Connect to instance: i-38942195
To connect to your instance, be sure security group my-test-security-group has TCP port 22 open to inbound traffic and then perform the following steps (these instructions do not apply if you did not select a key pair when you launched this instance):
Open an SSH terminal window.
Change your directory to the one where you stored your key file my-test-keypair.pem
Run the following command to set the correct permissions for your key file:
chmod 400 my-test-keypair.pem
Connect to your instance via its public IP address by running the following command:
ssh -i my-test-keypair.pem root#192.168.0.29
Eucalyptus no longer supports VMware, but to generally troubleshoot instance connectivity you would first check that you are using a known good image such as those available via:
# python <(curl -Ls https://eucalyptus.cloud/images)
and ensure that the instance booted correctly:
# euca-get-console-output i-38942195
if that looks good (check for instance meta-data access for the SSH key) then check that the security group rules are correct, and that the instance is running using the expected security group and SSH key.
VMWare deprecation notice from version 4.1:
Support for VMWare features in Eucalyptus has been deprecated and will be removed in a future release.
http://docs.eucalyptus.cloud/eucalyptus/4.4.5/index.html#release-notes/4.1.0/4.1.0_rn_features.html
Euca2ools command:
http://docs.eucalyptus.cloud/eucalyptus/4.4.5/index.html#euca2ools-guide/euca-get-console-output.html
Related
We do have one server [Windows Server 2016] and i want to monitor that server, by installing Wazuh Tool.
I saw the documentation, but still i am getting confused. Should i need to install,
Wazuh Server
Wazuh Agent
Kibana
in server.? I don't see any article related to installing Wazuh Server in Windows Machine.
After following up the wazuh documentation, i can able to go up to a certain limit.
Installed Virtual Box in Windows Server.
Downloaded Wazuh OVA file and imported the same into virtual box.
Now i can able to connect to Wazuh Server, using the default credentials.
Now i stuck up at one place. I need to get the IP. I tried with 'Ip addr' command. But still, it is showing 127.0.0.1/8
As far as i checked, it is creating some dynamic IP's. Is there a way to setup Static IP. So that, i can able to access Wazuh Web console
through that IP.
Some of my findings:
It seems that the eth0 network interface for the VM does not have an IPv4 address assigned to it.
In the video in the documentation when running 'ip addr' it shows a dynamic IPv4 address as well as the IPv6 address so I suspect that this is the reason you cannot access the web console. This could be caused by the type of network interface you created for the VM in virtual box.
-------- Edited----------
As per your guidence, i did the following things.
Wazuh Server:
Virtual Box -> Adapter 1 -> Bridged Adapter
Virtual Box -> Adapter 2 -> Host-only Adapter
Started the Virtual Box and checked the 'Ip addr' command. Got the following IP's, eth0 [192.168..] and eth1 [10.0..]
In browser, i tried https://192.168.. and i can able to login to kibana.
Wazuh Agent:
The server which ever i am going to monitor, i installed Wazuh Agent. In the Wazuh Config file, i need to specify
Here i am bit confused. Should i need to give the actual server IP [where the wazuh server is] or i need to specify the IP's which i am getting in 'Ip Addr' command.?
I have tried all the IP's. When i check the Logs, it is showing like,
start_agent.c:100 at connect_server(): ERROR: (1216): Unable to connect to 'xx.xx.xx.xxx': 'Bad file descriptor'.
I recommend you reading the Architecture guide for a better understanding of how Wazuh works. Its architecture is based on agents, which means you need to install Wazuh agent on those endpoints you want to monitor (for example, your Windows server), and then connect these agents to a Wazuh Manager server (which need to be installed in a Linux machine, so you will need another server).
Kibana/Splunk are optional and useful tools to index the data generated by the manager for better visualization. I recommend using Kibana and the Elasticsearch Stack.
For the Linux Wazuh Manager server I recommend trying the all in one deployment, or, if you will have few agents connected and doesn't want to deploy any instance from scratch, you could try the pre-built Virtual Machine appliance (OVA)
I hope this helps you. The best point to start using Wazuh is the Getting started guide. I recommend you read that first of all.
------------------------ edit --------------------
Hello,
I'm sorry if I weren't clear enough. Wazuh has two main components: Manager (server in the documentation) and Agent.
The manager is also called a server because it serves the Wazuh service itself. That means the part of Wazuh that analyzes security events and generates alerts.
But Wazuh agent (despite its name) is also installed on servers that you want to monitorize and it is used to send security events to the Wazuh Manager (server) so they could be analyzed.
That said, if you want to correctly monitorize a Windows server you need to install the Wazuh Windows agent on it because it is designed to monitorize Windows servers. And you need to connect this agent to a Wazuh server. Here, you have different options:
You could install the Wazuh Manager in another (Linux) server.
You could install docker and docker-compose on your Windows server and use the wazuh-docker GitHub repository to deploy a Wazuh manager stack (with Wazuh, Elasticsearch and Kibana) to connect you, agent, to.
You could install the Wazuh OVA (VM appliance) on Virtualbox or similar software (this Virtual machine has installed by default Wazuh Manager, Elasticsearch and Kibana as well).
I see that you're trying with the 4th, deploying the Wazuh OVA on Virtualbox. Nevertheless, remember that you must have to install the Windows agent as well and connect it to the Wazuh Manager.
Regarding the IP question. My advice here is to enter the VirtualBox configuration for the machine and set up two network interfaces (or adapters). One host-only adapter (which will have a static IP that you could use to connect from your local browser) and other with a bridged adapter (to connect to the internet). Then, I recommend using nmtui (a console user interface for network manager) to set up your static IP as in the attached capture. That should be enough.
I am trying to modify/add some OpenStack code to implement such functionality: after users click one button, some command will be executed on the specified host (e.g. one compute node).
One user scenario is, enable KSM kernel feature on one specified host. All need to do is to run "echo 1 > /sys/kernel/mm/ksm/run". Now I can get the IP of the host (some compute node), but how to execute the above command via OpenStack code?
(I checked all the Nova APIs. It seems there is no such Nova API to execute a command on a host. Also, I checked all the Ironic APIs. The same result.)
I've Virtual Machine running in Google Compute. I've Ubuntu 14.04 on that VM.
I'm building a AOSP custom ROM on this VM. I needed to open port 8072 and 8073 for new toolchain (for Marshmallow) to start the server. So I followed following steps:
1. ufw was inactive; so I enabled it
2. sudo allow tcp:8072
3. sudo allow tcp:8073
4. sudo ufw status verbose
It showed these 2 ports there.
After some time I restarted the VM; and now I'm not able to connect to it.
I connect using the option "Open in browser window". I also tried with "Open in browser window with custom port" with port 22. But it is not allowing me to connect to it.
Can someone help me with this?
The problem is that when you allowed the ufw it blocked new ssh connections, you need to start another instance with the disk from the old instance and to to the /mnt/etc/ufw.conf and set ENABLE=no.
# Set to yes to start on boot. If setting this remotely, be sure to add a rule
# to allow your remote connection before starting ufw. Eg: 'ufw allow 22/tcp'
ENABLED=yes
After that you restart the instance with the old disk the first rule you need to add is ufw allow 22/tcp.
But you need to allow the ports 8072 and 8073 on google cloud firewall to allow the connection to the instance.
You can create another instance because the disk is in use by an instance.
If you have important information on the disk perform a snapshot before you proceed
1 - Edit instance and make sure "Delete boot disk when instance is deleted" is not checked.
2 - Delete the instance. (Now you have a disk not used by any instance)
3 - Add the olddisk to another instance (Not as root disk)
4 - Edit another instance you have running, and add the old disk to it.
5 - Mount de old disk. (mount /dev/sdb1 /mnt)
6 - edit /etc/ufw/ufw.conf
7 - unmount the disk (umount /mnt)
8 - Edit the instance you mounted the disk and remove the disk from the instance.
9 - Go back to disk tab click on the old disk and create an instance.
After editing /etc/network/interfaces on a GCloud VM instance I cannot access the machine at all through SSH. GCloud SDK shell still shows the instance running but the applications are no longer available. I have tried to SFTP to the machine as well, but without success. Is there any way to edit/repair the VM instance interfaces file without having to revert back to an earlier snapshot?
Many thanks!
You can create a new GCE instance and attach the disk of the old instance to the new instance. Then you can connect to the new instance and change anything you want in the old disk.
I have recently setup a VM on Google Cloud to develop and host my web site/application. The setup went fine, and I even have gcloud SDK up and running. I also have Apache installed and configured. My question is how do I setup my editing environment (PHP Storm) and upload my files? They seem to have the ports for FTP and SFTP blocked.
FTP uses a clear-text protocol and is thus not recommended. To use SFTP:
Make sure you can ssh to your instance: gcutil --project=<project> ssh <instance>. This does two things: (a) makes sure that port 22 is open on your VM, and (b) propagates your private key to the instance, if it's not already there.
Configure PHP Storm to use the Key pair authentication mechanism using the key ~/.ssh/google_compute_engine to log in to the instance.
That's it.