Monthly Archives: September 2012

Cloning Linux on VMware

When you clone or ‘deploy from template’ a linux virtual machine on Vmware, specifically Red Hat based linux such as CentOS, you need additional steps on the cloned machine to make it work. The obvious settings you need to change are the IP address and hostname. But changing those settings is not enough. You also need to change other parameters.

When you clone a linux machine, the hardware address (or MAC address) of the NIC changes, which is correct — the cloned machine should never have the same MAC address as the source. However, the new MAC address is assigned to eth1, not eth0. The eth0 is still assigned the MAC address of the source, although it is commented out in udev’s network persistent file, so it’s not active.

When you cloned a linux machine and noticed that the network does not work, it is probably because you assigned the new IP address to eth0 (which is not active). You can use eth1 and assign the new IP address on that interface. However, I usually want to use eth0 to make it clean and simple. You can easily switch back to eth0 by editing the file /etc/udev/rules.d/70-persistent-net.rules. Edit the string that starts with SUBSYSTEM, remove or comment out the line for eth1, uncomment the line for eth0, and replace the ATTR(address) for eth0 to get the MAC address from eth1. Here’s a sample edited file:

# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.

# PCI device 0x8086:0x100f (e1000)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:60:66:88:00:02",
ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

# PCI device 0x8086:0x100f (e1000)
#SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:60:66:88:00:02",
ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"

Now edit the /etc/sysconfig/network-scripts/ifcfg-eth0 file to make sure that the DEVICE is eth0, the BOOTPROTO is static, and the HWADDR matches the ATTR{address} for eth0 in the 70-persistent-net.rules file.

Restart the network by issuing the command “service network restart” or you can reboot the system.

NetApp Fpolicy Tool to Block W32/XDocCrypt.a Malware

There is a virus going around called W32/XDocCrypt.a that is causing havoc to Excel and Word files located on the network.  This virus renames files to .scr.

 

If you do not have the latest cure and your files are stored on NetApp filers, you can prevent the virus from infecting your files by using the fpolicy tool on NetApp.  The McAfee vscan for NetApp storage does not work very well.

 

On the NetApp filers,verify that fpolicy is enabled by issuing this command:

 

options fpolicy

 

If it’s not enabled, enable it:

 

options fpolicy.enable on

 

Then run the following commands:

 

fpolicy create scrblocker screen
fpolicy ext inc set scrblocker scr
fpolicy monitor set scrblocker -p cifs create,rename
fpolicy options scrblocker rquired on
fpolicy enable scrblocker -f

 

If you are using vfiler, create the above commands on the vfiler.  Also, do not specify any volume, because it does not work.

 

The fpolicy tool can also be a great tool in blocking unwanted files on your filers such as mp3. For more information on fpolicy, go to this website.