m d3velopment a technical and security blog

13Apr/140

Critical OpenSSL security exploit (aka Heartbleed)

Important: Critical OpenSSL security exploit

A serious vulnerability has been discovered in OpenSSL (the most popular SSL module used on Linux based servers). This exploit allows a third party to steal information that would otherwise be secured and encrypted with the SSL/TLS protocol.

If you have a virtual server (VPS) or dedicated server you urgently need to apply the latest OpenSSL patches. Instructions below -

cPanel/WHM:

  1. Login to WebHostManager
  2. Go to cPanel in the left hand menu
  3. Click Upgrade to Latest Version
  4. Follow upgrade instructions
  5. Go to Software in the left hand menu
  6. Click Update System Software
  7. Follow upgrade instructions

SW-Soft Plesk

  1. Login to the Plesk Control Panel
  2. Go to to Settings
  3. Run the Plesk Updater

For the CentOS operating system:

  1. SSH in as root
  2. Run the command ‘yum update’ from the command line
  3. Yum will update the at-risk packages

For Ubuntu or Debian operating system:

  1. SSH in as root
  2. Run the command ‘apt-get update && apt-get upgrade’

If you need assistance patching your systems consider contacting a technical services company such as Aorta Consulting.

Filed under: Linux, Security No Comments
8Apr/140

Sysdig – Linux System Troubleshooting Tool

Sysdig is an open source Linux system troubleshooting tool which allows you to capture system state and activity from a running Linux instance, then save, filter and analyze it. It includes strace, tcpdump, lsof and a number of other utilities all compiled into one Swiss-army style tool.

Sysdig is designed to simplify system level troubleshooting, in-particular distributed, virtualized and cloud-based environments. Sysdig captures system calls and other system level events using a linux kernel facility called tracepoints, which means much less overhead than strace. It then “packetizes” this information, so that you can save it into trace files and filter it, a bit like you would do with tcpdump. This makes it very flexible to explore what processes are doing.

For installation instructions please click here.

Filed under: Linux No Comments
29Mar/140

Install Dell OpenManage Server Administrator on VMware ESXi 5.x

Dell OpenManage Server Administrator or OMSA  allows you to see detailed information regarding your Dell hardware. It also allows you to perform operations such as specifying hot spares, configure RAID arrays and setup hardware monitoring and alerts.

Download the OMSA Offline Bundle from the Dell Website

Visit http://support.dell.com, enter your servers 'service tag' then browse to 'Drivers and Downloads'. Under 'Operating System' select the version of VMware ESXi you are using, e.g. VMware ESXi 5.5 then under the "Systems Management" download the "Dell OpenManageServer Administrator vSphere Installation Bundle (VIB) for ESXi X.X.X" where X.X.X is your version.

Enable SSH on your VMware Server

In order to upload the OMSA Offline Bundle and install it you will need to enable SSH access to your VMware server as follows:

Use the vSphere Client to enable local and remote access to the ESXi Shell:

  1. Log into a vCenter Server system using the vSphere Client.
  2. Select the host in the inventory panel.
  3. Click the Configuration tab and click Security Profile.
  4. In the Services section, click Properties.
  5. Select ESXi Shell from this list:
    ESXi Shell
    SSH
    Direct Console UI
  6. Click Options and select Start and stop manually.Note: When you select Start and stop manually, the service does not start when you reboot the host. If you want the service to start when you reboot the host, select Start and stop with host.
17Mar/140

Cisco Wireless Access Points and the Google Chromecast

I recently purchased a few Google Chromecast's to use for "wireless HDMI" within our business. The Chromecast allows for full screen browser streaming and for $35.00 USD on Amazon ($30.00 at Staples!) it is a great way to share notes during a meeting, project information and multimedia.

Our company leverages Cisco based Access Points for our 802.11n/ac wireless access. Out of the box, I found that Chromecast's were able to connect but Chrome was unable to "cast" to the devices. Several articles here and here pointed to UPnP (IGMP) as being the issue.

Disabling IP IGMP snooping and the snooping helper within the access points resolved the issue:

1
2
no ip igmp snooping
no dot11 igmp snooping-helper

No restart of the Access Point or Chrome device is required after making this change.

27Jan/140

Mining Pool Recommendation

Not a lot of time to post at the moment due to a busy work schedule and several life changes.

I do want to take a quick moment and give a shout-out to Jason Hughes (aka wizkid057) over at Eligius. Eligius, maintained by wizkid057, is a 0% fee Bitcoin mining pool which is completely anonymous and provides solid, reliable infrastructure to support the pool user base. Wizkid057 is quick to support pool users via the BitcoinTalk forums.

If you are looking for a primary pool or a secondary pool for your mining rig/s, check out Eligius!