Bernhard Bock

How to reset the root password of VMware ESXi 4.1 and 5.0

bernhard — Tue, 13 Dec 2011 11:38:51 +0000

According to VMware knowledge base article 1317898 it is not possible to reset the root password of an ESXi installation. Well, maybe it's not easy for non-Unix guys, but it certainly is possible.

Dropped calls with a SIP trunk and Asterisk 1.6? Try upgrading!

bernhard — Mon, 14 Mar 2011 19:48:40 +0000

At a customers site, we did have severe problems with a SIP trunk and a Trixbox PBX (version 2.8.0.4, based on Asterisk 1.6.0.26). Both incoming and outgoing calls were dropping. I describe a short history of what we did to resolve the problem for others in the community, as I did not find a similar report in Google.

Lightweight change control system for Linux and Unix servers

bernhard — Mon, 02 Aug 2010 17:48:53 +0000

Most organizations try to perform some kind of change control for their Unix servers, be it for compliance reasons or simply because several admins are taking care of the same set of servers and need to know about what the others did.

Review of the Samsung ST5500 digital camera

bernhard — Tue, 25 May 2010 20:28:17 +0000

Just today, I got my new digital camera Samsung ST5500. It features a touch sceen display and a lot of connectivity options. I'll describe my experiences with the camera in this blog post. Mostly, I will focus on the new and shiny features, not on the basic functionality.

One time passwords with OPIE and Android

bernhard — Fri, 26 Feb 2010 20:34:57 +0000

For secure remote access to servers, one of the most secure access control mechanisms is the usage of one time passwords (OTP). With the setup described in this blog post, you can securely log in to your server even from untrusted client machines, like an internet cafe. A potentially installed keylogger would only log a useless, old one-time-password.

optimize your shell environment

bernhard — Wed, 13 Jan 2010 20:32:20 +0000

Here are some random improvements to the shell (bash) environment that I like to use on the servers I manage. You can simply add the code snippets to your .profile file.

secure firewall bypass using danted and stunnel

bernhard — Sat, 12 Dec 2009 19:01:31 +0000

Sometimes, I do have limited network connectivity with my notebook at a WLAN access point, customer's guest network or similar. Most of the time, one has HTTP and HTTPS access, but no open access for SSH and similar protocols. Here's my setup to get proper connectivity in a secure manner.

Correlation of RADIUS traffic in Wireshark with MATE

bernhard — Sun, 29 Nov 2009 20:31:46 +0000

When you analyzing problems in a carrier access network, chances are you need to deal with a great number of RADIUS packets. At some point, it becomes just a nightmare to find correlating packets in a network trace.

decrypting SSL/TLS traffic with Wireshark

bernhard — Sun, 15 Nov 2009 19:19:24 +0000

More and more traffic is being encrypted via SSL/TLS. This is generally speaking a very good thing, as it improves security and privacy. Nevertheless, it makes debugging a lot harder. With HTTP, this can sometimes be mitigated by using in-browser debugging tools like firebug, which sees the decrypted payload. But sometimes, this is not viable (e.g. SOAP interfcaes), or we are talking about non-HTTP traffic, e.g. IMAPS for secure mailbox access.

VMware ESXi performance monitoring with Cacti

bernhard — Tue, 27 Oct 2009 21:54:13 +0000

In VMware ESXi, the SNMP query interface is not included. If you want to monitor your VMware hosts, you either have to buy ESX, or you have to wrap your solution around the VMware CLI tools.