Linux


Top tip: Linux security & auditing tool Lynis

For my work I often deploy Linux VM’s. I use Lynis for checking my system for security isssues en baseline(s).  Lynis is a security auditing tool for UNIX derivatives like Linux, macOS, BSD, Solaris, AIX, and others. It performs an in-depth security scan. Extensive reports in HTML and TXT are delivered. The company behind Linus (CISOfy) delivers great support and has a community of people working together.

Screenshot of Lynis:

lynis-screenshot

Installation is very simple (if you know your way round Linux)

Ensure that cURL, NSS, openssl, and CA certificates are up-to-date.

Create /etc/yum.repos.d/cisofy-lynis.repo

Next step is installing Lynis with yum.

First time it might ask to import the GPG key. This ensures you only updates are received from Cisofy.

Now you start using Lynis. First time users are advised to use the Get Started guide.

You see something like this (DONE/FOUND/YES/NO etc). You can open the logfiles afterwards in /var/log. Personally I prefer to pipe the output to a file also. (lynis audit system >> output_file)

lynis-check

Download Lynis here.

It is also possible to add extra checks (plugins) and/or change the default one. I created my own baseline which I can use every time.

Good luck with scanning your system! (and securing afterwards :-))

 


Identify memory modules used on XenServer

Today a customer requested to upgrade the amount of memory on their XenServers. This is how you easily can determine which memory modules are being used.

Ofcourse you can use ILO, but then you only see the size and location but not the specific type of (memory) module :

image

This is how you can identify the specific type :

image

In the above screendump you can see it’s a dual rank module.


VMware vCenter virtual appliance : schedule reboot

My experience is, in my whitebox environment to reboot the VMware vCenter virtual appliance from time to time. I used to do this manually but I decided to create a scheduled task. Hey we are IT people right? 🙂

vmware001

First login to the console with your password (I hope you changed the default root/vmware password combination :-))

vmware002

go to the /etc directory and open the crontab file

Edit the crontab (just press the i key for insert, and go to the bottom line).

As you see there are 5 options before the command :

  • minute (from 0 to 59)
  • hour (from 0 to 23)
  • day of the month (from 1 to 31)
  • month (from 1 to 12)
  • day of the week (from 0 to 6, 0=sunday)

If you use a * it means every, In my example every friday at 1 o’clock in the morning my appliance will reboot itself)


CentOs : Enable eth0

After installing CentOs you might notice that the eth0 network card interface isn’t working in some cases. Here is how to fix this :

You need to edit (nano) two files :

  1. /etc/sysconfig/network (check networking=0)
  2. /etc/sysconfig/network-scripts/ifcfg-eth0 (set IP address and boot=on)

After this you can install VMware tools also. (Check my other post)

Technorati Tags: ,

Installing VMware Tools on CentOs

This is how you install VMware Tools on CentOs :

Now reboot your system

Technorati Tags: ,