Skip to main content

Updating ESXi v5.5 for Heartbleed/ OpenSSL vulnerability - VMware virtualisation - esxi550-201404020

Today I got a chance to update my ESXi v5.5 with patch released by VMware so wanted to put quick notes for anyone who may need help in patching their ESXi standalone host for openssl vulnerability.

 VMWare Advisory lists what is affected with OpenSSL/ Heartbleed vulnerability.


1. Follow the link for ESXi 5.5 / ESXi 5.5 Update 1 from above Advisory page and download relevant patch listed on the table from download site.


2. Connect to your host using SSH (Putty) and check your current ESXi version.

# vmware -v
This should list VMware ESXi 5.5.0 build-1331820 or similar.

 # uname -a

VMkernel myHOST 5.5.0 #1 SMP Release build-1331820 Sep 18 2013 23:08:31 x86_64 GNU/Linux


3. Transfer your patch downloaded in zip format over to one of the datastores using vSphere client. In my case the patch downloaded form VMware was ESXi550-201404020.zip.


4. Now run below to list patch contents.

#esxcli software sources profile list -d=/vmfs/volumes/YOURDATASTORE/ESXi550-201404020.zip

 The output of above will look something like below.

 Name                              Vendor        Acceptance Level
--------------------------------  ------------  ----------------
ESXi-5.5.0-20140401020s-no-tools  VMware, Inc.  PartnerSupported

ESXi-5.5.0-20140401020s-standard  VMware, Inc.  PartnerSupported


5. Using above highlighted line install your profile.

#esxcli software profile install -d=/vmfs/volumes/YOURDATASTORE/ESXi550-201404020.zip -p "ESXi-5.5.0-20140401020s-standard" --ok-to-remove

You will see output like below with a full list of vibs installed.

 Installation Result
   Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
   Reboot Required: true

   VIBs Installed: VMware_bootbank_elxnet_10.0.100.0v-1vmw.550.0.0.1331820
-------------output truncated---------------


6. Reboot your host.

#reboot

7. Check the latest version and build number.

#vmware -v

VMware ESXi 5.5.0 build-1746974

#uname -a

VMkernel myHOST 5.5.0 #1 SMP Release build-1746974 Apr 15 2014 11:11:56 x86_64 GNU/Linux

8. Generate new SSL Certificate



9. Change root password

All done.
Labels:

Popular posts from this blog

Useful website performance and load testing tools

http://tsung.erlang-projects.org/ http://httpd.apache.org/docs/2.0/programs/ab.html http://phantomjs.org/ https://developers.google.com/speed/pagespeed/ http://servermonitoringhq.com/blog/how_to_quickly_stress_test_a_web_server https://code.google.com/p/httperf/ http://loadimpact.com/ http://www.paessler.com/webstress http://loaduiweb.org/ http://en.wikipedia.org/wiki/Web_server_benchmarking http://en.wikipedia.org/wiki/Load_testing http://www.loadui.org/ http://www.loadtestingtool.com/index.shtml http://www.appdynamics.com/blog/devops/load-testing-tools-explained-the-server-side/
Read more

Copy files and folders using SCP with spaces in path

Copying data from one system to other with file or folder names that contain spaces in path can be achieved using this guide. In this case I am copying data from Macbook to Windows 10 computer. In order to copy the data easily it is better to use bash commands. Windows computer can support WSL (Windows subsystem for Linux) and you can run one of few linux distributions to use shell commands. I have Ubuntu set up within my Windows 10 using WSL. If you do not have WSL, you can set it up using my guide here . The copy can be performed in two ways: 1) Using SCP Source (MacOs) path: /home/Users/username/Documents/data extract from 2020/ First of all you add escape sequence to the path so it will become:  /home/Users/me/Documents/data\ extract\ from\ 2020/ . While this works on local system for SCP you'll have to double the escape sequences by replacing \ with \\, as below. Figure out your source computer IP address using "ifconfig" command. Now using scp command on target syst
Read more

TrueCrypt on macOS X Mojave 10.14

If you have updated your macOS recently to Mojave otherwise known as verison 10.14 you may not be able to install the last version of Truecrypt in order to access your old volumes encrypted with Truecrypt software. This article will guide you to get this working on your MacOS v10.14 (Mjoave) . Download the package from  https://truecrypt.ch/downloads/  or  https://www.truecrypt71a.com/downloads/ . Find downloaded package using Finder in your HDD/Users/username/Downloads folder and will look like  TrueCrypt 7.1a Mac OS X.dmg . Open file location in Finder and open or double click on  TrueCrypt 7.1a Mac OS X.dmg . This will mount Truecrypt 7.1a and will have Truecrypt 7.1a.mpkg in it. Drag the package T rueCrypt 7.1a.mpkg and drop in your Downloads folder. From Locations in Finder you can eject your TrueCrypt mount. Now go to your Downloads location, find the file  TrueCrypt 7.1a.mpkg , right click and select Show Package Contents . Find the file Contents/distribution.di
Read more