Showing posts with the label Linux

Trending Topics

VMware on AWS - How to restore NSX DFW firewall rules to previous state

Customers who uses NSX day-in, day-out would like to have a point-in time restore functionality of DFW firewall rules. Many customer have a large footprints in VMC and make changes to DFW quite often. This feature was missing for long time and we could see its included in recent versions . Let's see how DFW configuration roll back works  NSX DFW configuration has versioning, and it is stored in the NSX Manager.  Every time when someone update DFW configuration, NSX creates one more version but keep storing the previous ones. You can rollback for previous config but reapplying it once again.  You can find the options under Networking & Security tab , > Security > Distributed Firewall . In the right side we see an Actions drop down. Choose View to get to the below screen.  Let’s go through the use case:  1. Original state- default config with no custom rules:  a. There are no saved configurations during last 30 days: In my existing test setup, with the current setting

20 Linux Server Hardening Security Tips-1

#6: User Accounts and Strong Password Policy Use the useradd / usermod commands to create and maintain user accounts. Make sure you have a good and strong password policy. For example, a good password includes at least 8 characters long and mixture of alphabets, number, special character, upper & lower alphabets etc. Most important pick a password you can remember. Use tools such as " John the ripper " to find out weak users passwords on your server. Configure to  enforce the password policy. #6.1: Password Aging The  chage command  changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password. The  /etc/login.defs file  defines the site-specific configuration for the shadow password suite including password aging configuration. To disable password aging, enter: chage -M 99999 userName To get password expiration information, ente

20 Linux Server Hardening Security Tips

Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). The system administrator is responsible for security Linux box. In this first part of a Linux server security series, I will provide 20 hardening tips for default installation of Linux system. #1: Encrypt Data Communication All data transmitted over a network is open to monitoring. Encrypt transmitted data whenever possible with password or using keys / certificates. Use  scp, ssh , rsync, or sftp for file transfer. You can also mount  remote server file system  or your own home directory using special sshfs and fuse tools. GnuPG  allows to encrypt and sign your data and communication, features a versatile key managment system as well as access modules for all kind of public key directories. Fugu  is a graphical frontend to the commandline Secure File Transfer application (SFTP). SFTP is similar to FTP, but unlike FTP, the entire session is encrypted,

How to Scan new LUNs on Linux with QLogic driver

Q: I am using QLogic driver and I would like to know how do I scan new LUNs on Linux operating system? A: You need to find out driver proc file /proc/scsi/qlaXXX. For example on my system it is /proc/scsi/qla2300/0 Once file is identified you need to type following command (login as the root user): # echo "scsi-qlascan" > /proc/scsi/qla2300/0 # cat /proc/scsi/qla2300/0 Now use the script  new LUN as a device. Run script as follows: # ./ -l -w 

HBA & multipathing on RHEL

Introduction The firmware gets updated by the driver or each time the "qla2300" or "qla2400" modules are loaded. Drivers need specific firmware versions. Nevertheless here's QLogic firmware repo : Note. it's ok to have a more recent BIOS than firmware, but not the contrary. Driver & Firmware installation The driver should be included into the RHEL distribution. If not, use constructor's provided one e.g., - HP Approved Software : - IBM Supported Software : make sure you have the gcc package, rpm -q gcc and install the driver, ./INSTALL -h ./INSTALL -f -a Note. make sure the default binary isn't a link to gcc 2.95 (as it's sometimes the case on Oracle installs), ll /usr/bin/gcc or check that the gcc version matches the distribution build, dmesg |

Steps to upgrade the Kernel in Linux

 Steps:  1. Update the kernel   a. use 'uname -a' to reveal current version   b. use 'rpm -qa | grep -i kernel' - to reveal installed version   c. cat /etc/grub.conf -> /boot/grub/grub.conf - "" ""  2. Proper installation method is as follows:   a. 'rpm -ivh kernel*rpm' - install a separate version Note: Install the following kernel packages if necessary:   a. kernel-devel* - if module compilation is necessary   b. kernel-headers* - if recompilation is necessary Install:   a. rpm -ivh kernel-2.6.18-53.el5.i686.rpm   Note: This will update GRUB (/boot/grub/grub.conf) Note: Will also place the new kernel in the /boot file system Examine traces in:  a. /boot  b. /boot/grub/grub.conf 3. Remove traces of former kernel using 'rpm -e [--nodeps]'  a. kernel-2.6.18-8.el5 - removes older version  b. kernel-headers-2.6.18-8.el5 - force remove ignoring dependencies 'rpm -e --nodeps kernel-headers-2.6.18-8.el5'  c. kernel-devel-2