Enable TLSv1.2 in CLM6 and LibertyProfile

By default on Liberty Profile only TLSv1 is enabled check by scanning port:

nmap –script ssl-enum-ciphers -p 9443 <hostname>

Starting Nmap 6.49BETA5 ( https://nmap.org ) at
Nmap scan report for fqdn.com (IP address)
Host is up (0.13s latency).
PORT STATE SERVICE
9443/tcp open tungsten-https
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) – D
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) – A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) – C
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) – A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange parameters of lower strength than certificate key
|_ least strength: D

Nmap done: 1 IP address (1 host up) scanned in 5.15 seconds

Edit the following file to enable TLSv1.2:
1. <JazzInstallationDir>/server/server.startup:

…Dcom.ibm.java.diagnostics.healthcenter.agent.port=1972″
JAVA_OPTS=”$JAVA_OPTS -Dcom.ibm.team.repository.transport.client.protocol=TLSv1.2″

Save and exit the file

2. <JazzInstallationDir>/server/liberty/servers/clm/server.xml:

<logging hideMessage=”SRVE9967W”/>

<ssl id=”defaultSSLConfig” keyStoreRef=”defaultKeyStore” sslProtocol=”SSL_TLSv2″ />

</server>

Save and exit the file

Start CLM server again and test protocols:

nmap –script ssl-enum-ciphers -p 9443 <hostname>

Starting Nmap 6.49BETA5 ( https://nmap.org ) at
Nmap scan report for fqdn.com (IP address)
Host is up (0.13s latency).
PORT STATE SERVICE
9443/tcp open tungsten-https
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) – D
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) – A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) – C
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) – A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange parameters of lower strength than certificate key
| TLSv1.1:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) – D
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) – A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) – C
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) – A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange parameters of lower strength than certificate key
| TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) – D
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) – A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 1024) – A
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 1024) – A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) – C
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) – A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) – A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) – A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange parameters of lower strength than certificate key
|_ least strength: D

Nmap done: 1 IP address (1 host up) scanned in 7.57 seconds

Modify Ubuntu ens network interface card to eth0

  1. Display current interface cards and verify that eth0 doesnt exist:
    ifconfig -a
  2. Edit grub file configuration to disable new naming convention
    vim /etc/default/grub
  3. Look for GRUB_CMDLINE_LINUX= include the following net.ifnames=0 biosdevname=0″
    From:
    GRUB_CMDLINE_LINUX=””
    To
    GRUB_CMDLINE_LINUX=”net.ifnames=0 biosdevname=0″
  4. Save and exit the file
  5. Reload grub config file:
    update-grub
  6. Edit interfaces file
    vim /etc/network/interfaces
    From:
    # The primary network interface
    auto ens16
    iface ens16 inet dhcpTo:
    # The primary network interface
    auto eth0
    iface eth0 inet dhcp
  7. Reboot your machine/Restart networking service

 

Reference:
https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/

Storwize Unified root access

As some of the tasks requires root access you can connect to Storwize Unified  directly. Before you attempt to connect make sure that the Service IPs are set for management nodes. By default root‘s password is set to passw0rd see this page for more access information.

SSH using following command:
ssh -p 1602 root@<service_module_IP>

Windows machine gets suspended when inactive in VMware

Windows 8, Windows 8.1, Windows 10 get suspended or go to standby mode when are inactive for more than 5 mins. The issue is related to mobile devices which OSes were designed for and battery savings which disable some of the services such as RDP and users cannot login to machines.

In order to address the issue in VMware, a machine needs to be powered down and .vmx file needs to be modified. There are two ways of doing it:

  1. Directly via ssh and using text editor to append the following to <vm_name>.vmx file: suspend.disabled=”TRUE” save changes and exit file.
  2. Using vSphere Client by right clicking the machine and edit settings. Navigating to Options -> Advanced -> General and clicking ‘Configuration Parameters’ button. \
    1. Select ‘Add Row’ button.
    2. Name: suspend.disabled, Value: True
  3. Save settings and power the mahcine back on.