Automatically Reboot VMware ESX Host after Purple Screen of Death (PSOD)

VMware_logo

 

The default and recommended setting is to leave the purple screen of death up to help you notice that the host has died and also leave the PSOD up to help troubleshoot the issue because on reboot you can loose your logs.

1. Shell (SSH) into the physical host or access the host directly from the troubleshooting console

2. Change the auto reboot timeout value (in seconds) in this example I have changed it to 2 minutes

esxcfg-advcfg -s 120 /Misc/BlueScreenTimeout
vmware esx bluescreentimeout

 

3. Test the physical host by sending an unsupported command (do this only if you really want to test it!)

vsish -e set /reliability/crashMe/Panic 1

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

How to Install WordPress on Linux Ubuntu or Debian

Install WordPress

Install WordPress on Linux Ubuntu or Debian

Assumptions:

  • A working Debian or Ubuntu server (ideally headless)
  • A working knowledge of Linux (view this post for some useful commands)
  • A standard Linux account preconfigured
  • Apache 2 installed and configured correctly
  • Ideally a preconfigured vhost (not required but a good idea, refer to this post)
  • PHP5 installed and configured correctly
  • mySQL installed and configured correctly
  • A valid domain name
  • Firewall rules allowing port 80 traffic from the internet to the internal Apache server
  • A records for the domain pointing to the outside static IP address of the Apache servers internet connection

Procedure:

Install WordPress

1. Log into the server using a standard Linux account (Ideally Putty to terminal)

2. Elevate to root privileges

su - root

3. Make a folder to hold WordPress in a temp area

mkdir -p /tmp/wordpress

4. Change to temp location

cd /tmp/wordpress

5. Download the latest WordPress source installation files

wget http://wordpress.org/latest.tar.gz

6 Extract files

tar -xzvf latest.tar.gz

mySQL Configuration

7. Log into mySQL (this will be your Root mySQL password, not the root of your Linux box)

mysql -u root -p

8. Create database (call it the same as your site)

CREATE DATABASE wordpress;

9. Create mySQL user (Change “username” to something other than username – it will only be used to authenticate to mySQL)

CREATE USER [email protected];

10.  Set the password for the username (Change password123 to something else)

SET PASSWORD FOR [email protected]= PASSWORD ("password123")

11. Grant privileges for the new user to the database

GRANT ALL PRIVILEGES ON wordpress.* TO [email protected]
-> IDENTIFIED BY 'password123';

12. Refresh mySQL

FLUSH PRIVILEGES;

13. Exit mySQL

EXIT

WordPress Configuration

14. Copy WordPress same configration file to a working file

cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php

15. Open configuration file (refer to this post for a reference to VI)

vi /etc/wordpress/wp-config.php

16. Find the following following lines:

define('DB_NAME', 'wordpress');
define('DB_USER', 'wordpressuser');
define('DB_PASSWORD', 'password');

Change “wordpress” to the database name you created in step 8
Change “wordpressuser” to the username you created in step 9
Change “password” to the password you created in step 10

17.  Save and exit

:wq

Loading WordPress to Apache

18. Change to the WordPress temp folder

cd /tmp/wordpress

19. Create new site folder (change”newsite.com” to the domain name of your site)

mkdir -p /var/www/newsite.com

19. Move all WordPress files from the temp location to the active location

mv * /var/www/newsite.com -R

20. Give ownership rights

chown www-data:www-data /var/www/newsite.com -R
chmod g+w /var/www/newsite.com -R

Apache Configuration

21. Install php5-gd

apt-get install php5-gd

MySQL Configuration

22. Install php5-mysql

apt-get install php5-mysql

Rewrite

23. Run the Apache rewrite

a2enmod rewrite

Testing

Browse to the site http://example.com/wp-admin/install.php

Conclusion

This was a quick write up on how to install WordPress on Ubuntu or Debian.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Keywords: Install, WordPress, Linux, Debian, Ubuntu

Install VMTools for Ubuntu or Debian using Bash Scripts

VMware_logo

If you are looking to install VMware VMTools on multiple Ubuntu or Debian Linux servers and don’t feel like typing commands all day then you can run this bash script to install it automatically so long as you are willing to accept all defaults.

1. Mount VMtools

2. Create script folder

mkdir -p /scripts

3. Create scripting file

vi /scripts/vmware-inst.sh

4. Paste the following into the script

#!/bin/bash
mkdir -p /mnt/vmtools
mkdir -p /tmp/vmtools
mount /dev/cdrom /mnt/vmtools
cp /mnt/vmtools/VM*.gz /tmp/vmtools
cd /tmp/vmtools
tar zxvf VM*.gz
cd vmware-tools-distrib
./vmware-install.pl -d
rmdir /mnt/vmtools
rm -rf /tmp/vmtools
echo Finished installation and cleaned up

5. Change script to execute parameters

chmod +x /scripts/vmware-inst.sh

6. Execute script

/scripts/vmware-inst.sh

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Stop SSH from Listening on IPv6

linux-logo-300x300

By default, SSH listens on both IPv4 and IPv6, if you don’t connect using IPv6 then you can disable it entirely from listening.

Example:

[email protected]:~# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2241/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2206/exim4
tcp6 0 0 :::22 :::* LISTEN 2241/sshd

Edit your SSH config file /etc/ssh/sshd_config

vi /etc/ssh/sshd_config

Uncomment out the following line:

#ListenAddress 0.0.0.0

Restart SSH daemon

/etc/init.d/ssh restart

Rerun netstat to check it isn’t listening

[email protected]:~# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2292/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2206/exim4

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Scheduling Cron Job’s in Linux

linux-logo-300x300

Linux Crontab Format

MIN HOUR DOM MON DOW CMD
Field Description Allowed Value
MIN Minute field 0 to 59
HOUR Hour field 0 to 23
DOM Day of Month 1 to 31
MON Month field 1 to 12
DOW Day of Week 0 to 6
CMD Command Any command or full script path

Crontab Commands

List Crontab

crontab -l

Edit Crontab

crontab -e

Edit other users cron entries

crontab -u user -e

Example: Scheduling a Task For a Specific Time

This will execute a backup shell script (backup) on the 1st of August at 0300hrs

00 03 01 08 * /home/user/backup.sh

00 = at the beginning of the hour
03 = 3 AM (24 hour time)
01 = On the first day of the month
08 = 8th Month (August)
* – Every Day of the week
/home/user/backup.sh = backup script (ensure it is executable)

Example: Schedule a Job For More Than Once a Day

This will execute a script switch a day every day on the hour

00 09,17 * * * /home/user/script.sh

00 = at the beginning of the hour
09,17 = at 9am and 5pm
* = Any day
* = Any month
* = Any day of the month
/home/script/script.sh = full script path

Example: Schedule a Job for a Specific Range of Time

If you want to schedule a job every hour in a specific range

00 07-16 * * * /home/user/script.sh

00 = at the beginning of the hour
07-16 = at 7am, 8am, 9am, 10am, 11am, 12am, 1pm, 2pm, 3pm, 4pm
* = Any day
* = Any month
* = Any day of the month
/home/script/script.sh = full script path

Example: Schedule a Job for Every Minute

If you want to schedule a job every minute

* * * * * /home/user/script.sh

Example: Schedule a Background Job for Every 15 Minutes

*/15 * * * * /home/user/script.sh

Special Characters

@yearly = 0 0 1 1 *
@daily = 0 0 * * *
@hourly = 0 * * * *
@reboot = At startup

Special Character Examples

@yearly /home/user/yearly_maintenance.sh

@monthly /home/user/month_backup_tape.sh

@daily /home/user/cleanup_logs.sh

@reboot /home/user/startup.sh

Specify PATH Variable in Crontab

All the above examples give the absolute path of the Linux command, you can add a path variable to just specify the script name

[email protected]$ crontab -l

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/home/user

Limitations

You cannot schedule cron jobs every second, the least is 1 minute intervals.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Building a FTP Server

 

proftpd

1. Install ProFTPd

apt-get -y install proftpd

2. Edit proftpd configuration file

cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf.orig
vi /etc/proftpd/proftpd.conf

Change the following lines to the following:

UseIPv6 off
ServerName "servername"
DefaultRoot /mnt

Change “servername” to the server name of the ftp server and “/mnt” to the ftp root location.

3. Add user

adduser username

Change “username” to a username you wish to use. If you are exposing this server to the internet then do not use one like “ftp” as that will be obvious to brute force attacks. Use at least 12 characters plus symbols for the password.

4. Restart ProFTPd

/etc/init.d/proftpd restart

5. Check to ensure ProFTPd is listening

netstat -ntlp | grep proftpd

Output should be something like:

tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      3267/proftpd

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Benchmark Linux VPS using Bash script

linux-logo-300x300

1. Log in to Linux VPS as root

2. Download bench.ch

wget https://chrisreeves.co.nz/downloads/bench.sh

3. Change bench.sh to executable

chmod +x bench.sh

4. Execute bench.sh

./bench.sh

5. Review results (example only)

CPU model : Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz
Number of cores : 1
CPU frequency : 398.458 MHz
Total amount of ram : 256 MB
Total amount of swap : 256 MB
System uptime : 32 days, 14:32,
Download speed from CacheFly: 6.84MB/s
Download speed from Coloat, Atlanta GA: 7.98MB/s
Download speed from Softlayer, Dallas, TX: 5.61MB/s
Download speed from Linode, Tokyo, JP: 8.06MB/s
Download speed from i3d.net, Rotterdam, NL: 5.85MB/s
Download speed from Leaseweb, Haarlem, NL: 5.95MB/s
Download speed from Softlayer, Singapore: 877KB/s
Download speed from Softlayer, Seattle, WA: 11.6MB/s
Download speed from Softlayer, San Jose, CA: 11.9MB/s
Download speed from Softlayer, Washington, DC: 10.8MB/s
I/O speed : 124 MB/s

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

ZyNOS (ROM-0) Exploit

ZyNOS is the proprietary operating system used on network devices made by the ZyXEL Communications Corporation, ZyXEL Communications Corporation first introduced ZyNOS in 1998.

A vulnerability exists with ZyNOS based routers (ZyXel, Netgear and TP-Link and maybe others) that can allow an attacker to download the rom-0 file and reverse engineer to retrieve the local admin password.

The Exploit

  1. Browse to http://targetip:8080/rpFWUpload.htmlrpFWUpload
  2. Download the ROM file
  3. Browse to http://198.61.167.113/zynosZynOS Config Decompressor LZS
  4. Click on “Choose File” and click on “Upload rom-0”Zynos result

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Basic Cisco Router Configuration

cisco_logo-1000px

Assumptions

The following is a list of assumptions, they don’t specifically have to be used and can be modified to suit your setup.

  • Using “Dialer0” interface to connect to ISP
  • Using CHAP for authentication
  • Using DHCP IP assignment from ISP
  • Using Google name servers
  • Using standard MTU size (1452)

Configuration

Enable Terminal Monitoring

enable
terminal monitor

Change Host Name

enable
configure terminal
hostname <name>
exit

Configure Enable Password (Hashed)

enable
configure terminal
enable secret <password>
exit

Enable HTTPS Server

enable
configure terminal
ip http secure-server
exit

Disable HTTP Server

enable
configure terminal
no ip http server
exit

Configure Name Servers

enable
configure terminal
ip name-server 8.8.8.8
ip name-server 8.8.4.4
exit

Configure Dialer0 Interface

enable
configure terminal
interface dialer0
description <name>
ip address negotiated
ip mtu 1452
ip nat outside
encapsulation ppp
no ip redirects
no ip proxy-arp
ip virtual-reassembly max-reassemblies 256
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname <ispusername>
ppp chap password <isppassword>
exit

Route Traffic to Dialer0

enable
configure terminal
ip route 0.0.0.0 0.0.0.0 Dialer0
exit

Configure NTP Server

enable
configure terminal
ntp server <ntpipaddress> source Dialer0 perfer
exit

Add Username

enable
configure terminal
username <name> privilege 15 secret <password>
exit

Disable Synchronous Logging

enable
configure terminal
line vty 0
logging synchronous
exit
line con 0
logging synchronous
exit

Disable Console and Shell Timeout

enable
configure terminal
line con 0
no exec-timeout
exit

Login Banner

enable
configure terminal
banner login &
*******************************************
*              Message here               *
*******************************************&
exit

Configure Ethernet Port 1

enable
configure terminal
description FastEthernet_Port1
ip address 192.168.0.1
duplex full
speed 100

Configure DHCP

enable
configure terminal
ip dhcp pool LAN_DHCP
import all
network 192.168.0.10 255.255.255.0
default-router 192.168.0.1
dns-server 192.168.0.1

Disable CDP Broadcasts

enable
configure terminal
no cdp run

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.