Howto: Reset a lost VMware guest password

So you’ve forgotten your VMware Linux or Windows guest password?  Here’s how to reset it.  These instructions focus on resetting the password through the Virtual Infrastructure Client, but there’s no reason you couldn’t do it using VMware Workstation or VMware Server.  

1. Grab a Kon-Boot .iso image.
2. In the Virtual Infrastructure client, configure the problematic guest’s Virtual CDROM for the Kon-boot ISO image.
3. Boot the problem guest server.  At the VMware BIOS screen, press the ESC key to bring up the boot menu.  Select to boot from CD-ROM.
4. When the Kon-Boot splash screen appears, press Enter to boot Windows.
5. At the Windows login screen, enter administrator as the user name, with any password you’d like.  Note:  This password is not persistent!  You must set the administrator password manually! Once the password is set, reboot the server and you will be able to login with the newly set credentials.
If you are trying to reset the password in Linux, the steps are the same, but instead of logging into Windows and resetting the adminstrator password, login to Linux and reset the root password.

Howto: Mount a Windows share on SLES linux using cifs

This post is mainly for my own benefit.  I mount Windows shares on my SuSE linux box so infrequently, I have to dig through past notes to remind myself what the syntax is.

To mount a Windows share on SLES linux using cifs:

mount -t cifs -o username=jsmith //po5/gwdompri /mnt/po5/gwdompri

  • jsmith is the user account to authenticate as
  • //po5/gwdompri is the Windows server and share you wish to mount
  • /mnt/po5/gwdompri is the location to mount the share, or where you access it on the local Linux box.
  •  you will be prompted for the password 
  • /mnt/po5/gwdompri must exist

Fix for make install / compiler issues with Intel e1000 NIC driver in SLES 10

How I was able to make and install the Intel e1000 NIC driver in SLES 10 Linux:

Steps 1 through 3 of the e1000-8.0.6.tar.gz readme file are simple enough to follow when making the Intel e1000 network card driver on SLES 10 SP2.  
1. Move the base driver tar file to the directory of your choice.  For example, /usr/local/src/e1000
2. From a terminal prompt, untar archive:
    tar zxf e1000-8.0.6.tar.gz
3. Change to the driver src directory:
    cd e1000-8.0.6/src/
Step 4 was where I started having problems
4.  make install
should have compiled the driver module.  Instead, I received the following error:
Linux kernel source not found in any of these locations:
*** Install the appropriate kernel development package, e.g.
*** kernel-devel, for building kernel modules and try again. Stop.
I opened YaST and searched for kernel-devel, but that package was not listed.  I did see a kernel-source package, which I installed.  I then ran make install again, and this time I received a different error message:
Makefile:131: *** Compiler not found.  Stop.
I went back into YaST, installed the gcc compiler, which added glibc-devel and libmudflap packages as dependencies, and ran make install once again.  This time it compiled successfully.
The binary was installed as /lib/modules/
5.  Make sure to remove any older existing drivers before loading the new driver:
rmmod e1000
6.  The module was then loaded using the following syntax:
insmod /lib/modules/
Once you assign an IP address, you should be able to use the interface.

Error reinstalling eDirectory on SLES 10: Installing NDSserv… Unable to install

Error received when I was reinstalling eDirectory on SLES 10:

Installing NDSserv… Unable to install NDSserv-8-7-3-37.i386.rpm, exiting

To fix this error: 

1) Rename the /usr/lib/nds-modules directory /usr/lib/nds-modules.old:

mv /usr/lib/nds-modules /usr/lib/nds-modules.bad
2) re-run  ./nds-install
3) copy original /usr/lib/nds-modules.old files back to /usr/lib/nds-modules after installation

cp /usr/lib/nds-modules.bad/* /usr/lib/nds-modules/

Basic Apache Hardening in SLES 10

I setup a SuSE Enterprise Linux (SLES) 10 SP2 web server last week, and wanted to do some basic hardening of the default Apache configuration.  Here’s what I did.

  1. edit /etc/apache2/httpd.conf
  2. Add RewriteEngine On
  3. Add RewriteLogLevel 2
  4. Add RewriteLog /var/log/apache2/rewrite.log
  5. Add ServerSignature Off
    The ServerSignature directive allows the configuration of a trailing footer line under server-generated documents
  6. Add ServerTokens Prod
    This directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules
  7. Add ErrorDocument 500 “Internal server error” to return a generic error message when http 500 error occurs
  8. Add ErrorDocument 404 “An unknown error occurred, please try again later”  (http 404 = not found)
  9. Add ErrorDocument 403 “An unknown error occurred, please try again later”    (http 403 = forbidden)
  10. Save – exit httpd.conf
  11. touch /var/log/apache2/rewrite.log to create the rewrite.log file
  12. touch /srv/www/htdocs/.htaccess to create the .htaccess file
  13. Edit the /srv/www/htdocs/.htaccess file
  14. Add Options +FollowSymLinks –MultiViews
    Note: FollowSymLinks must be set to + for rewrite to work!
  15. Add rewrite rules appropriate for your environment.  I’m using some rules that can be found in the Pauldotcom Security Weekly episode #94 show notes, which were based on a post by nullbyte.
  16. Save – exit .htaccess
  17. YaST – Network Services – HTTP Server
  18. Server Modules tab – rewrite – toggle status to enabled – finish
  19. From a terminal run: SuSEconfig
  20. From a terminal run: /etc/init.d/apache2 restart
  21. With a web browser, try to access a page on the server that does not exist, ie  http://server/nothere.html
  22. View the  /var/log/apache2/rewrite.log 
    You should see the attempt logged