Monthly Archives: April 2014

VMWare Tools installation in VMWare Fusion Oracle Linux on Mac OS X

VMWare Tools installation on VMWare Fusion OEL 6.5 VM.

VMWare Tools helps you copy and paste between Host and Guest.
It also makes Host shares available to Guest.

As root.

Make sure kernel stuff is available.
This is required for host shares to work.

yum -y install kernel-uek-headers-`uname -r`
yum -y install kernel-uek-devel-`uname -r`

VMWare Tools CD probably automounted in /media

 
cd /media
ls
VMware Tools

Copy VMWare Tools

mount -t iso9660 /dev/cdrom /mnt/cdrom 
cp /mnt/cdrom/VMwareTools-9.6.2-1688356.tar.gz .
gunzip VMwareTools-9.6.2-1688356.tar.gz
tar xvf VMwareTools-9.6.2-1688356.tar

Run install script (Perl)

cd vmware-tools-distrib/
perl vmware-install.pl 

Make Host share available in VMWare Fusion -> Settings -> Shares.

Restart Guest

shutdown -r now

Loaded plugins: refresh-packagekit, security
Setting up Install Process
Package kernel-uek-headers-3.8.13-26.2.3.el6uek.x86_64 already installed and latest version
Nothing to do


[root@surabaya vmware-tools-distrib]# yum -y install kernel-uek-devel-`uname -r`
Loaded plugins: refresh-packagekit, security
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package kernel-uek-devel.x86_64 0:3.8.13-26.2.3.el6uek will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=================================================================================================================================================
Package                           Arch                    Version                                Repository                                Size
=================================================================================================================================================
Installing:
kernel-uek-devel                  x86_64                  3.8.13-26.2.3.el6uek                   public_ol6_UEKR3_latest                  8.9 M

Transaction Summary
=================================================================================================================================================
Install       1 Package(s)

Total download size: 8.9 M
Installed size: 32 M
Downloading Packages:
kernel-uek-devel-3.8.13-26.2.3.el6uek.x86_64.rpm                                                                          | 8.9 MB     00:01
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : kernel-uek-devel-3.8.13-26.2.3.el6uek.x86_64                                                                                  1/1
Verifying  : kernel-uek-devel-3.8.13-26.2.3.el6uek.x86_64                                                                                  1/1

Installed:
kernel-uek-devel.x86_64 0:3.8.13-26.2.3.el6uek

Complete!
[root@surabaya vmware-tools-distrib]# perl vmware-install.pl
A previous installation of VMware Tools has been detected.

The previous installation was made by the tar installer (version 4).

Keeping the tar4 installer database format.

You have a version of VMware Tools installed.  Continuing this install will
first uninstall the currently installed version.  Do you wish to continue?
(yes/no) [yes] yes

Uninstalling the tar installation of VMware Tools.

Stopping services for VMware Tools

Stopping VMware Tools services in the virtual machine:
Guest operating system daemon:                          [  OK  ]
VMware User Agent (vmware-user):                        [  OK  ]
Blocking file system:                                   [  OK  ]
Unmounting HGFS shares:                                 [  OK  ]
Guest filesystem driver:                                [  OK  ]

Stopping Thinprint services in the virtual machine:
Stopping Virtual Printing daemon:                                   done

File /etc/pulse/default.pa is backed up to /etc/pulse/default.pa.old.0.

The removal of VMware Tools 9.6.2 build-1688356 for Linux completed
successfully.

Installing VMware Tools.

In which directory do you want to install the binary files?
[/usr/bin]

What is the directory that contains the init directories (rc0.d/ to rc6.d/)?
[/etc/rc.d]

What is the directory that contains the init scripts?
[/etc/rc.d/init.d]

In which directory do you want to install the daemon files?
[/usr/sbin]

In which directory do you want to install the library files?
[/usr/lib/vmware-tools]

The path "/usr/lib/vmware-tools" does not exist currently. This program is
going to create it, including needed parent directories. Is this what you want?
[yes]

In which directory do you want to install the documentation files?
[/usr/share/doc/vmware-tools]

The path "/usr/share/doc/vmware-tools" does not exist currently. This program
is going to create it, including needed parent directories. Is this what you
want? [yes]

The installation of VMware Tools 9.6.2 build-1688356 for Linux completed
successfully. You can decide to remove this software from your system at any
time by invoking the following command: "/usr/bin/vmware-uninstall-tools.pl".

Before running VMware Tools for the first time, you need to configure it by
invoking the following command: "/usr/bin/vmware-config-tools.pl". Do you want
this program to invoke the command for you now? [yes]

Initializing...

Making sure services for VMware Tools are stopped.

Stopping Thinprint services in the virtual machine:
Stopping Virtual Printing daemon:                                   done
Stopping VMware Tools services in the virtual machine:
Guest operating system daemon:                          [  OK  ]
VMware User Agent (vmware-user):                        [  OK  ]
Blocking file system:                                   [  OK  ]
Unmounting HGFS shares:                                 [  OK  ]
Guest filesystem driver:                                [  OK  ]

The module vmci has already been installed on this system by another installer
or package and will not be modified by this installer.

The module vsock has already been installed on this system by another installer
or package and will not be modified by this installer.

The module vmxnet3 has already been installed on this system by another
installer or package and will not be modified by this installer.

Use the flag --clobber-kernel-modules=vmxnet3 to override.

The module pvscsi has already been installed on this system by another
installer or package and will not be modified by this installer.

Use the flag --clobber-kernel-modules=pvscsi to override.

The module vmmemctl has already been installed on this system by another
installer or package and will not be modified by this installer.

Use the flag --clobber-kernel-modules=vmmemctl to override.

The VMware Host-Guest Filesystem allows for shared folders between the host OS
and the guest OS in a Fusion or Workstation virtual environment.  Do you wish
to enable this feature? [yes]

Before you can compile modules, you need to have the following installed...

make
gcc
kernel headers of the running kernel

Searching for GCC...
Detected GCC binary at "/usr/bin/gcc".
The path "/usr/bin/gcc" appears to be a valid path to the gcc binary.
Would you like to change it? [no]

Searching for a valid kernel header path...
Detected the kernel headers at
"/lib/modules/3.8.13-26.2.3.el6uek.x86_64/build/include".
The path "/lib/modules/3.8.13-26.2.3.el6uek.x86_64/build/include" appears to be
a valid path to the 3.8.13-26.2.3.el6uek.x86_64 kernel headers.
Would you like to change it? [no]

Using 2.6.x kernel build system.
make: Map '/tmp/modconfig-jKG9kf/vmhgfs-only' wordt binnengegaan
/usr/bin/make -C /lib/modules/3.8.13-26.2.3.el6uek.x86_64/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. \
MODULEBUILDDIR= modules
make[1]: Map '/usr/src/kernels/3.8.13-26.2.3.el6uek.x86_64' wordt binnengegaan
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/backdoorGcc64.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/backdoor.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/cpName.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/bdhandler.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/cpNameLinux.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/cpNameLite.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/dentry.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/dir.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/file.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/filesystem.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/fsutil.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/hgfsBd.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/hgfsEscape.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/hgfsUtil.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/inode.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/link.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/message.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/page.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/module.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/request.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/rpcout.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/stubs.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/super.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/transport.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/vmci.o
CC [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/kernelStubsLinux.o
SDTSTB  /tmp/modconfig-jKG9kf/vmhgfs-only/vmhgfs.sdtstub.S
AS [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/vmhgfs.sdtstub.o
LD [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/vmhgfs.o
Building modules, stage 2.
MODPOST 1 modules
SDTINF  /tmp/modconfig-jKG9kf/vmhgfs-only/vmhgfs.sdtinfo.c
CTF
CC      /tmp/modconfig-jKG9kf/vmhgfs-only/vmhgfs.mod.o
LD [M]  /tmp/modconfig-jKG9kf/vmhgfs-only/vmhgfs.ko
make[1]: Map '/usr/src/kernels/3.8.13-26.2.3.el6uek.x86_64' wordt verlaten
/usr/bin/make -C $PWD SRCROOT=$PWD/. \
MODULEBUILDDIR= postbuild
make[1]: Map '/tmp/modconfig-jKG9kf/vmhgfs-only' wordt binnengegaan
make[1]: 'postbuild' is bijgewerkt.
make[1]: Map '/tmp/modconfig-jKG9kf/vmhgfs-only' wordt verlaten
cp -f vmhgfs.ko ./../vmhgfs.o
make: Map '/tmp/modconfig-jKG9kf/vmhgfs-only' wordt verlaten

The vmxnet driver is no longer supported on kernels 3.3 and greater. Please
upgrade to a newer virtual NIC. (e.g., vmxnet3 or e1000e)

The vmblock enables dragging or copying files between host and guest in a
Fusion or Workstation virtual environment.  Do you wish to enable this feature?
[yes]

VMware automatic kernel modules enables automatic building and installation of
VMware kernel modules at boot that are not already present. This feature can be

enabled/disabled by re-running vmware-config-tools.pl.

Would you like to enable VMware automatic kernel modules?
[yes]

Thinprint provides driver-free printing. Do you wish to enable this feature?
[yes]

Disabling timer-based audio scheduling in pulseaudio.

Detected X server version 1.13.0

Distribution provided drivers for Xorg X server are used.

Skipping X configuration because X drivers are not included.

Creating a new initrd boot image for the kernel.
Starting Virtual Printing daemon:                                   done
Checking acpi hot plug                                  [  OK  ]
Starting VMware Tools services in the virtual machine:
Switching to guest configuration:                       [  OK  ]
VMware Automatic Kmods:                                 [  OK  ]
VM communication interface:                             [MISLUKT]
Guest filesystem driver:                                [  OK  ]
Mounting HGFS shares:                                   [  OK  ]
Blocking file system:                                   [  OK  ]
Guest operating system daemon:                          [  OK  ]
The configuration of VMware Tools 9.6.2 build-1688356 for Linux for this
running kernel completed successfully.

You must restart your X session before any mouse or graphics changes take
effect.

You can now run VMware Tools by invoking "/usr/bin/vmware-toolbox-cmd" from the
command line.

To enable advanced X features (e.g., guest resolution fit, drag and drop, and
file and text copy/paste), you will need to do one (or more) of the following:
1. Manually start /usr/bin/vmware-user
2. Log out and log back into your desktop session; and,
3. Restart your X session.

Enjoy,

--the VMware team

/sbin/restorecon:  Warning no default label for /tmp/vmware-block-restore0/tmp_file
[root@surabaya vmware-tools-distrib]#
Broadcast message from root@surabaya
(/dev/pts/0) at 7:11 ...

The system is going down for reboot NOW!
Connection to 192.168.178.49 closed by remote host.
Connection to 192.168.178.49 closed.
pdeneef@semarang:~#

Security: fail2ban

Fail2ban is very useful application for you, if you are managing security of server, or you are running your own vps or physical server. Fail2ban scan log files created on system and has ability to ban ips which found malicious bassed on configuration rules. We can use it for monitoring various system services logs like Apache, SSH and blog the ips which are trying to breach the system’s security.

fail2ban-medium
Step 1: Install EPEL RPM Repository

CentOS/RHEL 6, 64 Bit x86_64):

# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Fail2ban is available in EPEL repository, So make sure you have installed EPEL repository in your system or you can use these instructions to install it.
Step 2: Install Fail2ban Package

After installing required repository use yum package manager to install Fail2ban rpm package using following command.

# yum install fail2ban

Step 3: Setup Fail2ban Default Configuration

Fail2ban provides its own security configuration file /etc/fail2ban/jail.conf, but we need to create a copy of this file as jail.local.

# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Now we need to make necessory changes in jail.local file to create ban rules. Edit this file in your favorite editor and make changes in [DEFAULT] section.

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will use as always allowed, 
# so add your system ip to protect your ip from banned.
ignoreip = 127.0.0.1/8 192.168.1.0/24 11.22.33.44

# "bantime" is the total number of seconds that a host is banned (3600sec = 1 Hour ).
bantime  = 3600

# A host is banned if it has generated "maxretry" during the last "findtime" seconds. as per below 
# settings, 2 minutes
findtime  = 120

# "maxretry" is the number of failures before a host get banned.
maxretry = 3 

Step 4: Protect SSH/SFTP

After completing default configuration, go down in the same file jail.local and update [ssh-iptables] section as below.

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=22, protocol=tcp]
           sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com, sendername="Fail2Ban"]
logpath  = /var/log/secure
maxretry = 3

Step 5: Protect FTP (vsFTPd) Server

Let’s protect your FTP (vsFTPd) server, Find the below entry of [vsftpd-iptables] section and make changes as below. If you are not using vsFTPd, you can skip this section.

[vsftpd-iptables]

enabled = true
filter = vsftpd
action = iptables[name=VSFTPD, port=21, protocol=tcp]
sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800

Step 6: Restart Fail2ban Service

After making all the changes save your file and restart Fail2ban service using following command.

# service fail2ban restart
# chkconfig fail2ban on

Step 7: Protect WordPress

Install WP Fail2Ban plugin in WordPress.
On Centos 7 this write messages in /va/log/messages
/var/log/messages:Dec 4 03:04:12 one wordpress(site.com)[5728]: Authentication failure for from 194.187.249.59
/var/log/messages:Dec 4 03:14:11 one wordpress(site.com)[1875]: Authentication failure for from 93.115.7.70

Edit jail.local

[#Wordpress

[wordpress-hard]
enabled = true
filter = wordpress-hard
logpath = /var/log/messages
maxretry = 1
port = http,https

[wordpress-soft]
enabled = true
filter = wordpress-soft
logpath = /var/log/messages
maxretry = 3
port = http,https

Monitoring:


# iptables -L | grep unreachable
REJECT     all  --  219.111-30-62.static.virginmediabusiness.co.uk  anywhere             reject-with icmp-port-unreachable
REJECT     all  --  219.111-30-62.static.virginmediabusiness.co.uk  anywhere             reject-with icmp-port-unreachable
REJECT     all  --  218.92.1.144         anywhere             reject-with icmp-port-unreachable
REJECT     all  --  203.160.174.214      anywhere             reject-with icmp-port-unreachable
REJECT     all  --  175.6.5.52           anywhere             reject-with icmp-port-unreachable

# tail /var/log/fail2ban.log
2018-12-04 05:42:59,787 fail2ban.jail           [20403]: INFO    Jail 'postfix-sasl' started
2018-12-04 05:42:59,792 fail2ban.jail           [20403]: INFO    Jail 'wordpress-hard' started
2018-12-04 05:42:59,799 fail2ban.jail           [20403]: INFO    Jail 'wordpress-soft' started
2018-12-04 05:43:01,282 fail2ban.actions        [20403]: NOTICE  [dovecot] Ban 62.30.111.219
2018-12-04 05:43:01,408 fail2ban.actions        [20403]: NOTICE  [postfix-sasl] Ban 62.30.111.219
2018-12-04 05:43:01,664 fail2ban.actions        [20403]: NOTICE  [sshd] Ban 203.160.174.214
2018-12-04 05:43:02,332 fail2ban.actions        [20403]: NOTICE  [sshd] Ban 218.92.1.144
2018-12-04 05:43:02,570 fail2ban.actions        [20403]: NOTICE  [sshd] 175.6.5.52 already banned
2018-12-04 05:43:38,287 fail2ban.filter         [20403]: INFO    [dovecot] Found 185.234.219.254
2018-12-04 05:43:42,130 fail2ban.filter         [20403]: INFO    [postfix-sasl] Found 185.234.219.254