I need to write python scripts to get all of the IDs of Virtual Machines running on a ESX/ESXi host(including CPU ID, Hard ID, Chipset ID etc.).i need to find them and i want to change them all.i have to move a virtual machine from one ESXi host to another ESXi host but when i move it the license of virtual machine get lost, i did some researches and i find the license get lost because of changing hardware fingerprint during the movement process. Could anyone please help me to solve this problem??
Lots of pyvmomi examples can be found here, on VMWare's own GitHub. Also, if you open an issue on the project in GitHub and request something specific, others in the community may be willing to provide it.
Amir you can get examples here
https://github.com/rreubenur/vmware-python-examples
And losing the license is a common problem for windows VM. Though there is a hack for winxp/win2k3 but later versions doesn't support the hack. I believe you shouldn't face any problem with linux guest OS.
Related
Ideally I’d like to build a package to deploy to Debian. Ideally the installation process would check the system has the required dependencies installed, as well as configure Cronjobs, set up users etc.
I’ve tried googling around and I understand a .deb is the format I can distribute in - but that is as far as I got since I’m getting confused now with the tooling I need to get up to speed with. The other option is to just git clone on the server and configure the environment manually… but that’s not preferable for obvious reasons.
How can I get started with building a Debian package and is that the right direction for deploying web applications? If anyone could point me in the right direction tools-wise and perhaps a tutorial that would be massively appreciated :) also if you advise to just take the simple route with git, happy to take that advice as well if you explain why. if it makes any difference I’m deploying one nodejs and one python web application
You can for sure package everything as a Linux application; for example using pyinstaller for your python webapp.
Besides that, it depends on your use case.
I will focus on the second part of your question,
How can I get started with building a Debian package and is that the right direction for deploying web applications?
as that seems to be what you are after when considering other alternatives to .dev already in your question.
I want to deploy 1-2 websites on my linux server
In this case, I'd say manually git clone and configure everything. Its totally fine when you know that there won't be much more running on the server and is pretty hassle free.
Why spend time packaging when noone will need the package ever again after you just installed it on your server?
I want to distribute my webapps to others on Debian
Here a .deb would make total sense. For example Plex media server and other applications are shipped like this.
If the official Debian wiki is too abstract, there are also other more hands on guides to get you started quickly. You could also get other .deb Packages and extract them to see what they are made up from. You mentioned one of your websites is using python, so I just suspect it might be flask or Django. If it's Django, there is an example repository you might want to check out.
I want to run a lot of stuff on my server / distribute to other devs and platforms / or scale soon
In this case I would make the webapps into docker containers. They are easy to build, share, and deploy. On top you can easily bundle all dependencies and scripts to make sure everything is setup right. Also they are easy to run and stop. So you have a simple "on/off" switch if your server is running low on resources while you want to run something else. I highly favour this solution, as it also allows you to easily control what is running on what ip when you deploy more and more applications to your server. But, as you pointed out, it runs with a bit of overhead and is not the best solution on weak hardware.
Also, if you know for sure what will be running on the server long term and don't need the flexibility I would probably skip Docker as well.
There has been some back and forth between myself and the IT department of a company I recently began working regarding the installation of Python / Anaconda suite on my work PC. The IT department is making claims of security risks (with Anaconda) but I suspect it’s more of a matter of them not wanting to give me access. My suspicion is based, not on my IT knowledge, but due to the fact that I’ve used Anaconda at my last job with no issues. I’m hoping for some insight of enterprise risks (if any) associated with installation of Anaconda. To summarize the situation/my knowledge:
• I am not a developer, nor do I come from an IT/enterprise risk background. I’ve used Python for analytics, data cleansing and report automation
• Current and past companies are within the finance industry, i.e. confidential information lives on the network
• I’m requesting Anaconda as opposed Anaconda Enterprise
• I’m requesting Python version 3.6.4
I’m not trying to write-off IT’s concerns. What I’m trying to do is better understand the situation, educate myself and either alleviate their concerns or propose an alternative all parties can work with.
So my questions are:
Are their security threats associated with leveraging Anaconda? If so, what specifically?
If the risk is too great, what are alternatives to simply installing the Anaconda Suite?
Thanks
Are their security threats associated with leveraging Anaconda? If so, what specifically?
It depends on the environment. Do you have admin privileges ? How the global GPO policy looks like ? For example if you don't have an admin rights you can't do things like create a socket, access network stack on os level and vice versa. The thing is, that you can do similar damage with CMD/PowerShell also. Is the former secure than the latter, I don't think so ....
If the risk is too great, what are alternatives to simply installing the Anaconda Suite?
It depends on what kind of functionality you need from Anaconda, maybe you can use different python interpreter/framework, but from security perspective looks the same.
Usually "IT Stuff" don't have a clue how to implement OS/Domain/Security in a proper manner so their solution is to tell everybody that it's a security risk. In these days, everything is a security risk.
One could argue that any programming environment is a potential security risk.
But such an argument is rather unconvincing in any office environment where you will probably find a well-known office suite installed that comes with its own built-in programming environment! You can cause plenty of mayhem with VBA macros hidden in Word en Excel documents... Especially when these documents are sent to unsuspecting co-workers.
To put it more bluntly, any environment that is not nailed down to the point of being unusable is a potential security risk. Can you e.g. run programs off a USB drive? Or open Office files from them? Or even copy files to them?
You could ask IT what their specific objections are?
BTW; You don't need administrator privileges to install Anaconda for yourself. Only if you want to install it for all users on your machine.
Edit: Another approach is to bring your own laptop and use Python on that.
This is an approach I'm using. And I would suggest using a laptop loaded with a UNIX-like operating system like a Linux distribution or one of the BSD variants. All of these come with a lot of tools out of the box and since they have decent package management (as opposed to ms-windows) basically every open-source tool you can think of is easily available. There is a learning curve associated with this, but on these systems tools are meant to work together instead of existing as pre-packaged one-trick ponies.
For example, I keep yearly logbooks of work-related stuff that should be documented. These logbooks can run into 200-300 pages, with hundreds of illustrations and graphs. For such a thing, ms-word just doesn't cut it; I've tried several times. So I use LaTeX, python, gnuplot and a host of other tools for it. And the whole thing is kept under revision control as a matter of course.
This laptop isn't connected to the network at work, so it cannot be a threat to that.
We all know situations when you cannot go open source and freely distribute software - and I am in one of these situations.
I have an app that consists of a number of binaries (compiled from C sources) and Python code that wraps it all into a system. This app used to work as a cloud solution so users had access to app functions via network but no chance to touch the actual server where binaries and code are stored.
Now we want to deliver the "local" version of our system. The app will be running on PCs that our users will physically own. We know that everything could be broken, but at least want to protect the app from possible copying and reverse-engineering as much as possible.
I know that Docker is a wonderful deployment tool so I wonder: is it possible to create encrypted Docker containers where no one can see any data stored in the container's filesystem? Is there a known solution to this problem?
Also, maybe there are well known solutions not based on Docker?
The root user on the host machine (where the docker daemon runs) has full access to all the processes running on the host. That means the person who controls the host machine can always get access to the RAM of the application as well as the file system. That makes it impossible to hide a key for decrypting the file system or protecting RAM from debugging.
Using obfuscation on a standard Linux box, you can make it harder to read the file system and RAM, but you can't make it impossible or the container cannot run.
If you can control the hardware running the operating system, then you might want to look at the Trusted Platform Module which starts system verification as soon as the system boots. You could then theoretically do things before the root user has access to the system to hide keys and strongly encrypt file systems. Even then, given physical access to the machine, a determined attacker can always get the decrypted data.
What you are asking about is called obfuscation. It has nothing to do with Docker and is a very language-specific problem; for data you can always do whatever mangling you want, but while you can hope to discourage the attacker it will never be secure. Even state-of-the-art encryption schemes can't help since the program (which you provide) has to contain the key.
C is usually hard enough to reverse engineer, for Python you can try pyobfuscate and similar.
For data, I found this question (keywords: encrypting files game).
If you want a completely secure solution, you're searching for the 'holy grail' of confidentiality: homomorphous encryption. In short, you want to encrypt your application and data, send them to a PC, and have this PC run them without its owner, OS, or anyone else being able to scoop at the data.
Doing so without a massive performance penalty is an active research project. There has been at least one project having managed this, but it still has limitations:
It's windows-only
The CPU has access to the key (ie, you have to trust Intel)
It's optimised for cloud scenarios. If you want to install this to multiple PCs, you need to provide the key in a secure way (ie just go there and type it yourself) to one of the PCs you're going to install your application, and this PC should be able to securely propagate the key to the other PCs.
Andy's suggestion on using the TPM has similar implications to points 2 and 3.
Sounds like Docker is not the right tool, because it was never intended to be used as a full-blown sandbox (at least based on what I've been reading). Why aren't you using a more full-blown VirtualBox approach? At least then you're able to lock up the virtual machine behind logins (as much as a physical installation on someone else's computer can be locked up) and run it isolated, encrypted filesystems and the whole nine yards.
You can either go lightweight and open, or fat and closed. I don't know that there's a "lightweight and closed" option.
I have exactly the same problem. Currently what I was able to discover is bellow.
A. Asylo(https://asylo.dev)
Asylo requires programs/algorithms to be written in C++.
Asylo library is integrated in docker and it seems to be feаsable to create custom dоcker image based on Asylo .
Asylo depends on many not so popular technologies like "proto buffers" and "bazel" etc. To me it seems that learning curve will be steep i.e. the person who is creating docker images/(programs) will need a lot of time to understand how to do it.
Asylo is free of charge
Asylo is bright new with all the advantages and disadvantages of being that.
Asylo is produced by Google but it is NOT an officially supported Google product according to the disclaimer on its page.
Asylo promises that data in trusted environment could be saved even from user with root privileges. However, there is lack of documentation and currently it is not clear how this could be implemented.
B. Scone(https://sconedocs.github.io)
It is binded to INTEL SGX technology but also there is Simulation mode(for development).
It is not free. It has just a small set of functionalities which are not paid.
Seems to support a lot of security functionalities.
Easy for use.
They seems to have more documentation and instructions how to build your own docker image with their technology.
For the Python part, you might consider using Pyinstaller, with appropriate options, it can pack your whole python app in a single executable file, which will not require python installation to be run by end users. It effectively runs a python interpreter on the packaged code, but it has a cipher option, which allows you to encrypt the bytecode.
Yes, the key will be somewhere around the executable, and a very savvy costumer might have the means to extract it, thus unraveling a not so readable code. It's up to you to know if your code contains some big secret you need to hide at all costs. I would probably not do it if I wanted to charge big money for any bug solving in the deployed product. I could use it if client has good compliance standards and is not a potential competitor, nor is expected to pay for more licenses.
While I've done this once, I honestly would avoid doing it again.
Regarding the C code, if you can compile it into executables and/or shared libraries can be included in the executable generated by Pyinstaller.
What I want to do is write an Application in Python and deploy it in django(I want to implement it on Linux platform), and that Application could manage DNS remotely in Active Directory(Windows environment).
It's preferred that all the scripts written in Cpython.
I tryed several ways below but failed:
Use a module called dnspython, but it seem only work with BIND DNS, that still doesn't support Window DNS.
Use pywin32 module to invoke WMI, but pywin32 is a module only for Windows platform and failed to work in Linux.
Use Ironpython, it is the only workaround I get, but not so good because all other applications will be in Cpython.
Can somebody provide a resolution? Or a workaround.
In my understand, I need a cpython scripts run in Linux that could remotely manage DNS in Active Directory on Windows platform.
If there is any problem about it, please let me know.
Any suggestions are appreciated.
Set up the windows machine as a chaching nameserver, with the linux box as its authoritative nameserver. That way you can just change the settings of BIND on the linux box, and the windows box should follow along.
This question probably belongs on server fault, though.
I'd like to get some code editing for a free software project done during some free time that I will have today at my university. There's just one small problem: We're almost entirely a windows environment (mostly thin clients at that) and the only source code editor installed is jGRASP.
So, I need a source code editor which is usable without installing anything (something browser, or Java Web Start based). I would use Notepad++, but I think downloading and running some unapproved exe may be in violation of our acceptable use policy, and it isn't that efficient of an editor for python anyway.
Any suggestions are appreciated.
The best webbased editor I know is Ace.
If you can't execute downloaded exes, this maybe mute, but SciTe is reasonably useable and does not require you to install anything - just download and run.
Putty and vim would be my solution (Requires a remote host running 'nix)
Putty is obviously a 3rd party binary, but a fairly common one.
I'm sure there are web based ssh clients to be had.