Tuesday, October 18, 2011

eBox LDAP access problem

Using eBox 1.2.3, LDAP is not accessible except using 127.0.0.1.
To make LDAP on port 389 accessible from the LAN it is necessary to edit /etc/default/slapd
as follows, replacing 127.0.0.1 with 0.0.0.0:


# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
SLAPD_SERVICES="ldap://0.0.0.0:389/ ldapi://%2fvar%2frun%2fslapd%2fldapi/????x-mod=0777"

Note that you can add the individual IP address(es) instead of 0.0.0.0 (listen all), but it is probably better to control access through a firewall.

Saturday, October 15, 2011

Debian Linux PXE installation with low memory no HDD

Attempting to install Debian Linux on a VMware guest with low memory (64MB) using PXE boot the installation fails to detect any hard drives.

Tried LSI, Buslogic & IDE drives - all same problem.  Tried increasing to 256MB - same problem.

Needed to attach the Netinst.iso file to the VMware guest and boot from "CD", hard drives are detected as expected.

Tuesday, October 11, 2011

ZeroAccess trojan rootkit virus removal

ZeroAccess rootkit shows as a process in task manager that is a series of numbers with a colon in the middle, e.g. 1784223:3221239.exe, which cannot be killed.

ESET have a tool that detects and kills the process - requires a reboot.
Kaspersky have the TDSSKiller tool that detects the infection as Sirefef trojan.
MBAM and MSSE are halted when attempting to run a scan.
The trojan/rootkit is active whenever networking is active.
It continues to re-infect via driver files.

To clean the infection use a boot disk such as Parted Magic that contains Clamav - update the clamav pattern files then run a command such as:
 clamscan -r -i /medica/sda1/
(-r = recursive, -i = show infected only)
Delete or overwrite the files as required.