Script to install Oyster Protocol (PRL) Hooknode

Update – 2018-02-19: There were a few bugs in the first version of this script. If you ran any version of it previous to v1.3 you’ll want to wipe your CentOS machine and re-run the script from scratch. You can check the script version number by looking at it in a text editor.

 

Saw these scripts in the official Oyster Protocol Github that would automatically build you a Oyster Protocol Hooknode if you have a clean Ubuntu 16.04 installation. I’m more of a fan of CentOS so I thought I’d try porting the script over to CentOS 7.

Disclaimer: This script will likely not result in a super secure installation of CentOS. It will however get you a working deployment of Oyster Protocol (PRL) Hooknode on a blank CentOS 7 VM (or physical system if you prefer) with the firewall still enabled. I do not recommend using this in production with out performing additional hardening yourself or altering the script to perform it for you. The script will configure the system to automatically download and install security updates.

It is generally bad practice to run random scripts from the internet so please review the script before executing it to make sure you are OK with everything it is doing.

I am going to assume you’ve built a VM in your preferred hypervisor (I’m using VMware Workstation) and you have the CentOS Minimal Installation ISO mounted to it’s CDROM so it will boot the CentOS installer. I am also going to assume you have DHCP and DNS working on your network  so the VM will automatically get a IP and be able to access the internet.

I am not going to cover setting up a static IP, public/private DNS configuration, LetsEncrypt SSL, etc. All this script will do is get you a CentOS 7 VM with a Oyster Protocol (PRL) Hooknode running on it.

I’ve built a VM with 2vCPUs, 2GB of RAM and a 40GB HD.

Installing CentOS into the VM

  1. Power on the VM
  2. Choose ‘Install CentOS 7’ and press <ENTER>
  3. Press <ENTER> to start the installation
  4. Click ‘Contiune’ on the language/keyboard selection screen
  5. Click ‘Network & Hostname’
  6. Change the hostname to whatever you’d like your VM to be called and click ‘Apply’
  7. Click the ‘Off’ button in the top right to turn on the network connection
  8. Verify you have an IP address and note it down so you can SSH in post installation, if not you have some fixing to do, if you do click ‘Done’
  9. Click ‘Date & Time’
  10. Pick your timezone
  11. Make sure ‘Network Time’ is set to ‘On’
  12. Click ‘Done’
  13. Click ‘Installation Destination’
  14. Select the VMs disk and click ‘Done’
  15. Click ‘Begin Installation’
  16. Click ‘Root password’, set a password and click ‘Done’
  17. Click ‘User creation’, fill out the boxes for your normal user account, check mark ‘Make this user administrator’ and click ‘Done’
  18. Wait for the installation to complete
  19. Click ‘Reboot’ when it’s done

SSH into your server, disable SELinux, reboot and run the install script

Note: If you didn’t write down the IP of your VM from the OS installation you can login with the root account or your non-root account and run “ip addr show” and you will see the IP of your VM under ‘ens##’ next to ‘inet’

  1. SSH into your VM using your non-root account you created during the installation
  2. Run the following command to disable SELinux and automatically reboot
  3. SSH back into your VM using your non-root account
  4. Download the installation script by running the following:
  5. Verify the the file by running the following command. The output should say “OK”
  6. Inspect the script using vim or some other text editor to make sure you are OK with everything happening in the script. Running scripts randomly from the internet is usually a bad idea.
  7. Run the script and enter your password when prompted
    NOTE: This script will take a while to complete due to a large, download required as part of the installation. Be patient.
  8. Wait for installation to complete

Specter/Meltdown performance impact on my Lenovo T450S

Did some quick benchmarks tonight with the mitigation’s enabled and disabled.

I’m losing over 10% performance on a Broadwell i5-5300U

 

Enabled:

 

Disabled:

If you want to try yourself here is how you can disable the mitigation’s. Run the following from Command Prompt or PowerShell. Make sure you ‘Run as Administrator’.

Once you’ve changed these registry keys reboot your PC.

This is obviously not recommended for production as you’re disabling important security updates on your system.

To re-enable the protections run the following:

 

Source: https://support.microsoft.com/en-ca/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

Script to install WordPress and phpMyAdmin on CentOS 7

Saw this request on Reddit and thought it might be a neat challenge.

Disclaimer: This script will likely not result in a super secure installation of CentOS, Apache, MariaDB or WordPress. It will however get you a working deployment of WordPress on a blank CentOS 7 VM with the firewall and SELinux still enabled. I do not recommend using this in production with out performing additional hardening yourself or altering the script to perform it for you. Also it is generally bad practice to run random scripts from the internet so please review the script before executing it to make sure you are OK with everything it is doing.

I am going to assume you’ve built a VM in your preferred hypervisor (I’m using VMware Workstation) and you have the CentOS Minimal Installation ISO mounted to it’s CDROM so it will boot the CentOS installer. I am also going to assume you have DHCP and DNS working on your network  so the VM will automatically get a IP and be able to access the internet.

I am not going to cover setting up a static IP, public/private DNS configuration, LetsEncrypt SSL, etc. All this script will do is get you a CentOS 7 VM with Apache, MariaDB, phpMyAdmin and WordPress on it.

I’ve built a VM with 2vCPUs, 2GB of RAM and a 20GB HD.

Installing CentOS into the VM

  1. Power on the VM
  2. Choose ‘Install CentOS 7’ and press <ENTER>
  3. Press <ENTER> to start the installation
  4. Click ‘Contiune’ on the language/keyboard selection screen
  5. Click ‘Network & Hostname’
  6. Change the hostname to whatever you’d like your VM to be called and click ‘Apply’
  7. Click the ‘Off’ button in the top right to turn on the network connection
  8. Verify you have an IP address and note it down so you can SSH in post installation, if not you have some fixing to do, if you do click ‘Done’
  9. Click ‘Date & Time’
  10. Pick your timezone
  11. Make sure ‘Network Time’ is set to ‘On’
  12. Click ‘Done’
  13. Click ‘Installation Destination’
  14. Select the VMs disk and click ‘Done’
  15. Click ‘Begin Installation’
  16. Click ‘Root password’, set a password and click ‘Done’
  17. Click ‘User creation’, fill out the boxes for your normal user account, checkmark ‘Make this user administrator’ and click ‘Done’
  18. Wait for the installation to complete
  19. Click ‘Reboot’ when it’s done

SSH into your server and run the install script

Note: If you didn’t write down the IP of your VM from the OS installation you can login with the root account or your non-root account and run “ip addr show” and you will see the IP of your VM under ‘ens##’ next to ‘inet’

  1. SSH into your VM using your non-root account you created during the installation
  2. Download the installation script by running the following:
  3. Verify the the file by running the following command. The output should say “OK”
  4. Inspect the script using vim or some other text editor to make sure you are OK with everything happening in the script. Running scripts randomly from the internet is usually a bad idea.
  5. Run the script
  6. Enter your password when prompted and wait
  7. Near the end of the installation ‘mysql_secure_installation’ will be run which you will have to deal with interactively. There does not appear to be a way to have it run automatically
  8. When prompted for the root password just press <ENTER>
  9. When asked to set a root password hit <ENTER>
  10. Enter a root password of your choosing for MariaDB and note it down securely
  11. Hit <ENTER> for all of the other questions
  12. Once the script finishes it will output your WordPress database password, note it down somewhere secure
  13. You should now be able to access WordPress via http://<VMs IP>/ and phpMyAdmin via http://<VMs IP>/phpmyadmin
  14. Once you’ve finished the WordPress installation run the following command to reset the SELinux permissions we altered so the installer would work and reboot the VM in case one of the updates that was installed was a kernel update:

 

Thank you to Nick for his SELinux tips: https://techblog.jeppson.org/2016/10/install-wordpress-centos-7/

Datastores not listed after deploying VMware Replication Appliance

Just did a fresh deployment of the VRM 6.5.1 appliance into vCenter 6.5.1u1 which controls our vSphere 5.5 hosts.

Installation and configuration went smoothly but when I went to setup a test replication for a VM I could not complete the setup because none of my datastores were being listed.

A reboot of vCenter did not help.

Restarting the VRM service via the appliances WebUI fixed the problem. A reboot of the appliance would have also probably worked.

You can restart the service via: https://<APPLIANCE FQDN>:5480/

  1. Click ‘Configuration’ under the ‘VM’ page
  2. Click ‘Restart’ at the bottom

Pretty straight forward solution but I didn’t find this in the first few pages of Google results. Might save someone else a bunch of troubleshooting.

Some users cannot login to new NPS based VPN server

Our environment previous used a Windows 2003 Server running RAS to offer our employees VPN. This server went away for multiple reasons and we built a brand new 2012 R2 server running NPS and RAS.

Since switching over we’ve had a few employees unable to login to the new VPN server. They keep getting “Invalid Username/Password”. Strangely these users had access to a different account that would work from their personal device. This eliminated client side issues as being the culprit.

Checking the Event Logs on the VPN server we found this event:

We had the user login to Webmail to verify their username and password. Everything was fine.

That led us into the text based logs. We found these:

The tip-off here was “Microsoft Routing and Remote Access Service Policy”. That was not the name of our VPN access policy. In fact that policy is located on a completely separate tab in NPS.

Turns out the issue was a AD account setting:

After some digging I found out that this AD attribute is called ‘msnpallowdialin’ and can have the following values:

Knowing this I wrote a quick PowerShell script to tell me how many accounts we had configured incorrectly:

Turns out we had 142 accounts that were incorrect and 1783 accounts that were. All of the accounts that were incorrect have been around a LONG time.

To change this property on all accounts that were set to TRUE or FALSE we used the following script:

I didn’t bother making variables of the repeating values. You can just search/replace these scripts. You need to change “OU=<OU>,OU=<OU>,DC=DOMAIN,DC=FQDN” to be the OU of where your users are and “<DC FQDN>” to the FQDN of one of your Domain Controllers.