[ESXi 3.5] Dell Optiplex G620 ESXi 3.5 U5 & Problems with Ubuntu 9.10 and Vmware Tools

So, we happend to get an new ESXi 3.5 Server, using an Dell Optiplex G620 for that.

To install ESXi 3.5 U5 onto that Desktop Machine, you NEED to upgrade to Bios A11 and Shutdown CPU Limit ID - and do the Install in SATA Normal Mode (not Compability!). You also need to use the Tipps to install to an IDE Drive (so changing TYPE_IDE to TYPE_ISCSI in the TargetFilter.py) - than it will work flawlessly... (As long as you get the Bios updated, we had the "orignial" A01 Bios and it refused to use an Boot CD for the Update (did load but then always did disable Keyboard - you couldn't enter anything...). We solved the Problem by using an REAL Floppy Disk... Yeah, was hard to get one. That worked! Ah and by the way, the ESXi install did load then, but the Keyboard got Stuck again - we plugged in an USB Keyboard and that one worked, the PS2 didn't wanted to.. well, it always an Adventure setting up ESXi on non-listed Hardware - especially with Dell Bios ;-)...

So - the other Problem is the new and very cool Ubuntu 9.10 - which we did install on the ESXi with latest Software Upgraded. Both Ubuntu 9.10 and ESXi 3.5 U5 (and latest Update by Infrastructure Update Client...). So Problem was: You installed everything, installed VMWare Tools and everything worked - rebooted and your Network was fried... Actually non DNS Lookup did work at all - and everything else neither. DHCP and such worked but it looked like something on the "Hardware" (lol?) / Kernel Level screwed up.

My Co Worker Sebastian came up with one Post, giving an Solution to the Problem:

Unplug the Network from your Ubuntu (by going into the Infrastructure Client, choose Settings of the Machine, choose the NICs and unklick both "Connected" Buttons, press Enter)

sudo rmmod pcnet32
sudo rmmod vmxnet
sudo modprobe vmxnet

Replug the Network

And now it works again!

.....until the next reboot.... T_T'''... >.<'

So.. no final solution here but NOT installing VMWare Tools.

And thats my recommandation after the 5th reinstall of Ubuntu.

Will try again on the next Ubuntu and ESXi Upgrade.

Remote Desktop with XDMCP on Ubuntu 9.10

To access the unsecured(!) Remote Desktop of an Ubuntu 9.10 installation, you need following:

First, install the openssh-server:

sudo apt-get install openssh-server

Then, you need to enable the XDMCP Server.

That became a bit tricky on that Installation, as the "Point 'n Click" enabling has been removed.

Dunno why. So, thats how it works. First we copy over the "empty" custom.conf for gdm:

sudo cp /usr/share/doc/gdm/examples/custom.conf /etc/gdm/

Then we edit it:

sudo vi /etc/gdm/custom.conf

It should look like this in the end:

# GDM configuration storage

[xdmcp]
Enable=true
DisplaysPerHost=2

[chooser]

[security]

[debug]

After that, we need to restart gdm:

sudo restart gdm

And thats it, the XDMCP is running. To access it on Windows i.E., you have to download Xming ( http://sourceforge.net/projects/xming/ )

Download and install the Windows Client, start the XLaunch Tool. Choose One window, Next, Open Session via XDMCP, Next, Enter the IP of the Ubuntu Server under "Connect to Host" and Press Next, Press Next, Save the Config were you want to have it and Finish.

Thats it, an X Window with the Login to your Server will open. Please bare in mind that this XDMCP Session is NOT encrypted. You should Tunnel it via SSH...

// Big Parts were taken from http://www.peppertop.com/blog/?p=690

SSH Tunneling

One of the most important things by working in "dangerous" Networking Enviroments is protection.

And by that I don't mean the usual (and important!) Anti Virus, Anti Malware and Firewall Software, but Traffic Tunneling, meaning VPN or SSH.

SSH is the secure equivalent to the good old (and Plaintext transmitted) Telnet. And its also more powerful: Its use is not limited to remote Control, but can also provide an secured Datatunnel through which all your Traffic to your Remote Location (i.e. an Mysql Database, Web- or Mailserver or the Web itself) is tunneld - and encrypted. Giving therefore little to no chance to "Wiresharkes" and other Cable Tappers or Span Users.

So lets go:

1. Setting up the SSH Server
Setting up an ssh Server is as simple as:
apt-get install openssh-server
if you're running Debian or Ubuntu.

Optional you can configure that the "root" Account
won't be able to access via ssh and you can configure that
Plaintext Passwords aren't allowed. We will go for an Keybased Setup here,
but I would recommend not shutting down this Plaintext Password Authentification
if you can't access the machine physically easily (as the Certifactes are only valid
for one year...).

2. Configuring the SSH Server
vi /etc/ssh/sshd_config

- change Port to 18000
Port 18000
// Thats an must!

- deactivate root access
PermitRootLogin yes
// Thats optional, it does NOT allow your root Account to login via SSH.
// Only set that if you know what you're doing!

- deactivate password login
PasswordAuthentication no
// Thats optional as well, you can set that after this whole thing,
// as you have working SSH Key Authentification - but beware,
// you won't be able to login via an Password then!
// ( And that will hurt if your Keys are expired and don't work anymore... )

3. Configure Router (NAT and Firewall) to Allow Access to your SSH Server.
Use Dynamic DNS (i.E. DynDNS.org) to get an Dynamic DNS Adress.
( Means that an adress like myserver.dyndns.org will always point to
your dynamically changing IP Adress of your Router. Most Routers have an
DynDNS Client built in, so they update the DynDNS Account on every IP Change -
look it up in the Handbook / Config Menu)

4. Setting up an SSH User with Restricted Shell Access
sudo apt-get install rssh
// Installs the restricted shell
sudo useradd tunnel -m -s /usr/bin/rssh
// Creates an User named tunnel with the Restricted Shell
sudo passwd tunnel
// Enter the Password you want for the User

5. Setting up Squid HTTP Proxy
sudo apt-get install squid

6. Creating the Connection using Putty and Setting up the Clients
Download the Putty installer from
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
and install. Then open Putty:

Session -> Hostname and Port: Enter your DynDNS Adress and the Port you chose for SSH
Connection -> Enable TCP Keepalives
Connection -> SSH -> Don't start a shell or command at all
Connection -> SSH -> Enable compression
Connection -> SSH -> Tunnels: Source Port you can choose i.E. 20000
// Source Port is the Port the Tunnel will end on your "Client PC"
Connection -> SSH -> Tunnels: Destination Port localhost:3128
// Destination Port is in that Case the Server (localhost) and Port 3128
// which is the Squid Proxy. But it could also be something like
// IPofyourRouter:21 to forward the Telnet of your Router to Port 20000 on
// the Remote PC, or IporNameofyourHomePc:3389 to forward the Windows
// Remote Desktop - or anything else. You would then connect with the
// Remote Desktop Tool to "localhost:20000" to Access your PC at Home.
Session -> Press Save and Save the Session
Session -> Press Open and Enter your Login, i.E. tunnel and password

You won't see anything as it stays open and "nothing happens".

Go to your Internet Explorer \ Firefox and enter as Proxy localhost, Port 20000

Internet Explorer:
Extras, Internetoptions, Lan Settings, Choose Proxy Server for Lan
Enter localhost, Port 20000

Firefox:
Extras, Settings, Advanced, Network, Settings
Manual Proxy Configuration, HTTP Proxy: localhost, Port 20000
For all Protocols

And now you'll be able to surf the Web Securely from everywhere through your
secured Tunnel!

WARNING: ONLY the Traffic is secured. Your DNS Lookups STILL go to your local
DNS Server. So i.e. the Local DNS Admin can see that you were surfing on
i.e. Google, Facebook or so - but can't see what you did transmit there.
To change that and to do DNS also tunneled via SSH do this:.

Internet Explorer:
don't know, isn't working

Firefox:
// Enter in the URL Bar:
about:config
// Look for this string and set it to "true"
network.proxy.socks_remote_dns

Only one thing to do left:
Set Keybased Authentification.
Keybased Authentification has two main Advantages:
a) You can use it allow scripts to identify themselfes via the key and use ssh
b) Its more secure as the Key does check its Serverpart and tells you if you're
connection has been redirected or intercepted. Its the way to go.

Creating keys:
su
// Enter password for root Access
ssh-keygen -t rsa -b 2048
Just "enter" through everything

Installing keys:
cd /home/tunnel/
mkdir .ssh
chmod 700 .ssh/
cd .ssh/
touch authorized_keys
cat ~/.ssh/id_rsa.pub > authorized_keys
chmod 600 authorized_keys
cd ..
chmod 700 .ssh/
chown tunnel -R .ssh/
exit

Download the key id_rsa in /root/.ssh/ via WinSCP to your PC
Startup puttygen which you did gain with the Putty installer.
Load the id_rsa in Putty and press on "Save Private Key"

Using key based Authentification with Putty:
Open Putty and load your Preset
Connection -> SSH -> Auth
And use the "Private Key File for Authentification" to point to your previously
set Private Key (wheter encrypted or not isn't important at this Point).
Go again to Session and Save again. Press Open.
You'll be asked to enter your Username and Passphrase (if you got one).
If you want to really automate that, you can even specify your Username in
Putty under SSH -> Connection -> Data "Auto Login Name"

[Eee901] Create an Backtrack 3 Eee901 Usb Stick

There are dozend Situations in which Backtrack 3 comes in handy.
Backtrack 3 is an special Linux Suite of Security Auditing Tools which allow i.e. WEP Cracking, Network Security Checking, Sniffing, and so on.
To make this nice Suite a bit more portable, we will put it onto an Usb Stick and customize it with Eee901 Drivers, persistent Changes and Nessus 4!

Download:
Backtrack 3 USB Version: http://www.remote-exploit.org/backtrack_download.html
unetbootin Windows: http://unetbootin.sourceforge.net
Partiton Tool, like partedmagic: http://partedmagic.com
Eee901 Pack: 901_net_gfx.lzm (you'll find it in google)
Nessus 4.0.2: http://www.nessus.org/download/
( We need the 4.0.2 as Nessus-4.0.2-linux-generic32.tar.gz and the Graphical Linux Interface for nessusd NessusClient-4.0.2-es4.i386.rpm )
And you should help yourself to an free personal key under http://www.nessus.org/plugins/?view=register-info

Preparation:
First thing is you need to prepare the Usb Stick. For Backtrack 3, an 2 GB Stick should be ok. For Backtrack 4, you would need an 4 GB Stick at least.
1) Get your stick and partedmagic CD
2) Plug it in and boot to partedmagic
3) Create with the Partitioneditor 2 Partitions
- 1) fat32, 900mb
- 2) ext2, 1100mb
-> write down if your usb stick is sda1, sdb1, or what.
4) Reboot - again to partedmagic
Now create an folder called changes to the second partition.
Should look somehow like this (not nice, but should work if you're on sda2...):

mount /dev/sda2 /mnt
cd /mnt
mkdir changes
cd /
umount /mnt

5) Done, boot to Windows

Installation of Backtrack 3:
1) Start unetbootin
2) Choose Disk Image, ISO and as file the Backtrack3 USB
3) Check wheter the destination drive is correct (your usb stick, fat32 partition) - CHECK TWICE! And Error would kill your System!
4) Press Ok and wait until its done, do NOT reboot
5) Copy 901_net_gfx.lzm to your usb stick, folder BT3\optional
6) Open syslinux.cfg in boot\syslinux\ and add following lines, which will be your new menu entrys for booting from the usb stick - with eee901 drivers.

label eee901save
menu label BT3 Graphics mode (Eee901) - Save Changes
kernel /boot/vmlinuz
append vga=785 initrd=/boot/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw load=901_net_gfx autoexec=kdm changes=/dev/sda2

label eee901
menu label BT3 Graphics mode (Eee901)
kernel /boot/vmlinuz
append vga=785 initrd=/boot/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw load=901_net_gfx autoexec=kdm

WARNING! changes=/dev/sda2 MUST be changed to what you saw on the partition - and maybe you still need to try it out.
2 means second partiton and thats right - ext2 partition. This changes tells Backtrack where it should save the changes you make while working in it.
the changes could be sda2 or sdb2 or sdc2. But mostly its sda2.

Save after you're done

7) Open cmd and access your usb stick, cd to boot\syslinux\ and execute this:
syslinux.exe -ma -d \boot\syslinux H: (H: should be your usb drive letter... will be different!)
This will write the bootmanager to the usb stick with the settings you entered in 6).
After changing for example the changes line there, you will need to repeat this again, also.

8) You're done. Boot from the stick, it should work.

Insallation of Nessus 4:
Nessus is an auditing tool which is really strong - but is not complete opensource - so you need to install it manually.
Boot onto your Backtrack 3...

Install NessusServer
Nessus-4.0.2-linux-generic32.tar.gz
gunzip Nessus-4.0.2-linux-generic32.tar.gz
tar -xvf Nessus-4.0.2-linux-generic32.tar
cd Nessus-4.0.2
install.sh

Follow the install instructions

/opt/nessus/sbin/nessus-mkcert
/opt/nessus/sbin/nessus-adduser
cd /opt/nessus/etc/nessus
nessus-fetch --register XXX-YYY-ZZZ-VVV (Serial you obtained)

Launch the Server:
/opt/nessus/sbin/nessus-service -D

Install NessusClient
NessusClient-4.0.2-es4.i386.rpm
rpm2tgz NessusClient-4.0.2-es4.i386.rpm
pkgtool (Select NessusClient-4.0.2-es4.i386)
cp /usr/lib/libssl.so.0.9.8 /lib
cp /usr/lib/libcrypto.so.0.9.8 /lib
cd /lib
ln -s libcrypto.so.0.9.8 libcrypto.so.4
ln -s libssl.so.0.9.8 libssl.so.4

Launch the Client:
/opt/nessus/bin/NessusClient

Nessus Install taken from: http://forums.remote-exploit.org/backtrack3-howtos/22031-backtrack3-nessus-4-0-install.html
Rest from Remote Exploit and others / google

Reset Password on Linux

1. Boot with Knoppix
2. mount /dev/sda1 /mnt
3. vi /etc/shaodw
4. i
5. kill the string between the first and second :...
for example: user:$1$pM8HYEMB$Cx0yiRM4pj2Ty4lFBWuy4.:12038:0:99999:7::: becomes:
user::12038:0:99999:7:::
6. ESC :w Enter
7. cd /
8. umount /mnt
9. reboot
10. login with user and just press enter on password.
11. enter passwd and change the password.
12. you're done!

SCP with Plain Password

My altered Version:

Call it with ./scp_bkp.sh User Password BKPPath ServerIP

#!/usr/bin/expect -f


set USER [lrange $argv 0 0]

set PW [lrange $argv 1 1]

set BKPPath [lrange $argv 2 2]

set IP [lrange $argv 3 3]
# 1 User, 2 PW, 3 BkpPath, 4 IP
# trick to pass in command-line args to spawn

#eval spawn scp $argv

eval spawn scp $USER@$IP:/bootbank/state.tgz $BKPPath
expect "password: $"

send "$PW\n"

# wait for regular shell prompt before quitting # probably a better way using 'wait' expect "$ $"

Orginally taken from: http://tiebing.blogspot.com/2009/01/scp-with-automatic-password-input.html

Linux Tar and Zip

Untar tar.gz
tar -xvzf filename

Tar tar.gz
tar -pczf filename folder/

Untar tar.bz2
tar -xvjf filename

Unzip
unzip filename

FreeNAS on ESXi

If creating an FreeNAS VM, choose Windows Vista (32bit) as VM Machine, as it will use the Intel E1000 NIC which does give you about double network performance.
DON'T FORGET TO CHANGE BACK VM TYPE TO LINUX (32bit) BEFORE POWERING ON!!!!

Taken from: http://www.network0.org/2008/11/18/on-freenas-and-esx-performance/

Linux Networking

Configure NIC:
ifconfig -a eth0 192.168.1.132 netmask 255.255.255.128
route add default gw 192.168.1.129

Set NIC down / up:
ifconfig eth0 down
ifconfig eth0 up

Restart Networking:
/etc/init.d/networking restart

Shrink VMware Image Files on Linux Appliances

Works only with dynamic HDDs!

1. Backup!

2. Remove old / unused Packages

3. Remove downloaded Packages: sudo apt-get clean, Remove only old downloaded Packages: sudo apt-get autoclean

4. "ZeroOut" unused Space: cat /dev/zero > zero.dat ; sync ; sleep 1 ; sync ; rm zero.dat

5. Under GUI: "sudo vmware-toolbox" and use shrink on "/"

6. Under VIClient: Defrag