client_loop: send disconnect: Broken pipe
Whilst its an annoyance, this message is harmless. Here we show three examples of how you can overcome this issue.
Latest posts
Windows Server Lockout policy based on Username
You can see detailed status of a user account by opening the command prompt and typing 'net user <username>'
Packet Filter bundled in the upcoming Oracle Solaris 11.4
This artical summarises features that are new or have been enhanced in the upcoming release of Oracle Solaris 11.4
Limiting users who can login via RDP
If you only want some members of the Administrators group to have RDP access, you can adjust this in Local Security Settings
Configure Ubuntu 16.04 to use two-factor authentication
When a ssh-key authentication is not enough, the quickest solution for a server could be to make ssh to ask for 2-factor token when logging in.
Setting up an SSHD failover daemon in Ubuntu
A simple article on how to create a failover SSH server on a Ubuntu system, allowing you to connect on an alternative port of the original SSHD fails
rkhunter update fails "Invalid WEB_CMD configuration option"
An update to rkhunter will fail with Invalid WEB_CMD configuration option: Relative pathname: "/bin/false"
How to enable USB write protection in Windows 10
Introducing an unknown USB device into a network can cause a host of security headaches. Take away the threat in Windows 10 in just a few short steps.
Resetting Oracle VM 3.x Agent Password
To facilitate the initial discovery of the Hypervisor part of the setup requires that we set the password for the root user and for the ovs-agent.
Securing the Nibbleblog Admin area by renaming it
A simple hack to rename the Nibbleblog default admin area to something a little more secure.
Forcing RHEL to prompt for password in Single User mode
By default, RHEL doesn't prompt for a password and we are given root shell directly, as usually Single User mode can be used to reset root password.
NetBackup Access Control (NBAC) a brief overview
The NetBackup Access Control (NBAC) is the role-based access control that is used for master servers, media servers, and clients.
Building a Solaris 11 IPS Server
Maintaining a copy of the Solaris distribution is a good way to ensure all your systems have access to updates and software packages.
Troubleshooting NetWorker authorisation errors
This article provides a list of possible causes and resolutions for error messages that are related to NetWorker server authorization issues.
NetWorker 9.0 Avamar integration changes
Beginning with NetWorker version 9.0, support for EMC Avamar integration is deprecated for new clients.
Downloading the CloudBoost encryption keys
Always download your Cloudboost Encryption keys at your earliest possible time as there is no way to retrieve them after a system failure.
CloudBoost Firewall Port requirements
The following table provides a list of firewall port requirements for CloudBoost for NetWorker.
Gaining root access to VBA via ssh
This post provides the steps necessary to log into a VBA through SSH and load the dpnid key to ensure all the commands are run correctly.
Configuring a basic firewall under Ubuntu 14.04
This article provides a quick reference to UFW commands that will create iptables firewall rules are useful in common, everyday scenarios.
Changing the NetWorker Management Console (NMC) service port
If you other applications running on the same system you may come across a conflict where both applications are using the same service port.
NetBackup Key Management Service (KMS) command line examples
KMS is integrated into NetBackup in such a way so as to eliminate difficulties in using NetBackup from a system management perspective.
Configuring LDAP authentication for NetWorker Management Console
Once you set up LDAP authentication you can't use the built in administrator account to log on NMC unless you reset it again
Enabling SSHD authentication logging via syslog on Solaris 10
How to enable authentication logging via syslog of ssh. This will enable ssh to log any login attempts (successful/unsuccessful) to a log file.
Enabling SSHD authentication logging via syslog on Solaris 8 and 9
How to enable authentication logging via syslog of ssh. This will enable ssh to log any login attempts (successful/unsuccessful) to a log file.
Private and public key pairs for SSH
SSH has a key management capacity and related agents.When configured with public key authentication, your key proves your identity to remote SSH hosts
SSH configuration and security best practices
Here is a list of processes and configurations that you can use to tighten and enhance SSH security with regard to remote host access
Configuring OpenSSH on Solaris 8
Solaris 8 doesn't come with the SSH and SFTP like features, to enable these we have to install and configure third party packages
Changing the Oracle VM Manager User Password
The Oracle VM Manager user lets you log in to the Oracle VM Manager Web UI. This article provides the steps required to change the admin password.
Troubleshooting NSR tunnel
The NSR tunnel resource enables NetWorker clients and storage nodes to communicate with a NetWorker server over a firewall
Avamar System default passwords
This article provides a list of default passwords for an Avamar grid. If you have not already, consider changing the defaults for security reasons.
NetWorker in a Firewalled environment
Default service ports for NetWorker are TCP 7937-9936. hey are randomly chosen by the configured port range by EMC portmapper.
How to reset MySQL root password
Have you forgotten MariaDB root password? You don't know how to recover it. Not to worry, use these steps to reset MariaDB root password.
How to reset MariaDB root password
Have you forgotten MariaDB root password? You don't know how to recover it. Not to worry, use these steps to reset MariaDB root password.
How to allow root login on Solaris 11
After your installation of Solaris 11 has completed, you will not be able to login directly to the console as the root user
Allowing root to login directly on Solaris 11
So you have a fresh install of Solaris 11 and you cannot login directly as root because it is a role...
How to view LDOM configuration as non-root user
If you try to view LDOM configuration information as a non-root user under Solaris...
Using AIDE to ensure Linux server integrity
AIDE provides an additional layer to your server security not by keeping intruders out but by notifying you as the sysadmin of a possible intrusion.
Using ipmitool to reset ILOM root password
If you have root access to the OS you can use the ipmitool to reset the root password on the ILOM
Restricting Access to SSH Connections
A set of direcetives that are under used are the AllowUsers, AllowGroups, DenyUsers and DenyGroups to restrict user and groups remote access with SSH.
Securing SSH on Solaris 10
It is strongly recommended that sites abandon older clear-text login protocols and use SSH to prevent sniffing of sensitive data off the network
Recovering from a lost root password under Linux
This article provides a quick procedure on how to recover a lost root password frm virtually any version of Linux which uses the GRUB boot loader.
Configure KMS encryption on a windows NetBackup server
This article provides the necessary actions needed to install and configure Key Management Service encryption on a windows NetBackup master server.
Configure KMS encryption on a UNIX NetBackup server
This article provides the necessary actions needed to install and configure Key Management Service (KMS) encryption on a UNIX NetBackup master server.
Turn On/Off Apache Directory Listing
To enable the directory browsing in Apache server, we need to add the directory option in apache configuration file.
Changing Avamar Passwords
Changing only the passwords for the operating system users does not sufficiently prevent someone from logging in to Avamar server nodes.
Solaris UADMIN commands
The uadmin command is tightly coupled to the system administration procedures and is not intended for general use
Making pfexec work like sudo under Solaris
I thought I'd try out the new role based action control (RBAC) on the Solaris systems as an alternative to sudo.
How to reset the NetWorker NMC password on a Windows server
Use this procedure to reset the NMC administrators password on a windows server
Enabling and Disabling ftp services on Solaris
For security purposes, administrators may wish to disable ftp on a given Solaris system.
Enabling and Disabling telnet service on Solaris
For security purposes, administrators may wish to disable telnet on a given Solaris system.
Overwriting LDAP authentication with NMC to use the default
Using this procedure you can override LDAP NMC authentication to the internal authentication or reset it back again to the internal authentication
Changing the Oracle VM Agent User Password
The Oracle VM Agent password is used by Oracle VM Manager when you discover an Oracle VM Server.
Special file permissons (setuid, setgid and sticky bit)
setuid and setgid are unix access rights flags that allow users to run an executable with permissions of the executables owner and group respectively
Restricting SFTP users with chrooted access
In a nutshell users will be tied-down to a specific directory which they will not be able to move from, thus prevention from seeing you entire system
Restoring original Solaris file permissions
In the event of drastic file permission or ownership changes, it is possible to restore the original permissions of the file(s)
Console login from LOM, ALOM, ILOM, ELOM, RSC or XSCF [updated]
In this post, we will see the commands for accessing the serial console of different kinds of Sun servers based on ALOM, ILOM, ELOM and other IPMI bas
Opening Local Firewall Ports on Windows 2008 Server
This article explains with illustrations on how to configure a firewall (open local ports) on a Windows 2008 Server.
Changing Solaris password with an expect script
Changing a users password without user input is easy under Linux using the chpasswd command. On Solaris this does not exist.
Using SSH login without password
An article outlining steps needed to be able to use the SSH to access a remote system without supplying a password each time that you connect.
Solaris Basic Audit Reporting Tool (BART)
BART is a great little alternative to Tripwire or AIDE. While not so robust or full featured, it does what you need it to do with very little impact.
Clearing Password History in Solaris 10
To ensure the security of passwords on Solaris systems, you need to edit the /etc/default/passwd file to enforce password length and complexity.
Enforcing password complexity on Solaris
Solaris 10 is the first version of Solaris to provide a complex set of variables for controlling password strength.
SSH Cheat Sheet
This post provides me with a reminder of the syntax for the most useful SSH features I use whist auditing systems.
How to change user password on Solaris/Linux
How to change a user password on Solaris/Linux systems and also see password policy
Disabling SELinux in Oracle Linux 6
In this post, we walk through steps you can follow to check the status of SELinux and also disable it in OEL 6, if it is enabled.
Network ports used by Veritas Storage Foundation
If you have configured a firewall, ensure that the firewall settings allow access to the services and ports used by SF and SF-HA
2 Security tweaks to enhance Webmin
Out of the box webmin works great, with these two tweaks we can enhance the security of this web-based sysadmin tool.
How to reset a lost Webmin password
If you've lost your admin password to access webmin, then use the 'changepass.pl' utility to simply reset your webmin password.
Bypassing ALOM password on a Sun Fire V210/240/250/440
To overide the ALOM password on the Sun Fire (V210, V240, V250 or V440) system you will need to perform the following tasks.
Resetting default username and password for NMC
The following procedures given details on resetting the NMC Administrator password to the default value on Solaris, Linux and Windows systems.
Disabling services in Solaris 10
To disable a service under Solaris 10 we use the svcadm command.
Giving 'scp' go faster stripes
Transferring files with scp isn't the quickest option, but if it's the only one there's a simple way to make it go a little quicker.
Changing the Hostname in Solaris (updated)
The traditional method of changing the hostname of a given solaris system was to use sys-unconfig utility.
Sun StorEdge SE99x0 default passwords
This post simple provides a list of the default passwords for the Sun Storage SE 99x0 arrays and Hitatchi Data Systems (HDS) Storage systems.
Disable syslog "remote logging" under Solaris
syslog remote logging under Solaris by default is enabled and will listen on UDP port 514 for syslog messages from remote servers.
How to configure Single-Sign-On using OpenSSH on HP/UX
How to configure SSH to allow access using GSSAPI and achieve single-sign-on using vendor supplied OpenSSH or OpenSSH downloaded from the internet.
Solaris Secure by Default
This project changes the default configuration of the Solaris OS such that ssh is the only network-listening service.
Solaris Security Toolkit (JASS)
The Solaris Security Toolkit simplifies and automates the process of securing Solaris OS systems and is based on proven security best practices/
Solaris IP Filtering
IPF provides stateful packet filtering capabilities by IP address, network, port, protocol, network interface and traffic direction.
Solaris Auditing
Solaris auditing helps to detect potential security breaches by revealing suspicious or abnormal patterns of system usage.
Cryptographic Services Management on Solaris
The Solaris Cryptographic Framework provides cryptographic services to users and applications through user-level and kernel-level commands.
Locking down your Solaris system
With later releases of Solaris, if you want to, you can manually lock down your system using the netstat, svcs and svcadm commands.
NetWorker lockbox password management
NetWorker 7.5 provides a lockbox service that allows NetWorker application modules to securely store and retrieve passwords over the network.
Solaris password truncated to 8 characters
Why is my long password truncated to 8 characters, classed as weak, doesn't have enough different characters or classes — Hmmm! go figure.
Deleting Windows temp files
Any file under the Windows Temp folder is safe to delete. But that isn't the only place that temporary files are stored on Windows computers.
Disabling replies to broadcast ping requests
By default, Solaris systems are enabled to respond to broadcast ICMP echo packets, which are ping requests.
Disable the power/suspend key on Sun keyboard
In this post I show options to disable the power/suspend key and an alternative to reassign the key to perform screenlock instead.
Configuring the firewall on a Windows XP NetWorker client
The installation of Window XP SP2 installs a new version of ICF (Internet Connection Firewall) which breaks the running NetWorker environment.
Securing access to a Solaris system
This document details some of the focus areas for security and provides suggestions to make it strong.
sadmind daemon vulnerability
In its default configuration sadmind uses a set of clear text Remote Procedure Calls (RPC) to authenticate between two machines.
Running nsrjb as non-root user
running NSRJB as a non-root user
How to password reset a Sun StorEdge T3 storage array
This simple article provides the steps necessary to password reset a Sun StorEdge T3 array.
Enable TCP SYN Cookie Protection in Red Hat Linux 6
A SYN Attack is a denial of service (DoS) attack that consumes all the resources on your machine, forcing you to reboot.
A simple Disk Wipe procedure on Solaris
Overwriting a disk with the format command is usually enough for most purposes, because it greatly reduces the chance that any data can be recovered.
Solaris Automated Security Enhancement Tool (ASET)
ASET allows you to monitor and restrict access to system files. It can be configured for three security levels: low, medium, and high.
Sun EEPROM Security
On Sun workstations and servers you can interact with the boot EEPROM (NVRAM) at any time by holding down the STOP (L1) key and pressing the "a" key
NIS+ Credential Setup
To gain authorisation to change NIS+ databases you need to create your security credentials for the NIS+ principals