Tuesday, December 31, 2019

QBE CIO Award 2019


All the hard work is paid for ... QBE Cyber Security team has been recognized for exceptional performance!! 

Friday, November 22, 2019

Tail in PowerShell

 I need to "tail" in PowerShell to view the log and found the following command interesting:

> Get-Content C:\mylog.txt -Wait

If you want to get the latest file and tail it:

> Get-Content ( Get-ChildItem C:\Folder\ | Sort-Object LastWriteTime | Select-Object -Last 1) -Wait

Thursday, September 12, 2019

Active Directory Group Policy by Powershell

 Use the following Powershell to get all the GPO dumped to HTML files

#> Get-GPO -All -Domain mydomain.tld | % { Get-GPOReport -Guid $_.Id -ReportType Html -Domain mydomain.tld | Set-Content C:\Reports\$($_.DisplayName).html }

Thursday, July 18, 2019

Fix Corrupted Windows 10 File(s)

Recently, I had issue with my VM which runs Windows 10 for my daily ops work. The issue was, the hosting machine kept crashing due to unknown issue, thus ungracefully shutting down my Windows 10 VM.

One time, second time, third time were fine. Finally, one day, I wasn't able to open any ZIP file. It looked like the OS lost its association with the file type .ZIP. I went to the default file type program and could not find .zip file type. I then checked my other healthy Windows 10 machine and clearly there is no .zip file type association either.

To fix this I ran:

> sfc /scannow

When the scan was completed, I checked the log file, it had:

Could not reproject corrupted file \??\C:\WINDOWS\System32\\zipfldr.dll; source file in store is also corrupted

What I did next:

> DISM.exe /Online /Cleanup-image /Restorehealth

Then

> sfc /scannow

and I can open ZIP files again!! :)

Thursday, June 20, 2019

C# + Active Directory = Awesome!!


I have a need to review AD groups and local admin groups as part of the identity project -  to identity users who are having privileged access in AD or servers. I developed this tool to help with the quick search, detailed view, export, etc with UI.

Obviously this can be done with PowerShell, but I found there is limitation with PowerShell in regards to recursive lookup especially when dealing with foreign objects

As you can see below, there are different account type you can query, user, computer and group (with recursive option). You can also provide a different credential to query Active Directory as well as specifying a particular OU, LDAP filter and keyword doing the search.

  

The below UI provides the interface to query local groups in Windows machine. You can specify a single computer, computers in a particular OU or a text file containing a list of computers.
 

Friday, May 17, 2019

GoDaddy DNS Update Using API

I recently need to update my DNS entry which is hosted in GoDaddy. GoDaddy supports API call to update DNS entries, which is amazing!!

You need to generate the API key and secret.

create the file below and cronjob it!

#!/bin/bash

domain="domain.tld"
type="A"
name="@"
ttl="3600"
port="1"
weight="1"
key="my-api-key"
secret="my-api-secret"

headers="Authorization: sso-key $key:$secret"
echo "Headers = " $headers

result=$(curl -X GET -H "$headers" "https://api.godaddy.com/v1/domains/$domain/records/$type/$name")
echo "Result = " $result

dnsIP=$(echo $result | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
echo "DNS IP = " $dnsIP

ret=$(curl -s GET "http://ipinfo.io/json")
currentIP=$(echo $ret | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
echo "Current IP = " $currentIP

if [ $dnsIP != $currentIP ];
then
        echo "IP's are not equal, updating record"
        curl -X PUT "https://api.godaddy.com/v1/domains/$domain/records/$type/$name" \
                -H "accept: application/json" \
                -H "Content-Type: application/json" \
                -H "$headers" \
                -d "[ { \"data\": \"$currentIP\", \"port\": $port, \"priority\": 0, \"protocol\": \"string\", \"service\": \"string\", \"ttl\": $ttl, \"weight\": $weight } ]"
fi

if [ $dnsIP = $currentIP ];
then
        echo "IP's are equal, no update required"
fi

Saturday, April 13, 2019

Ubuntu 18.04 + Docker Setup

I am setting up a new Docker Engine running on Ubuntu 18.04
During the Ubuntu installation, I selected Docker Engine as part of the deployment setup. By default the Docker Engine Service is run by Snap.

My environment uses web proxy to hit the Internet and internal DNS servers only are allowed. Docker Daemon or Docker Containers must use web proxy and internal DNS to hit the Internet.

To setup Ubuntu with static IP, pointing to the right DNS, netplan must be created
create a YAML file in the /etc/netplan/

> sudo vi /etc/netplan/99-local-init.yaml

network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.1/24
gateway4: 10.0.0.254
nameservers:
search: [domainlocal.tld]
addresses: [10.0.0.2, 10.0.03]

ps: addresses: [10.0.0.2, 10.0.0.3] are the local DNS servers

To get Docker Engine to use web proxy and local DNS servers, Drop-In configuration files must be created. Check the Docker Engine service name under /etc/systemd/system/ folder. My Ubuntu 18.04 installation has got snap.docker.dockerd.service name

Create a folder with the same name of the service name and add ".d" at the end of the folder name

> sudo mkdir -p /etc/systemd/system/snap.docker.dockerd.service.d 

Then you can create as many as .conf files in that folder

To create web proxy configuration

> sudo vi /etc/systemd/system/snap.docker.dockerd.service.d/proxy.conf

[Service]
Environment="HTTP_PROXY=http://myproxy.domainlocal.tld:8080/" "HTTPS_PROXY=http://myproxy.domainlocal.tld:8080/" "NO_PROXY=localhost,*.domainlocal.tld"

To create DNS setting

> sudo vi /etc/systemd/system/snap.docker.dockerd.service.d/dns.conf

[Service]
ExecStart=
ExecStart=/usr/bin/snap run docker.dockerd --dns 10.0.0.2 --dns 10.0.0.3 --dns-search domainlocal.tld

ps: ExecStart= must be defined in the first line to reset that flag

The daemon must be restarted

> sudo systemtcl daemon-reload
> sudo systemctl restart snap.docker.dockerd

To build / run process within the Docker Container, pass the flags:

> sudo docker build --build-arg http_proxy=http://myproxy.domainlocal.tld:8080 --build-arg https_proxy=http://myproxy.domainlocal.tld:8080 -t dockerhubname/imangename .

Have fun!


Tuesday, March 12, 2019

Docker Copy Files

When building a Docker image using the Dockerfile, if you need to copy some files from the Docker Engine machine to the Docker Image, you need to use the "correct" source path where the files are located.

Let's say you have the following files:

/mydocker/Dockerfile
/mydocker/file1.sh
/mydocker/file2.sh

you can't specify the following command within your Dockerfile

COPY /mydocker/file1.sh /etc/
COPY /mydocker/file2.sh /etc/

instead, you need to do the following

mkdir /mydocker/resources
mv /mydocker/file1.sh /mydocker/resources
mv /mydocker/file2.sh /mydocker/resources

then, in your Dockerfile, specify the following COPY command

COPY resources /etc/

Tuesday, January 01, 2019

Windows Server Core 2019 - Remote PowerShell

Just installed a couple of Windows Server Core 2019. To manage them through PowerShell remotely, you need to enable PowerShell Remoting

On the Windows Server 2019 Core, run the following command

> Enable-PSRemoting -Force

The remote machine from which you want to manage the server

> Enter-PSSession -Credential (Get-Credential) -ComputerName my2019server.domain.tld

Enjoy!