Saturday, November 12, 2022

Monday, July 27, 2020

Check TLS version running on the Linux server using NMAP.

https://casesup.com/category/knowledgebase/howtos/how-to-check-supported-tls-and-ssl-version

Found the below steps in an caseup.com portal. 

nmap --script ssl-enum-ciphers -p 443 www.google.com

Starting Nmap 6.40 ( http://nmap.org ) at 2017-08-10 11:15 +03
Nmap scan report for www.google.com (216.58.208.100)
Host is up (0.012s latency).
rDNS record for 216.58.208.100: sof01s11-in-f100.1e100.net
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| compressors:
| NULL
| TLSv1.1:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| compressors:
| NULL
| TLSv1.2:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_GCM_SHA384 - strong
| compressors:
| NULL
|_ least strength: strong

Nmap done: 1 IP address (1 host up) scanned in 7.03 seconds

Friday, October 25, 2019

Solaris Server SNMP

Monitoring Solaris Server services using custom OID's

Assumption: SNMP server side configuration is completed

# vi /etc/sma/snmp/snmpd.conf
exec pscheduler_snmpd /bin/bash /usr/bin/Scheduler_snmpd.sh
 

Place the scripts under /usb/bin/
# cat /usr/bin/Scheduler_snmpd.sh
count=`ps -ef | grep BBL |egrep -i 'CHECK1|CHECK2'|wc -l` > /dev/null
if [ $count -eq 2 ]
then
   echo "1"
else
   echo "0"
fi


Set the permission of the script to  (would prefer only execute permission)
#chmod 777 /usr/bin/Scheduler_snmpd.sh

Restart the SNMP service on the Solaris server by running command
 #svcsadm restart sma




 












 


 




Tuesday, September 17, 2019

Power shell to access Internet behind a proxy server with authentication

  • $Creds=Get-Credential
  •  $proxy = New-Object System.Net.WebProxy
  • $proxy.Address = [uri]"http://xxx.xxx.xxx.xxx:xx"
  • $proxy.Credentials = $Creds
  • [System.Net.WebRequest]::DefaultWebProxy = $proxy
  • Invoke-WebRequest -Uri "https://google.com" -UseBasicParsing

Useful links to refer.
  1. http://woshub.com/using-powershell-behind-a-proxy/
  2. https://stackoverflow.com/questions/38005341/the-response-content-cannot-be-parsed-because-the-internet-explorer-engine-is-no 

Monday, July 08, 2019

Custom Monitoring using SNMP Script for a specific service. - The script is written to avoid false alerts generated due to custom monitoring. 

This will trigger multiple SNMP monitoring attempts (3 times) before calling the failure.



a=0
while [ $a -lt 3 ]
do
   snmpwalk -v2c -c 'XXXXXsecretkeyXXXXXXX' | grep "customvalue" >> /dev/null
   if [ $? = 0 ]; then
        echo "80"
        exit
   else
        sleep 3
        a=`expr $a + 1`
   fi
        echo "0"
done
-

Tuesday, August 23, 2016

Check for network ports

  • netstat -nat 
  • netstat -tunlp 
  • netstat -nlpu|grep snmp

Wednesday, October 21, 2015

Changing a specific value in a file using sed

/bin/sed -i.bak -e 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config

Friday, October 09, 2015

Disable IPv6 on Linux

Sometime you may want to disable IPV6 on your Linux server. 

To check if IPV6 is running on your system
Run the following command.
#ifconfig  - This is show the ipv4 and ipv6 address

To disable ipv6
vi /etc/sysctl.conf

 Add the following lines at the bottom of the config file
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1
 

After saving the file, run the following command to apply the new changes.

#sysctl -p

To confirm the changes are applied, run the command
#ifconfig - This should not show ipv6 address any more
 

Monday, June 15, 2015

Securing Linux


Stop all unwanted services
#chkconfig --list |grep '3:on'

#chkconfig cups off
#chkconfig postfix off
#chkconfig atd off
#chkconfig ip6tables off
#chkconfig lvm2-monitor off
#chkconfig mdmonitor off
#chkconfig rpcidmapd off
#chkconfig nfslock off
#chkconfig mcelogd off
#chkconfig xinetd off
#chkconfig inetd off

Remove all unwanted packages
#rpm -e

Disable Root login
#vi /etc/ssh/sshd_config
PermitRootLogin no
#service sshd restart

Create a service account with Sudo Access

  • Create a service account
#useradd
#passwd
(provide a strong password)

  • Provide Sudo Access to service account _ In this case i have given all root access
#visudo
lbadmin ALL=(ALL)       ALL


Disable alt+ctrl+del key switch for reboot

#vi "/etc/init/control-alt-delete.conf"

Hash both the lines
#start on control-alt-delete
#exec /sbin/shutdown -r now "Control-Alt-Delete pressed"

Allow ssh access only from specific subnets or IP address

#vi /etc/hosts.allow
sshd:


#vi /etc/hosts.deny
sshd: ALL

 Restrict access to server for specific subnet.

# Generated by iptables-save v1.4.7 on Fri Jun 12 15:39:00 2015
*filter
:INPUT ACCEPT [75:5272]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [68:5268]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -p udp --dport 123 -j ACCEPT
-A INPUT -p udp --sport 123 -j ACCEPT
-A OUTPUT -p tcp --dport 123 -j ACCEPT
-A INPUT -p tcp --sport 123 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Set IP tables to start at reboot
#chkconfig iptables on

Apply the new IP table rules by running command
#service iptables start

Check all accounts have password set to them. No account should be without password less loging
grep -v ':x:' /etc/passwd

Tuesday, March 17, 2015

Cannot initiate the connection to 80:80 (0.0.0.80)

When running apt-get update command, if you receive the below mentioned error

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/trusty-backports/restricted/i18n/Translation-en_US  Cannot initiate the connection to 80:80 (0.0.0.80). - connect (22: Invalid argument)

Edit the following file
vi /etc/apt/apt.conf

Hash out the following entry
#Acquire::http::Proxy "ProxyIP:ProxyPort";


Now try #apt-get update, this should update the repository informaiton

Tuesday, February 24, 2015

View database output in tabular format

mysql -u root -p 
 
mysql>\P less -S

Monday, February 16, 2015

Windows 8 and Windows 2012 rebooting issue on Proxmox VM

When you boot any VM and try to install Windows 8 or Windows 2012, the VMs will go into a continuous reboot. This is due to the missing CPU flag settings.

To fix this issue modify the VM configuration file of the VM

cd /etc/pve/qemu-server
vi 106.conf  ( Assuming 106.conf is the VM on which you are installing Win8 or Win2012)

balloon: 1024
bootdisk: ide0
cores: 2
args: -cpu qemu64,+sep,+cx16,+lahf_lm
ide0: PROXMOX6_VMVOL:106/vm-106-disk-1.qcow2,format=qcow2,size=32G
ide2: ISO:iso/Windows_8.1_x64.iso,media=cdrom,size=5227698K
memory: 2048
name: OPSI-Windows8
net0: virtio=DA:3B:63:57:3C:6F,bridge=vmbr0,tag=103
ostype: other
sockets: 1


Tuesday, November 11, 2014

Single liner to ping a subnet from command line

for ip in 192.168.10.{1,2,3..254};do ping -c 1 $ip;done

Tuesday, January 28, 2014

Shell - List number of lines once the search pattern matches

awk '/PATTERN/ {for(i=1; i<=5; i++) {getline; print}}' filename

The above command will search the key word "PATTERN" once it is matched, it will print the below 5 lines after the search string from the text file.

Wednesday, November 20, 2013

Server Provisioning / De-provisioning on Proxmox using Shell Script.

 Here is my attempt to simplify server provisioning / De-provisioning on Proxmox using shell script. Hope you find it useful.

****************************************************************************
#!/bin/bash

echo " Proxmox OpenVZ Server Provisioning Tool"
echo ""
echo " Please select from the below choices"
echo ""
echo " 1. KVM Server Instance Provisioning"
echo " 2. KVM Server Instance Decommissioning"
echo ""
read -p "Please enter you numerical choice: " choice

echo $choice

if [ "$choice" -lt 1 ] || [ "$choice" -gt 2 ]; then
                        echo "Wrong choice selection - Existing the program - Please try again"
                        exit
                if [ "$choice" -eq 1 ]; then
                        echo " Initiating Server Provisioning Procedure"
                elif [ "$choice" -eq 2 ]; then
                        echo " Initiating Server Decommissioning Procedure"

                fi

fi

case $choice in
1)
##### SECTION FOR TOTAL NUMBER OF SERVER AND OPERATING SYSTEM SELECTION #####
echo "Enter the number of servers needed (1-5)"
echo ""
read -p "Please enter the numerical value: " kvmsrvno
if [ "$kvmsrvno" -le 0 ] || [ "$kvmsrvno" -gt 5 ]
        then
                echo "Please try again by entering a valid number between (1-6)"
                exit
        else
                echo "Enter the number corresponding to the operating system 1.Windows2012 2.Windows2008R2 3.WindowsXP 4.Windows7 5.RedHat6 6.CentOS6"
                read -p "Please enter the numerical value: " kvmselection
    if [ "$kvmselection" -le 0 ] || [ "$kvmselection" -gt 6 ]
        then
                echo "Please try again by entering a valid number between 1,2,3,4,5 or 6"
        exit
    fi
fi
#echo "The operating system selected is $kvmselection"

############################################################fngetvmid() {
        pvesh get /cluster/resources --type vm |grep -i vmid |sort -n |awk '{print $3}' > /mnt/pve/ISO/automation_scripts/allocated_vmid
while read avail_vmid
do
                grep -x $avail_vmid /mnt/pve/ISO/automation_scripts/allocated_vmid > /dev/null
        if [ `echo $?` -ne 0 ]
        then
                VMID=$avail_vmid
                echo $VMID
                exit
        fi
done <  /mnt/pve/ISO/automation_scripts/vmidlist
}
#vm_id=$(fngetvmid)

##############################################################

fngetkvmhostname() {
case $kvmselection in
  1)
        hostname=Win2012-$vm_id;
        clntmpt=128;;
  2)
        hostname=Win2008R2-$vm_id;
        clntmpt=125;;
  3)
        hostname=WindowsXP-$vm_id;
        clntmpt=126;;
  4)
        hostname=Windows7-$vm_id;
        clntmpt=127;;
  5)
        hostname=Redhat6-$vm_id;
        clntmpt=123;;
  6)
        hostname=CentOS6-$vm_id;
        clntmpt=116;;
 esac
}

##################################################################
count=1
while [ "$count" -le "$kvmsrvno" ]
    do
        #ip_addr=$(fngetip)
        vm_id=$(fngetvmid)
        fngetkvmhostname
        pvesh create /nodes/`hostname`/qemu/$clntmpt/clone --newid $vm_id --full --name=$hostname #--pool="$poolname"
                #echo $ip_addr >> /mnt/pve/ISO/automation_scripts/allocated_list
        echo "#################################################################"
        count=`expr $count + 1`
        done;
break;;

2)
        echo "KVM Server Decommissioning Initiated"
        echo ""
        echo "Please specify the VMIDs of the instances to be decommissioned (Use comma separated values)"
        echo ""
        read -p "Please enter the numerical value: " delvid

        IFS=","
        for vmid in $delvid
        do
        #v_delip=`grep -i IP_ADDRESS /etc/vz/conf/$vmid.conf |sed -r 's/[^\"]*([\"][^\"]*[\"][,]?)[^\"]*/\1 /g' | sed "s/\"//g"`
        #delip=sed
        qm stop $vmid
        qm destroy $vmid
        #sed -i "s/$delip//g" "/opt/automation_scripts/allocated_list"
        #sed -i '/^$/d' "/opt/automation_scripts/allocated_list"
        echo "#################################################################"
        done;
break;;
esac

********************************************************************

Monday, August 05, 2013

Time and date setting in CentOS


View the current time and the timezone setting on the server by running the below command
#date

Steps to change the timezone settings.

 Make a backup of the current localtime file
#mv /etc/localtime /etc/localtime.bak

Create a new zone file setting using the below command. (Below example for India)
#ln -s /usr/share/zoneinfo/Asia/Calcutta /etc/localtime


Manually Set Data and Time using the following command
date -s "13 Feb 2015 10:30:00"


Wednesday, June 19, 2013

Configuring snmp on debian server

Configuring Debian Server to respond to snmp query

#dpkg --list |grep snmp
ii  libnet-snmp-perl                     5.2.0-4                        Script SNMP connections
ii  libsnmp-base                         5.4.3~dfsg-2                   SNMP (Simple Network Management Protocol) MIBs and documentation
ii  libsnmp15                            5.4.3~dfsg-2                   SNMP (Simple Network Management Protocol) library
ii  snmp                                 5.4.3~dfsg-2                   SNMP (Simple Network Management Protocol) applications
ii  snmpd                                5.4.3~dfsg-2                   SNMP (Simple Network Management Protocol) agents

Setting public as community string.

rocommunity public
##       sec.name     source           community
##       ========     ======           =========
com2sec  local       localhost        craz33guy
com2sec  network_1   172.22.6.0/24    craz33guy
#com2sec  network_2   192.168.2.0/24   craz33guy

##       Access.group.name   sec.model        sec.name
##       =================  =========         ========
group    MyROGroup_1        v1                local
group    MyROGroup_1        v1                network_1
group    MyROGroup_2        v2c               network_2

##   MIB.view.name     incl/excl  MIB.subtree  mask
##   ==============   =========  ===========  ====
view all-mibs         included   .1           80

##      MIB
##      group.name   context sec.model sec.level prefix read     write  notif
##      ==========   ======= ========= ========= ====== ====     =====  =====
access  MyROGroup_1  ""       v1       noauth    exact  all-mibs none   none
access  MyROGroup_2  ""       v2c      noauth    exact  all-mibs none   none

############################################################################

Adding custom scripts to be monitored using SNMP

Sample check_keepalived Script
-------------------------------------
#!/bin/bash
count=`ps -ef |grep -c keepalived`
if [ $count -lt 4 ]; then
        echo "1"
else
        echo "0"
fi

------------------------------------



Copy the script to /bin/check_keepalived.sh
#chmod 777 /bin/check_keepalived.sh

Add the following line in snmpd.conf file
exec keepalive /bin/sh /bin/check_keepalived.sh

#service snmpd restart

Test if the script is executable using snmp and showing desired results 
From the SNMP server run this command. This will execute all the Snmp custom scripts and show the output.
snmpwalk -v2c -c craz33guy 172.21.6.64 NET-SNMP-EXTEND-MIB::nsExtendObjects

To execute a specific Script from the bunch of custom scripts.
snmpwalk -v2c -c craz33guy 172.21.6.64 1.3.6.1.4.1.8072.1.3.2.4.1

 More details on the custom OID are explained in the below link
http://www.oidview.com/mibs/8072/NET-SNMP-EXTEND-MIB.html 
http://www.net-snmp.org/wiki/index.php/Tut:Extending_snmpd_using_shell_scripts
 ===========================
rocommunity testcomm
##       sec.name     source           community
##       ========     ======           =========
com2sec  local       localhost          testcomm
com2sec  network_1   172.21.10.33/32    testcomm
#com2sec  network_1   10.0.0.207/32      testcomm

##       Access.group.name   sec.model        sec.name
##       =================  =========         ========
group    MyROGroup_1        v1                local
group    MyROGroup_2        v2c               network_1

##   MIB.view.name     incl/excl  MIB.subtree  mask
##   ==============   =========  ===========  ====
view all-mibs         included   .1           80

##      MIB
##      group.name   context sec.model sec.level prefix read     write  notif
##      ==========   ======= ========= ========= ====== ====     =====  =====
access  MyROGroup_1  ""       v1       noauth    exact  all-mibs none   none
access  MyROGroup_2  ""       v2c       noauth    exact  all-mibs none   none
=================================


Tuesday, May 07, 2013

Check if the Linux Operating System is 32 Bit or 64 Bit

Run the below commands to check if the operating system is 32Bit or 64Bit.


  1. uname -a
  2. getconf WORD_BIT
  3. file /usr/bin/file
The above command will show if the operating system bit size

Thursday, December 15, 2011

Recover files deleted in linux

If any files accidentally deleted and needs to be recovered. First look in lost+found folder.
If not found follow the below steps.

Mount the filesystem in read only to avoid any rewrites on the disk block
# mount -o remount ro /dev/sdx /mntpoint.

If the partition is a root filesystem - Boot the server in single user mode
# init 1

To recover a text file you can use grep command to recover the contents. For this you need to know any uniq word from the deleted file - Preferably the start of the file.
grep -a -B2 -A1000 'uniq_word' /dev/sdx > /tmp/filerecovered.txt

It means 2lines before the uniq_word found and 1000lines after the uniq_word found from the filesystem and save the content into filerecovered file. (ensure the destination folder is read-write mode.
===================
Recover other types of files

Use package foremost There is an excellent article published in howtoforge portal.




Friday, December 09, 2011

check the disk space availablity

Script to check the disk space and mail if the disk space availablity is below the warning or critical thresholds

### Variable declaration ####
WARN=75
CRITICAL=77
ADMINI_LABS="useremailaccount"


#### Collecting Disk space information #####
df -h |grep -vE 'tmpfs|Filesystem|cdrom'|awk '{print $5 " " $6}' > /tmp/disksize

while read output; do
diskusage=$(echo $output|awk '{print $1}' |cut -d% -f1 )
filesystem=$(echo $output |awk '{print $2}' )
if [ $diskusage -ge $WARN ] && [ $diskusage -le $CRITICAL ]; then
mail -s"WARNING: $(hostname) : Running out of space $filesystem $diskusage" $ADMIN_ILABS
elif [ $diskusage -ge $CRITICAL ]; then
mail -s "CRITICAL: $(hostname) : Running out of space $filesystem $diskusage" $ADMIN_ILABS
fi
done < /tmp/disksize

## File Clean up ##
rm -f /tmp/disksize

Tuesday, November 08, 2011

Using CURL to get secure website information.

Create cookie jar for the URL login

curl -k --cookie-jar cjar --output /dev/null \
https://IPADDR/login

Passing the login credits to the site for fetching the information.
curl -k --cookie cjar --cookie-jar cjar \
--data 'username=USERNAME' \
--data 'password=PWD' \
--data 'form=login' \
--data 'action:Login=Login' \
--location \
--output /tmp/loginresutl.html \
https://IPADDR/login

Get the Secure Ironport information using the curl command using the cookie jar.
curl -l --cookie cjar \
--output /tmp/ironport_system_status.html \
https://IPADDR/monitor/reports/system_status