My Geek Finds

But I have some more stuff to post coming soon.

Follow Santa as he delivers toys around the world.
Norad Santa

Merry Christmas!!!

Interesting little how-to article on using iTunes to organize your pdf documents.

http://lifehacker.com/240447/geek-to-live–organize-your-pdf-library-with-itunes

I’ve had my iPhone for about a week now and I’m still exploring all the cool features (there’s an app for that). I was one of those folks that always figured my cell phone just needed to be a phone, and really that’s all mine ever was – until now. What an awesome piece of technology!

I can check my email, get my bank statement, listen to music, play games, track the ISS, and even blog! I am in fact writing this blog post on my iPhone.

So far I have been playing with some of the free apps (there a 100s of them) and I am pretty impressed with the quaility of the free apps. The wordpress app that I am using to post this allows me to post to all of my blogs and moderate the comments on each of them and it’s FREE!

Very cool!

I’ll post a bit more about some of my favorite apps in another post

Have a great weekend!

Here is a script I put together some years ago to create a simple Iptables firewall on my linux webserver. Some of the code was borrowed from a linux security book but I do not remember which one. Anyway it is a pretty handy script to give you some control and protection.

First create three files in /usr/local/etc:

ipblack.lst – this file contains a list of ip addresses you want to blacklist. One ip or subnet per line.

Example:

94.178.222.17
87.0.0.0/8

ipwhite.lst – this file contains a list of ip addresses that you allow unrestricted access (Be careful with this). One ip or subnet per line. Make sure you add localhost to this file.

Example:

localhost
10.10.1.1 #Home IP Address

ports.lst – this file contains a list of ports you allow.

Example:

22 #SSH
25 #SMTP
53 #DNS/Domain
80 #HTTPD
443 #HTTPS

Add this iptables.sh script to /usr/local/sbin

#!/bin/sh

#Iptables for webserver

IPTABLES=/sbin/iptables
WHITELIST=/usr/local/etc/ipwhite.lst
BLACKLIST=/usr/local/etc/ipblack.lst
PORTSLIST=/usr/local/etc/ports.lst

#—-Flood Variables—–#

# Overall Limit for TCP-SYN-Flood detection
TCPSYNLIMIT=”5/s”
# Burst Limit for TCP-SYN-Flood detection
TCPSYNLIMITBURST=”10″

# Overall Limit for Loggging in Logging-Chains
LOGLIMIT=”2/s”
# Burst Limit for Logging in Logging-Chains
LOGLIMITBURST=”10″

# Overall Limit for Ping-Flood-Detection
PINGLIMIT=”5/s”

# Burst Limit for Ping-Flood-Detection
PINGLIMITBURST=”10″

#Clear any current filters
$IPTABLES -F

#Process Whitelist
for x in `grep -v ^# $WHITELIST | awk ‘{print $1}’`; do
echo “Permitting $x…”
$IPTABLES -A INPUT -t filter -s $x -j ACCEPT
done

#Process Blacklist
for x in `grep -v ^# $BLACKLIST | awk ‘{print $1}’`; do
echo “Blocking $x…”
#$IPTABLES -A INPUT -t filter -s $x -j LOG
$IPTABLES -A INPUT -t filter -s $x -j DROP
done

#Allow Ports list
for port in `grep -v ^# $PORTSLIST | awk ‘{print $1}’`; do
echo “Accepting port $port…”
$IPTABLES -A INPUT -t filter -p tcp –dport $port -j ACCEPT
done

$IPTABLES -A INPUT -t filter -p tcp –syn -j DROP

#ICMP TIMESTAMP REQUEST AND REPLY
$IPTABLES -A INPUT -p icmp –icmp-type timestamp-request -j DROP
$IPTABLES -A FORWARD -p icmp –icmp-type timestamp-request -j DROP

#Logging of possible TCP-SYN-Floods
$IPTABLES -N LSYNFLOOD
$IPTABLES -A LSYNFLOOD -m limit –limit $LOGLIMIT –limit-burst $LOGLIMITBURST -j LOG –log-prefix “fp=SYNFLOOD:1 a=DROP ”
$IPTABLES -A LSYNFLOOD -j DROP

#INVALID SYN packets
$IPTABLES -A INPUT -i eth0 -p tcp –tcp-flags ALL ACK,RST,SYN,FIN -j DROP
$IPTABLES -A INPUT -i eth0 -p tcp –tcp-flags SYN,FIN SYN,FIN -j DROP
$IPTABLES -A INPUT -i eth0 -p tcp –tcp-flags SYN,RST SYN,RST -j DROP

#Logging of possible Ping-Floods
$IPTABLES -N LPINGFLOOD
$IPTABLES -A LPINGFLOOD -m limit –limit $LOGLIMIT –limit-burst $LOGLIMITBURST -j LOG –log-prefix “fp=PINGFLOOD:1 a=DROP ”
$IPTABLES -A LPINGFLOOD -j DROP

Add /usr/local/sbin/iptables.sh to rc.local so that it runs when the machine starts up.

Anytime you make changes to the ipblack.lst, ipwhite.lst, or ports.lst files rerun the iptables.sh script to apply the rules.

The script also applies iptable rules to help protect against ping floods, SYN flood, and invalid SYN packets.

Details on the migration from VI 3 to vSphere 4.

vSphere Update Center

Check out the step-by-step vSphere migration videos.

Introducing VMware vSphere 4 – The Industry’s First Cloud Operating System http://blogs.vmware.com/vmtn/2009/04/introducing-vmware-vsphere-4-the-industrys-first-cloud-operating-system.html

VMware vSphere 4 Launch Supported by Broad Virtualization Ecosystem http://vmblog.com/archive/2009/04/21/vmware-vsphere-4-launch-supported-by-broad-virtualization-ecosystem.aspx

VMware vSphere 4 Provides “Always On IT” for SMB and Branch Office IT Environments With Low Cost, High Availability Solutions http://vmblog.com/archive/2009/04/21/vmware-vsphere-4-provides-always-on-it-for-smb-and-branch-office-it-environments-with-low-cost-high-availability-solutions.aspx

A random collection of what’s new vSphere eye candy http://www.boche.net/blog/index.php/2009/04/20/a-random-collection-of-whats-new-vsphere-eye-candy/

VMware Launches vSphere – http://www.mikedipetrillo.com/mikedvirtualization/2009/04/vmware-launches-vsphere.html

Yellow-bricks.com has put together a great list of vSphere links: http://www.yellow-bricks.com/2009/04/21/vsphere-linkage/

If you have some time to kill (waste) check out this online game Civony by UMGE.

The game is in the spirit of Age of Empires or the old Warcraft games where you have to build houses, train your army, collect resources, upgrade structures, learn skills, etc. I have been playing it for a couple of days now. It is a bit slow, but definitely a good distraction while you are waiting for an upgrade or download to complete.

Check it out at http://www.civony.com/

Hint – Lumber, Stone, and Iron – you will need plenty of each – build 4 farms, 4 quarries, 4 sawmills and 4 ironmines, then upgrade each as you can. Follow the quests that the game gives you and the resources will come.

Have a great weekend!

Just a few quick useful VMware/ESX tips.

Installing VMware tools on an Ubuntu guest

ESX Server, NIC Teaming, and VLAN trunking

Speed up your Windows 2003 Server guests – Disable File Last Access Check

Hidden network adapters when importing to VMWare

Installing Windows XP on ESX with LSI Logic Driver

Moving hosts from one vCenter server to another.

Enable SSH on ESXi

Hope you find them as useful as I have.

Check out these great Visio stencils available for free from Veeam. Perfect for designing or documenting your virtual infrastructure.

Veeam Stencils is a free collection of VMware Visio stencils that can be used by ESX administrators, system integrators and datacenter managers to create their own diagrams in Microsoft Visio 2003 or higher.

Download them here http://www.veeam.com/vmware-esx-stencils.html