Friday, May 29, 2009

NSMXpress: reset root password

Procedure for resetting the admin password in NSMXpress

In order to reset the password, please use the following procedure:
Connect a console device to the console port of the NSMXPress appliance.
Physically power off the NSMXpress appliance.
Power the NSMXpress appliance back on.
During the boot sequence the console will display an option to "press any key to enter the menu". Hit any key. When the boot sequence is interrupted, a menu will display on the console. Choose "Rescue".

When the rescue process starts, it will ask about configuring the network connections. Choose "No".

A message will display indicating that the system is trying to find your Linux installation. Choose "Continue".

A message will display indicating that your system has been mounted under /mnt/sysimage. Press "Return".

Enter the command: vi /mnt/sysimage/etc/shadow

Find the line that starts with "admin:" The value between the first and second " : " is the password.

In the example below, the password is $1$MaGuoSOG$iEA4IiLSP26eM2e99LJiZ/

Using vi commands, remove the existing password value (i.e. $1$MaGuoSOG$iEA4IiLSP26eM2e99LJiZ/ ) with the following value.

This is the password value for "netscreen":

$1$KYPDZ8Eg$D627p0JrMaVMYqkdVRxcw

Using vi commands, save the file and exit.

At the command prompt, enter exit

The system will reboot and the admin password will be changed to netscreen

NSMXpress: reset to factory default

You want to put your NSMXpress Juniper Appliances into a factory default state.

This howto will show you how:

Connect a console device to the console port of the NSMXPress appliance.
Physically power off the NSMXpress appliance.
Power the NSMXpress appliance back on.
During the boot sequence the console will display an option to "press any key to enter the menu". Hit any key. When the boot sequence is interrupted, a menu will display on the console. Choose Re-Install
then at the password prompt choose: "erase".

That's it, the Juniper NSMXpress Management console will format the harddrive.

Netasq: Forcer une alarme grisé dans le manager

Comment faire pour modifier le comportement d'une alarme dans la prevention d'intrusion ASQ du Netasq quand celle-ci apparait grisée dans le Firewall Manager ?

Se connecter en mode console sur le Firewall,

puis trouver l'id de l'alarme:

$ grep -i http System/Language/fr/protocol
53="Protocole HTTP invalide"

==> valider qu'il s'agit bien du 53 !

$ getconf /usr/Firewall/ConfigFiles/ASQ/00 protocol 53 ; echo
block, major, dump

==> vous devriez avoir block....

maintenant la vrai modification:

$ setconf /usr/Firewall/ConfigFiles/ASQ/00 protocol 53 "pass, ignore"

==> on valide:

$ getconf /usr/Firewall/ConfigFiles/ASQ/00 protocol 53 ; echo
pass, ignore

On active les changements:

$ enasq

L'alarme apparait toujours en grisée, mais son comportement a changé.

Attention: certaine alarmes pourront être affiché comme ignore et seront bel et bien bloqué car codé en dur dans le Noyau ASQ du Netasq.

VMware: create the vmnet* special files

How to create the /dev/vmnet* special files ?

Here is howto do it manually:

mknod -m 600 /dev/vmnet0 c 119 0
mknod -m 600 /dev/vmnet1 c 119 1
mknod -m 600 /dev/vmnet2 c 119 2
mknod -m 600 /dev/vmnet3 c 119 3
mknod -m 600 /dev/vmnet4 c 119 4
mknod -m 600 /dev/vmnet5 c 119 5
mknod -m 600 /dev/vmnet6 c 119 6
mknod -m 600 /dev/vmnet7 c 119 7
mknod -m 600 /dev/vmnet8 c 119 8
mknod -m 600 /dev/vmnet9 c 119 9


Howto do it automatically:

remove the file /etc/vmware/not_configured

edit the file /etc/init.d/vmware


in the function vmware_start_vmnet, add the following:

for i in `seq 0 9`; do
if [ ! -c /dev/vmnet$i ];then
mknod -m 660 /dev/vmnet$i c 119 $i > /dev/null 2>&1
fi
done

if [ ! -e /dev/vmmon ];then
mknod /dev/vmmon c 10 165 > /dev/null 2>&1
fi


Howto create the interface for network interface:

/usr/bin/vmnet-netifup -d /var/run/vmnet-netifup-vmnet2.pid /dev/vmnet2 vmnet2

ifconfig vmnet2 up