Monthly Archives: January 2012

Running Remote Administration Tools with different credentials

Since my domain user doesn’t have administrator privileges, I need to use a different approach to launching MMC snap-ins. There are no options to setting users in the snap-ins, so the only way I’ve found, is by using the runas-command in shortcuts. I’ve included icon paths as well since runas.exe doesn’t have them..

Here are a few examples:

Active Directory Administrative Center (%windir%\system32\dsacn.dll)

C:\Windows\System32\runas.exe /savecred /user:DOMAIN\admin_user "%windir%\system32\dsac.exe"

Users and Computers (%SystemRoot%\system32\dsadmin.dll)

C:\Windows\System32\runas.exe /savecred /user:DOMAIN\admin_user "mmc dsa.msc"

Domains and Trusts (%SystemRoot%\system32\domadmin.dll)

C:\Windows\System32\runas.exe /savecred /user:DOMAIN\admin_user "mmc domain.msc"

Sites and Services (%SystemRoot%\system32\dsadmin.dll)

C:\Windows\System32\runas.exe /savecred /user:DOMAIN\admin_user "mmc dssite.msc"

Group Policy Management (%SystemRoot%\system32\gpoadmin.dll)

C:\Windows\System32\runas.exe /savecred /user:DOMAIN\admin_user "mmc gpmc.msc"

DHCP (%windir%\system32\dhcpsnap.dll)

C:\Windows\System32\runas.exe /savecred /user:DOMAIN\admin_user "mmc dhcpmgmt.msc"

DNS (%SystemRoot%\system32\dnsmgr.dll)

C:\Windows\System32\runas.exe /savecred /user:DOMAIN\admin_user "mmc dnsmgmt.msc"

Using fail2ban for temporary lock outs

I’ve been using fail2ban for a while on a Linux system with a couple of ports open to the outside world. Naturally, this results in more than a few login attempts by unknowns during any given day. Fail2ban is a simple python based IP blocking application for POSIX systems. It works by continuously searching various system logs for failed login attempts, and blocking IP addresses temporarily with iptables.

Since we run a Debian-heavy enironment, this will only address installation on just that.

Start by installing fail2ban (as root):

apt-get install fail2ban

Modify /etc/fail2ban/jail.conf to suit your needs. The JAILS-section is used to defined the different parameters you’d like for your various open doors.

An example jail for SSH:

[ssh]

enabled = true
port    = ssh
filter  = sshd
logpath  = /var/log/auth.log
maxretry = 6

And for mail systems using for example postfix and dovecot:


[postfix]

enabled  = true
port     = smtp,ssmtp
filter   = postfix
logpath  = /var/log/mail.log


[dovecot-pop3imap]

enabled = true
port = pop3,pop3s,imap,imaps
filter = dovecot-pop3imap
logpath = /var/log/mail.log

As you can see, the configuration is fairly straight forward. Tell fail2ban where your logs are, what ports to monitor, max number of retries unless you want the default.

(Potentially) fix sharing violation errors in VMware Data Recovery

I’m back from the dead, kind of. I’ve been on paternity leave since mid November. I got back to work this Monday and I’m still trying to wrap my head around things.

We’ve deployed VMware Data Recovery in our live environment and have run into some issues with target devices being unavailable, generating sharing violation errors during backup.

There are no .lck files present and the target volume is exclusive to VDR.

A solution that seems to have done the trick, is tuning the Linux network stack (VDR is based on CentOS).

The default maximum TCP buffer size in Linux is too small for VDR to be happy. TCP memory is derived from the amount of system memory available. Usually the mem_max and wmem_max-values are set to 128Kb in most Linux distros, way too low a value for large chunks of data to be transferred efficiently.

SSH to your VDR appliance. Default username and password if unchanged is root and vmw@re.

We’ll start by setting wmem_max and rmem_max to 12Mb:

echo 'net.core.wmem_max=12582912' >> /etc/sysctl.conf
echo 'net.core.rmem_max=12582912' >> /etc/sysctl.conf

Proceed with minimum, initial and maximum size:

echo 'net.ipv4.tcp_rmem= 10240 87380 12582912' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_wmem= 10240 87380 12582912' >> /etc/sysctl.conf

Window scaling will enlarge the transfer window:

echo 'net.ipv4.tcp_window_scaling = 1' >> /etc/sysctl.conf

Enable RFC1323 timestamps:

echo 'net.ipv4.tcp_timestamps = 1' >> /etc/sysctl.conf

Enable select acknowledgements:

echo 'net.ipv4.tcp_sack = 1' >> /etc/sysctl.conf

Disable TCP metrics cache:

echo 'net.ipv4.tcp_no_metrics_save = 1' >> /etc/sysctl.conf

Set max number of packets to be queued on the INPUT chain, if the interface receives packets faster than the kernel can manage:

echo 'net.core.netdev_max_backlog = 5000' >> /etc/sysctl.conf

Reload:

sysctl -p