Friday, December 19, 2008

Cisco "Setup Express"

Newer Cisco "pizza box" switches (3560/3750 and others) have a MODE button on the front of them that is used for both the password-recovery feature, as well as the "setup express" feature.

Reference:
http://cciepursuit.wordpress.com/2007/06/29/completely-clearing-a-cisco-switchkinda/


I would recommend disabling the setup express feature(no setup express in configure mode) as it really provides NO benefit in my eyes. It does not affect the password recovery feature(unless you are super paranoid, disabling password recovery can be disastrous).

My argument is that while a switch is powered on, there should not be this easy to essentially reboot the switch with a blank config, with the only way to remedy is renaming files via console cable. This can have one nosy user/janitor take down your switch until you can run out there with a laptop.

Wednesday, October 8, 2008

Disable Vista's Media Center(Ultimate or Home Premium only)

Open a command prompt with admin rights(if you UAC turned on, just type cmd into the search bar of the start menu and hit Ctrl-Shift-Enter)

Type:
reg add HKLM\SOFTWARE\Policies\Microsoft\WindowsMediaCenter /v MediaCenter /t REG_DWORD /d 1 /f

To re-enable it(not likely to happen ;-))
reg delete HKLM\SOFTWARE\Policies\Microsoft\WindowsMediaCenter /v MediaCenter /f

Too good not to post

Wow...what an article:

http://www.babeled.com/2008/06/24/reaganomics-trickle-down-theory-suppliy-side-economics-or-by-any-other-name-is-still-a-fallacy/

Monday, October 6, 2008

VHDMount Fun

I had the lovely privilege of re-formatting my home PC the other day. I regularly use Vista(so sue me) on my home PC and I used its built-in backup tools to backup all my files to my second harddrive, including a CompletePC backup.

What I found was that for the normal file backup and restore feature, when you go to restore, it will restore ALL FILES FROM THE BEGINNING OF THE BACKUP SET. Take this scenario

  • Backup Set Created(first backup made)

  • Backup

  • Backup

  • Files Deleted

  • Backup


If I restore from the last backup, the deleted files will be found in the backups. Thats fine, pretty useful if i wanna undelete a file from awhile ago...but I did not anticipate this behavior....especially since I cleaned/reorganized my music collection recently.

So, I decided to open the CompletePC backup, basically a snapshot of the entire OS drive(which i made right before my format). It saves itself as a VHD file, which I need a microsoft program called VHDMount to open/use.

To get this tool, I had to download Microsoft Virtual Server 2005 R2 SP1 from here. Start the install, and you will probably want to do a custom install and only select the VHDMount tool.

Then, I tried to use the tool via the CLI...but with my fresh Vista SP1 install, UAC was turned on, so I had to open my command prompt in admin mode....easiest way is to Click the Start globe, type cmd in the search, and hit Ctrl-Shift-Enter(C-S-E is a shortcut to run anything as admin in Vista). After opening an admin prompt, I ran the tool with the /p switch(run vhdmount /? if you want to learn all the switches). But, it kept giving me a failed message.

Hunting around the internets, I found a solution, it seems it couldn't "plug in" the vhd file because of a driver issue...and this solves it(at least for me!):

  1. Control Panel->Hardware->Install drivers for older devices with Add Hardware wizard(its hiding on the left panel)

  2. Hit next and do the Advanced option, Show all Devices, Have Disk. Point it to the VHDMount install directory(C:\Program Files\Microsoft Virtual Server\Vhdmount\ by default) and have it install the vhdbus.inf.

  3. It will install "Microsoft Virtual Server Storage Bus" device.

  4. Then I had to run vhdmount with the /p switch again...this time it will fail again, BUT windows will fuss about it finding a device it can't find the driver for.

  5. Go to device manager(its in control panel) and right click the unhappy device and install this same inf file from above for this device and voila! it works.

  6. The virtual drive should now automount to the first available driver letter.


I am happy. It works a treat after a bit of finesse.

As a bonus, here is a reg script that will allow you to mount VHD files using the context menu(put this into a file with a .reg extension, save it and double click to merge):
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Virtual.Machine.HD]
@="Virtual Hard Disk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Virtual.Machine.HD\shell]
@="Plug in"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Virtual.Machine.HD\shell\Plug in]
@="&Plug in"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Virtual.Machine.HD\shell\Plug in\command]
@="\"C:\\Program Files\\Microsoft Virtual Server\\Vhdmount\\vhdmount.exe\" /p \"%1\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Virtual.Machine.HD\shell\Unplug (discard changes)]
@="Unplug (&discard changes)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Virtual.Machine.HD\shell\Unplug (discard changes)\command]
@="\"C:\\Program Files\\Microsoft Virtual Server\\Vhdmount\\vhdmount.exe\" /u /d \"%1\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Virtual.Machine.HD\shell\Unplug (commit changes)]
@="Unplug (&commit changes)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Virtual.Machine.HD\shell\Unplug (commit changes)\command]
@="\"C:\\Program Files\\Microsoft Virtual Server\\Vhdmount\\vhdmount.exe\" /u /c \"%1\""
[HKEY_CLASSES_ROOT\.vhd]
@="Virtual.Machine.HD"

Thursday, June 19, 2008

Simple Debian Lockdown(for those of you under NESSUS scrutiny)

There are a million ways to lock down a server. I prefer the non-paranoid method, since none of the data I work with is valuable enough warranting all the extra setup for paranoia-mode.

I recommend the following three, very simple, tasks to lock down your Linux server(specifically Debian Etch).

  1. Prevent root logins from SSH

  2. Turn off ident

  3. Disable RPC(only do this if you do not use NFS)


Preventing root logins via SSH is a good idea for two reasons.

  • Allows you to accurately log who is accessing your system...root can be somewhat anonymus if people know the password.

  • If someone who does know the root password becomes a threat, you simple have to restrict their username from being granted access(and physical security of course). This is a lot better than haveing to change the root password in a pinch (I like not having to update documentation every time someone leaves my company).


Removing Ident is merely to make NESSUS complain less. Its not really needed so lets shut it off.

  • Open /etc/inetd.conf in Vi/Emacs/whatever

  • Comment out the line that begins with ident(just add a # at the beginning of the line)

  • Save the file and restart inetd:  /etc/init.d/inetd restart


Finally, another thing to make NESSUS happy is to disable RPC if you arent using it(NFS shares mainly). Simple remove the package portmap from your system. On Debian: apt-get remove portmap

Wednesday, May 14, 2008

Exim4 "n00b" Guides

Exim4 is a very powerful MTA(the default for Debian Etch). Getting started with it is a bit daunting, and I found the official website too chock full of info to be useful for a newbie.

These two sites help quite a bit:

http://www.techcuriosity.com/resources/exim/exim.php

http://bradthemad.org/tech/notes/exim_cheatsheet.php

Monday, May 5, 2008

Exim Cheatsheet

This page has a good single-page command line admin reference for the popular exim MTA(the default MTA for Debian Etch).

I found it very useful.

http://bradthemad.org/tech/notes/exim_cheatsheet.php

Friday, May 2, 2008

SNMP Traps now working

Well, continueing from the past two postings, I have figured out what the problem was with the sending of SNMP traps. Apparently trap2sink sends a SNMPv2 trap, while trapsink sends a SNMPv1 trap.

trapsink works, trap2sink does not work.

I do not know why, but I have tested this. With trapsink configured alerts are received in IT Assistant, with trap2sink configured, no alerts are seen in the alert log.

That solves that! I think I finally have a fully managed 64-bit Debian Server....whats next?

Thursday, May 1, 2008

Further down the rabbit hole...

So I got the OMSA service working on my 64-bit Debian server. THATS all fine and dandy.

Yesterday, I spent hours getting the nuances setup correctly to just get this thing to be "managed" by the central Dell OpenManage server, hopefully my hard work will help someone out there.

First, in terms of server monitoring, Dell has their "client" OpenManage Server Administrator(OMSA), and their "server" IT Assistant.

My IT Assistant is installed on windows and is pretty self-explanatory to get that part done, and I already explained how to install OMSA.

Now, in order for IT Assistant to manage an OMSA client, it must have SNMP read-only access to it, and in Linux, this is done through snmpd via SMUX and in Debian, SMUX is disabled by default(but isn't immediately obvious).

First of all, you need to enable SNMP read-only access to your server.

Then, you need to add a smux configuration for the dell OID. Add this to your recently-made snmpd.conf
# Allow Systems Management Data Engine SNMP to connect to snmpd using SMUX
smuxpeer .1.3.6.1.4.1.674.10892.1

As I said, by default Debian has SMUX turned off. You need to re-enable it by deleting the -I -smux in the startup options line in the /etc/default/snmpd file.

Now make sure you restart your snmpd service
/etc/init.d/snmpd restart

Your Debian SNMP configuration is complete. You can check the status of the dell data engine by:
/opt/dell/srvadmin/dataeng/bin/dataeng status

Now add a 'range' in IT Assistant with the IP of your server and community string you setup for your server. Then run a discovery job and it should appear in your devices list. The icon next to the device signifies if there are any current alerts applicable to this server.

Congratulations, you can now "manage" your server.

My current problem is that it appears that I cannot have IT Assistant generate alerts for my server since it can only do so if it receives a trap from the server. I find this pretty silly, it should support alerting me based on its polling, not just by waiting for an alert.

I defined a trapsink in my snmpd.conf, and the hardware log shows the event(me pulling out a hard drive), but no trap is received by the IT Assistant. My syslog shows the following:
May  1 14:05:41 inp2552zeus snmpd[5992]: Got trap from peer on fd 14
May 1 14:05:42 inp2552zeus snmpd[5992]: Got trap from peer on fd 14
May 1 14:05:43 inp2552zeus snmpd[5992]: Got trap from peer on fd 14
May 1 14:05:44 inp2552zeus snmpd[5992]: Got trap from peer on fd 14
May 1 14:05:45 inp2552zeus snmpd[5992]: Got trap from peer on fd 14

Anyone have any idea what the issue could be?

Tuesday, April 29, 2008

Installing Dell OMSA on a 64-bit Debian Server

Dell doesn't quite support Debian(my favorite GNU/Linux server distro) for its OpenManage services line, but much work has been made by others on this front. Getting this done on 64-bit is a bit trickier still.

First, the easiest way to get OMSA(the openmanage service) on your box is to add the sara repositories to your apt.

add to the bottom of /etc/apt/sources.list:
deb ftp://ftp.sara.nl/pub/sara-omsa dell  sara


Now, (as root) run
aptitude update

to update your package list(from this new repository) then
aptitude install dellomsa

to download and install the package.

Once that is done, you may need to start the service:

/etc/init.d/dsm_om_connsvc start

If you are running 32-bit, you are done. If you have 64-bit, here is where it gets a lil hairy.

You have to download the following 32-bit debs from the main debian repository. Links provided are for the STABLE branch, if you are running unstable, please find your own links ;-)

After you downloaded each of these 32-bit(i386) debs, extract the files out of them(do not install) with the dpkg -x command. If you can't figure out how to do that, just read the dpkg manual.

Example:
dpkg -x libselinux1_1.32-3_i386.deb ./temp

When you are done you should find the following 4 files wherever you extracted them.
libsepol.so.1
libselinux.so.1
pam_unix.so
pam_nologin.so

Once you find these files, copy the two files that start with "libse" to the /lib32 directory and the two "pam_" files to the /lib32/security directory(you may have to create the security subdirectory).

Now, edit the /etc/pam.d/omauth file and replace the uncommented out lines with the path starting with /lib/security to /lib32/security. It should look something like this when you are done.(ignoring the commented out lines at the top)
auth       required     /lib32/security/pam_unix.so nullok
auth required /lib32/security/pam_nologin.so
account required /lib32/security/pam_unix.so nullok

One last step! Its an easy one. Just run the command ldconfig. This will update pam to read the new config files(the one you just edited) and now openmanage will be looking in the correct spot!

Now just browse to your web interface:(change IP as necessary). Make sure you use https to browse it, http will not work.
https://10.1.1.1:1311/

Login as root and BAM you are done.

This guide was built from a conglomoration of sites:(kudos to them!)

http://linux.dell.com/debian_9g.shtml

http://lists.us.dell.com/pipermail/linux-poweredge/2007-June/031531.html

http://blog.loftninjas.org/?p=100

Thursday, April 24, 2008

The Stereotypical 10 Kinds of People You Don't Want at your Party

This was the most truthful funny thing I've read in awhile! Posting this before I leave for Vegas ;-)

Originally from: http://burnthescript.com/?p=35

If you have been to college, or even if you haven’t, you have probably been to a good amount of house parties in your life. Most people at a house party just sort of blend in. They go about their business, and are pleasant enough. Some people cannot seem to do that. So without further ado the ten worst people you will meet at any house party…

Ten Worst People You Meet At A House Party


10. The “Inappropriate Music Guy”- This guy can take one of two forms, if there is a DJ he is the jackass requesting “November Rain” in the middle of a dance set. If the DJ doesn’t comply he tends to get whiny as hell, and say things like “Come on man, nobody likes this crap, just play something good” and proceeds to point to a full dance floor. If the DJ does agree, he sits around glaring at the DJ every time the song switches to see if it’s “his song.” When his song finally hits he gets a big goofy grin on his face and bobs his head, sometimes giving the thumbs up. His song also always results in the dance floor completely clearing.

The other form is if the party does not have a DJ this person will saunter his way over to the stereo (usually an Ipod at this point), and very slyly add his own playlist. A playlist of such party classics as “Knights in White Satin” and a random Velvet Underground B-side. If anyone criticizes his picks, or doesn’t recognize one, he gets elite. “I can’t believe you haven’t heard this song, its on King Crimson’s Unreleased basement tapes!” Seriously? You really just can’t believe I haven’t heard this song? Fuck off Inappropriate Music Guy.

9. The “I Need a Specific Drug Guy”- This guy is always looking for a drug, the party just isn’t a party without one. Usually he just wants weed, and if he finds it, he just sits there, gets high, and does nothing the rest of the night. Sometimes it’s not weed though, he wants something like Extacy (because he couldn’t possibly have sex without it), or every party usually has one guy looking for coke. You can tell if he found it because his eyelids are stapled to his forehead the rest of the night, and everything he says has 17 extra words said at 700 miles per hour.

Notice this person never has the drug they want on them, but has no problem asking everyone around for some. They also get very offended if someone who they barely know won’t give them free drugs, often retorting with the scathing “Dude, why are you being a dick?” He’s the same person trying to get a keg cup without paying.

8. The “This Party is Nothing Compared To…”/ “Story Topper” guy- This guy has been too all the best parties, with way more fun people, hotter girls, more drugs, better music, a bigger ice luge, a live dancing polar bear, a dedicated fellatio room, etc. These parties are never local. They are “when he was home” or “visiting friends in west bumblefuck.” You guys don’t party nearly as hard as those kids do. This party is ok, but it just doesn’t compare. Rarely does this person have a very specific story from that party, thats usually covered with a “I was so hammered I barely remember it.”

This guys alternate role at a party is that of the always fun to be around “story topper.” If you have done something he has done it twice; if you have seen a band, he smoked with them on their bus; if your best friend has cancer, his died in a plane crash on the way to a treatment center on his mothers fucking birthday. The best way to handle this guy is too see how ridiculous of a story you can get him to tell. Talk about the time you were attacked by a heard of gorillas on PCP in Antarctica. See where he goes from there.

7. The “Watch How Much I can Drink Guy”- This guy can drink SO MUCH. Just watch! He’s already had 14 shots tonight before he even got to the party. Which is why he’s not pounding more at this very second. In fact you haven’t seen him drink anything in four hours, but trust him, he has been drinking SO much. When you weren’t looking he says he finished two pints of tequila, on top of the 11 beers and 14 shots from before. He can drink more then you, and anyone else at the party. If anyone challenges his claims, his response is usually along the lines of “Anytime man, but not tonight, I already had a ton of booze.” If this person actually drinks anything at the party, you will know because they will be the person lying in their own vomit.

6. The “Inappropriately Dressed Girl”- It doesn’t matter the occasion or the climate. If it’s twenty degrees she’s in a skirt and tube top, if it’s summer she’s got on Ug boots and a bubble jacket. These girls usually move in packs, three of them will walk in at once, dressed for June in Miami, when its fucking January in Boston. They then tend to act as if they don’t know they are dressed inappropriately, and get looks on their face like “Why is everyone staring?” As if that wasn’t the point. If you want a good shot at getting laid, talk to one of them. Be careful, because these girls are not usually as attractive as they seem at first. Most of them are between 5-7 on the scale. However the fact that they stand out in a room full of people dressed reasonably, makes them look hotter, especially if its absolute zero outside, and they’re in a skirt. Oh, and use a condom, you’ll thank me later.

5. The Crying Girl- She appears later in the evening after a seemingly normal girl gets drunk. Sort of the female version of the drunk “I love you man” guy (however he doesn’t make the list, because he not the worst, so much as just slightly aggravating, just tell him you love him too, give him a hug and move on). This girl is crying. She’s not sure why, and she promises she’s “not usually like this.” Maybe it’s that she saw her ex-boyfriend a month ago wearing a Rush t-shirt with his new girl, and there was a rush for the jello shots at the party, and it reminded her of him, and blah blah blah… Don’t try to comfort her, everything you say is gonna come out wrong. Just leave her in the corner, she’ll stop at some point, and nine times outta ten there is someone at the party who gets caught in her emotional web. Let them handle it.

4. The Stumbling Mess- This person is just a hammered mess, incoherently ranting to you about something, or just doing their best impression of someone who can actually walk. Usually the same person at every party, every group of friends has that person who just cannot handle their liquor, or if they can have NO concept of their limits. It can be a guy or girl, sometimes if you’re really lucky it’s one of each and they have found each other. Usually at that point they start dancing horribly and running into shit. The best thing you can do with these people is just let them pass out, or if you are really evil give them shots till they throw up in the bathroom and call it a night so you don’t have to deal with them anymore. In certain situations this can be the most flat out aggravating person at the party, because their is no ability to reason with them. If you get any speech out of them at all it’s basically a slurred “Why are you getting mad man, I’m just having fun.” This being after the third time he’s thrown an elbow into the back of your head while he “dances.”

3. Dr Jekyll and Mr Hyde- Goes from cool person at the beginning of the night, who you can have a decent conversation with. However once they get drunk, it’s FIGHTING TIME. Everyone is looking at them, everyone is starting with them. It can be hard to spot this person, because they were chill at first. However they may possess are a few key signs…

1. Does he look like he left the gym, didn’t change, and came right to the party?

2. Does he have a basic tribal tattoo or barbed wire?

3. Did he find the coke he was looking for?

If you answered yes to one or more of the above questions, be aware. Not scared, just aware, because most of these guys like to yell and maybe even push, but can’t actually handle themselves worth a shit. Still, remember, fights ruin parties, so just tell him you saw some guy out in the hall talking shit about him, and when he leaves lock the door.

2. The Politcal Drunk- Almost inevitably in college with little or no political background. Rarely actually a government or politics major, might be a white guy with dreadlocks, or a Che’ Guevara shirt, or more likely both . This person knows how to fix everything, if we just adopted Zaire’s economic structure, with Canada’s health plan, and Slovakia’s school systems we would be so much better off. They never have specific examples, just vague ideas. They feel like they are breaking shocking news when they tell you Bush isn’t a very good president. Did you know he has married big business and government? Because they do! Not only do they know these things, they think the party atmosphere is a wonderful setting for their rants. I don’t suggest getting involved with these discussions, however tempting to call the person on their bullshit it might be. This person on some nights also plays the part of religious topic drunk.

1. The Vulture- This guy is the worst for a simple reason, you actually want to hit him when you see him in action. The rest of the people on this list you can ignore, and if your drunk enough even converse with. They aren’t bad people, just shitty drunks. This guy sucks, he walks into a party, nobody ever quite knows how he knows about the party or who he’s there with. At the very least he makes an awkward drunken pass at the party hosts girlfriend or visiting sister. When he’s caught he acts innocent, and pretends he is deeply offended by your accusations. You can then spot him by his mid-party tactics of trying to comfort the Crying Girl (so he can get laid), or hit on the Inappropriately Dressed Girl. As he gets drunker, his tactics get worse, and by the end of the night you can usually see him curled up on a couch with a passed out girl trying to maneuver his hand down her shirt. This guy tends to have had his ass kicked more then anyone else in history.

This is too good to not post

This is a great video post at Crooks and Liars:

The Daily Show: The Long, Flat, Seemingly Endless Bataan Death March To The White House

Wednesday, April 23, 2008

PuTTY Connection Manager

PuTTY connection manager is a great idea in the works, but is needing a bit more development.

Basically, Its an app that "grabs" multiple PuTTY windows into one, tabbed interface. It supports having an encrypted proprietary database of all your connection entries, complete with macroing your login credentials post-login commands.

Its current version, 0.6.0, works well enough, but has several GUI bugs(window not coming into foreground when clicking into the PuTTY window), and its macros do not support any kind of EXPECT functionality(only perform next command if the previous one returns "x").

I still recommend it, beyond its annoyances, and hopefully they will be corrected soon. Here is a link to their site: http://puttycm.free.fr/

Monday, April 21, 2008

Friday, April 18, 2008

Nmap port scanning

As a network engineer, I find myself using nmap quite a bit. For those of you who don't know what nmap is, nmap.org is a great place to start finding out. :-) But basically, its a TCP/UDP port scanning tool. It works on windows and linux, and even has a pretty GUI(that I dont use...command line all the way!). They have some good tutorials on the site if you don't know how to use it, and in my opinion, every IT professional should know how to use it on a basic level.

Back to my original thought. Was doing some security audits here at work and someone reported that "icmp is open to server X from outside the network." I thought they meant icmp echo(ping). I found that echo is indeed blocked, so they must NOT have meant that. So I remembered that only about 10% of IT people really, actually know their stuff, so I went about trying to reproduce their results.
C:\>nmap -sO X.X.X.X

Starting Nmap 4.60 ( http://insecure.org ) at 2008-04-18 09:56 Eastern Daylight

Time

Interesting protocols on X.X.X.X:

Not shown: 255 open|filtered protocols

PROTOCOL STATE SERVICE

1        open  icmp

And there it was. Nmap reports that icmp is open. There are a bunch of types of icmp other than echo(but echo is by far the most popular ;) ) But why is it reporting icmp as open?

I'm not 100% sure why, but here is my hypothesis:

From http://nmap.org/book/man-port-scanning-techniques.html I know that when doing a UDP scan, the only way to know if a port is closed is if a ICMP Type 3 Code 3 is returned. So I know that if i did a UDP scan and any ports come back "closed" then technically, icmp is "open", since any said closed ports have been noted as closed due to a icmp message from this server.

However, this thought is now fubar'd since a UDP scan returned no closed ports....hmmm. Really, I'm kinda stumped. I need to find a good way to probe all ICMP messages to see whats supported. Cannot find anything on google initially...need to dig a bit more. (nmap does not seem to support icmp "scanning")

Thursday, April 17, 2008

Youtube Politics

Youtube is great for these sorts of things. Hillary never has seemed too genuine to me, and much of the recent news coverage has backed up this notion. While I always give people the benefit of the doubt, and thus I question if these sound bites are taken out of context, there has to be some truth to her untruths.

One thing leads to another...

I just installed wordpress, gonna start up a blog. Not because I think anyone cares what I think, but if I release some of thoughts, my brain will be less chaotic.