Connecting to WordPress Bitnami SAAS Instance on AWS with FileZilla

I've recently been looking into moving my blog away from Blogger and over to a WordPress installation.

There are a ton of options out there to get your head around, but I have finally settled at a SAAS (Software as a Service) option hosted on Amazon's Web Service platform for the time being.  I am still trying to get my head around a few things before I do the final migration. I've learnt a few things about WordPress and AWS though and just wanted to document some of them here.

When you spin up the WordPress BitNami instance from the AWS Marketplace during the configuration you are given the option to download an SSH private key that can be used to securely access your environment via an FTP or SSH client etc.  This comes in the form of a .PEM file.  If you need to connect to your environment to modify configuration files or upload files via FileZilla this is the procedure.

1. Launch FileZilla
2. Click on Edit > Settings

1. Select SFTP

1. Click on "Add Key File" and select the .PEM file you downloaded during the AWS setup
2. Click OK
3. Now click on File > Site Manager
4. Create a New Site
5. Within the Host field enter the Public IP address of your instance
6. Within the Protocol Field select SFTP
7. Change the Logon Type to "Ask for Password"
8. Enter "bitnami" as the username

1. Click OK
2. When you try to connect you will be asked for a password, ignore this and continue

The WordPress BitNami main directory is located within /opt/bitnami/apps/wordpress/htdocs  here you will find the wp-config.php file and all the other usual WordPress files. 

Windows Server 2012 R2 Cluster Node issues

I recently came across an error where nodes within a Windows Server 2012 R2 Cluster who stopped being active nodes within the cluster and continually cycled round trying to join again.

We were seeing errors:

Event 1070: Failover cluster nodes must have the ability to start the Cluster service, form a cluster (when a given node starts but no other nodes are up) and join a cluster (when a given node starts and discovers that one or more nodes are already up). This requires that certain conditions be met, for example, failover cluster nodes must run compatible versions of the operating system.

Event 1145: Cluster resource <resource> timed out. If the pending timeout is too short for this resource consider increasing the pending timeout value.

Within the event log over and over again.

We did some basic troubleshooting to check network connectivity, configuration etc.  One of our troublshooting steps included evicting a node and using the Clear-ClusterNode Powershell command to try and clear any configuration issues on the node.   When we tried to add the node back to the cluster we were presented with a new error "Event ID: 7024 The Cluster Service service terminated with the following service-specific error: Keyset does not exist".

We did some more digging and found that the permissions on the folder and files within C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys were largely missing.  This is the folder that holds the certificate keys that the cluster uses to connect.  Rather than change all the 38 files individually within the folder manually we came up with this wee script:

##This grants ownership of the folder and files below it to the administrator group.
takeown /f C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys /R /A

##This grants the System and Administrators accounts Full Access to the machinekey folder and all it's subfolders/files, and removes any inherited permissions
icacls "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" /INHERITANCE:R /GRANT ("SYSTEM" + ':(CI)(OI)F')
icacls "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" /INHERITANCE:R /GRANT ("Administrators" + ':(CI)(OI)F') 

Once the permissions were set as above we were able to successfully add the node back into the cluster. And all four nodes were active again.

Security Benchmarks for Workstations, Servers and Applications

We've all had to lock down a workstation, server or application for security/audit purposes and wondered where to start.  I recently stumbled across the Center for Internet Security (CIS) Benchmark program which provides vendor agnostic advice and tools on accessing and improving the security of servers and applications.   The CIS program can help public and private organisations to meet compliance standards for FISMA, PCI, HIPAA and a lot more.

Behind the scenes of CIS there is a group of IT security experts who give their time and knowledge to help provide the information and tools that can help to benefit the rest of the IT community.

The CIS provide a Java based assessment tool that you can run on your workstations or servers to assess the potential security holes within them.

Once you download the tool from their website and run it you are confronted by a list of current benchmark standards you can run against your device.  In this case I am running the tool against my Windows 10 workstation.

The next screen in the wizard is what profile you want to run against the device.  These are security profiles that you can choose from depending on what level of security you are looking to achieve. 

The next screen that you encounter is relating to how you would like the results reported to you.  You have several options to choose from, I've found the HTML report to be the most useful so far. 

Depending on what benchmarks and profiles you've asked to run the tool may take several minutes to generate. Once it has you will have a report that contains information on what your device has passed or failed on and what the implications of any failures are as well as some useful tips on how to resolve. 

For more information pop on over to the CIS website at https://www.cisecurity.org/

KEMP load balancer forgotten password

I recently started to use my home lab after 6months of not having any time to use it and unfortunately I had completely forgotten what I had set the password to on my KEMP Loadbalancer.  Thankfully I haven't changed deleted the bal account and was able to use a simple method to get into it again... 

1. Log into the KEMP console using the username pwreset

2. Use the password 1pwreset

3. The console will now indicate that the password for the bal account has been reset to 1fourall which you can now use to gain access to your loadbalancer again

Free Layer-7 Load Balancer from KEMP

KEMP Technologies was founded in 2000 in New York and they specialise in creating load balancing products.  They offer hardware, cloud, virtual and bare metal load balancers.

One of the best things about KEMP is the offer a completely free version of their product, it isn't a waterdown version of their product but a fully featured Layer-7 load balancer, with only one drawback, it is throttled to 20Mbps throughput.  However the free appliance can be seamlessly upgraded to a paid license at any time.

A KEMP appliance is extremely easy to set up and get running within a virtual environment and can be managed via a web browser session.  A great resource available from the KEMP Technologies website is templates to help you configure certain load balancing services, such an Exchange 2010/2013/2016, Microsoft RDS, VMware Horizon View, MobileIron MDM and Dell Wyse VWorkspace to name a few.

With the free version support is limited to the KEMP Community forums, templates and excellent install guides.  But this hasn't been a hindrance in the home lab or small office installations I have encountered.   However, should you need it there are options you can buy to provide telephone support.

The free appliance can be downloaded from http://freeloadbalancer.com/

MS Ignite 2016

As I'm sure you are all aware MS Ignite this year was held in Atlanta in September for those of us not lucky enough to be there in person Microsoft have kindly put the session online via YouTube so we can view them.  With over 1000 sessions it can be a daunting task trying to figure out which ones to watch and which ones not to.  I've put together a list of six sessions I really enjoyed watching and think would be of benefit to you guys as well.

Session Name	Overview
BRK4010: Learn about Windows 10 Secure Kernel	Another informative session from Sami Laiho.
BRK2215: Debate the top 10 reasons not to move your Exchange on-premises mailboxes to Exchange Online	An informal dicussion with Messaging experts on the age old question, on-premises or cloud for Exchange.
BRK3218: Discover what's new and what's coming for Microsoft Outlook	A good look at what they are doing with end user feedback to develop Outlook into a more efficient product.
BRK2186: Introduce Windows Server 2016 into your environment	This is a good look at the new technologies that Windows Server 2016 has and how it can be used within your environment.
THR2141: Disrupt cyber-threats with revolutionary security in Windows 10	This is a quick overview of the security that is now built within Windows 10 to help mitigate against malware and hacking threats.
BRK4028: Case of the unexplained: Windows Troubleshooting with Mark Russinovich	Mark has had similar sessions at TechEd and Ignite in previous years and they are always very informative. He gives an insight into how the SysInternals tools can help to troubleshoot issues with malware, error messages, blue screens of death, and much more.

There is a nice PowerShell script available that can help you download the videos and slide decks to watch offline and store for future use over at the Technet Gallery:  https://gallery.technet.microsoft.com/Ignite-2016-Slidedeck-and-296df316