Linux, Troubleshooting

Proxmox Ubuntu Debian Force Reboot

Leave a comment

I had a cluster of proxmox servers (debian) that refused to reboot. I had just run some updates as part of the monthly maintenance schedule and issued the “reboot” command. I have molly-guard installed, so I had to type the name of the server as well, but they were just sitting there.

Checked the /var/log/messages for any ideas – system preparing for reboot.

The server continued to function as it had before the reboot command – I could use apache, ssh, webmin, etc all fine. As the servers are located at a not-close datacenter AND I have KVM control from any VPN connection, I decided to try to find a way to force it down. Unfortunately our DC does not allow us to control the smart PDUs installed in each rack as they retain the right to remotely monitor our power consumption.

After a short search on my favorite g search engine site, I come across this:
echo 1 > /proc/sys/kernel/sysrq
echo b > /proc/sysrq-trigger

As soon as you hit enter on the second command the server will drop and start to reboot.

Linux, Networking

Security Onion

1 Comment

After reading some more sans security documents I was pointed toward Security Onion as my go-to for IDS/IPS. I had been using snorby TKL by smooth-sec (Bailey.st), but it wasn’t doing a great job and the documentation was lacking. Security onion is more of a resource hog but offers quite a few awesome tools. Here is my basic setup to get Security Onion working properly:

Download ISO, burn, Install on a server (Dell PE1850, 2x 2.8GHz Xeon, 16GB RAM, Mirror 300GB SCSI)

Added Root User – I still dislike all this “sudo this” and “sudo that”
sudo passwd root

Update Operating system
apt-get update
apt-get upgrade

Update Onion
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"

Turn off sensor for Eth1 (assuming Eth0 is mirror port and Eth1 is LAN)
nsm_sensor_ps-stop --sensor-name=YOURSERVERNAME-eth1
nano /etc/nsm/sensortab
Comment out the Interface to disable

Reboot
reboot

Remove SIDs/Block Addresses (*OLD*)
Block SIDs will stop snort from even reporting the issue – by default ALL rules are enabled
nano /etc/pulledpork/disablesid.conf

1:1411-1:1419,1:OTHERRULES,1:ETC

/usr/local/bin/pulledpork_update.sh
nsm_sensor_ps-stop
nsm_sensor_ps-start

Remove SIDs/Block Addresses (*NEW*)
Block SIDs will stop snort from even reporting the issue – by default ALL rules are enabled
nano /etc/nsm/pulledpork/disablesid.conf

1:1411-1:1419,1:OTHERRULES,1:ETC

/usr/bin/rule-update
nsm_sensor_ps-stop
nsm_sensor_ps-start

Blocking IPs will stop snort from worrying about certain hosts – by default ALL hosts are worried
nano /etc/nsm/YOURSERVERNAME-eth1/bpf.conf

Add the following template:

#Nothing from src host to dst port
!(src host xxx.xxx.xxx.xxx && dst port 161) &&
#Nothing from src host to dst host and dst port
!(src host xxx.xxx.xxx.xxx && dst host xxx.xxx.xxx.xxx && dst port 80) &&
#Nothing to or from:
!(host xxx.xxx.xxx.xxx) &&
#Last entry has no final &&
!(host xxx.xxx.xxx.xxx)

nsm_sensor_ps-restart

Microsoft

List AD User Information CSV

Leave a comment

I needed to list all users and their creation dates to verify that they were in the correct groups.

Script here

You need to edit the two spots:
objConnection.Open “DOMAINCONTROLLER”
“SELECT Name, profilePath, homeDrive, distinguishedName,userAccountControl FROM ‘LDAP://dc=DOMAIN,dc=LOCAL’ WHERE objectCategory=’user'”

Microsoft

Devcon For Windows x64

8 Comments

Had a system with Windows 7 x64 (64 bit) and I wanted to be able to run devcon on the system. Devcon basically allows command line interfacing instead of using the device manager GUI. This means I could write up a quick batch file to restart the wireless interface (the entire reason I wanted it to work).

Looks like Microsoft allows you to download an old version that works with x32 and ia64 systems, but not x64. The x32 version did not work with my 64bit windows 7 install – probably because the hardware is using all 64bit drivers. In order to download the newest version, they make you install the entire Windows Developer Kit in order to utilize this one tool. Sure, there are ways to extract it, but talk about a PITA.

Fortunately this guy (http://munashiku.slightofmind.net/20090621/sometimes-64-bit-is-a-pain) decided it would be awesome to host the files I needed without requiring that much thought. I’ll put them up in the utilities area sooner or later just in case.

DevCon x64

Linux

Change Default Page In Apache

Leave a comment

Running on Debian 6/Ubuntu 10.04.4.

Add the .htaccess file in the directory you want to change the default page:
nano .htaccess
Add the DirectoryIndex configuration
DirectoryIndex home.htm index.html
Save and quit
This will make home.htm the newest default page

Microsoft

RDP Stops Working After SP1 2008 R2

Leave a comment

I was finishing up my SP1 rollouts on server 2008 R2 when a couple employees were complaining they could no longer RDP into the servers. Brief check of the eventlog showed:

Message = Faulting application name: svchost.exe_TermService, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: rdpcorekmts.dll, version: 6.1.7600.16952, time stamp: 0x4f1f9e66

Well that’s no good.

What I ended up doing was:
services.msc
remote desktop services – set this to automatic and change to always attempt to restart the service if a crash happened.

Is this the most correct way? Probably not, but it worked for me.

http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/f5855b60-f29c-4c90-b364-e364589e5267

Microsoft

Error 800F0818 SP1 Install

Leave a comment

I was trying to upgrade a few 2008 R2 servers to SP1. Two of the three were successful without any issues. The third gave me some trouble – so I found a way to fix it.
Fast forward a couple more weeks and I upgraded a pair of identical 2008 R2’s to SP1. One success. One Failure. So now here’s my documentation (lot of help from http://jasonduffett.net/post/5189439239/windows-2008-r2-service-pack-1-error)

Download and run this file:
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=c4b0f52c-d0e4-4c18-aa4b-93a477456336&displaylang=en

Open the log file:
C:\windows\logs\cbs\checksur.txt
Scroll to the bottom where it says “Unavailable repair files”
We want to know the servicing\packages\PACKAGENAME

Take ownership
takeown /f c:\windows\servicing\packages\PACKAGENAME.cat
takeown /f c:\windows\servicing\packages\PACKAGENAME.mum

Grant permissions
icacls c:\windows\servicing\packages\PACKAGENAME.cat /grant administrators:F
icacls c:\windows\servicing\packages\PACKAGENAME.mum /grant administrators:F

Copy from another system
copy \\anothersystem\c$\windows\servicing\packages\PACKAGENAME.cat "c:\windows\servicing\packages\"
copy \\anothersystem\c$\windows\servicing\packages\PACKAGENAME.mum "c:\windows\servicing\packages\"

Re-run the assessment installer tool.
Re-run the sp1 installation.
Profit

Ramblings Of An IT Person