Archive for August, 2009
null routing ssh dictionary attacks
Now i know there are many solutions to fight against ssh dictionary attacks. I’m adding a null-routing solution to the options. This script searches /var/log/syslog (or any other logfile you specify) for specific keywords (you specify) and then adds the IP to the null route list. Enjoy 
*UPDATE* i fixed a bug in the script where the date was one number causing the cut field to get “from” instead of the IP.
#!/bin/bash
# Define variables
WORKDATE=`date | cut -f 2,3 -d ” “`
WORKDAY=`date | cut -f 3 -d ” “`
LOGFILE=/var/log/syslog
TMPFILE=/tmp/ssh_attempts
IPFILE=/etc/nullroute
CMD=/sbin/route
MASK=255.255.255.255
DFGW=127.0.0.1# Search attempts
if [ -z $WORKDAY ];
then
cat $LOGFILE | grep “$WORKDATE” | grep sshd | grep Invalid | cut -f 11 -d ” ” > $TMPFILE
else
cat $LOGFILE | grep “$WORKDATE” | grep sshd | grep Invalid | cut -f 10 -d ” ” > $TMPFILE
fi# Add to nullroutes
for IP in `cat $IPFILE`;
do
if [ -z "`cat $TMPFILE | grep $IP`" ];
then
echo $IP >> $TMPFILE
fi
done
uniq < $TMPFILE > $IPFILE# Add nullroutes to table
for ROUTE in `cat $IPFILE`;
do
if [ -z "`$CMD -n | grep $ROUTE`" ];
then
echo “adding $ROUTE to null routes…”
$CMD add -host $ROUTE gw $DFGW
fi
done
Reset your logon keyboard after vmware template deployment
One of the most annoying things when deploying a windows VM from a template in VMWare ESX 3.5 is that the regional settings get all messed up. Especially when using the dutch region settings and a us or us international keyboard (which actually all dutch are using!)….
Now to fix this i wrote a little script that will resolve the issue. It exists of 2 parts, 1 batch file that can be called by the customization wizard when running the vmware customizations (i’ll show you how to set this up a bit later) and a .reg file with the actual change.
The change that these two files make is also described in Microsoft article KB138354
keyboard.cmd
@ECHO OFF
goto SET_VAR:: Set variables
:SET_VAR
set RUNPATH=c:\windows
set KEYFILE=”c:\install\uskeyboard.reg”
goto DO_CHANGE:: Load the registry change
O_CHANGE
start /wait %RUNPATH%\regedit.exe /s %KEYFILE%
goto END:: All done
:END
exit
uskeyboard.reg
Windows Registry Editor Version 5.00
[HKEY_USERS\.DEFAULT\Keyboard Layout\Preload]
“1″=”00000409″
Now to use this scripting in the most efficient way, first create a new template or temporary convert your template to a VM and start it up. Next create a directory c:\install and create the two above mentioned file in that directory. Then go to the VMware Infrastructure manager and click “Edit -> Customization Specifications” and doubleclick on the template you use to deploy your VM’s.
Now keep clicking next until you get to the “Run Once” option and fill in “c:\install\keyboard.cmd”.
After this keep clicking next again until you finished it.
From now on the default keyboard settings on your login screen will be US English after deploying your VM (or any other language you specify in the .reg file).
Enjoy
VMWare tools in ubuntu
Frederik Vos wrote a nice article on how to install open-vm-tools in ubuntu 9.04
This is a very decent article, however, i prefer not to install X on a server that does not need it, so i rewrote the install part of his manual to remove X from the installation :
aptitude install linux-headers-`uname -r` wget g++ make libglib2.0-dev libfuse-dev libdumbnet-dev libicu-dev
wget “http://downloads.sourceforge.net/project/open-vm-tools/open-vm-tools/2009.07.22/open-vm-tools-2009.07.22-179896.tar.gz”
tar xzvf open-vm-tools-2009.07.22-179896.tar.gz
cd open-vm-tools-2009.07.22-179896./configure –without-pam –without-x
make
sudo make install
Now create the logon scripts and get running…
cd /etc/modprobe.d/ sudo wget www.l4l.be/download/vmxnet.conf cd /etc/init.d/ sudo wget www.l4l.be/download/open-vm-tools sudo chmod +x open-vm-tools sudo ./open-vm-tools start sudo update-rc.d open-vm-tools defaults
But then again, in Jaunty the open-vm-tools where properly fixed so you shouldn’t need this anymore