Formscape CPU Affinity

On servers with more than 2 CPU cores, Formscape may fail to license and start properly until you restrict the service process to run on 2 or fewer CPUs.

To set the CPU affinity:

  • Open the Windows services window (Start -> Run -> services.msc)
  • Right-click on the “Eclipse Forms” service and select Properties
  • Select the General tab
  • Click on the Stop button to halt the FormScape service
  • In the Start Parameters field, enter: –a “0 1”
  • Click on the Start button and then on the OK button.

How to Configure the Android VPN Client for IPsec Shared Key VPN

To use an Android device to connect to a client-to-site IPsec VPN without having to import a certificate, use shared key authentication. Your device must use Android version 4.0 or above.

Configure the Android VPN Client

  1. On the Android device, tap Settings.
  2. In the Wireless & Networks section, tap More.
  3. Tap VPN.
  4. Add the VPN by tapping the plus sign (+) next to VPN.
  5. On the Edit VPN profile page, configure these settings:
    • Name – Enter a name for the VPN connection (e.g., IPsecWithSharedKeys).
    • Type – Select IPSec Xauth PSK.
    • Server address – Enter the network address for the VPN service (e.g., 62.99.0.51).
    • IPSec identifier – Enter the group policy name that you entered for the IPsec PSK VPN on the Barracuda Firewall (e.g., IPsecVPN).
    • IPSec pre-shared key – Enter the PSK.
      android_keys_01.png

Connect to the VPN with the Android Device

After configuring the Android device, you can connect to the IPsec VPN.

  1. On the device, navigate to the VPN screen.
  2. Tap the name of the VPN that you want to connect to (e.g., IPsecWithSharedKeys).
    android_keys_02.png
  3. Enter your Username and Password, and then tap Connect.
    IPsecPSKAndroidUserPasswordPrompt.png

How do I default or reset a Cisco router?

Please see the regular process to reset the password on 1841 Router below,

  • Connect the console cable to Router 1841
  • Use the power switch in order to turn off the router, and then turn the router back on
  • Press Break on the terminal keyboard within 60 seconds of power up in order to put the router into ROMMON
  • Type confreg 0x2142 at the rommon 1> prompt in order to boot from Flash

This step bypasses the startup configuration where the passwords are stored

  • Type reset at the rommon 2> prompt.

The router reboots, but ignores the saved configuration.

  • Type no after each setup question, or press Ctrl-C in order to skip the initial setup procedure.
  • Type enable at the Router> prompt.
  • You are in enable mode and should see the Router# prompt
  • Type erase start at the Router> prompt.
  • Type configure terminal.
  • Type config-register #config-register 0x2102
  • Type write memory 
  • Type reload

– See more at: https://supportforums.cisco.com/discussion/11607366/how-reset-cisco-router-1841-password#sthash.keYSGsUX.dpuf

GHOST glibc Security Alert January 2015

Summary

Epicor has been made aware of a critical vulnerability in the glibc library, which has been assigned CVE-2015-0235 and is commonly referred to as ‘GHOST’. All versions of glibc shipped with all variants of Red Hat Enterprise Linux are affected.

GHOST is a ‘buffer overflow’ bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

The gethostbyname() function calls are used for DNS resolving, which is a very common event. To exploit this vulnerability, an attacker must trigger a buffer overflow by supplying an invalid hostname argument to an application that performs a DNS resolution.

Checking Vulnerability

The easiest way to check for the vulnerability is to run the the Red Hat Access Lab’s “glibc (GHOST) Detector” script:

curl -s http://kb.eclipseinc.com/repo/GHOST-test.sh | bash

If the server is vulnerable, you will see output similar to:

Installed glibc version(s)
- glibc-2.5-42.i686: vulnerable
- glibc-2.5-42.x86_64: vulnerable

This system is vulnerable to CVE-2015-0235. <https://access.redhat.com/security/cve/CVE-2015-0235>
Please refer to <https://access.redhat.com/articles/1332213> for remediation steps

If the server is not vulnerable, you will see output similar to:

Installed glibc version(s)
- glibc-2.5-123.el5_11.1.x86_64: not vulnerable
- glibc-2.5-123.el5_11.1.i686: not vulnerable

Resolution

Update RHEL to patch the affected libraries:

yum -y update glibc nscd

Double-check that the patches have been applied by running the detection script again:

curl -s http://kb.eclipseinc.com/repo/GHOST-test.sh | bash

Reboot the server to finish applying the patches:

reboot

Troubleshooting

If you receive an error when attempting to run yum, it could be because your Red Hat subscription has expired. In this case, we’ve setup a package repository for you, which you can use by running the following commands:

curl -s -o /etc/yum.repos.d/eclipse.repo http://kb.eclipseinc.com/repo/eclipse.repo
yum -y update glibc nscd

If you receive an error similar to “Public key for glibc-headers-2.5-123.el5_11.1.x86_64.rpm is not installed”, then it means your Red Hat software is very much out of date, and you’ll need to first update some other packages:

curl -s -o /usr/share/rhn/RHNS-CA-CERT http://kb.eclipseinc.com/repo/RHNS-CA-CERT
curl -s -o /etc/yum.repos.d/eclipse.repo http://kb.eclipseinc.com/repo/eclipse.repo
yum --nogpgcheck -y update rhn*
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
yum -y update glibc nscd

Frequently Asked Questions

Q: I installed the patch, and now the script says my server is “not vulnerable”. Do I still need to reboot my server?
A: Yes.

Format RDX Cartridges for Linux

To format an RDX (e.g. Dell RD1000) drive cartridge for Linux for use with Eclipse backups:

Identify the drive’s device name (e.g. /dev/sdc) using the following command:

lsscsi

After you’ve identified the proper device, format the partition (e.g. /dev/sdc1):

CAUTION: This will destroy all data on the specified partition, so make sure you’ve identified the correct partition before proceeding.

mkfs -t ext4 -v -L RD1000 /dev/sdX1

Mount the drive:

mount /mnt/rd1000

Create the rsync directory:

mkdir -p /mnt/rd1000/rsync

The drive cartridge is now ready for use.