Log Analytics can be a powerful monitoring tool for your infrastructure as you can query various metrics that are important for your servers availability like disk space.
The below query can be used to get free space for your Linux VM disks.
InsightsMetrics
| where Origin == "vm.azm.ms"
and Namespace == "LogicalDisk"
and Name == "FreeSpaceMB"
| extend Disk=tostring(todynamic(Tags)["vm.azm.ms/mountId"]),
Disk_Size_GB=(todynamic(Tags)["vm.azm.ms/diskSizeMB"]) / (1024)
| summarize Disk_Free_Space_GB = avg(Val) / (1024)
by Computer,
Disk, Disk_Size_GB, _ResourceId
| where Disk in ('sda1', 'sdb1', 'sdc1', 'sdd1','/')
| project Computer, Disk, Disk_Size_GB, Disk_Free_Space_GB
You can also select the scope of the query in order to get results for specific resources/resource groups.
The result will bring all disks size and free space that their name is included in the list
('sda1', 'sdb1', 'sdc1', 'sdd1','/')
The same query with a small change can be applied also for windows vms in order to get the available space for your C: drive.
InsightsMetrics
| where Origin == "vm.azm.ms"
and Namespace == "LogicalDisk"
and Name == "FreeSpaceMB"
| extend Disk=tostring(todynamic(Tags)["vm.azm.ms/mountId"]),
Disk_Size_GB=(todynamic(Tags)["vm.azm.ms/diskSizeMB"]) / (1024)
| summarize Disk_Free_Space_GB = avg(Val) / (1024)
by Computer,
Disk, Disk_Size_GB, _ResourceId
| where Disk in ('C:')
| project Computer, Disk, Disk_Size_GB, Disk_Free_Space_GB
Finally you can pin this result inside an Azure dashboard by clicking pin and select the specific dashboard.
PowerShell 7.3 installs to a new directory and runs side-by-side with Windows PowerShell 5.1. PowerShell 7.3 is an in-place upgrade that replaces PowerShell 7.0 and lower.
Error:
error NU1202: Package PowerShell 7.3.0 is not compatible with net6.0 (.NETCoreApp,Version=v6.0) / any. Package PowerShell 7.3.0 supports: net7.0 (.NETCoreApp,Version=v7.0) / any The tool package could not be restored. Tool ‘powershell’ failed to install. This failure may have been caused by:
* You are attempting to install a preview release and did not use the –version option to specify the version. * A package by this name was found, but it was not a .NET tool. * The required NuGet feed cannot be accessed, perhaps because of an Internet connection problem. * You mistyped the name of the tool.
Solution:
In order to resolve the error you should install .NET 7.
It was a nice morning when I woke up and started surfing before going to work. Little did I know for what will happen that day. Outlook sent me a notification email, the one you can see below. At first I got shocked. I understood immediately that it was a spam email asking for money through crypto payments, but how did the sent it from my email address? The sender was me and the recipient was also me.
If you check carefully the email originator is the same email as the recipient. Did I got hacked? I instantly went to change my passwords and enable MFA option (yes you should do that before you get p0wned).
After contacting my host provider for logs (I wanted to make sure that the mail server was not affected) I started investigating the email. At first it seems like a normal one. By investigating further, I checked the headers.
Oups something seems strange here. The received from headers point an unknown host, the one that tried to trick me. Mister I could send you back the same email from your own address.
Return-Path: <support@brightdirectories.com>
X-Original-To: webmaster@geralexgr.com
Delivered-To: webmaster@geralexgr.com
Received: from cloudvpsserver.host.brightdirectories.com (unknown [64.91.244.139])
spf=pass (sender IP is 64.91.244.139) smtp.mailfrom=support@brightdirectories.com smtp.helo=cloudvpsserver.host.brightdirectories.com
This method of attack is called spoofing and you can read more details from the below article.
Lets try to implement the same attack now, to understand how difficult this could be. The only thing that you will need is a linux machine running postfix and sendmail package. As simple as that and you become a spoofing hacker.
First things first, install and start postfix service.
The attempt failed. What happened though? By checking the logs, I could find that mail server blocks some incoming messages based on spamhaus service.
Is that hard to bypass? Totally not. You have to go on spamhaus link and whitelist your IP address. The next time the service is updated, your email will be received from the mail server. I have to say that more advanced mail services like google, outlook provide much more sophisticated services to block spam than spamhaus.
By trying to send again my email, I successfully spammed my own mailbox. Lets try a google account this time. I will try to send an email from my personal domain account email to my gmail account. However this would be a spam email as the origin will be a local postfix service that tries to impersonate the real owner.
sendmail -v my_Gmail < mail.txt
You can find my mail.txt contents below.
From: webmaster@blablabla.com
Subject: spoofing email attack this email was sent from an unknown sender using postfix
Voila. I received a spam email from a sender that is not the original one.
If you check more carefully, google adds a question mark and informs you that it could not verify the owner of the email. However the spam went directly to my mailbox and did not arrive on spam.
If you check the headers again, you will verify that the originator is fake
Original Message
Message ID <202111202159.1AKLxI8x016745@geralexgr.com>
Created at: Sat, Nov 20, 2021 at 11:59 PM (Delivered after 2 seconds)
From: webmaster@blablabla.com
To:
Subject: spoofing email attack this email was sent from an unknown sender using postfix
SPF: FAIL with IP 2.84.53.88 Learn more
Download Original
Copy to clipboard
Delivered-To:
Received: by 2
Received: from geralexgr.com (IP_address.
Received-SPF: fail (google.com: domain of root@geralexgr.com does not designate IP as permitted sender) client-ip=xxxxxx;
Authentication-Results: mx.google.com;
spf=fail (google.com: domain of root@geralexgr.com does not designate 2.84.53.88 as permitted sender) smtp.mailfrom=root@geralexgr.com
Received: from geralexgr.com (localhost [127.0.0.1]) by geralexgr.com (Postfix) with ESMTPS id 88E031099F6B for <xxxxxx>; Sat, 20 Nov 2021 23:59:18 +0200 (EET)
Received: (from root@localhost) by geralexgr.com (8.15.2/8.15.2/Submit) Sat, 20 Nov 2021 23:59:18 +0200
Date: Sat, 20 Nov 2021 23:59:18 +0200
Message-Id: <202111202159.1AKLxI8x016745@geralexgr.com>
From: webmaster@geralexgr.com
Subject: spoofing email attack this email was sent from an unknown sender using postfix
As you can see from headers, the real sender is root@localhost and not the sender that is shown on gmail. You can also locate the incoming IP address.
To conclude we examined how one could spoof your email account and impersonate your self. Be very careful on the emails you receive and double check the originator. It is very easy to get hacked with this technique.
If you extend the virtual disk that holds the root partition of a linux server, you should extend the physical storage and filesystem in order to allocate the available space. In this article I will explain how to perform the necessary actions to archive this goal.
At first you can see that physical volume is currently 200GB.
In order to extend you should use parted and select the volume which holds the root filesystem. In my case it was number 3 and I performed the extension through the command:
parted -s -a opt devsda 'resizepart 3 100%'
If you check the vg space you may notice that space is not allocated yet.
Then you should perform a pvresize for the aforementioned partition and the space will be provided on the volume group.
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here:
Cookie Policy
