All the hard work is paid for ... QBE Cyber Security team has been recognized for exceptional performance!!
Tuesday, December 31, 2019
QBE CIO Award 2019
All the hard work is paid for ... QBE Cyber Security team has been recognized for exceptional performance!!
Friday, November 22, 2019
Tail in PowerShell
I need to "tail" in PowerShell to view the log and found the following command interesting:
> Get-Content C:\mylog.txt -Wait
If you want to get the latest file and tail it:
> Get-Content ( Get-ChildItem C:\Folder\ | Sort-Object LastWriteTime | Select-Object -Last 1) -Wait
Thursday, September 12, 2019
Active Directory Group Policy by Powershell
Use the following Powershell to get all the GPO dumped to HTML files
#> Get-GPO -All -Domain mydomain.tld | % { Get-GPOReport -Guid $_.Id -ReportType Html -Domain mydomain.tld | Set-Content C:\Reports\$($_.DisplayName).html }
Monday, August 19, 2019
Thursday, August 15, 2019
Thursday, July 18, 2019
Fix Corrupted Windows 10 File(s)
Recently, I had issue with my VM which runs Windows 10 for my daily ops work. The issue was, the hosting machine kept crashing due to unknown issue, thus ungracefully shutting down my Windows 10 VM.
One time, second time, third time were fine. Finally, one day, I wasn't able to open any ZIP file. It looked like the OS lost its association with the file type .ZIP. I went to the default file type program and could not find .zip file type. I then checked my other healthy Windows 10 machine and clearly there is no .zip file type association either.
To fix this I ran:
> sfc /scannow
When the scan was completed, I checked the log file, it had:
Could not reproject corrupted file \??\C:\WINDOWS\System32\\zipfldr.dll; source file in store is also corrupted
What I did next:
> DISM.exe /Online /Cleanup-image /Restorehealth
Then
> sfc /scannow
and I can open ZIP files again!! :)
One time, second time, third time were fine. Finally, one day, I wasn't able to open any ZIP file. It looked like the OS lost its association with the file type .ZIP. I went to the default file type program and could not find .zip file type. I then checked my other healthy Windows 10 machine and clearly there is no .zip file type association either.
To fix this I ran:
> sfc /scannow
When the scan was completed, I checked the log file, it had:
Could not reproject corrupted file \??\C:\WINDOWS\System32\\zipfldr.dll; source file in store is also corrupted
What I did next:
> DISM.exe /Online /Cleanup-image /Restorehealth
Then
> sfc /scannow
and I can open ZIP files again!! :)
Thursday, June 20, 2019
C# + Active Directory = Awesome!!
I have a need to review AD groups and local admin groups as part of the identity project - to identity users who are having privileged access in AD or servers. I developed this tool to help with the quick search, detailed view, export, etc with UI.
Obviously this can be done with PowerShell, but I found there is limitation with PowerShell in regards to recursive lookup especially when dealing with foreign objects
As you can see below, there are different account type you can query, user, computer and group (with recursive option). You can also provide a different credential to query Active Directory as well as specifying a particular OU, LDAP filter and keyword doing the search.
The below UI provides the interface to query local groups in Windows machine. You can specify a single computer, computers in a particular OU or a text file containing a list of computers.
Friday, May 17, 2019
GoDaddy DNS Update Using API
I recently need to update my DNS entry which is hosted in GoDaddy. GoDaddy supports API call to update DNS entries, which is amazing!!
You need to generate the API key and secret.
create the file below and cronjob it!
#!/bin/bash
domain="domain.tld"
type="A"
name="@"
ttl="3600"
port="1"
weight="1"
key="my-api-key"
secret="my-api-secret"
headers="Authorization: sso-key $key:$secret"
echo "Headers = " $headers
result=$(curl -X GET -H "$headers" "https://api.godaddy.com/v1/domains/$domain/records/$type/$name")
echo "Result = " $result
dnsIP=$(echo $result | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
echo "DNS IP = " $dnsIP
ret=$(curl -s GET "http://ipinfo.io/json")
currentIP=$(echo $ret | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
echo "Current IP = " $currentIP
if [ $dnsIP != $currentIP ];
then
echo "IP's are not equal, updating record"
curl -X PUT "https://api.godaddy.com/v1/domains/$domain/records/$type/$name" \
-H "accept: application/json" \
-H "Content-Type: application/json" \
-H "$headers" \
-d "[ { \"data\": \"$currentIP\", \"port\": $port, \"priority\": 0, \"protocol\": \"string\", \"service\": \"string\", \"ttl\": $ttl, \"weight\": $weight } ]"
fi
if [ $dnsIP = $currentIP ];
then
echo "IP's are equal, no update required"
fi
You need to generate the API key and secret.
create the file below and cronjob it!
#!/bin/bash
domain="domain.tld"
type="A"
name="@"
ttl="3600"
port="1"
weight="1"
key="my-api-key"
secret="my-api-secret"
headers="Authorization: sso-key $key:$secret"
echo "Headers = " $headers
result=$(curl -X GET -H "$headers" "https://api.godaddy.com/v1/domains/$domain/records/$type/$name")
echo "Result = " $result
dnsIP=$(echo $result | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
echo "DNS IP = " $dnsIP
ret=$(curl -s GET "http://ipinfo.io/json")
currentIP=$(echo $ret | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
echo "Current IP = " $currentIP
if [ $dnsIP != $currentIP ];
then
echo "IP's are not equal, updating record"
curl -X PUT "https://api.godaddy.com/v1/domains/$domain/records/$type/$name" \
-H "accept: application/json" \
-H "Content-Type: application/json" \
-H "$headers" \
-d "[ { \"data\": \"$currentIP\", \"port\": $port, \"priority\": 0, \"protocol\": \"string\", \"service\": \"string\", \"ttl\": $ttl, \"weight\": $weight } ]"
fi
if [ $dnsIP = $currentIP ];
then
echo "IP's are equal, no update required"
fi
Saturday, April 13, 2019
Ubuntu 18.04 + Docker Setup
I am setting up a new Docker Engine running on Ubuntu 18.04
During the Ubuntu installation, I selected Docker Engine as part of the deployment setup. By default the Docker Engine Service is run by Snap.
My environment uses web proxy to hit the Internet and internal DNS servers only are allowed. Docker Daemon or Docker Containers must use web proxy and internal DNS to hit the Internet.
To setup Ubuntu with static IP, pointing to the right DNS, netplan must be created
create a YAML file in the /etc/netplan/
> sudo vi /etc/netplan/99-local-init.yaml
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.1/24
gateway4: 10.0.0.254
nameservers:
search: [domainlocal.tld]
addresses: [10.0.0.2, 10.0.03]
ps: addresses: [10.0.0.2, 10.0.0.3] are the local DNS servers
To get Docker Engine to use web proxy and local DNS servers, Drop-In configuration files must be created. Check the Docker Engine service name under /etc/systemd/system/ folder. My Ubuntu 18.04 installation has got snap.docker.dockerd.service name
Create a folder with the same name of the service name and add ".d" at the end of the folder name
> sudo mkdir -p /etc/systemd/system/snap.docker.dockerd.service.d
Then you can create as many as .conf files in that folder
To create web proxy configuration
> sudo vi /etc/systemd/system/snap.docker.dockerd.service.d/proxy.conf
[Service]
Environment="HTTP_PROXY=http://myproxy.domainlocal.tld:8080/" "HTTPS_PROXY=http://myproxy.domainlocal.tld:8080/" "NO_PROXY=localhost,*.domainlocal.tld"
To create DNS setting
> sudo vi /etc/systemd/system/snap.docker.dockerd.service.d/dns.conf
[Service]
ExecStart=
ExecStart=/usr/bin/snap run docker.dockerd --dns 10.0.0.2 --dns 10.0.0.3 --dns-search domainlocal.tld
ps: ExecStart= must be defined in the first line to reset that flag
The daemon must be restarted
> sudo systemtcl daemon-reload
> sudo systemctl restart snap.docker.dockerd
To build / run process within the Docker Container, pass the flags:
> sudo docker build --build-arg http_proxy=http://myproxy.domainlocal.tld:8080 --build-arg https_proxy=http://myproxy.domainlocal.tld:8080 -t dockerhubname/imangename .
Have fun!
During the Ubuntu installation, I selected Docker Engine as part of the deployment setup. By default the Docker Engine Service is run by Snap.
My environment uses web proxy to hit the Internet and internal DNS servers only are allowed. Docker Daemon or Docker Containers must use web proxy and internal DNS to hit the Internet.
To setup Ubuntu with static IP, pointing to the right DNS, netplan must be created
create a YAML file in the /etc/netplan/
> sudo vi /etc/netplan/99-local-init.yaml
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.1/24
gateway4: 10.0.0.254
nameservers:
search: [domainlocal.tld]
addresses: [10.0.0.2, 10.0.03]
ps: addresses: [10.0.0.2, 10.0.0.3] are the local DNS servers
To get Docker Engine to use web proxy and local DNS servers, Drop-In configuration files must be created. Check the Docker Engine service name under /etc/systemd/system/ folder. My Ubuntu 18.04 installation has got snap.docker.dockerd.service name
Create a folder with the same name of the service name and add ".d" at the end of the folder name
> sudo mkdir -p /etc/systemd/system/snap.docker.dockerd.service.d
Then you can create as many as .conf files in that folder
To create web proxy configuration
> sudo vi /etc/systemd/system/snap.docker.dockerd.service.d/proxy.conf
[Service]
Environment="HTTP_PROXY=http://myproxy.domainlocal.tld:8080/" "HTTPS_PROXY=http://myproxy.domainlocal.tld:8080/" "NO_PROXY=localhost,*.domainlocal.tld"
To create DNS setting
> sudo vi /etc/systemd/system/snap.docker.dockerd.service.d/dns.conf
[Service]
ExecStart=
ExecStart=/usr/bin/snap run docker.dockerd --dns 10.0.0.2 --dns 10.0.0.3 --dns-search domainlocal.tld
ps: ExecStart= must be defined in the first line to reset that flag
The daemon must be restarted
> sudo systemtcl daemon-reload
> sudo systemctl restart snap.docker.dockerd
To build / run process within the Docker Container, pass the flags:
> sudo docker build --build-arg http_proxy=http://myproxy.domainlocal.tld:8080 --build-arg https_proxy=http://myproxy.domainlocal.tld:8080 -t dockerhubname/imangename .
Have fun!
Tuesday, March 12, 2019
Docker Copy Files
When building a Docker image using the Dockerfile, if you need to copy some files from the Docker Engine machine to the Docker Image, you need to use the "correct" source path where the files are located.
Let's say you have the following files:
/mydocker/Dockerfile
/mydocker/file1.sh
/mydocker/file2.sh
you can't specify the following command within your Dockerfile
COPY /mydocker/file1.sh /etc/
COPY /mydocker/file2.sh /etc/
instead, you need to do the following
mkdir /mydocker/resources
mv /mydocker/file1.sh /mydocker/resources
mv /mydocker/file2.sh /mydocker/resources
then, in your Dockerfile, specify the following COPY command
COPY resources /etc/
Let's say you have the following files:
/mydocker/Dockerfile
/mydocker/file1.sh
/mydocker/file2.sh
you can't specify the following command within your Dockerfile
COPY /mydocker/file1.sh /etc/
COPY /mydocker/file2.sh /etc/
instead, you need to do the following
mkdir /mydocker/resources
mv /mydocker/file1.sh /mydocker/resources
mv /mydocker/file2.sh /mydocker/resources
then, in your Dockerfile, specify the following COPY command
COPY resources /etc/
Wednesday, February 13, 2019
Tuesday, January 01, 2019
Windows Server Core 2019 - Remote PowerShell
Just installed a couple of Windows Server Core 2019. To manage them through PowerShell remotely, you need to enable PowerShell Remoting
On the Windows Server 2019 Core, run the following command
> Enable-PSRemoting -Force
The remote machine from which you want to manage the server
> Enter-PSSession -Credential (Get-Credential) -ComputerName my2019server.domain.tld
Enjoy!
On the Windows Server 2019 Core, run the following command
> Enable-PSRemoting -Force
The remote machine from which you want to manage the server
> Enter-PSSession -Credential (Get-Credential) -ComputerName my2019server.domain.tld
Enjoy!