Installing VMWare tools on Kali Linux guest

Posted on

I usually run several VM on VMWare Workstation just for study or test purpose. Because of this I found the VMWare tools very usefully, especially for the copy/paste and auto desktop resize option that allow me to use the VMs in a full screen mode.

Installing VMWare tools on Windows it’s very simple, instead, on Linux it require some additional steps. Following we will see the procedure on Kali Linux, but will be similar on all other Debian like distro.

From september 2015, VMware recommends using the open-vm-tools instead of the VMware tools package for guest machines provided by the VMWare Workstation. The open-vm-tools are available by the official Kali repo.

  1. Adding official repository to sources.list

  2. Update the apt installer with the new repository

  3. Install the VMWare tool with apt

  4. Finally, restart the Guest OS

Now you have VMware tools up and running. Have a fun!

CheckPoint Managment Server logs space utilization

Posted on

Today I encountered an issue related to CheckPoint Managment server: it started to report incorrect file system space utilization on the logs’ mount point. The output of dfcommand reports the mount point almost full:

Instead, the sum of all files and dir present under /var/log is around 37 Gb.

This is a strange behavior, especially because the mount point is used for logging. Comparing both commands, it’s easy to understand that more than half of the total disk space is wrongly marked as used, so I would like to figure out where the problem lay. I think the unlinked open files may be the problem and I’m checking for this using lsof:

As I expected, the lsof output reports lots of open file entries, all associated to cplmd daemon. Based on CheckPoint knowledge base (here):

“In order to get the data that should be presented in SmartView Tracker, FWM spawns a child process CPLMD, which reads the information from the log file and performs unification (if necessary). Upon receiving an answer from CPLMD, FWM transfers it to SmartView Tracker.”

The easy way to fix this is to restart the daemon in order to allow it to “flush” all deleted files still hanging:

This solution fix the problem. Now, df command reports the right space utilizzation.

and also all orphan files are disappeared.

tcpdump: a brief review

Posted on

tcpdump is a useful command-line packet sniffer running on libpcap, usually present on *nix systems and on most network appliances, such as Juniper, F5 loadbalancer or CheckPoint firewall (both based on *nix). Also, with the support of WinPcap library, it could be installed on Windows systems in order to made troubleshooting easier.

On shell or CLI, to simply running tcpdump, you may type:

tcpdump support a lots of options and filters, let’s see it assuming to use eth0 and VLAN 150 as a example.

TCPDUMP OPTIONS

To capture all eth0 traffic:

To capture traffic of a specific vlan passing through eth0:

Prepare full .pcap file for viewing on Wireshark

#the option -s specify the length of data to be capture, -s0 means all packet data. Instead -s30 means to capture the first 30 byte of the packet.

View MAC address on a capture over eth0

Do not resolve hostname / service on a capture over eth0

TCPDUMP FILTERS

There are four mainly filters:

– the host filter used to capture packets based on single ip (eg. 192.168.10.4)
– the net filter used to capture packets based on network address (eg. 10.0.0.0/16)
– the port filter used to capture packets based on port (eg. 22 – ssh services)
– the protocol filter like icmp , arp, tcp, udp to capture only certain of packets

Filters can be combined all together using the logical operator AND. Also, for the host, net and port filters you may specify the if it could be as source (src) or destination (dst)

To capture only packets containing ip 192.168.10.4 as source or destination on eth0

To capture only packets containing network 10.0.0.0/16 as source or destination on eth0

To capture only packets containing port 22 as source or destination on eth0

To capture all ssh packets (port 22) to host 192.168.10.4 form network 10.0.0.0/16 on eth0

To capture all icmp packets to host 192.168.10.4 on eth0

Finally, you can combine options and filters as you need. For example, with the following line you will capture arp request from network 192.168.10.0/24 passing trough eth0 and including MAC address. Also, host name will be not resolved:

The same example, can be also exported as Wireshark file:

tcpdump is a very powerfull, there are a lot of other options an filters to speedup your troubleshooting and go deep in the analysis. You can get more information on the official website tcpdump.org.

File used by another process? Play Lsof!

Posted on

On my latest Linux lesson I have played as teacher, someone asked me about the use of Lsof and how to take advantage of it.

As Man say, Lsof is a command line utility that lists information about files opened by processes, were an open file may be a regular file, a directory, a block special file, a character special file, an executing text reference, a library, a stream or a network file (Internet socket, NFS file or UNIX domain socket). A specific file or all the files in a file system may be selected by path.

Do not forget everything is a file on Linux ( pipes, sockets, directories, devices, etc.)!!

LSOF OUTPUT SINTAX

Running Lsoft without parameters, show a list of all open files belonging to all active processes

Output sintax is pretty easy and list, from left to right, the command running, the process identifier, the process running user, a few field explained below and, finally, the file used.

FD column stands for File descriptor and could be:

  • cwd current working directory
  • rtd root directory
  • txt program text (code and data)
  • mem memory-mapped file

Or could be a combo char\numbers like 1u as a file descriptor and followed by u,r,w of it’s mode as:

  • r for read access
  • w for write access
  • u for read and write access

TYPE column stand for files type, as name suggest, and could be:

  • DIR – Directory
  • REG – Regular file
  • CHR – Character special file.
  • FIFO – First In First Out

USING LSOF

You can simply list processes which opened a specific file, by providing the file name as arguments of lsof command.

Above example, lists file /var/log/messages used by rsyslogd process (PID 1469).

You can also list all the files opened by a specific process using ‘-p’ option and the process ID. It will be helpful some times to get more information about a specific process:

Another way to do that using the process name:

You may also need to know which files are opened by a specific user:

LSOF FOR SYSADMIN

The above examples are usually helpful for both standard users and sysadmin, but as a sysadmin you also need to know specifically command in order to work with mount-point, NFS and network socket.

To know which files are open in a specific mount-point you can pass it as argument to Lsof:

where /app is actually a mount-point. This command works same with a simply folders.

Using option -N lists all files opened from a NFS share.

that works better in a combo with -u option (stand for user).

Instead of netstat, it is possible to use Lsof for listing all process belong a specific port\socket:

or binded on a specific hostname:

When you work with socket or NFS file, for example, repeat mode is nice option to use.
You have to specify -r option followed by delay time.

this run Lsof every 1 second. To interrupt it, press “Ctrl+c”.

Finally. if you need to use a Lsof in conjunction with other command, you have to terse output with option -t to suppress error message and other info.

Lsof it’s an incredible and powerful tool that will quickly help you in day work. By using Man, you could get a lot of other options and you will find your better trick! I hope you enjoyed this article!

Mattia

What’s new on CentOS 7 Release

Posted on

About one month later of RHEL 7 official release, the CentOS team has released the new CentOS-7/x86_64. As a “son” of RHEL7, based on CentOS official release note, there are many improvements and changes like:CentOS Logo

  • Kernel updated to 3.10.0
  • Switch to systemd, firewalld and GRUB2
  • XFS as default file system
  • LVM-snapshots with ext4 and XFS
  • iSCSI and FCoE in kernel space
  • Gnome3
  • In Place Upgrade from 6.5 to 7.0
  • Support for Linux Containers (aka Docker)
  • Support for PTPv2
  • Support for 40G Ethernet Cards
  • Supports installations in UEFI Secure Boot mode on compatible hardware
  • Open VMware Tools and 3D graphics drivers out of the box
  • OpenJDK-7 as default JDK

It’s also important to remember the birth of CentOS Variants.

A CentOS variant is a special edition of CentOS Linux that starts with the core distribution, then replaces or supplements a specific subset of packages

Variants are created and maintained from SID “Special Interest Group” and, simply, is a way to overcome the absence of proprietary RedHat package on CentOS 7. You will find more about variants and SIG here:

I would remind you that CentOS Linux is a community-supported distribution derived from sources freely provided to the public by Red Hat for Red Hat Enterprise Linux (RHEL). Also, starting on 2014, Red Hat and the CentOS Project have joined forces to speed up open source innovation. Mattia

Hyper-V Linux Integration Services Version 3.3

Posted on

I primi giorni di giugno Microsoft ha annunciato la disponibilità ufficiale dei nuovi Linux Integration Services, giunti ormai alla versione 3.3.
Riporto di seguito le versioni Hyper-V supportate da questo rilascio:

  • Windows Server® 2008 Standard, Windows Server 2008 Enterprise, and Windows Server 2008 Datacenter (64-bit versions only)
  • Microsoft® Hyper-V Server 2008
  • Windows Server 2008 R2 Standard, Windows Server 2008 R2 Enterprise, and Windows Server 2008 R2 Datacenter
  • Microsoft Hyper-V Server 2008 R2
  • Windows 8 Release Preview
  • Windows Server 2012

La nuova versione degli Integration Services introduce il supporto ufficiale dei seguenti guest Linux:

  • Red Hat Enterprise Linux 6.0-6.2 x86 and x64
  • CentOS 6.0-6.2 x86 and x64

Per entrambi, se virtualizzati con Hyper-V su Windows 8 Release Preview o Windows Server 2012 il supporto ufficiale è per 32 vCPU, diversamente il supporto resta a max 4 vCPU.

Da tener presente che per i guest Linux con OS

  • SUSE Linux Enterprise Server 10 SP3
  • SUSE Linux Enterprise Server 11
  • Red Hat Enterprise Linux 5.2 / 5.3 / 5.4 / 5.5

è necessario continuare ad utilizzare la precedente versione degli Itegration Services, la release 2.1, scaricabile da: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=eee39325-898b-4522-9b4c-f4b5b9b64551

Di recente inoltre, un post di Geoff Sullivan su TechNet ha annunciato il supporto di Ubuntu 12.04 LTS come guest su Hyper-V. Sul sito Canonical riportano:

“Ubuntu is now fully equipped and tested to run on top of Microsoft’s Hyper-V virtualisation server. This includes support for virtual storage and network drivers.”

Ultimo, ma non per importanza, anche l’annuncio del supporto come guest di FreeBSD reso possibile grazie alla collaborazione tra Microsoft, Citrix e NetApp. http://blogs.technet.com/b/openness/archive/2012/05/10/freebsd-support-on-windows-server-hyper-v.aspx

Ritengo che tutti gli sforzi fatti sino ad oggi per supportare ufficialmente sistemi open, siano necessari soprattutto in ambienti sempre più basati su cloud.

Mattia

LINKS UFFICIALI

Download Linux Integration Services 3.3: http://www.microsoft.com/en-us/download/details.aspx?id=29991

Download Linux Integration Services 2.1: http://www.microsoft.com/en-us/download/details.aspx?id=24247

Post del supporto per Ubuntu 12.04 LTS su TechNet: http://blogs.technet.com/b/openness/archive/2012/06/01/windows-server-hyper-v-drivers-now-supported-in-ubuntu.aspx

Pagina di Canonical: http://www.canonical.com/about-canonical/resources/white-papers/what%E2%80%99s-new-ubuntu-server-1204-lts

FreeBSD Support: http://blogs.technet.com/b/openness/archive/2012/05/10/freebsd-support-on-windows-server-hyper-v.aspx

Windows Server 2012 – Pricing e versioni

Posted on

Come sappiamo, entro fine anno Microsoft rilascierà il nuovo sistema operativo della famiglia server, Windows Server 2012, e numerose saranno le novità introdotte, soprattutto per gli ambienti private cloud\multitennant (di cui parlerò nei prossimi post). Oltre alle nuove funzionalità, Microsoft ha rivisito e semplificato le versioni che saranno commercializzate ed il pricing ad esse associato.
Premesso che, essendo Windows Server 2012  ancora in Release Candidate, le funzionalità e i pricing potrebbero subire modifiche, cerchiamo di fare un po di chiarezza su cosa ci aspetterà tra qualche mese.

La prima importante novità è legata al numero di versioni con cui  Windows Server 2012 verrà commercializzato, ovvero quattro! In ordine di importanza, saranno di fatti disponibili solo le seguenti versioni:

  • Datacenter Edition
  • Standard Edition
  • Essential Edition
  • Foundation Edition

E’ evidente, quindi, la mancanza di una Enterprise Edition che Microsoft ha deciso di eliminare introducendo tutte le features presenti nella Datacenter Edition anche nella nuova Standard Edition (compreso Failolver Cluster!!). E’ stata eliminata anche la Web Server Edition  in quanto, secondo analisi Microsoft, le restrizioni imposte da questa versione non piacevano ai clienti. In realtà, questa versione è stata sostituita dalla Standard Edition che permetterà di utilizzare CAL illimitate per l’accesso ai solo servizi web.
Da notare anche la mancanza di una versione HPC, il sistema ora verrà distribuito gratuitamente come HPC Pack 2012 e potrà essere installato, a scelta, su una delle due versione in oggetto (HPC Pack 2012 as a free download that can be used with any Windows Server 2012 Standard or Datacenter license).

Come abbiamo detto, Standard e Datacenter Edition avranno le stesse features e si distingueranno semplicemente in  base al numero di istanze virtuali che potranno essere eseguite su di esse: due VM per la versione Standard e, come già accadeva in passato, un numero illimitato per la versione Data Center.

E’ importante tener conto di due fattori:

  1. Nel caso in cui si virtualizzino entrambe le istanze disponibili sulla Standard Edition (quindi 2 VM), il sistema operativo Host dovrà essere utilizzato esclusivamente come management delle VM stesse. (When a customer is running all allowed virtual instances, the physical instance may only be used to manage and service the virtual instances For information about licensing in virtual environments, see the Microsoft Volume Licensing Brief: Licensing Microsoft Server Products in Virtual Environments white paper. –http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=15113)
  2. Nel caso sia necessario virtualizzare 3-4 o più VM su un unico host, è possibile acquistare licenze Standard Edition aggiuntive per lo stesso host fisico. La tabella riporta un esempio esplicativo
Numero di VM Lincenze Standard Licenze Datacenter
2 1 1
4 2 1
6 3 1
8 4 1

L’altra novità introdotta è il pricing bi-processore: differentemente da quanto accadeva per Windows Server 2008 R2, Windows Server 2012 verrà  venduto con una licenza bi processore (fisico) e, almeno sino ad oggi, con numero di core illimitato. Ciò significa che se abbiamo un server single o dual processor, dovremmo acquistare una sola licenza di Windows Server 2012 mentre se abbiamo un server quad processor dovremmo acquistare due licenze Windows Server 2012 e così via.

Con un esplicativo calcolo numerico di esempio ( guardate il whitepapper ufficiale J ) Microsoft ci consiglia di contare il numero di processori fisici del nostro server e dividerlo per due. Così otterremo il numero di licenze di Windows Server 2012 necessarie per le nostre macchine.
Le modifiche relative al pricing, soprattutto per quanto riguarda i processori, sono così giustificate da Microsoft:

By making this change, Windows Server 2012, System Center 2012 and the Core Infrastructure Server (CIS) will all have consistent licensing model creating alignment across Microsoft infrastructure products. Having a single-licensing model will make it easier for you to buy the right product for your needs and to compare the cost of alternatives (such as individual products, the CIS SKU outside of ECI, ECI and so on). Additionally, the new licensing model provides a single, familiar, and easy-to-track metric for all infrastructure products further reducing management overhead.”

Detto questo, quale sarà quindi il prezzo di vendita delle due versioni? Stando a quanto indicato nei datashit Microsoft (vedi note), i prezzi saranno $882 per la versione Standard e $4,809 per la versione Datacenter. Risultano sicuramente più alti rispetto alle versioni precedenti ma, se prendiamo in considerazione ambienti bi (o più) processori, il confronto non sarà più valido.

TabellaPrezziWindowsServer2012

Cosa succederà quindi ai contratti Software Assurance? Come verranno gestiti gli upgrade alla nuova versione (anche a seguito dell’eliminazione della Enterprise Edition di Win2k8R2?)
Microsoft dichiara nel suo Licensing Pricing FAQ che per i possessori di Software Assurance il nuovo licensing sarà immediatamente disponibile in modo tradizionale. In particolare però:

  • i possessori di Datacenter Edition con Software Assurance, riceveranno 1 licenza di Windows Server 2012 Datacenter Edition per ogni 2 licenze Datacenter Edition possedute (la nuova versione copre 2 processori fisici).
  • i possessori di Enterprise Edition con Software Assurance, riceveranno 2 licenze di Windows Server 2012 Standard Edition per ogni licenza Enterprise Edition posseduta (la vecchia licenza copre 4 VM, per cui con la nuova versione del licensing sono necessarie 2 licenze Standard). In altrenativa, è possibile valutare l’upgrade alla versione Windows Server 2012 Datacenter Edition tramite Software Assurance Step-UP.
  • i possessori di Standard Edition con Software Assurance, riceveranno 1 licenza di Windows Server 2012 Standard Edition per ogni licenza Standard Edition posseduta.

Per quanto riguarda invece la copertura dei processori, se le licenze di Windows Server 2012 rilasciate automaticamente in Software Assurance non coprano le nuove necessità, è necessario effettuare un self-assessment (possibilmente utilizzando Microsoft Assessment and Planning – MAP Toolkit), e successivamente al rinnovo della Software Assurance normalizzarle.

L’ultimo punto, riguardante le CAL, è rimasto invariato rispetto al passato. Sarà quindi necessario procedere all’acquisto delle CAL per i sistemi su Windows Server 2012, distinguendo -come in passato- le licenze per Remote Desktop Services e Active Directory Rights Management Service.

In questo post sono state analizzate solo le versioni Standard e Datacenter in quanto rivolte ad ambienti Enterprise. Per le versioni Small Office e Middle Office si rimanda alla documentazione Microsoft.

 

LINKS UFFICIALI

Sito web ufficiale: http://www.microsoft.com/en-us/server-cloud/windows-server/2012-editions.aspx

DataSheet Ufficile MS: http://download.microsoft.com/download/0/4/B/04BD0EB1-42FE-488B-919F-3981EF9B2101/WS2012_Licensing-Pricing_Datasheet.pdf

FAQ Ufficiale MA: http://download.microsoft.com/download/4/D/B/4DB352D1-C610-466A-9AAF-EEF4F4CFFF27/WS2012_Licensing-Pricing_FAQ.pdf

Supporto per le versioni precedenti: http://support.microsoft.com/gp/lifepolicy