As tempting as it is, I have no intention of jumping on the ‘Shellshock’ band wagon and writing a vague post on the subject. However, I do find this recent bash exploit interesting and worthy of investigation as it’s simple to test and has a plethora of vectors that could be exploited. I’ve read many media reports on this and unfortunately some of their layman’s terms are inaccurate or do not provide the full picture. The purpose of this blog post is for my own reference and anybody that needs starting point of where to look. For an in-depth look at this then I would recommend you read Troy Hunt’s article. For a quick technical reference then feel free to read on… [Read more…] about Shellshock Vulnerability and Potential Exploitation (not another blog post on CVE-2014-6271 / CVE-2014-7169)
You know the story… you don’t have a static IP address for your internet connection so you use dynamic DNS, except a certain dynamic DNS company are no longer offering this for free. Well, an alternative is to script this yourself with a single line of code on your own Linux box at home and get it to update your DNS for you. You can have home.yourdomain.com update with your home internet IP automatically! I use Linode to provide me with my Linux web server, which runs on CentOS 6.2, but the other great thing about Linode is that you can use their name servers and have full access to your zone files. Even better still, they provide an API to do this and it’s really easy to set up.
What you need:
- A Linux machine (or Apple Mac) at home – This can either be a virtual machine running on your home PC or lab server, Ubuntu on your PC, laptop or you can even do this on your Apple Mac!
- A domain name hosted on Linode DNS servers.
- API key from Linode (Log into Linode then go to ‘my profile’ and scroll down to API key)
- A chair to sit on whilst you write some awesome bash scripts.
wget -qO- https://api.linode.com/?api_key="$API_KEY"\&api_action=domain.resource.update\&DomainID="$DOMAIN_ID"\&ResourceID="$RESOURCE_ID"\&Target=[remote_addr]
You’ll need to replace the sections in <> as follows:
<API_KEY> – This is the API Key that you can obtain from the ‘my profile’ page on your Linode account.
<DOMAIN_ID> – To obtain this, login into Linode and click on DNS Manager. Click on the ‘zone file’ for the domain and the ID is in square brackets at the top of the zone file (I.e ; yourdomain.com )
<RESOURCE_ID> – Log in to Linode, go to DNS Manager and edit the domain zone that you wish to update. Now edit the host record (I.e. home) and you’ll see the URL is something similar to: https://manager.linode.com/dns/resource/yourdomain.com?id=723215. The ID number (723215) is your Resource ID.
The wget line will call the API function and [remote_addr] will simply update it with the IP address the request is coming from (in other words, your home internet connection). If you want to get a bit more clever with your script, you could create an IF statement to check the IP address it has with your existing one. If they are different then update it, otherwise exit the script.
Automating the DNS Update:
The final step is to schedule this script to run every few hours. I use crontab for this, and it looks something like this:
0 */4 * * * /home/.scripts/linode-dns.sh 2>&1
If you are looking to deploy multiple ESX/ESXi servers then there are plenty of methods and tools out there, some more complex than others. There are vendor specific deployment products available such as HP Rapid Depuployment Pack (RDP) which uses Altiris, or alternatively there are free deployment tools such as ESX Deployment Appliance (EsleeDA) and Ultimate Deployment Appliance (UDA). UDA is my favorite tool for the job as it offers great flexibility such as the use of subtemplates (discussed later), and therefore this will be the basis of this article. It was created by Carl Thijssen and thanks to Mike Laverick of RTFM, it also supports ESX/ESXi deployments, and the latest build supports ESX/ESXi 4.1.
[Read more…] about VMware ESXi 4.1 Kickstart Scripted Deployment with UDA (PXE BOOT)
In this article I detail the steps required to configure your vMA as a Syslog server, and configure your ESX/ESXi hosts to send logging information to the vMA. Logging is often overlooked, but when managing multiple hosts it is far easier to send your logs to a Syslog server. I’m studying for the VCAP-DCA exam, and using vicfg-syslog is a requirement of the exam (Section 6.1) and the vMA is also essential to understand (Section 8.1). I hope my notes help you as they have helped me.
[Read more…] about 8.3 VCAP-DCA Study Guide – Configuring vMA for Logging
Start the VMware Tools installation
Using the VMware VI Client, right click on the Linux guest and select Install/Upgrade VMware Tools.
Mounting the CD-ROM
You’ll need to mount the CD-ROM on the Linux guest.
# mount /dev/cdrom /mnt
[Read more…] about Installing VMware tools on a Linux guest