Press "Enter" to skip to content

Month: August 2014

The heavens parted and then… ESXi Heartbleed patch!

Better late than never, yea? Quick Saturday post, here is how to get your host up to date real quick via SSH, generate new certs, and change the root password. Better safe than sorry, friends.

Note: This is only for ESXi 5.5 Update 1! If you are not running 5.5u1, replace ESXi-5.5.0-20140404001-standard with ESXi-5.5.0-20140401020s-standard.

This will be the quick way to do it, your environment may not let you turn on the built-in httpclient within ESXi but I am going to assume that will not be an issue. And because I am currently doing these patches on my homelab where I am the boss!

Enable SSH on your host(s) and remote in via terminal/putty

Enable the ESXi built-in httpclient:

Pull down and install the patch:

Backup your ‘old’ SSL keys:

Generate new keys and chmod them:

Reboot the host:

Once the host comes back up, SSH back in and change the root password: passwd root

That’s all there is to it. These types of security issues are no fun for anyone but it comes with the territory. Cheers!

VMware KB#2076665 – Resolving OpenSSL Heartbleed for ESXi 5.5

Comments closed

Centralized rsyslog with ESXi 5.x hosts

One of the most important things in any environment is the syslog server. A centralized host to keep all the debug, runtime, and access information to be sent to your Kibana/Logstash or Splunk implementations will make any sysadmins life easier. The walk-through below sets up a central server running rsyslog, accepting logs on 514 from TCP and UDP, as well as placing them in dated folders for easier organization. Let’s dive in:

Create a dump folder for your syslog structure:

Edit /etc/rsyslog.conf and remove the comments for TCP and UDP reception as well as change receiving port to your liking:

Create a conf file within /etc/rsyslog.d (e.g. daily_log.conf) and define the daily rotation:

Recycle the rsyslog service:

That covers the syslog server side of things, now to get rid of that annoying ‘system logs are not on persistent storage’ warning.

You can add this info to a host profile and apply it against all your hosts if your environment is large, but for example purposes, this will be a one-off host. You can also easily set this up via pCLI script.

Display your current settings:

Adjust syslog settings:

Recycle ESXi syslog service:

Open up syslog ports on ESXi firewall:

And that’s it! Now on your syslogd server, you should see a directory path similar to /var/log/syslogd/year/month/day/hosts*.log

From here on out, you can point all of your log analyzers to the centralized syslog server and keep an eye on your ESXi hosts. Cheers!

Comments closed