forksand-it-manual/source/Clouds/Sharktech.tex

%
% Sharktech.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\section{Sharktech}
Sharktech is a provider that focuses on \gls{ddos} prevention, such
as for gaming servers. Has a data center in Denver.
Looks good. Manually provisions servers over a few days.
Good local speed and latency.
\url{https://sharktech.net/}

\begin{figure}[!htb]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-sharktech.png}
 \caption{Sharktech Website}
 \label{fig:www-sharktech}
\end{figure}

\begin{figure}[!htb]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-sharktech-dashboard-services.png}
 \caption{Sharktech Dashboard Services Web Page}
 \label{fig:www-sharktech-dashboard-services}
\end{figure}

First login, kernel is:
\texttt{Linux debian 3.16.0-4-amd64 \#1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86\_64 \gls{gnulinux}}
It isn't up-to-date. Running Debian 8.6. The \texttt{dmesg} showed the kernel had already
barfed a couple times (USB time outs and more).

\Gls{ipmi} http connection is in cleartext!!! Doesn't redirect to https. https has failed SSL
certificate (like every other Supermicro on the planet). \Gls{ipmi} requires Java junk.
Server was running for a few days before I could update it.

\begin{minted}{sh}
# Sharktech IPMI:
Firmware Revision : 03.38
Firmware Build Time : 2015-01-05

# XXX
# XXX Somehow doesn't have a route to ns1 for DNS (?).
# XXX NEED MULTIPLE MASTERS.
# XXX This eventually sync'd after a few minutes and restarts...
017-10-07 07:53:57.755584 | server   | N | zone load: slave zone solipsists.org. requires download from the master
2017-10-07 07:54:00.833918 | server   | E | slave: query error for domain solipsists.org. from master at 69.164.197.34#53: No route to host
2017-10-07 07:54:00.833923 | server   | W | slave: 69.164.197.34#53 master failed to answer for domain solipsists.org.: retrying
2017-10-07 07:54:00.928262 | server   | E | database: solipsists.org.: failed to download the zone: No route to host

# XXX takes 7 minutes to reboot.
\end{minted}

\begin{figure}[!htb]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{sharktech-reboot-dhcp.png}
 \caption{Sharktech Reboot DHCP Hang}
 \label{fig:sharktech-reboot-dhcp}
\end{figure}
\begin{figure}[!htb]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{sharktech-reboot-dhcp-2.png}
 \caption{Sharktech Reboot DHCP Hang 2}
 \label{fig:sharktech-reboot-dhcp-2}
\end{figure}
\begin{figure}[!htb]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{sharktech-reboot-grub.png}
 \caption{Sharktech Reboot GRUB}
 \label{fig:sharktech-reboot-grub}
\end{figure}

\begin{itemize}
 \item Default \gls{ipmi} connection is in cleartext http.
 \item SSL certificate for Supermicro \gls{ipmi} is bad (like all of them).
 \item Can't change password on \gls{ipmi}.
 \item Root password for server and \gls{ipmi} is sent via email.
 \item There is an attack window between their machine imaging and first login.
 \item Customer should control timing of first power on.
 \item System is also possibly vuln during the ISP's initial power up and commissioning period.
 \item First reboot, the system hung (.png XXX).
 \item Hard reset, lots of DHCP queries at boot.
 \item A \texttt{debian} user was on the system, password unknown. Check \texttt{/home}!
 \item They block NTP to prevent \gls{ddos}, so you have to use their time server
  \texttt{time.sharktech.net}
\end{itemize}

Sharktech payment methods:

\begin{itemize}
 \item Credit Card.
 \item PayPal.
 \item Wire Transfer.
 \item Check/Western Union.
 \item Offline Credit Card.
 \item Bitcoin.
 \item \$1,000USD maximum balance.
\end{itemize}


\section{ns36}
ns36 server info

\begin{itemize}
 \item Shipped with default kernel:
  \texttt{Linux debian 3.16.0-4-amd64 \#1 SMP Debian 3.16.7-ckt20-1+deb8u2 (2016-01-02) x86\_64 \gls{gnulinux}}
 \item Shipped with Debian 8.3 (an old version of \texttt{oldstable}).
\end{itemize}
Initial draft of Fork Sand IT Manual 8 years ago			`%`
			`% Sharktech.tex`
			`%`
			`% Fork Sand IT Manual`
			`%`
			`% Copyright (C) 2018, Fork Sand, Inc.`
			`% Copyright (C) 2017, Jeff Moe`
			`%`
			`% This document is licensed under the Creative Commons Attribution 4.0`
			`% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.`
			`%`
			`\section{Sharktech}`
csv convertion applied (todo detalize installation of sofficehelpers), updates to Glossary, minor fixes, removed cached gitignored newly added files 8 years ago			`Sharktech is a provider that focuses on \gls{ddos} prevention, such`
Initial draft of Fork Sand IT Manual 8 years ago			`as for gaming servers. Has a data center in Denver.`
			`Looks good. Manually provisions servers over a few days.`
			`Good local speed and latency.`
			`\url{https://sharktech.net/}`

Started glossary, firewall split, added attachments, minor fixes, 8 years ago			`\begin{figure}[!htb]`
Initial draft of Fork Sand IT Manual 8 years ago			`\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-sharktech.png}`
			`\caption{Sharktech Website}`
			`\label{fig:www-sharktech}`
			`\end{figure}`

Started glossary, firewall split, added attachments, minor fixes, 8 years ago			`\begin{figure}[!htb]`
Initial draft of Fork Sand IT Manual 8 years ago			`\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-sharktech-dashboard-services.png}`
			`\caption{Sharktech Dashboard Services Web Page}`
			`\label{fig:www-sharktech-dashboard-services}`
			`\end{figure}`

			`First login, kernel is:`
csv convertion applied (todo detalize installation of sofficehelpers), updates to Glossary, minor fixes, removed cached gitignored newly added files 8 years ago			`\texttt{Linux debian 3.16.0-4-amd64 \#1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86\_64 \gls{gnulinux}}`
Initial draft of Fork Sand IT Manual 8 years ago			`It isn't up-to-date. Running Debian 8.6. The \texttt{dmesg} showed the kernel had already`
			`barfed a couple times (USB time outs and more).`

csv convertion applied (todo detalize installation of sofficehelpers), updates to Glossary, minor fixes, removed cached gitignored newly added files 8 years ago			`\Gls{ipmi} http connection is in cleartext!!! Doesn't redirect to https. https has failed SSL`
			`certificate (like every other Supermicro on the planet). \Gls{ipmi} requires Java junk.`
Initial draft of Fork Sand IT Manual 8 years ago			`Server was running for a few days before I could update it.`

			`\begin{minted}{sh}`
			`# Sharktech IPMI:`
			`Firmware Revision : 03.38`
			`Firmware Build Time : 2015-01-05`

			`# XXX`
			`# XXX Somehow doesn't have a route to ns1 for DNS (?).`
			`# XXX NEED MULTIPLE MASTERS.`
			`# XXX This eventually sync'd after a few minutes and restarts...`
			`017-10-07 07:53:57.755584 \| server \| N \| zone load: slave zone solipsists.org. requires download from the master`
			`2017-10-07 07:54:00.833918 \| server \| E \| slave: query error for domain solipsists.org. from master at 69.164.197.34#53: No route to host`
			`2017-10-07 07:54:00.833923 \| server \| W \| slave: 69.164.197.34#53 master failed to answer for domain solipsists.org.: retrying`
			`2017-10-07 07:54:00.928262 \| server \| E \| database: solipsists.org.: failed to download the zone: No route to host`

			`# XXX takes 7 minutes to reboot.`
			`\end{minted}`

Started glossary, firewall split, added attachments, minor fixes, 8 years ago			`\begin{figure}[!htb]`
Initial draft of Fork Sand IT Manual 8 years ago			`\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{sharktech-reboot-dhcp.png}`
			`\caption{Sharktech Reboot DHCP Hang}`
			`\label{fig:sharktech-reboot-dhcp}`
			`\end{figure}`
Started glossary, firewall split, added attachments, minor fixes, 8 years ago			`\begin{figure}[!htb]`
Initial draft of Fork Sand IT Manual 8 years ago			`\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{sharktech-reboot-dhcp-2.png}`
			`\caption{Sharktech Reboot DHCP Hang 2}`
			`\label{fig:sharktech-reboot-dhcp-2}`
			`\end{figure}`
Started glossary, firewall split, added attachments, minor fixes, 8 years ago			`\begin{figure}[!htb]`
Initial draft of Fork Sand IT Manual 8 years ago			`\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{sharktech-reboot-grub.png}`
			`\caption{Sharktech Reboot GRUB}`
			`\label{fig:sharktech-reboot-grub}`
			`\end{figure}`

			`\begin{itemize}`
csv convertion applied (todo detalize installation of sofficehelpers), updates to Glossary, minor fixes, removed cached gitignored newly added files 8 years ago			`\item Default \gls{ipmi} connection is in cleartext http.`
			`\item SSL certificate for Supermicro \gls{ipmi} is bad (like all of them).`
			`\item Can't change password on \gls{ipmi}.`
			`\item Root password for server and \gls{ipmi} is sent via email.`
Initial draft of Fork Sand IT Manual 8 years ago			`\item There is an attack window between their machine imaging and first login.`
			`\item Customer should control timing of first power on.`
			`\item System is also possibly vuln during the ISP's initial power up and commissioning period.`
			`\item First reboot, the system hung (.png XXX).`
			`\item Hard reset, lots of DHCP queries at boot.`
			`\item A \texttt{debian} user was on the system, password unknown. Check \texttt{/home}!`
csv convertion applied (todo detalize installation of sofficehelpers), updates to Glossary, minor fixes, removed cached gitignored newly added files 8 years ago			`\item They block NTP to prevent \gls{ddos}, so you have to use their time server`
Initial draft of Fork Sand IT Manual 8 years ago			`\texttt{time.sharktech.net}`
			`\end{itemize}`

			`Sharktech payment methods:`

			`\begin{itemize}`
			`\item Credit Card.`
			`\item PayPal.`
			`\item Wire Transfer.`
			`\item Check/Western Union.`
			`\item Offline Credit Card.`
			`\item Bitcoin.`
			`\item \$1,000USD maximum balance.`
			`\end{itemize}`


			`\section{ns36}`
			`ns36 server info`

			`\begin{itemize}`
			`\item Shipped with default kernel:`
csv convertion applied (todo detalize installation of sofficehelpers), updates to Glossary, minor fixes, removed cached gitignored newly added files 8 years ago			`\texttt{Linux debian 3.16.0-4-amd64 \#1 SMP Debian 3.16.7-ckt20-1+deb8u2 (2016-01-02) x86\_64 \gls{gnulinux}}`
Initial draft of Fork Sand IT Manual 8 years ago			`\item Shipped with Debian 8.3 (an old version of \texttt{oldstable}).`
			`\end{itemize}`