In case any of you have seen Windows 7 take literally HOURS to scan for updates when the Check For Updates is initiated manually, try out the newest fix from MS:
http://www.infoworld.com/article/3086811/microsoft-windows/microsoft-releases-kb-3161647-kb-3161608-to-fix-slow-windows-7-update-scans.html
Thursday, June 23, 2016
Tuesday, April 12, 2016
Report on Cisco VPN Logins from Syslog..... Logs....
Man it's been a long time! Don't know what to say; sometimes I feel like writing and sometimes I don't. I definitely have a long list of things to Blog about. Maybe I'm just destined to be an "in spurts" type of blogger.
The rest of this is a script I created to keep track of people that were using the VPN for licensing purposes, though it does have security implications as well. I wanted to get rid of accounts that very rarely or never used our VPN capabilities.
<#
What we want is to parse the ASA syslog files stored in the syslog folder. These are in txt format and are rather large.
This Powershell script is scheduled to run after midnight on the syslog server every day.
The script autogenerates a new CSV file if it doesn't exist. Results should append to the CSV file daily, and we pull down and remove the csv file weekly.
On Mondays (or a day of your choosing, see the variables section), it counts the entries, keeps only unique logins, and sends the file as an attachment to me. It then deletes the concatenated csv file.
#>
############
# Variables
############
#Get Today's Date
$Today = Get-Date
#Get yesterdays date
$Yesterday = $Today.AddDays(-1)
#Path to txt Syslog Files
$SyslogFilePath = "D:\ASA Syslog Files\ASA1\"
#Name of output file
$OutputFile = "D:\PowershellLogData\ASA1_VPNConnections.csv"
#Specify the day of the week to report (Monday by default)
$ReportDayOfWeek = "Monday"
#Build filename of yesterday's log file, with the path
$FileName = $SyslogFilePath + ($Yesterday.ToString('yyyy-MM-dd')) + ".txt"
#Mail Variables
$To = "me@contoso.com"
$From = "me@contoso.com"
$SMTPServer = "mail.contoso.com"
#Get the day of the week
$DayOfWeek = ((Get-Date).DayOfWeek).ToString()
#If the Output CSV File Doesn't Exit, create one
If ((Test-Path $OutputFile) -eq $False){
$Headers = @()
$HeadersEntry = New-Object psobject
$HeadersEntry | Add-Member -MemberType NoteProperty -Name Timestamp -Value "ScriptEntry"
$HeadersEntry | Add-Member -MemberType NoteProperty -Name Group -Value "ScriptEntry"
$HeadersEntry | Add-Member -MemberType NoteProperty -Name User -Value "ScriptEntry"
$HeadersEntry | Add-Member -MemberType NoteProperty -Name IPAddress -Value "ScriptEntry"
$Headers += $HeadersEntry
$Headers | Export-CSV $OutputFile -NoTypeInformation
}
#Parse Yesterday's log file for only VPN connection entries
$ConnectionEvents = select-string -path $FileName -Pattern "722022"
#Create an array
$LogInfo = @()
#Cycle through each VPN Login entry and extract the data, adding to the array
$ConnectionEvents | Foreach-Object {
#Extract the Info
$infos = $_ -split '\t'
$TimePre = $Infos[0] -split ':'
$Time = $TimePre[3] + ":" + $TimePre[4] + ":" + $TimePre[5]
$BetterInfo = $Infos[3] -split '<'
$Group = ($BetterInfo[1] -split '>')[0]
$User = ($BetterInfo[2] -split '>')[0]
$IPFrom = ($BetterInfo[3] -split '>')[0]
#Build the Object
$LogInfoItem = New-Object psobject
$LogInfoItem | Add-Member -MemberType NoteProperty -Name Timestamp -Value $Time
$LogInfoItem | Add-Member -MemberType NoteProperty -Name Group -Value $Group
$LogInfoItem | Add-Member -MemberType NoteProperty -Name User -Value $User
$LogInfoItem | Add-Member -MemberType NoteProperty -Name IPAddress -Value $IPFrom
$LogInfo += $LogInfoItem
} #End Foreach-Object
#Append the array to the csv output file
$LogInfo | Export-CSV -Append $OutPutFile
#If it's Monday, clean up the file and send it out, then remove the original CSV so it's rebuilt for the next reporting week
#If it's NOT Monday, just do the data conversion and leave the file intact.
If ($DayOfWeek -like $ReportDayOfWeek){
#Import the Output CSV File
$Entries = Import-CSV $OutputFile
#Keep only entries that have populated username fields and weren't created on CSV initialization (ScriptEntry piece)
$Entries = $Entries | select-object | Where-Object {$_.user -notlike "" -and $_user -notlike "ScriptEntry"}
#Create Report information
$ReportObject = $Entries | select user -unique | sort user
#Create HTML Report
$ReportHTML = $ReportObject | ConvertTo-Html | out-string
#Count the Entries
$VPNCount = (($Entries | Measure-Object).Count).ToString()
#Craft the Email Subject wit the count
$Subject = "PS Report - Cisco ASA VPN Logs - $VPNCount Logons Last Week"
#Send the email
Send-MailMessage -To $To -From $From -SmtpServer $SMTPServer -Body $ReportHTML -BodyAsHTML -Subject $Subject -Attachments $OutputFile
#Remove the CSV file
Remove-Item $OutputFile -force -ErrorAction 0
} #End If Monday
The rest of this is a script I created to keep track of people that were using the VPN for licensing purposes, though it does have security implications as well. I wanted to get rid of accounts that very rarely or never used our VPN capabilities.
<#
What we want is to parse the ASA syslog files stored in the syslog folder. These are in txt format and are rather large.
This Powershell script is scheduled to run after midnight on the syslog server every day.
The script autogenerates a new CSV file if it doesn't exist. Results should append to the CSV file daily, and we pull down and remove the csv file weekly.
On Mondays (or a day of your choosing, see the variables section), it counts the entries, keeps only unique logins, and sends the file as an attachment to me. It then deletes the concatenated csv file.
#>
############
# Variables
############
#Get Today's Date
$Today = Get-Date
#Get yesterdays date
$Yesterday = $Today.AddDays(-1)
#Path to txt Syslog Files
$SyslogFilePath = "D:\ASA Syslog Files\ASA1\"
#Name of output file
$OutputFile = "D:\PowershellLogData\ASA1_VPNConnections.csv"
#Specify the day of the week to report (Monday by default)
$ReportDayOfWeek = "Monday"
#Build filename of yesterday's log file, with the path
$FileName = $SyslogFilePath + ($Yesterday.ToString('yyyy-MM-dd')) + ".txt"
#Mail Variables
$To = "me@contoso.com"
$From = "me@contoso.com"
$SMTPServer = "mail.contoso.com"
#Get the day of the week
$DayOfWeek = ((Get-Date).DayOfWeek).ToString()
#If the Output CSV File Doesn't Exit, create one
If ((Test-Path $OutputFile) -eq $False){
$Headers = @()
$HeadersEntry = New-Object psobject
$HeadersEntry | Add-Member -MemberType NoteProperty -Name Timestamp -Value "ScriptEntry"
$HeadersEntry | Add-Member -MemberType NoteProperty -Name Group -Value "ScriptEntry"
$HeadersEntry | Add-Member -MemberType NoteProperty -Name User -Value "ScriptEntry"
$HeadersEntry | Add-Member -MemberType NoteProperty -Name IPAddress -Value "ScriptEntry"
$Headers += $HeadersEntry
$Headers | Export-CSV $OutputFile -NoTypeInformation
}
#Parse Yesterday's log file for only VPN connection entries
$ConnectionEvents = select-string -path $FileName -Pattern "722022"
#Create an array
$LogInfo = @()
#Cycle through each VPN Login entry and extract the data, adding to the array
$ConnectionEvents | Foreach-Object {
#Extract the Info
$infos = $_ -split '\t'
$TimePre = $Infos[0] -split ':'
$Time = $TimePre[3] + ":" + $TimePre[4] + ":" + $TimePre[5]
$BetterInfo = $Infos[3] -split '<'
$Group = ($BetterInfo[1] -split '>')[0]
$User = ($BetterInfo[2] -split '>')[0]
$IPFrom = ($BetterInfo[3] -split '>')[0]
#Build the Object
$LogInfoItem = New-Object psobject
$LogInfoItem | Add-Member -MemberType NoteProperty -Name Timestamp -Value $Time
$LogInfoItem | Add-Member -MemberType NoteProperty -Name Group -Value $Group
$LogInfoItem | Add-Member -MemberType NoteProperty -Name User -Value $User
$LogInfoItem | Add-Member -MemberType NoteProperty -Name IPAddress -Value $IPFrom
$LogInfo += $LogInfoItem
} #End Foreach-Object
#Append the array to the csv output file
$LogInfo | Export-CSV -Append $OutPutFile
#If it's Monday, clean up the file and send it out, then remove the original CSV so it's rebuilt for the next reporting week
#If it's NOT Monday, just do the data conversion and leave the file intact.
If ($DayOfWeek -like $ReportDayOfWeek){
#Import the Output CSV File
$Entries = Import-CSV $OutputFile
#Keep only entries that have populated username fields and weren't created on CSV initialization (ScriptEntry piece)
$Entries = $Entries | select-object | Where-Object {$_.user -notlike "" -and $_user -notlike "ScriptEntry"}
#Create Report information
$ReportObject = $Entries | select user -unique | sort user
#Create HTML Report
$ReportHTML = $ReportObject | ConvertTo-Html | out-string
#Count the Entries
$VPNCount = (($Entries | Measure-Object).Count).ToString()
#Craft the Email Subject wit the count
$Subject = "PS Report - Cisco ASA VPN Logs - $VPNCount Logons Last Week"
#Send the email
Send-MailMessage -To $To -From $From -SmtpServer $SMTPServer -Body $ReportHTML -BodyAsHTML -Subject $Subject -Attachments $OutputFile
#Remove the CSV file
Remove-Item $OutputFile -force -ErrorAction 0
} #End If Monday
VMware HA Testing Tool/Site
Something I ran across today is this VMware tool/site that allows you to upload a DRS dump file from your environment and simulates a host failure in your VMware HA cluster. It's always nice to have a test on what you think will happen, and this is much easier and less (possibly) disruptive than pulling out the power cords from your ESXi server.....
Good stuff!
PS, I passed, except for one VM that will only boot on one host.
Good stuff!
PS, I passed, except for one VM that will only boot on one host.
Wednesday, December 9, 2015
Command by Command: My Standard Ubuntu Server Build
These are the instructions that I use to build my Ubuntu Server VMs. Once I get done with these, I then add any other software that the server needs. I live in a Microsoft world, so creating this was quite an exercise and took a long time. It was initially created on Ubuntu 14.04.1, but I just ran through it on 14.04.3 and it was fine. To that end, I used to have a section on installing VMware Tools manually, but I got a prompt on 14.04.3 that I should use open-vm-tools, so I'm going that route.
Here we go:
Ubuntu 64-bit (14.04.3 tested (original written on 14.04.1)
My Standard VM build:
60GB HDD
Network Connection (with internet)
4GB RAM
1 CPU
Obviously change depending on your ultimate use case.
During Installation:
All defaults except:
Hostname
Non-Root User Account
Password
Proxy, if needed
Security Automatic Updates only
No Package Installation
Remove disk, reboot
Log in
Change login to root:
sudo su -
Install open-vm-tools with
apt-get update
apt-get install open-vm-tools
Configure static IP Address, etc:
nano /etc/network/interfaces
change 'iface eth0 inet dhcp' to 'iface eth0 inet static'
add the following lines:
address <ipaddress>
gateway <gateway>
netmask <Mask>
dns-nameservers <DNSServersSeperatedByASpace>
Restart the computer
Log in as non-root user
Verify connectivity using ifconfig, ping, nslookup
Update apt-get
sudo apt-get update
Install Ubuntu patches:
sudo apt-get upgrade
Install and configure OpenSSH:
apt-get install openssh-server
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default
chmod a-w /etc/ssh/sshd_config.default
addgroup sshusers
nano /etc/ssh/sshd_config
Change the following:
X11Forwarding no
LogLevel VERBOSE
LoginGraceTime 30
MaxStartups 2:30:10
Add the following lines:
AllowTcpForwarding no
AllowGroups sshusers
usermod -a -G sshusers <Non-Root User>
Restart the SSH service:
sudo restart ssh
Run this command to rate limit the SSH Connections (if more than 10 attempts within 30 seconds, all the following attempts will fail since the connections will be DROPped.)
sudo ufw limit ssh
Created DNS A and PTR records
Verified SSH works for Non-Root user
Set up UFW (Uncomplicated Firewall) (AS ROOT):
ufw allow ssh
ufw logging on
ufw enable
TO SHOW STATUS: ufw status
LOG FILE LOCATION: /var/log/ufw.log
Prior to setting up sendmail, ensure your mailserver will accept anonymous mail from this server's IP address.
Set up the ability to send emails:
Install sendmail:
apt-get install sendmail
Create a copy of the default file before editing:
cp /etc/mail/sendmail.mc /etc/mail/sendmail.mc.defaults
Configure sendmail:
nano /etc/mail/sendmail.mc
Your last two lines are as follows:
MAILER('local')dnl
MAILER('smtp')dnl
Put this code before those two lines:
define('SMART_HOST','mailserver.contoso.com')dnl
Save and exit
Enable changes:
cd /etc/mail
m4 sendmail.mc > sendmail.cf
make
/etc/init.d/sendmail reload
Test sendmail functionality:
echo "My test email being sent from sendmail" | /usr/sbin/sendmail youremail@contoso.com
NTP Client Setup:
apt-get install ntp
nano /etc/ntp.conf
comment all lines that begin with 'server' by placing a # in front of them
Add the following line before the first 'server' line:
server <NTPServerFQDN>
Restart NTP:
service ntp restart
Test NTP:
ntpq --numeric --peers
In the results, you will see the remote IP of the server you configured.
Fail2Ban setup:
apt-get install fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
nano /etc/fail2ban/jail.local
change destemail = alertEmail@contoso.com
action = %(action_mwl)s
RESTARTING: /etc/init.d/fail2ban restart
LOG FILE AT: /var/log/fail2ban.log
Here we go:
Ubuntu 64-bit (14.04.3 tested (original written on 14.04.1)
My Standard VM build:
60GB HDD
Network Connection (with internet)
4GB RAM
1 CPU
Obviously change depending on your ultimate use case.
During Installation:
All defaults except:
Hostname
Non-Root User Account
Password
Proxy, if needed
Security Automatic Updates only
No Package Installation
Remove disk, reboot
Log in
Change login to root:
sudo su -
Install open-vm-tools with
apt-get update
apt-get install open-vm-tools
Configure static IP Address, etc:
nano /etc/network/interfaces
change 'iface eth0 inet dhcp' to 'iface eth0 inet static'
add the following lines:
address <ipaddress>
gateway <gateway>
netmask <Mask>
dns-nameservers <DNSServersSeperatedByASpace>
Restart the computer
Log in as non-root user
Verify connectivity using ifconfig, ping, nslookup
Update apt-get
sudo apt-get update
Install Ubuntu patches:
sudo apt-get upgrade
Install and configure OpenSSH:
apt-get install openssh-server
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default
chmod a-w /etc/ssh/sshd_config.default
addgroup sshusers
nano /etc/ssh/sshd_config
Change the following:
X11Forwarding no
LogLevel VERBOSE
LoginGraceTime 30
MaxStartups 2:30:10
Add the following lines:
AllowTcpForwarding no
AllowGroups sshusers
usermod -a -G sshusers <Non-Root User>
Restart the SSH service:
sudo restart ssh
Run this command to rate limit the SSH Connections (if more than 10 attempts within 30 seconds, all the following attempts will fail since the connections will be DROPped.)
sudo ufw limit ssh
Created DNS A and PTR records
Verified SSH works for Non-Root user
Set up UFW (Uncomplicated Firewall) (AS ROOT):
ufw allow ssh
ufw logging on
ufw enable
TO SHOW STATUS: ufw status
LOG FILE LOCATION: /var/log/ufw.log
Prior to setting up sendmail, ensure your mailserver will accept anonymous mail from this server's IP address.
Set up the ability to send emails:
Install sendmail:
apt-get install sendmail
Create a copy of the default file before editing:
cp /etc/mail/sendmail.mc /etc/mail/sendmail.mc.defaults
Configure sendmail:
nano /etc/mail/sendmail.mc
Your last two lines are as follows:
MAILER('local')dnl
MAILER('smtp')dnl
Put this code before those two lines:
define('SMART_HOST','mailserver.contoso.com')dnl
Save and exit
Enable changes:
cd /etc/mail
m4 sendmail.mc > sendmail.cf
make
/etc/init.d/sendmail reload
Test sendmail functionality:
echo "My test email being sent from sendmail" | /usr/sbin/sendmail youremail@contoso.com
NTP Client Setup:
apt-get install ntp
nano /etc/ntp.conf
comment all lines that begin with 'server' by placing a # in front of them
Add the following line before the first 'server' line:
server <NTPServerFQDN>
Restart NTP:
service ntp restart
Test NTP:
ntpq --numeric --peers
In the results, you will see the remote IP of the server you configured.
Fail2Ban setup:
apt-get install fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
nano /etc/fail2ban/jail.local
change destemail = alertEmail@contoso.com
action = %(action_mwl)s
RESTARTING: /etc/init.d/fail2ban restart
LOG FILE AT: /var/log/fail2ban.log
Subscribe to:
Posts (Atom)