All posts by Jon Kensy

Synology DSM 5.0 ShellShock “safe by default”

So I was on twitter looking at some security stuff I follow and came across someone quoting Synology as saying that DSM 5.0 is “safe by default”.   Here is a link to the Synology document.  And here is the quote:

The design of Synology NAS operating system, DiskStation Manager (DSM), is safe by default. The bash command shell built-in in DSM is reserved for system service use (HA Manager) only and not available to public users. For preventive purpose, Synology is working on the patches addressing this bash vulnerability and to provide them as soon as possible.

Not being entirely convinced I quickly logged into a DS1513+ and did echo $0 which will usually return the current shell.

DSM shellshockSo, I can’t confirm as to what shell the unit was running but after upgrading to DSM 5.0 Update 7, the unit is now using ash shell as default.  I wish I hadn’t applied the update just yet so I could just confirm.  But, for now, this will have to do.  Looks safe here.

vSphere PowerCLI for ESXi host build details

I found these PowerCLI commands especially useful when doing an inventory of ESXi hosts:

get-view -ViewType HostSystem -Property Name,Config.Product | select Name,{$_.Config.Product.FullName}

get-view -ViewType HostSystem -Property Name,Config.Product | foreach {$_.Name, $_.Config.Product}

The first will output something like this:

PowerCLI C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI> get-view
-ViewType HostSystem -Property Name,Config.Product | select Name,{$_.Config.Pro
duct.FullName}

Name                                    $_.Config.Product.FullName
—-                                    ————————–
<hostnameremoved>                   VMware ESXi 5.1.0 build-799733
<hostnameremoved>                   VMware ESXi 5.1.0 build-799733
<hostnameremoved>                   VMware ESXi 5.1.0 build-799733
<hostnameremoved>                   VMware ESXi 5.1.0 build-799733
<hostnameremoved>                   VMware ESXi 5.1.0 build-799733
<hostnameremoved>                   VMware ESXi 5.1.0 build-799733
<hostnameremoved>                   VMware ESXi 5.1.0 build-799733
<hostnameremoved>                   VMware ESXi 5.1.0 build-799733

The second command would result in an output like this:

PowerCLI C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI> get-view
-ViewType HostSystem -Property Name,Config.Product | foreach {$_.Name, $_.Confi
g.Product}
hps1esx1.aecio.com

Name                  : VMware ESXi
FullName              : VMware ESXi 5.1.0 build-799733
Vendor                : VMware, Inc.
Version               : 5.1.0
Build                 : 799733
LocaleVersion         : INTL
LocaleBuild           : 000
OsType                : vmnix-x86
ProductLineId         : embeddedEsx
ApiType               : HostAgent
ApiVersion            : 5.1
InstanceUuid          :
LicenseProductName    : VMware ESX Server
LicenseProductVersion : 5.0
DynamicType           :
DynamicProperty       :

This is pretty useful as vSphere client will sometimes not show the full build version because of total number of characters:ESXi Build VersionHope this is useful!

Edit:  I also needed to grab the service tag from a host that is not managed by vCenter Server.  To do that we ssh’d to the host and ran the following:

[root@host name]#  /usr/sbin/dmidecode |grep -A4 “System Information”

Which resulted in dmidecode not being found, so the following command was used:

[root@host name]#  /sbin/esxcli hardware platform get

This resulted in the necessary output without having to do a physical check on the host!