thinking sysadmin

On the ESX console, do the following:

• Read the documentation for each patch.
• Group patches that can be installed together into a directory, possibly an NFS mount available on all your ESX hosts.
• Cd into the patch directory and untar the patches:

  for i in `ls *.tgz`; do
tar -xvzf $i
done

• Install the patches:

  for i in `ls`; do
if [ -d $i ]; then
cd $i
esxupdate --noreboot update
cd ..
fi
done

• Reboot.

So you thought you fixed the DNS spoofing vulnerability that was all over the news this month? You applied the patches and moved on to the other fifty-seven things crowded on your to-do list, thinking that you were safe? If your resolvers are behind a NAT, you might want to think again, smart guy.
Read the rest of this entry »

How to find the version of BIND that you’re running:

> dig @localhost version.bind txt chaos

; <<>> DiG 9.3.2 <<>> @localhost version.bind txt chaos
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7775
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;version.bind. CH TXT

;; ANSWER SECTION:
version.bind. 0 CH TXT "9.3.5-P1"

;; AUTHORITY SECTION:
version.bind. 0 CH NS version.bind.

;; Query time: 57 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 14 11:45:14 2008
;; MSG SIZE rcvd: 65

As a sysadmin, I’ve had the opportunity to interview candidates for software developer positions. While I have done some software development, the coding abilities of these candidates generally surpass my own – or at least that’s what their resumes claim – so it’s somewhat difficult for me to accurately assess their skills. A solution I’ve found is to ask the candidates questions relating to application security; this does a remarkably good job of separating the wheat from the chaff – and a similar approach is good for evaluating software products.
Read the rest of this entry »