月度归档:2017年09月

How to enable SNMP monitoring for VMWare ESXi 6.0/6.5

You can do a lot of configuration of ESXi through the GUI, but one thing I’ve found that you cannot do is configure SNMP.

I can see in  the GUI that SNMP service is stopped, and that’s about it:

 

  • Even if you can manage to get the service started from the GUI, you’ll still have to set your community string somehow. I couldn’t exactly find a place to set that, so it’s off to the CLI we go.

So here’s how to enable SNMP and configure the community string/firewall on ESXi 6.0 or 6.5:

 

1. SSH to host

  • SSH should be enabled. If not, enable it.

 

2. Set SNMP community string

  • Enter the following command to set your string, replacing YOUR_COMM_STRING with your own.

 

3. Enable SNMP service

  • Enter the following command to enable the SNMP service

 

4. Adjust firewall

  • Chances are that your ESXi firewall is already allowing this traffic, but just in case, allow connections from anywhere.

  • This is very lenient but recommended for beginners or lab environments.

 

  • A more secure approach would be to restrict access to a range of IPs or a particular host. In this case, we are only allowing 192.168.0.0-192.168.0.254 to poll SNMP.

 

5. Restart SNMP service

It took a good 30-45 seconds for the service to restart on my host. Once this is done, you can confirm that the service is running via GUI:

 

That’s it!

  • Here’s a transcript of my shell session, for your reference:

 

Personally I am utilizing OpenNMS Horizon to graph the SNMP Interface Data for the VM Network.

VeraCrypt

VeraCrypt is a software for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc).

Files can be copied to and from a mounted VeraCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations). Files are automatically being decrypted on the fly (in memory/RAM) while they are being read or copied from an encrypted VeraCrypt volume. Similarly, files that are being written or copied to the VeraCrypt volume are automatically being encrypted on the fly (right before they are written to the disk) in RAM. Note that this does not mean that the whole file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements for VeraCrypt. For an illustration of how this is accomplished, see the following paragraph.

Let’s suppose that there is an .avi video file stored on a VeraCrypt volume (therefore, the video file is entirely encrypted). The user provides the correct password (and/or keyfile) and mounts (opens) the VeraCrypt volume. When the user double clicks the icon of the video file, the operating system launches the application associated with the file type – typically a media player. The media player then begins loading a small initial portion of the video file from the VeraCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, VeraCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading another small portion of the video file from the VeraCrypt-encrypted volume to RAM (memory) and the process repeats. This process is called on-the-fly encryption/decryption and it works for all file types (not only for video files).

继续阅读

fail2ban安装配置与使用

注意:如果重启了防火墙,请同时将fail2ban服务重启,不然fail2ban不能生效,fail2ban的过滤表是在iptables启动后再添加的

安装配置:

安装epel源

# yum -y install fail2ban

配置文件

在/etc/fail2ban/目录下,标注红色的为我们添加的

即:

[root@s108c fail2ban]# ll /etc/fail2ban/jail.d/jail.local
-rw-r–r– 1 root root 174 Sep 12 10:27 /etc/fail2ban/jail.d/jail.local
[root@s108c fail2ban]# ll /etc/fail2ban/filter.d/authdaemond.conf
-rw-r–r– 1 root root 962 Sep 12 10:08 /etc/fail2ban/filter.d/authdaemond.conf

日志文件:

将/etc/fail2ban/fail2ban.conf配置中logtarget 指向日志要保存的文件

logtarget = /var/log/fail2ban.log 继续阅读

Nessus

The Most Widely Deployed Vulnerability Assessment Solution

Nessus® has been deployed for vulnerability, configuration and compliance assessments by more than one million users across the globe. Nessus prevents network attacks by identifying the vulnerabilities and configuration issues that hackers use to penetrate your network.

Nessus Workflow

  1. Ensure that your setup meets the minimum system requirements:
  2. Obtain the proper Activation Code for Nessus.
  3. Follow the installation steps depending on your Nessus software and operating system:
  4. Perform the initial configuration steps for Nessus in the web front end.
  5. Create a user account.
  6. Create a scan.