There is a great diary article at the Internet Storm Center over at SANS on the ShellShock vulnerability. It's located here.
This is a code injection hack that affects bash running on all *nix systems. This allows an attacker to execute code via passing of environment variables into bash. The largest vector that needs to be secured immediately are web servers utilizing CGI-BIN. CGI-BIN requires http headers supplied by the webserver be converted into environment variables.
There are a couple of other less likely vectors that involve SSH and DHCP.
There is a patch available from most vendors, however the current patch is only a partial fix. According to many confirmed tests users are still able to utilize the hack to write empty files to the host's file system.
If you were utilizing Network Storage's Managed Firewall Service, you would already be protected from this vulnerability.
Thursday, September 25, 2014
Wednesday, September 24, 2014
Adding Data Domain Support to vSphere Data Protection Advanced (VDPA)
This post covers the step by step procedure required to add Data Domain to your vSphere Data Protection Advanced (VDPA) installation. Data Domain Support requires VDP Advanced licensing, and is not available in the free vSphere Data Protection product as of 5.8.
The vSphere Data Protection Advanced 5.8 Admin Guide is here.
Prerequisites
Step 1 - Install vSphere Data Protection Appliance
Go to https://my.vmware.com, and download the vSphere Data Protection 5.8 appliance files. Its close to 5GB in size, so allot time for the download. Once you have the OVA file downloaded, go to the vSphere Web Client, and deploy the virtual Appliance. Be sure to enter in the correct network information as part of the OVF deployment wizard.
Step 2 - Initial Configuration of the VDP Appliance
Access the VDP Appliance at https://<IP of VDP>:5438/vdp-configure
Login in as root, with an initial password of "changeme"
Roll through the initial configuration wizard. Create a basic VDP appliance, give it space on a data store, and install your VDPA license. Once the wizard completes, the device will reboot. This can take up to 30 minutes to come back up as it runs through its post config process.
Step 3 - Create the DD Storage Connection
Access the VDP Appliance again at https://<IP of VDP>:5438/vdp-configure
Login as root, and use the password you specified in the wizard.
Click on "Storage"
Click on the settings gear on the top right
Click on "Add Data Domain"
Then specify your Data Domain connection information.
Be sure that "Enable Checkpoint Copy" is checked. Click Next
Verify that you enter the correct read only SNMP community for your Data Domain System.
Click Next.
Click Finish.
You have successfully added your Data Domain to your VDPA instance. Now lets setup a backup job using the DD.
Step 4 - Adding the DD to a backup job.
Log into your VC Web client at https://<your vc ip>:9443/ (9443 is the default port.)
Click on vSphere Data Protection on the left.
Select your appliance and click Connect.
Create your backup job as you normally would, setting targets, schedule, and retention. On the destinations selection, choose Data Domain.
Run your backups, and you are all set!
Andrew
@indylinux
The vSphere Data Protection Advanced 5.8 Admin Guide is here.
Prerequisites
- vSphere 5.5+
- vCenter 5.5+
- VDPA 5 license for the number of sockets in your cluster
- DataDomain Connection info (DDBoost User, Pass, SNMP community string)
- DNS Entry with Reverse PTR for the VDPA Appliance
Step 1 - Install vSphere Data Protection Appliance
Go to https://my.vmware.com, and download the vSphere Data Protection 5.8 appliance files. Its close to 5GB in size, so allot time for the download. Once you have the OVA file downloaded, go to the vSphere Web Client, and deploy the virtual Appliance. Be sure to enter in the correct network information as part of the OVF deployment wizard.
Step 2 - Initial Configuration of the VDP Appliance
Access the VDP Appliance at https://<IP of VDP>:5438/vdp-configure
Login in as root, with an initial password of "changeme"
Roll through the initial configuration wizard. Create a basic VDP appliance, give it space on a data store, and install your VDPA license. Once the wizard completes, the device will reboot. This can take up to 30 minutes to come back up as it runs through its post config process.
Step 3 - Create the DD Storage Connection
Access the VDP Appliance again at https://<IP of VDP>:5438/vdp-configure
Login as root, and use the password you specified in the wizard.
Click on "Storage"
Click on "Add Data Domain"
Then specify your Data Domain connection information.
Verify that you enter the correct read only SNMP community for your Data Domain System.
Click Next.
Click Finish.
You have successfully added your Data Domain to your VDPA instance. Now lets setup a backup job using the DD.
Step 4 - Adding the DD to a backup job.
Log into your VC Web client at https://<your vc ip>:9443/ (9443 is the default port.)
Click on vSphere Data Protection on the left.
Andrew
@indylinux
Subscribe to:
Posts (Atom)