XenServer Repositories

• Create dedicated storage repositories for build media and virtual machine disks that are separate from your normal file shares
• Use only generic, least-privileged accounts that only have access to the storage repositories
• Never mount any storage repositories with your personal AD account
• Always assume that anyone who has access to log into your XenServer most likely has the privileges to view the stored “secrets” and the clear-text passwords and may use those credentials to further penetrate your infrastructure

passwords are stored in clear text in /var/xapi/state.db

When you correlate the UUID listed as the cifs password_secret in the previous command, you get your username/password combination

xe secret-list command displays the clear-text passwords.

xe pbd-list shows mounted drives

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s