Monday, April 20, 2009

Virtualization – Where, When, Why - Part 1

- Make efficient use of hardware

- Consolidation of servers

- Consolidation of desktops

Testing /QA and Development Environment

- Network isolation

- Snapshots

- Fast OS/Application Deployment

Disaster Recovery

- Hardware independence

IT Administration

- Make life easier of a system administrator

- Faster OS deployment

- Faster Server Replacement

- Less hardware maintenance

Tuesday, April 14, 2009

Monitoring and system information under Linux

tail –f /var/log/messages
strace -c ls >/dev/null Summarise/profile system calls made by command
lsof -p $$ List paths that process id has open
lsof ~ List processes that have specified path open
tcpdump not port 22
watch -n.1 'cat /proc/interrupts' Watch changeable data continuously
free –m Show amount of (remaining) RAM (-m displays in MB)

ps -e -orss=,args= | sort -b -k1,1n | pr -TW$COLUMNS
List processes by mem usage
ps -e -o pcpu,cpu,nice,state,cputime,args --sort pcpu | sed '/^ 0.0 /d'
List processes by % cpu usage
ps -e -o pid,args –forest List processes in a hierarchy

uname –a
badblocks -s /dev/sda
hdparm -tT /dev/sda Do a read speed test on disk sda
hdparm -i /dev/sda Show info about disk sda
smartctl -A /dev/sda | grep Power_On_Hours How long has this disk (system) been powered on in total
mount | column –t List mounted filesystems on the system (and align output)
lsusb –tv Show USB info
grep "model name" /proc/cpuinfo Show CPU(s) info
grep MemTotal /proc/meminfo Show RAM total seen by the system

Checking Disk Space in Linux

• ls –lSr [ it will Show files by size, biggest last ]
• du -s * | sort -k1,1rn | head [ Show top disk users in current dir. ]
• df –h [Show free space on mounted filesystems ]
• df –i [Show free inodes on mounted filesystems ]
• fdisk –l [Show disks partitions sizes and types (run as root)]
• rpm -q -a --qf '%10{SIZE}\t%{NAME}\n' | sort -k1,1n [List all packages by installed size ]

Monday, April 13, 2009

RAID Concept

Raid Concept

1. Stripping

2. Mirroring

3. Parity

Stripping à process of breaking down data into pieces and distributing it across multiple disks that support a logical volume

- Better I/O performance

Mirroring -à process of writing the same data, to another “member” of the same volume simultaneously.

- Provides protection

Parity -à is the term for error checking.

Levels of RAID

RAID is s method of logically joining of two or more disks

RAID 0 : This level of RAID is a ‘normal’ file system with stripping, in which data loss is imminent with any disk failure.

- This gives good read/write performance but no recoverability.

- Minimum number of disks #2

RAID 1: Provides mirroring and hence full data redundancy.

- Mirroring, Recoverability, require write performance

- Minimum number of disks #2

RAID 5: Most common RAID implementation. Data redundancy is provided via parity calculations, but parity is stored along with the data.

- Recoverability, require read performance

- Minimum number of disks #3

Sync two servers

Let’s call the 2 servers ‘SOURCESERVER’ and ‘DESTSERVER’ for
SOURCESERVER = Source server (the server we’re connecting from to upload the data)
DESTSERVER = Destination server (the server we’re connecting to receive the data)

Part 1 - Setting up SSH key authentication
First, we need to make sure the DESTSERVER has the ability to use key authentication enabled. Find your sshd configuration file (usually ‘/etc/ssh/sshd_config’) and enable the following options if they are not already set.
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

If you edit the file be sure to restart sshd afterwards.
# /etc/init.d/sshd restart
Next, on the SOURCESERVER we will create the public / private key pair to be used for authentication with the following command.
# ssh-keygen -t rsa
*Note: Do not enter a passphrase for this, just hit enter when prompted.
This should create 2 files, a public key file and a private key file.
The public key file (usually [homedir]/.ssh/ we will upload to the DESTSERVER.
The private key file (usually [homedir]/.ssh/id_rsa) we will keep on the SOURCESERVER.
*Be sure to keep this private key safe. With it anyone will be able to connect to the DESTSERVER that contains the public key.
Now we will plant the public key we created on to the DESTSERVER.
Choose the user account which you will use to connect to on DESTSERVER, we’ll call this user ‘destuser’ for now.
In that account’s home directory, create a ‘.ssh’ subdirectory, and in that directory create a new text file called ‘authorized_keys’. If it already exists, great, use the existing file.
Open the ‘authorized_keys’ file and paste in the contents of the public key you created in the previous step ( It should look something like the following
ssh-rsa sourceuser@SOURCESERVER
Save the file and change the permissions to 600 for the file and 700 for the ‘.ssh’ directory.
Now to test that the keys are working.
From the SOURCESERVER try logging in as normal using ssh to the DESTSERVER.
# ssh destuser@DESTSERVER
If all is working you should not be prompted for a password but instead connected directly to a shell on the DESTSERVER.

Part 2 - Creating the rsync script

Now for the rsync script.
I use a simple script such as the following
echo $’\n\n’ >> $LOGFILE
echo “Completed at: `/bin/date`” >> $LOGFILE
Copy this file into the home directory of the sourceuser on the SOURCESERVER
and modify the first 4 variables in the file.
SOURCEPATH (Source path to be synced)
DESTPATH (Destination path to be synced)
DESTHOST (Destination IP address or host name)
DESTUSER (User on the destination server)
Save it as something like ‘’
Set the permissions on the file to 700.
# chmod 700
Now you should be able to run the script, have it connect to the DESTSERVER, and transfer the files all without your interaction.
The script will send all output to the ‘rsync.log’ file specified in the script.

Part 3 - Setting up the cron job

Assuming everything has worked so far all that’s left is to setup a cron job to run the script automatically at a predefined interval.
As the same sourceuser use the ‘crontab’ command to create a new cron job.
# crontab -e
This will open an editor where you can schedule the job.
Enter the following to have the script run once every hour
# Run my rsync script once every hour
0 * * * * /path/to/
Your 2 servers should now be syncing the chosen directory once every hour.

Use of "/" at the end of path:
When using "/" at the end of source, rsync will copy the content of the last folder.
When not using "/" at the end of source, rsync will copy the last folder and the content of the folder.
When using "/" at the end of destination, rsync will paste the data inside the last folder.
When not using "/" at the end of destination, rsync will create a folder with the last destination folder name and paste the data inside that folder.

Sunday, April 12, 2009

Microsoft's free XP, Office 2003 support ends April 14

If you have a Software Assurance licensing contract with Microsoft, you can buy paid support.

Windows XP SP2: Service pack will be retired on July 13, 2010.

Windows XP SP3: Service pack due to be retired two years after SP4 (if there is one) releases or in April 2014, whichever comes first.

Windows Vista Business: Free support ends on April 10, 2012; paid support ends on April 11, 2017.

Windows Vista SP1: Service pack will be retired two years after the release of SP2 (which is expected in April 2009), so likely in April 2011 (?).

Office 2003 SP3
: Service pack will be retired one year after SP4 (if there is one, which is doubtful) is released or in August 2014, whichever comes first.

Office 2007: Free support ends on April 10, 2012; paid support ends on April 11, 2017.

Office 2007 SP1: Service pack will be retired a year after SP2 debuts, so likely in April 2010 (?).

Windows Server 2008: Free support ends September 7, 2013; paid support ends October 7, 2018.

Wednesday, April 8, 2009

Conficker Preparations Tips

1. Patch all our computers with MS08-067

2. Get your AV updated with latest signature and make sure that all your PC's are getting updates from your AV server or directly.

3. Configure a full scan every night and make a list of infected nods for rebooting and in some cases send immediately for rebuilding

4. Get your SNORT systems up to date and blocking any RPC ,SMB 445 139 anomaly .

5. Gave a Nessus Scan to your LAN

6. make the folder: %windir%\Tasks - READ ONLY (for variant .b)

7. Disable auto run for all devices in GPO and apply the 967715 fix on your PC's.

8. use the removal tool from BitDefender (

Tuesday, April 7, 2009

Tips for Hardening a System

# Keep track with the latest vulnerabilities and patch your system

# Be aware about the services running and disable unneded services and ports

# Protect running services with tcp_wrappers if possible

# On the Internet, use only secure services

# Protect running network services with netfilter firewall

# Verify open ports and firewall rules with port scans

# Protect sensitieve data exchange over the internet with encryption

# On multi-user systems, protect access to user accounts (password hashes), set correct permissions on home directories, set disk quotas, establish user policies regarding passwords, applications, data, etc.