Jedi Star

Recently had some issue with upgrading my VPS running on Ubuntu Server 7.04 to the latest version Ubuntu 7.10.

Came across some help so would like to share the Same with everyone.

My VPS is Xen based so not sure if it works with any other Virtualization.

The procedure is as follows:

If you have Ubuntu version earlier than Gutsy i.e Ubuntu 7.04 the command to run is as follows :

# aptitude update && aptitude dist-upgrade

But if you have Gutsy i.e Ubuntu 7.04 then the command  to run is:

# aptitude install update-manager-core

# do-release-upgrade

However on the Xen VPS i had some  issue with some bugs which did let me upgrade successfully. So then i tried running the normal upgarde;

# aptitude update

IT will abort and then give you the option to run the following command:

# dpkg –configure -a

After running the above command, i received lots of errors (lot of them been Segmentation Faults) and ultimately i received the error that too many errors occurred.

So to overcome this i tried to configure for just one package:

# dpkg –configure apache2-mpm-prefork

Then i received the error that the a package that it depended upon was not configured. So to overcome this i tried dependency:

# dpkg –configure apache2.2-common

Then i got the message sayin that this in turn depends on another package, so i tried to check that package:

# dpkg –configure procps

And then this ends with the Segmentation Fault.

To solve this i had to Deborphan:

I had to install and run deborphan and remove the packages that were creating the problem. And then start with a proper Configure.

But with VPS that do not have deborphan installed, it does not help to install it via aptitude as it fails. So to overcome this i had  to use the dpkg command directly, but keeping in mind that i had to find the package and download it.

How to do this, first you have to deborphan package, which depends on dialog.

Run the following commands:

# wget http://launchpadlibrarian.net/5146737/deborphan_1.7.23_i386.deb

# wget http://launchpadlibrarian.net/8022814/dialog_1.1-20070604-1_i386.deb

Then install dialog and then deborphan:

# dpkg -i dialog_1.1-20070604-1_i386.deb
# dpkg -i deborphan_1.7.23_i386.deb

Now to run the deborphan and pipe the output to aptitude with remove and with the automatic answering Yes.

# deborphan | xargs aptitude -y remove

Now similarly we configure all the packages:

# dpkg –configure -a

After running through all the commands finally you can run the upgrdae normally:

aptitude update && aptitude safe-upgrade

Hope this helps everyone as it helped me.

Posted under Virtual Private Server

Many people now days depend on Virtualization of Servers to increase their efficiencies and increase their Management Flexibility. Though it decreases the Total cost it increase the security risks.By 2009 60% of Virtual Private Servers will be subjected to Security Risks than their physical counterparts.

Now lets see what are the Security challenges that we have lookout for:

* Dependency on IP Address: This effects because the IP addresses keep on changing due to migration, creation or cancellation of Virtual Private Servers. This does not help the Traditional Protection Mechanisms.

* Sprawl in Virtual Private Servers: VPS can be easily created from the previous images which are available on the old servers. But the only risk in that is, many of the VPS are not maintained properly and have many security vulnerabilities. These vulnerable VPS serve as a launch pad for attacks on other VPs on the same server.

* Incapability to monitor intrahost traffic: VPS have the concept of “soft switch” which allows VPs to communicate with other VPS on the same hosting server. To monitor these communications we require special tools and also there is limit in availability of these tools.

* Silo approach to security policy: Now what is Silo approach, silo approach is “recommending different diverse solutions with different Kinds of management requirements”. Neil MacDonald an analyst at Gartner has this to say “Most security problems in the virtual world will be introduced through misadministration, mismanagement or just plain old mistakes. The fact that we use different tools in the physical world than the virtual world compounds that problem.”

Now that we know what the limitations that we have with VPS are, we need a completely different approach towards securing VPS. We need a cross-platform which will help us secure both VPS and Physical servers. A cross-platform Security tool for VPS can help to impose direct Security Policies across all the Data Centers and eliminate the Security Benefits that we have with Virtualization.

We also need anywhere deployment of cross-platform virtual security tools anywhere on the network and that to with delegated authority to maximize flexibility. Now what to these virtual security tools do, they write detailed log data to syslog and Windows events log and enable easy integration of the tools with existing management controls.

By eliminating the IP address dependency of exiting security policies, the cross-platform virtual security policies can be enforced regardless of location or platform of the VPS. This helps eliminate the Operating expenses that come with rule changes faced by the Security Administrators. The existing policies enforce and persist on variety of Situations:

1) While moving servers and endpoints within different locations on the network.

2) When Physical servers and Endpoints are converted to VPS.

3) When VPs are migrated from one physical host to another.

The Cross-platform virtual security allocates separate spaces for Physical and VPS into logical security zones and helps protect VPS against Sprawling. It ensures that VPS which are not a member of the security zone cannot communicate with the VPS in the Security Zone and reduces the platform for attacks on VPS.

The cross-platform is based on a P2P architecture that increases scalability to hundreds of thousands of instances. Policy management can be completed by just a few mouse clicks.

The Other Benefits which come with the cross-platform include;

• Elimination of complex situations, that comes with the Silo Approach. It enables protection of hosts through a single console for Data centers.
• Satisfaction of the regulatory body with no reconfiguration of the network.
• Operational costs that come with firewalls and Virtual LAN’s are eliminated.
• It eliminates bottlenecks and single points of failure within the architecture.

The following are the points that you need to consider while considering a cross-platform virtual security solution for Data centers;

• Most of the solutions will support x86 operating systems which are common in VPS environments as well as the less used Solaris, AIX, HP-UX, RedHat, Windows and IP-based non-server devices.

• The solution should be able to enforce security regardless of the IP address of the Server or VPS; this enables security even in case of migrations.
• It should be able to eliminate communication between VPS which are not a member of the same security zone but are on the same physical host.
• It should be able to cope up with growth without introducing bottlenecks.
• Always look out for a Single point security management to increase efficiencies.
• Always look out for solution hat can be enforced at the Host level.
• Always look out for a solution that uses X.509 v3 certificates to ensure that the operator credentials cannot be spoofed.
• The solution should be able to create detailed logs for activity data and should be able to create an audit trail for servers and endpoints as well as administration consoles.

Posted under Network and Security, Virtual Private Server