Archive for September, 2014

mail command – modify the From address

Here is how you can send an email message from linux command line and use a different from address. This is useful in scripts that run as a user that would not necessarily manage the process or even look at or care about the email.

$ mail -s “Test Subject” me@mydomain.com — -f donotreply@mydomain.com -F ‘”Do Not Reply” ‘ < someinputfile

VMware ESXi – Common Information Model

Version: VMware ESXi 5.1 and 5.5.

To determine the hardware in your VMware ESXi host, you can access the Common Information Model (CIM) data using a VMware provided shell script when you install ESXi.

Note: You have to have ssh enabled.

I found it easiest to just run the script and search the output from the less command.

Once logged via ssh as root:

~ # /bin/cim-diagnostic.sh > tmp.fil

~ # less tmp.fil

In my case, I was looking for specific physical memory information, so I searched for PhysicalMemory.

I found the following useful to determine the categories in the output:

~ # egrep “^Dumping” tmp.fil
Dumping instances of CIM_Namespace
Dumping instances of CIM_RegisteredProfile
Dumping instances of CIM_Sensor
Dumping instances of OMC_RawIpmiSensor
Dumping instances of OMC_RawIpmiEntity
Dumping instances of CIM_ComputerSystem
Dumping instances of CIM_Chassis
Dumping instances of CIM_SoftwareIdentity
Dumping instances of CIM_Memory
Dumping instances of CIM_PhysicalMemory
Dumping instances of CIM_Processor
Dumping instances of CIM_LogRecord
Dumping instances of CIM_RecordLog
Dumping instances of CIM_EthernetPort
Dumping instances of CIM_PowerSupply
Dumping instances of CIM_PCIDevice
Dumping instances of VMware_StorageExtent
Dumping instances of VMware_Controller
Dumping instances of VMware_StorageVolume
Dumping instances of VMware_Battery
Dumping instances of VMware_SASSATAPort

Chroot vsftpd – if you must.

Tested on Ubuntu 12.04 LTS.

This should be used only for an account for ftp only, because filesystem write access will be removed.

Install vsftp:

$ sudo apt-get install vsftpd

Edit /etc/vsftpd.conf:

$ sudo cp -p /etc/vsftpd.conf /etc/vsftpd.conf.orig
$ sudo vi /etc/vsftpd.conf


# JGZ 9/3/2014 – disable anonymous
#anonymous_enable=YES
anonymous_enable=NO

# JGZ 9/3/2014 – use local accounts
local_enable=YES
#

# JGZ 9/3/2014 – allow writing
write_enable=YES
#

# JGZ 9/3/2014 – jail local user accounts in their home directory
chroot_local_user=YES
#

# JGZ 9/3/2014 – don’t allow list
chroot_list_enable=NO

# JGZ 9/3/2014 – list permission if in the file
chroot_list_file=/etc/vsftpd.chroot_list

Edit/create chroot list file:

$ sudo vi /etc/vsftpd.chroot_list

localusername

Remove write access from the localusername directory:

$ sudo chmod a-w /home/localusername

Note: If you use the command above, you will need to create a subdirectory in the home that the localusername can write in. If you want to restrict the ftp user to their home directory, omit the chroot_list_enable and chroot_list_file options specified in the config.

The following will change the log location from /var/log/xferlog to /var/log/vsftpd.log, however it will give you much more useful information. To enable verbose logging add the following:


# JGZ 3/2/2015 – verbose logging
#xferlog_std_format=YES
xferlog_std_format=NO

# JGZ 3/2/2015 – enable verbose logging
log_ftp_protocol=YES

This will not allow the ftp user to delete files for directories. To restrict the ftp user command set:


# JGZ 3/2/2015 – deny delete and rm
cmds_denied=DELE,RMD

To restrict FTP access to a set of I.P. Addresses (CentOS 7):
Use TCP wrappers:

# vi /etc/vsftpd/vsftpd.conf

tcp_wrappers=YES

Restart vsftpd:

# systemctl restart vsftpd

Deny all access:

# vi /etc/hosts.deny

vsftpd: ALL

Create exceptions:

# vi /etc/hosts.allow

vsftpd:aaa.bbb.ccc.ddd www.xxx.yyy.zzz

Return top

INFORMATION

LinkedIn Profile