Love I.T., Live I.T., Embrace I.T. – Page 17 – My little Information Technology blog

Security & SSL, Virtualization, Vunerabilities

VMware vCenter Server Appliance 5.5.0 Has An Insecure NTP Server

February 18, 2014 No Comments

On January 10, 2014 a vulnerability in ntpd, the Network Time Protocol daemon, was made public (US CERT VU#348126):

UDP protocols such as NTP can be abused to amplify denial-of-service attack traffic. Servers running the network time protocol (NTP) based on implementations of ntpd prior to version 4.2.7p26 that use the default unrestricted query configuration are susceptible to a reflected denial-of-service (DRDoS) attack. Other proprietary NTP implementations may also be affected.

I have encountered several vCenter Server Appliances, version 5.5.0 build 1476327 and older, that were exposed to the general Internet, and have been found to have this vulnerability. In these cases they were participating in DDoS attacks.

Yesterday I looked to the VMware KB to see if there were any security updates for these vCSAs, or mitigation approaches. Despite the vulnerability being over a month old there is no mention of it from VMware, nor is there a fix of any sort. The vulnerability probably extends to older versions of VMware ESX, too, if you are using NTP on them (as per best practices).

If you are running a vCenter Server Appliance I strongly suggest that you open a case with VMware Support regarding this problem. They have internal KB information about mitigating this. Ask them to search for CVE-2013-5211.

If you want to mitigate this problem on your own there are two ways to do it. First, VMware actually has public KB information in 1006427. It’s just buried (search that KB for CVE-2013-5211). Follow my steps below to edit the file and add their information.

If you want to mitigate the problem in a completely unsupported manner, but the one recommended by SANS and other organizations, you can SSH into the vCSA as root, and add “disable monitor” to /etc/ntp.conf. You can do this with the following steps:

vi /etc/ntp.conf
Move the cursor using the arrow keys to just below the entry called “driftfile /var/lib/ntp/drift/ntp.drift”
Type an ‘i’ to put vi into insert mode. Don’t type the single quotes I use here, just the letter i.
Type “disable monitor” and hit Enter.
Type ‘ESC’ to get vi out of insert mode.
Type ‘:wq’ to get vi to write the file and quit.
service ntp restart

SPECIAL THANKS for this article: http://lonesysadmin.net/2014/02/13/vmware-vcenter-server-appliance-5-5-0-insecure-ntp-server/

Monitoring, Quality Assurance

Justification for QA needing Network Monitoring software

February 13, 2014 No Comments

– Why do you need this software?

We need a product that can confirm our lab networking is in good working condition. Also that can quickly and easially spot issues live while testing, and historcally keep needed data when a potential bug is found. This information can be included during the time the bug is filed to assist in justification that the bug is or is not in fact a product related issue.

– What is the business impact?

The impact is high. Currently when bugs are submitted that are not obvious bugs, frequently the bug is kicked back by the developer that it looks like a connectivity issue. We then spend a day gathering any info we can find and send it back. If the issue happens over the weekend then it can prove very hard to find the needed logs and we find our selves having to repro the bug, and for some, this can take a day or more if it is an uptime or scaled test. We find that we can lose 1-4 man days just in getting the needed info to show that there was in fact no connection issues between all the points in that specific testbed. This can equate to loss of man weeks in a release cycle. This product would allow us to attach the needed information when the bug is filed, therefore eliminating any need for Development to kick the bug back as a network connectivity issue.

Cool Tricks and Tools, Linux, Monitoring

Chasing the tail of a Linux Server log file

February 6, 2014 No Comments

At a terminal run the following:
tail -f /var/log/messages

A nice little article on Tail:
http://linux.101hacks.com/unix/tail/

Cool Tricks and Tools, Monitoring

Show Advanced Graphs in PathSolutions TotalView

February 4, 2014 No Comments

If you want the “Show Advanced” to always show up on all pages in TotalView, here’s the registry entry for that:

Run RegEdit
Navigate to HKEY_LOCAL_MACHINE/Software/Wow6432Node/NetLatency/SwitchMonitor
Create a DWORD entry named DestWebAdvanced and set it to 1
Stop and restart the PathSolutions Network Monitor service

At this point, “Show Advanced” will display on all interface pages by default.

Automation, Virtualization

Modifying an AutoDeploy rule in PowerCLi

January 29, 2014 No Comments

After some hunting I found that modification of an AutoDeploy rule wasn’t as simple as Edit-DeployRule 🙂 My coworker Joe Keegan, the God of AutoDeploy walked me through the simple steps to modify existing rules rather that deleting and replacing.

NOTE: You do NOT need to use “” or other characters around the <VALUE> EXCEPT for the Pattern Value. Otherwise, the object is found when it checks the name against the GetType.

To replace the Pattern of an existing rule:
Get-DeployRule -name <RULENAME> | Copy-DeployRule -ReplacePattern “<NEW PATTERN>”

To replace the Image, Location, or Profile of an existing rule:
Get-DeployRule -name <RULENAME> | Copy-DeployRule -ReplaceItem <NEW PROFILE NAME>

« Previous 1 … 15 16 17 18 19 … 31 Next »