How to remediate VMSA-2023-0023 in VMware Cloud Foundation

MainPicture
VMSA-2023-0023 in VCF
Body

VMware just announced VMSA-2023-0023 with a maximum CVSSv3 base score of 9.8 - which basically implies DANGER! Here is everything you need to know about this for your VCF Environments.

VMSA-2023-0023 Critical Advisory Summary
Source: https://www.vmware.com/security/advisories/VMSA-2023-0023.html

VMSA-2023-0023 includes two CVEs: CVE-2023-34048, CVE-2023-34056 - The severity of these issues has been evaluated to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

This VMSA affects all versions of vCenter Server, and is only limited to vCenter, not ESXi.

Categories:
Click here to read more

Script to Export & Import Global Permissions in a vCenter

MainPicture
automating-global-permissions
Body

vCenter does not have an in-built mechanism to export and import Global Permissions.
In this post, I will describe a script that I have written - globalPermissionManager.py - that performs this export/import operations for Global Permissions.

What is globalPermissionManager.py ?

The script is available on my GitHub here.

The script is used to export ALL Global Permissions from a vCenter Server Appliance to an object file, and then re-import them as needed. The primary use case for this, that I use it for is : Cross Domain Repoints to a new SSO.

William Lam has a PowerCLI script which contains two functions New-GlobalPermission and Remove-GlobalPermission, if we need to interact with global permissions using PowerCLI : https://williamlam.com/2017/03/automating-vsphere-global-permissions-with-powercli.html

However, in my experience, having a python script that just handles everything for you and requires no input for individual users or groups, is a lot more convenient. The script uses the same underlying API as the PowerCLI script created by William Lam.

Categories:
Click here to read more

How I built my own Server Rack for under 100$

MainPicture
2x4_wood_planks
Body

This post is going to be a little different - a different type of technical - not so much electronic, more on the woodworking front. Here, I am going to talk about how I built my own server rack for under a $100.

I will preface that the $100 is the cost of the actual materials - not the tools required to build said server rack.

Here is everything I used for this project:

  • 7x 8ft 2x4 Wood Planks
  • 2x 8ft 1x4 Wood Planks
  • Circular Saw
  • Drill/Impact Driver
  • Pocket Hole Jig
  • Wood Screws
  • Sander
  • Wood Stain
  • Server Rack Rails

To start off, I first cut the 2x4 pieces pieces to the required length (for me - I wanted a ~40U rack) and made the "frame" for the front and back of the rack. I used pocket holes for the joints. The width of the frame has to be exactly 19" - as most server equipment is sized for 19" racks.

Categories:
Click here to read more

ESXiArgs and the Tale of Unpatched ESXi hosts

MainPicture
ESXiArgs-pirate-flag
Body

ESXiArgs seems to be all the rage right now on the interwebz, with what (in my opinion) started as a reddit post reporting attacks, and quickly spread like wild fire to everyone with a vSphere environment talking about it. What's interesting though, is that the most common vector used to exploit this vulnerability was patched out in late 2021. Sooooo, why has this picked up in early 2023 ?

In this blog post, I am going to briefly discuss what seems to be going on with environments getting hit by ESXiArgs, why this should have never happened in the first place, and finally, prevention and remediation for ESXiArgs.


ESXiArgs in the News

Lets start with What is ESXiArgs ?

ESXiArgs is the fancy name given to a "new" set of ransomware attacks targeting unpatched and unprotected instances of the ESXi hypervisor. Key points here being "unpatched" ESXi hosts, and scenarios where attackers have direct access to the ESXi management interfaces (for example ESXi management directly exposed to the internet, or a machine that is exposed to the internet that also has direct access to ESXi)

Categories:
Click here to read more