I added a new disk using PVE (Proxmox) as a secondary IDE drive. Primary is 30GB. Running Ubuntu 14.04LTS (I know I should upgrade to 16, but I’m lazy)
Secondary drive is 400GB and I marked it NO Backup.
Adding a secondary HDD to linux is pretty easy.
List all of the drives
In my case it showed that /dev/sdb didn’t have a partition table. That fact, added to the other fact I know I was using sda already, made my choice pretty easy. Don’t take my word for it and actually fact-check against your own equipment!
Create partition on the drive
“N” for new, “P” for primary partition, “1” for partition number, “w” to write table to disk and exit. Most of these are the defaults anyway, so hitting “enter” a bunch of times works.
Create the filesystem
Enter a bunch of times
Display the UUID of the new partition/drive
Should get something back like /dev/sdb1: UUID=”98d83dk-e4c3-38cd89-3830c0909903″ TYPE=”ext4″
Add to FSTAB
*note* Adam will laugh at my use of NANO, but I’m a creature of habit.
Add the UUID to the bottom:
#/dev/sdb1 /mnt/sdb ext4 defaults 0 0
UUID=98d83dk-e4c3-38cd89-3830c0909903 /mnt/sdb ext4 defaults 0 0
Make directory and Mount the drive
I installed alien vault’s OSSIM (the community/free one) and added my subnets for scans. Unfortunately my APC PDUs and batteries really dislike having connection attempts every 2 hours.
Options would include deleting the range and adding smaller ranges, blocking via a firewall, or disabling alerts on the APCs for connection attempts.
So I opted for the easiest of blocking via the firewall:
SSH to my OSSIM box and “jailbreak” to get to a shell
Create a Shell script
iptables -A OUTPUT -d 10.4.0.241 -j DROP
iptables -A OUTPUT -d 10.4.0.242 -j DROP
iptables -A OUTPUT -d 10.4.0.243 -j DROP
iptables -A OUTPUT -d 10.4.0.244 -j DROP
Make the Shell script Executable
chmod +x block_apc.sh
Run the Shell script
I’m currently running Untangle as my firewall/router UTM and recently enabled SSL Inspection. Unfortunately apt-get was breaking on my linux boxen, so I had to import the certificate.
On my linux box I ran the following and it worked fine:
mv cert cert.crt
sudo cp cert.crt /usr/local/share/ca-certificates/
So I’m going through a bit of a Linux kick lately and one of the things I ended up doing was installing Ubuntu 16.04LTS on my Dell 7370 laptop. Afterwards, I started to get sick of the scrolling with two fingers on the touch pad – I was pretty used to the “natural scrolling” function on the laptops.
All of the guides were pointing me towards opening the Mouse/Touchpad settings, but there was no checkbox for Natural scroll anywhere to be found.
User “goetzc” from askubuntu.com pointed me in the right direction:
Find the section that says “Identifier ‘touchpad catchall’
Mine now says:
Identifier “touchpad catchall”
Option “NaturalScrolling” “on”
Option “MiddleEmulation” “on”
Option “Tapping” “on”
Option “DisableWhileTyping” “on”
I just realized that I couldn’t see the option in my Mouse settings panel because I had a non-compatible theme running that ruined the visuals of many options. Oh well, live and learn I guess.
I had a need to create a certificate for a new webserver. I have Linux machines available on my Windows dowmain that has a certificate authority advertised in active directory.
On your linux machine (that has openssl)
openssl req -new -sha256 -newkey rsa:2048 -nodes -keyout webserver1.key -out webserver1.csr
Generating a 2048 bit RSA private key
writing new private key to ‘webserver1.key’
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [XX]:US
State or Province Name (full name) :NO
Locality Name (eg, city) [Default City]:Town
Organization Name (eg, company) [Default Company Ltd]:Winks
Organizational Unit Name (eg, section) :IT
Common Name (eg, your name or your server’s hostname) :webserver1.localdomain.local
Email Address :email@example.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password :
An optional company name :
Copy the CSR to your clipboard
Copy all of the text including the “–BEGIN” and “–END”
Create the certificate request on your CA
Create a new request – Advanced certificate request
Paste the copied text
Select webserver for the certificate template
I always download as a base64 encoded certificate. I then copied the .cer to my linux box to run the next steps.
On your linux machine create the PFX
openssl pkcs12 -inkey webserver1.key -in webserver1.cer -export -out webserver1.pfx
Enter Export Password:
Verifying – Enter Export Password:
Copy the PFX back to your window machine, double click, enter the passcode, and away you go.
I had reformatted one of my hypervisor boxes (prox) and completely forgot about changing my SSH keys on other systems. I have a jumpbox that allows me to remotely access and admin the environment, but I couldn’t SSH into my prox system:
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:33
RSA host key for prox1 has changed and you have requested strict checking.
Host key verification failed.
Opening up my /root/.ssh/known_hosts file I see a bunch of giberish. Answer found from c0rp.
Fast and easy fix
sed -i '33d' ~/.ssh/known_hosts
Obviously change the ’33d’ to reflect your line number. e.g line 12 wouild be ’12d’
Then SSH to your machine again and you’ll be asked if you want to store the new RSA fingerprint.
Or you can use SSH Keygen
ssh-keygen -R yourmachinenamehere
After my engineers gave me a test vmware system full of the requested guest VM’s, I noticed that the CentOS system did not have any vmware tools installed. I attempted to run through the standard mount the CD and run the rpm’s, but I was greeted with a message saying I should run the open-vm-tools suite instead.
Install Open VM Tools
yum -y install open-vm-tools
Start the VM Tools Daemon
systemctl start vmtoolsd.service
Enable Startup on Reboot
systemctl enable vmstoolsd.service
service vmtoolsd start