Posts tagged machine
Remote Server Management in Local Facility – LTSP
Feb 13th
I’m using LTSP to manage a server remotely in a local facility. I setup an LTSP server on the host machine, and will place it in an air-conditioned room to preserve longevity. I configured a machine, of much lower power, to PXE boot from the server. There are several nuances to setting up an LTSP server. Once all is done you realize that it is less complicated that is can or needs to be. When things go right there is essentially three step in total. First:
sudo apt-get install ltsp-server-standalone
This installs the works. Then configured dhcp.
sudo nano /etc/ltsp/dhcpd.conf
Config the subnet to the same that you are using on your router. Clearly if your routers local ip is 192.168.0.1 your subnet would be 192.168.0.0. Then set a range. Make sure you turn off the dhcp servers in any and all routers connected to the network. You need the dhcp server on the machine to be the sole and only. Set the “next-server” option to the came local ip address of the server. Then set the rest of the options; domain, default gateway, dns…. Then reboot the server:
sudo /etc/init.d/dhcp3-server restart
Build the clients:
sudo ltsp-build-client
Thats really all there is to it. I’ve found that problems do arise, and instead of trying to fix them just purge all the installed applications and start over.
sudo apt-get remove --purge ltsp-server-standalone ltsp-server xinetd
One time I was stuck because there were two tftp inet servers, openbsd-inetd and inetd-hpa. They were conflicting. Then purge the autoremove function:
sudo apt-get --purge autoremove
Then start over installing ltsp-server-standalone. You can test your ltsp server using VirtualBox. Just like a real machine set the boot sequence to network as the first option. Now hook up a fancy monitor that can support 1920×1080 to the relatively low powered machine in the other room, and remotely manage your server from a pseudo local desktop environment.
Lock Down IP Addresses – SSH and Else
Jan 26th
If you know the IP addresses that will be connecting to your machine, lock them down. Use the hosts.allow file as follows.
sshd : localhost : allow
sshd : 192.168.3. : allow
sshd : 192.168.1. : allow
sshd : ALL : deny
Using sshd : ALL : deny and listing various allow rules blocks everything other than the allowed rules. Therefore using sshd : IP : allow you will be able to connect to the machine from that IP only and everything else will be rejected. This procedure will substantially increase the security of the server.
Detecting a Security Breach – Ubuntu and Linux Machine
Jan 25th
Detecting a security breech is sometimes as easy as logging into the machine, using ssh, and viewing the last login attempt from a completely unrecognized ip address or domain. Subsequently check your auth.log file, in /var/log, for login attempts. If you see countless failed login attempts you have been the victim of a brute from attack. In gedit, or nano you can search for “attempt” or “access”. When several failed login attempts occur a log entry saying “possible breaking attempt” is posted. The first think a hacker will do, on a Linux machine, is attempt to change the root password, which will lock down the machine completely. If they cannot change the root password, they may just try and install a backdoor to the particular user that was breached. A backdoor can be a daemon running on any port, so check with “ps aux | grep user”. Grepping the ps command will bring up all of your active processes and if any process name looks funny you have identified a concern. You can also check what ports are accepting communication (open). A backdoor can also be an installed authorized key, which will allow password-less ssh access to the system.
Ultimately if a hacker changes the root password of your machine, there is nothing you can do. You must either restore from a backup, or rebuild the entire machine. No questions asked.
Extended VirtualBox Management – VBoxTool
Dec 9th
VBoxManage, the command line tool of VirtualBox, does its job. It also has its limitations. You can starts, pause, and save virtual machines, but there is no integrated way to automate various processes. To have a virtual machine boot with the host, in headless mode, you would have to create a custom init.d boot script. A great script package, call VBoxTool, coordinates the process into a terminal app. The terminal app refereneces two configuration files in your /etc directory, and utilizes an init script to boot virtual machines. VBoxTool is at sourceforge:
http://vboxtool.sourceforge.net/
Configure the machines you want to boot in:
/etc/vboxtool/machines.conf
Any machine listed in machines.conf will boot with the host. You can view running machines with:
vboxtool showrun
Then you can also view all available machines with:
vboxtool show
Maybe this wrapper script will be integrated into VBoxManage directly; it is clear the features are useful especially for system administrators.
VirtualBox Vista Images Coming Back
Dec 3rd
I’m installing a copy of Vista in a virtual machine right now. The license will expire, but I’m not installing it for useful purposes. I’m going to re-add previously lost images to the most popular page on this website.
http://www.bgevolution.com/blog/virtualbox-windows-vista-host-network-bridge-and-tap/
Although I find the page quite unnecessary, being the way to implement host networking has changed significantly, many people do not heed the notice posted quite conspicuously at the top of the page. By tomorrow the images will be back 
VirtualBox Bridge and Tap no Longer Needed – Built in
Nov 3rd
With recent version of VirtualBox you no longer need to create a bridge and tap to enable host networking. In the settings panel of the virtual machine, select the network tab, and make sure that its set on bridged adapter. VirtualBox automatically creates a virtual ethernet adapter, and bridges it to the network of the host machine.
Bridging to the host network is necessary for the virtual machine to get an ip address from the router. Such a configuration is needed to communicate with the machine from the outside world. Because of this feature virtual machines can server website, and other services. I use my virtual machine to host this website, a visual ftp server, a wiki, and an EyesOS server.
There are other ways to forward individual ports from the host system to the guest, but then the ports on the host machine will not be accessible on the host; they will virtually represent the guest OS thus hindering connectivity with the host machine. There may be instances where this is what is wanted and more information, including instruction, can be found on this previous post.
The following is a screenshot of the network tab in VirtualBox. It had a bridge adapter option that will autobridge the connection to an existing ethernet adapter. Bare in mind that this is the screen from a Linux install of VirtualBox and it might be different in Windows. I remember in Windows you might have the option to create a virtual ethernet adapter, and then you can bridge the connection all in VirtualBox. Nothing needs to be done manually anymore, and everything can be done from within the VirtualBox configuration panels.
Here is a screen from Windows Vista. Go to the network tab of the virtual machine settings:
Then select the attach to drop down menu:
Then change the attach to, drop down menu, to bridged adapter:
