Showing posts from January, 2012

SCVMM 2012- Creating a Highly Available VMM Server

Here are the pre-requisites for a HA VMM server installation: 1. Failover clustering feature added, cluster created and configured (Windows Server 2008 R2 is the minimum OS version supported as node servers) 2. Windows Automated Installation Kit (AIK) for Windows 7 installed on all nodes that will be used as VMM servers 3. Server and instance name of a SQL Server 2008 or SQL Server 2008 R2 cluster or remote SQL server (best practice to use clustered SQL Server with HA VMM servers) 4. For our DKM (Distributed Key Management) requirement, either logged on, installing VMM with an account that has “edit” permission on the Active Directory container (can be a lower level container doesn’t have to be the root) or DKM group pre-created on Active Directory and its name available to provide at setup (more on DKM requirement later)
HA VMM Installation Steps When we were designing this f…

How to install Data Protection Manager to a Windows 2008 Server

Article describes how to install DPM on to a 2008 Server. However I have found that this article is incomplete. The following is how to install DPM onto a 2008 Server. After the 2008 Server setup has finished perform the following: 1. Click Start, point to Administrative Tools, and then click Server Manager. 2. Expand Server Manager to the Features node, and then select Features. 3. In the Features pane, click Add Features. 4. Select Windows PowerShell, and then click Next. 5. On the Confirm Installation Selections page, click Install. 6. Click Start, point to Administrative Tools, and then click Server Manager. 7. Expand Server Manager to the Roles node, and then select Roles. 8. In the Roles pane, click Add Roles. 9.  In the Add Roles Wizard, on the Before You Begin page, click Next. 10. On the Select Server Roles page, select Web Service (IIS). 11. In the Add features required for Web Server (IIS)? message box, click Add Requ…

DHCP -Information

Displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings. Used without parameters, ipconfig displays the IP address, subnet mask, and default gateway for all adapters.
ipconfig [/all] [/renew [Adapter]] [/release [Adapter]] [/flushdns] [/displaydns] [/registerdns] [/showclassid Adapter] [/setclassid Adapter [ClassID]]
Top of page
/all : Displays the full TCP/IP configuration for all adapters. Without this parameter, ipconfig displays only the IP address, subnet mask, and default gateway values for each adapter. Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections.
/renew [Adapter] : Renews DHCP configuration for all adapters (if an adapter is not specified) or for a specific adapter if the Adapter parameter is included. This parameter is available only on computers with adapters that are…

Upgrade Linux Kernel

You need to compile kernel only if:
=> You need custom made kernel for specific task such as embedded kernel. => Apply third party security patches. => You need to apply specific patch to Linux Upgrade of the kernel in Red Hat enterprise Linux version <= 4.xIf your system is registered with Red Hat Network (RHN), then you can use the up2datecommand as follows:
# up2date -f kernel
For SMP kernel (multi core or multiple CPU) use command:
# up2date -f kernel-smp Upgrade of the kernel in Fedora Linux / CentOS / RHEL 5Use yum command to upgrade kernel:
# yum update kernel If you have downloaded RPM file use rpm command:
# rpm -ivh kernel* Upgrade of the kernel in Debian or Ubuntu LinuxUse apt-get command. First find your kernel version:
$ uname -r
Next find available kernel images:

How to find which kernel version is installed on my Linux system

Q. I am a new proud Linux user. My question to you is - how do I find which kernel version installed on my Linux system? How do I upgrade my kernel to latest version? Any help would be greatly appreciated. A. The Linux kernel is the central component of most computer operating systems (OSs). Its responsibilities include managing the system's resources and the communication between hardware and software components. You need to use uname command to print certain system information including kernel name. Type the following command to print kernel version number:
$ uname -r
Output: 2.6.20-15-generic

20 Linux Server Hardening Security Tips-3

#17: Logging and AuditingYou need to configure logging and auditing to collect all hacking and cracking attempts. By default syslog stores data in /var/log/ directory. This is also useful to find out software misconfiguration which may open your system to various attacks. See the following logging related articles: Linux log file locations.How to send logs to a remote loghost.How do I rotate log files?.man pages syslogd, syslog.conf and logrotate.#17.1: Monitor Suspicious Log Messages With Logwatch / LogcheckRead your logs using logwatch or logcheck. These tools make your log reading life easier. You get detailed reporting on unusual items in syslog via email. A sample syslog report: ################### Logwatch 7.3 (03/24/06) #################### Processing Initiated: Fri Oct 30 04:02:03 2009 Date Range Processed: yesterday ( 2009-Oct-29 ) Period is day. Detail Level of Output: 0 Type of Out…

20 Linux Server Hardening Security Tips-2

#11: Configure Iptables and TCPWrappersIptables is a user space application program that allows you to configure the firewall (Netfilter) provided by the Linux kernel. Use firewall to filter out traffic and allow only necessary traffic. Also use the TCPWrappers a host-based networking ACL system to filter network access to Internet. You can prevent many denial of service attacks with the help of Iptables: Lighttpd Traffic Shaping: Throttle Connections Per Single IP (Rate Limit).How to: Linux Iptables block common attack.psad: Linux Detect And Block Port Scan Attacks In Real Time.#12: Linux Kernel /etc/sysctl.conf Hardening/etc/sysctl.conf file is used to configure kernel parameters at runtime. Linux reads and applies settings from /etc/sysctl.conf at boot time. Sample /etc/sysctl.conf: # Turn on execshield kernel.exec-shield=1 kernel.randomize_va_space=1 # Enable IP spoofing protection net.ipv4.conf.all.rp_filter=1 # Disable IP source routing net.ipv4.conf.all.accept_source_route=0 # Ig…