information security services
Useful information and links.
If your using Gmails SMTP relay and receive either of the following errors, switch your outbound mail to use port 587.
Show Postfix errors; tail -f /var/log/syslog
Look for either of these;delivery temporarily suspended: connect to smtp-relay.gmail.com
delivery temporarily suspended: lost connection with smtp-relay.gmail.com
The fix;vi /etc/postfix/main.cf
Update the realyhost;relayhost = smtp-relay.gmail.com:587
Problem is directory’s such as /wp-includes/ are viewable.
Disable directory traversal by adding this line to the end of your .htaccess file in the root of your website directory:
Options All -Indexes
Then restart:
systemctl restart apache2
Confirm this is disabled by navigating to /wp-includes/
To setup syslog in ESXi 6.5 I found it easier through the ESXCLI, here are the commands to run:
Allow syslog through the firewall:
esxcli network firewall ruleset set --ruleset-id=syslog --enabled=true esxcli network firewall refresh
Set loghost:
esxcli system syslog config set --loghost='tcp://syslog.server.co:514' esxcli system syslog reload
Verify Syslog settings:
esxcli system syslog config get
Troubleshooting:
Check connectivity:
nc -z syslog.server.co 514
If you get the following error when setting the loghost its a DNS issue:
No root object set for output. The command did not provide proper output. Implementation error! The output of this command does not match the declared output type of this command, see errors above.
To check your name resolution:
nslookup syslog.server.co
Check your DNS servers:
esxcli network ip dns server list
If DNS needs to be set:
esxcli network ip dns server add --server=<server>
To forward all web requests going to your apache webhosts’ IP to a domain, add the following to redirect to both files in between the VirtualHost tags:
/etc/apache2/sites-available/000-default.conf
/etc/apache2/sites-available/default-ssl.conf
Redirect permanent / https://www.yourdomain.com
Here’s an easy procedure to update your ESXi to the latest build using the CLI and WebUI for Client.
Step1- List latest available packages:
esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml | grep -i ESXi-6.5.0-2022
Step2- Select latest, install and reboot:
esxcli software profile update -p ESXi-6.5.0-20221004001-standard -d http://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
reboot
Step3- Verify latest build:
vmware -vl
VMware ESXi 6.5.0 build-20502893
VMware ESXi 6.5.0 Update 3
Step4- Verify latest client build:
Check version in web ui, under help, about
Step5- If needed upgrade client to latest using WebUI:
http://download3.vmware.com/software/vmw-tools/esxui/esxui-signed-latest.vib
Here’s an easy three step procedure to update your ESXi to the latest build using the CLI.
Step1- SSH into your ESXi host and modify the firewall:
esxcli network firewall ruleset set -e true -r httpClient
Step2- List latest available packages:
esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml | grep -i ESXi-6.5
Step3- Select latest, install and reboot:
esxcli software profile update -p ESXi-6.5.0-4564106-standard -d http://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
Note I had to run Step3 twice on some hosts.
sudo vim /etc/apache2/sites-enabled/000-default.conf
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://www.titantechcorp.com
sudo vim /etc/apache2/sites-available/default-ssl.conf
ServerAdmin webmaster@localhost
ServerName titantechcorp.com
ServerAlias www.titantechcorp.com
DocumentRoot /var/www/html/wordpress/
Here’s an easy three step process to update your ESXi host to the latest build using a USB Flash Drive.
Step1- Download latest ISO VMware vSphere Hypervisor(ESXi) 6.5 ISO
https://my.vmware.com/en/group/vmware/evalcenter?p=free-esxi6
Step2- Download and run Rufus
https://rufus.akeo.ie/
Step3- Click the CD icon and point to the ISO you downloaded, leave everything else default and click start
(Note you may get a popup requesting to replace the menu, to avoid issues with the USB key not booting you’ll need to click Yes to download the updated file.)
I have performed this method on versions 5.5 and 6
Here’s a two step process to easily create a bootable DBAN USB dive to permanently erase a hardrive.
Step1- Download the latest ISO from DBAN:
http://www.dban.org/
Step2- Download and run the “Universal USB Installer”, select DBAN from the drop down list:
https://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/
Reference:
https://www.pendrivelinux.com/install-dban-to-a-usb-flash-drive-using-windows/
Symptom is no email is being received
tail /var/mail/root contains the following error:
Diagnostic-Code: X-Postfix; unknown user:
When you install postfix if your hostname includes your domain then Postfix thinks its receiving mail for the domain, to fix:
vim /etc/postfix/main.cf
remove [yourdomain.com] from mydestination section
restart postfix and retest
postfix stop
postfix start
Reference:
http://stackoverflow.com/questions/32877196/postfix-thinks-the-system-email-is-local