<convert.<type> vmid
  • convert.toTemplate = convert VM to template
  • convert.toVm = convert template to VM

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Tracking Website Activity on IIS

Posted by & filed under Microsoft.

MS LogoThere are heaps of ways to track website traffic hits depending on your requirements, platform and of course budget. One of the most popular methods of tracking statistics is through services such as Google Analytics however log file analysis remains the most reliable way to track your visitors as they are immune to script blockers.

I am familiar with AWStats on Apache as such I decided to use it on Microsoft IIS, this is a how to guide on installing it.

In order to capture data, AWstats requires you to log the following fields:

  • date
  • time
  • c-ip
  • cs-username
  • cs-method
  • cs-uri-stem
  • sc-status
  • sc-bytes
  • cs-version
  • cs (User-Agent)
  • cs (Referer)

Microsoft IIS 7 Setup

  1. Open “Internet Information Servers (IIS) Manager”
  2. Select the top level for all your websites
  3. Click on “Logging”IIS Manager
  4. In the logging configuration page, set up a single log file per site which roles over faily using local time for the namingLogging Configuration
  5. Clcik “Select Fields” and select the followingW3C Logging Fields
    1. Date
    2. Time
    3. Client IP Address
    4. User Name
    5. Method
    6. URI Stem
    7. Protocol Status
    8. Bytes Sent
    9. Protocol Version
    10. User Agent
    11. Referer
  6. Click “OK”
  7. Click “Apply” on the right hand side

Setting up AWStats

  1. Download from Sourceforge here
  2. Download Perl from here
  3. Install Perl to default location
  4. Open command prompt
    1. cd c:Perl64
    2. ap-iis-config add all
  5. Create a folder called “awstats” in the folder root folder of the website you want to track
  6. Extract AWStats into the awstats folder you created
  7. Copy the “awstats.model.conf” file to a file named “awstats.domain.com.conf” (where domain.com is the site to track)
  8. Open the fole with Microsoft Wordpad (I found Notepad doesn’t format correctly)
  9. The first thing to configure is “LogFile=”
    1. C:Windowssystem32LogFilesW3SVC[IIS_ID] = Microsoft Windows 2003
    2. C:inetpublogLogFilesW3SVC[IIS_ID]
  10. You can find the IIS ID by looking at the master site listing in IIS ManagerW3SVC ID
  11. 11. Set the options in the configuration file. This file has a very good explanation of what each option does, the main configuration parameters that are required to make it work is as follows:
    1. LogFile=”C:inetpublogsLogFilesW3SVC1u_ex%YY-24%MM-24%DD-24.log” (Server 2008/IIS7 Stats calculated every day)
    2. Logfile=”C:WINDOWSsystem32LogFilesW3SVC1ex%YY-4%MM-4%DD-4.log” (Server 2003/IIS6 Stats calculated every 4 hours)
    3. LogFormat=”date time cs-method cs-uri-stem cs-username c-ip cs-version cs(User-Agent) cs (Referer) sc-status sc-bytes”
    4. SiteDomain=”domain.com”
    5. HostAliases=’www.domain.com domain.com 192.168.0.1” (All URLS you are going to use to connect to AWstats, use internal and external)
    6. DefaultFile=”index.php index.html”Once you have saved your configuration file, run the AWStats Perl Script to compile the stats data.
  12. Once you have saved your configuration file, run the AWStats Perl Script to compile the stats data.
    1. C:inetpubwwwrootawstats>C:Perbinperl.exe awstats.pl –config=domain.comCompile Perl
      1. C:inetpubwwwrootawstats>C:Perbinperl.exe awstats.pl –config=domain.com
      2. Perl was installed in the C:Perl directory
      3. The config file is named “awstats.domain.com.conf”

Access AWStats through your web browser. The URL is publically available for everyone to view unless you configure security via IIS. To test the configuration, just browse to:

http://localhost/awstats/awstats.pl?config=domain.com

AWStats