Checking Unix system readiness for new Daylight Saving Time
March 9th, 2007
Planet Ubuntu
on most Linux and Unix system you should have access to the zdump command from the command line. If you run this command:
zdump -v /etc/localtime | grep 2007
you will get something like using the output from my system:
/etc/localtime Sun Mar 11 09:59:59 2007 UTC = Sun Mar 11 01:59:59 2007 PST isdst=0 gmtoff=-28800
/etc/localtime Sun Mar 11 10:00:00 2007 UTC = Sun Mar 11 03:00:00 2007 PDT isdst=1 gmtoff=-25200
/etc/localtime Sun Nov 4 08:59:59 2007 UTC = Sun Nov 4 01:59:59 2007 PDT isdst=1 gmtoff=-25200
/etc/localtime Sun Nov 4 09:00:00 2007 UTC = Sun Nov 4 01:00:00 2007 PST isdst=0 gmtoff=-28800
On some Unix computers /etc/localtime doesn’t exist and thus you will have to specify your timezone manually. In my case, on the west coast of North America, that means running this command:
zdump -v PST8PDT | grep 2007
If your system is ready for the early switch to DST the first two lines of the output of zdump will contain “Sun Mar 11″. If your computer is not ready, the first two lines will contains “Sun Apr 1″
IntelliAdmin.com: Simplify UNC usage in command line batch files
February 25th, 2007
IntelliAdmin.com: Simplify UNC usage in command line batch files
Simplify UNC usage in command line batch files
Many times a UNC path does not work properly in a command line bat file. This is a hold over from DOS, a compromise to ensure backward compatibility.
Command Line UNC
I have found a little known command At least to me. Actually there are two of them.
PUSHD, and POPD
Call PUSHD with a UNC share as a single argument and it automatically maps the UNC share to a drive letter. It starts at Z: and moves backward. So, if we wanted to run a few command line programs within our share we would call it like this:
pushd \\server\share
command1.exe
command2.exe
Command Line UNC PUSHD
When you are finished, and want to remove the mapping you call popd. Putting it all together we have this:
pushd \\server\share
command1.exe
command2.exe
popd
Installing the WLBS Network Monitor Parsers
February 23rd, 2007
- Copy the Wlbs_hb.dll and Wlbs_rc.dll files to your Netmon\Parsers directory.
- Open the Mac.ini file in the Netmon\Parsers directory.
- In the [ETYPES] section, add the line “0xBF01 = WLBS_HB” and “0×886F = WLBS_HB”, so that the section looks similar to this:
[ETYPES] 0x600 = XNS 0x800 = IP 0x806 = ARP_RARP,1 0x0bad = VINES_IP 0x1984 = TRAIL 0x8035 = ARP_RARP,2 0x809B = LAP 0x80D5 = SNA 0x80F3 = AARP 0x8137 = IPX 0x8138 = IPX 0x86DD = IP6 0xBF01 = WLBS_HB 0x886F = WLBS_HB - Open the Tcpip.ini file in the Netmon\Parsers directory.
- In the [UDP_HandoffSet] section, add the line “1717 = WLBS_RC” and “2504 = WLBS_RC”, so that the section looks similar to this:
[UDP_HandoffSet] 53 = DNS 67 = DHCP 68 = DHCP 111 = RPC 161 = SNMP 162 = SNMP 137 = NBT, 1000 138 = NBT, 1002 139 = NBT, 1001 520 = RIP 1717 = WLBS_RC 2049 = RPC 2504 = WLBS_RC - Open the Parser.ini file in the Netmon directory.
- In the [PARSERS] section, add the lines “WLBS_RC.DLL = 0: WLBS_RC” and “WLBS_RC.DLL = 0: WLBS_RC”, so that the section looks similar to this:
[PARSERS] LDAP.DLL = 0: LDAP TDS.DLL = 0: TDS ATMARP.DLL = 0: ATMARP RSVP.DLL = 0: RSVP UNI31.DLL = 0: UNI31 RTPPARSR.DLL= 0: RTP, RTCP TCPIP6.DLL = 0: IP6, ICMP6 CLSC.DLL = 0: CLSC L2TP.dll = 0: L2TP WLBS_HB.DLL = 0: WLBS_HB WLBS_RC.DLL = 0: WLBS_RC - At the bottom of the Parser.ini file, add the following information exactly as listed below:
[WLBS_HB] Comment = "WLBS Heartbeat" FollowSet = HelpFile = [WLBS_RC] Comment = "WLBS Remote Control Protocol" FollowSet = HelpFile = - Save the .ini files.
Impact of SID filtering
February 21st, 2007
SID filtering on external trusts can affect your existing Active Directory infrastructure in the following two areas: SID history data that contains SIDs from any domain other than the trusted domain will be removed from authentication requests made from the trusted domain. This will result in access being denied to resources that have the user’s old SID. Universal group access control strategy between forests will require changes. When SID filtering is enabled, users who use SID history data for authorization to resources in the trusting domain no longer have access to those resources.
If you typically assign universal groups from a trusted forest to access control lists (ACLs) on shared resources in the trusting domain, SID filtering will have a major impact on your access control strategy. Because universal groups must adhere to the same SID filtering guidelines as other security principal objects (that is, the universal group object SID must also contain the domain SID), you should verify that any universal groups that are assigned to shared resources in the trusting domain were created in the trusted domain.
If the universal group in the trusted forest was not created in the trusted domain, even though it may contain users from the trusted domain as members, authentication requests made from members of that universal group will be filtered and discarded. Therefore, before assigning access to resources in the trusting domain for users in the trusted domain, you should confirm that the universal group containing the trusted domain users was created in the trusted domain.
Preparing for Daylight Saving Time changes in 2007
February 16th, 2007
Preparing for Daylight Saving Time changes in 2007
Change in daylight saving time:
Would have started: April 1, 2007 Will now be: March 11, 2007
Would have ended: October 28, 2007 Will now be: November 4, 2007
Verify a Workstation or Member Server Secure Channel - Active Directory
February 15th, 2007
Scrape MP3 Files
February 14th, 2007
Heres how I do it:
wget -r -l1 -H -t1 -nd -N -np -A.mp3 -erobots=off -i ~/mp3blogs.txt
And heres what this all means:
-r -H -l1 -np These options tell wget to download recursively. That means it goes to a URL, downloads the page there, then follows every link it finds. The -H tells the app to span domains, meaning it should follow links that point away from the blog. And the -l1 a lowercase L with a numeral one means to only go one level deep; that is, dont follow links on the linked site. In other words, these commands work together to ensure that you dont send wget off to download the entire Web — or at least as much as will fit on your hard drive. Rather, it will take each link from your list of blogs, and download it. The -np switch stands for “no parent”, which instructs wget to never follow a link up to a parent directory.
We dont, however, want all the links — just those that point to audio files we havent yet seen. Including -A.mp3 tells wget to only download files that end with the .mp3 extension. And -N turns on timestamping, which means wget wont download something with the same name unless its newer.
To keep things clean, well add -nd, which makes the app save every thing it finds in one directory, rather than mirroring the directory structure of linked sites. And -erobots=off tells wget to ignore the standard robots.txt files. Normally, this would be a terrible idea, since wed want to honor the wishes of the site owner. However, since were only grabbing one file per site, we can safely skip these and keep our directory much cleaner. Also, along the lines of good net citizenship, well add the -w5 to wait 5 seconds between each request as to not pound the poor blogs.
Finally, -i ~/mp3blogs.txt is a little shortcut. Typically, Id just add a URL to the command line with wget and start the downloading. But since I wanted to visit multiple mp3 blogs, I listed their addresses in a text file one per line and told wget to use that as the input.
HOWTO: Quick n Dirty IPTables-Based Firewall - VPSLink Wiki
January 30th, 2007
HOWTO: Quick n Dirty IPTables-Based Firewall - VPSLink Wiki
Abstract
The following is a Quick n Dirty method at implementing a very simple firewall. This HOWTO is a general compilation of suggested tips for a firewall.
Lets Get Dirty
Locate IPTables
Depending on your VPS, first locate iptables:
[root@vps /]# which iptables
Create IP Based Accept/Deny
Create a whitelist IP passes through firewall or blacklist packets from IP always dropped if you wish:
[root@vps /]# vi /usr/local/etc/whitelist.txt
And/Or…
[root@vps /]# vi /usr/local/etc/blacklist.txt
In each file, add each IP per line, for instance:
4.2.2.2
66.35.15.20
[edit]
firewall.sh Script
Then put the following in /etc/init.d/firewall.sh, and edit to fit your needs:
#/bin/sh
#
## Quick n Dirty Firewall
#
## List Locations
#
WHITELIST=/usr/local/etc/whitelist.txt
BLACKLIST=/usr/local/etc/blacklist.txt
#
## Specify ports you wish to use.
#
ALLOWED=”22 25 53 80 443 465 587 993″
#
## Specify where IP Tables is located
#
IPTABLES=/sbin/iptables
#
## Clear current rules
#
$IPTABLES -F
echo Clearing Tables F
$IPTABLES -X
echo Clearing Tables X
$IPTABLES -Z
echo Clearing Tables Z
echo Allowing Localhost
#Allow localhost.
$IPTABLES -A INPUT -t filter -s 127.0.0.1 -j ACCEPT
#
## Whitelist
#
for x in `grep -v ^# $WHITELIST | awk {print $1}`; do
echo “Permitting $x…”
$IPTABLES -A INPUT -t filter -s $x -j ACCEPT
done
#
## Blacklist
#
for x in `grep -v ^# $BLACKLIST | awk {print $1}`; do
echo “Denying $x…”
$IPTABLES -A INPUT -t filter -s $x -j DROP
done
#
## Permitted Ports
#
for port in $ALLOWED; do
echo “Accepting port TCP $port…”
$IPTABLES -A INPUT -t filter -p tcp –dport $port -j ACCEPT
done
for port in $ALLOWED; do
echo “Accepting port UDP $port…”
$IPTABLES -A INPUT -t filter -p udp –dport $port -j ACCEPT
done
$IPTABLES -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -p udp -j DROP
$IPTABLES -A INPUT -p tcp –syn -j DROP
Start Firewall
[root@vps /]# chmod 700 /etc/init.d/firewall.sh
[root@vps /]# /etc/init.d/firewall.sh
Retrieve Warranty Information For Hp And Compaq Machines
January 7th, 2007
Retrieve Warranty Information For Hp And Compaq Machines
Description:
Author: Carlos
Description:
Retrieves warranty information for HP/COMPAQ machines
‘ WarrantyCheck
‘
‘ WRITTEN BY: crodrig186@hotmail.com
‘
‘ PURPOSE: This script can retrieve information from a HP/COMPAQ
‘ remote machine or the local host and can go to the
‘ HP/COMPAQ website and retrieve the warranty information
‘
‘ OUTPUT: A single line of information with each field separated
‘ by a comma - designed to be easily appended to a CSV
‘ type file.
‘
‘ NOTE: this script is fully functional and will work providing
‘ COMPAQ/HP does not update their website.
‘
‘ LAST TESTED: 2/9/2006
‘
‘ COMMENTS: Would you please comment about this script? Send me an e-mail
‘ with your feedback. comments and suggestions are always welcome.
‘ Additionally, would you kindly post your comments on the following
‘ link? Much appreciated
‘ http://cwashington.netreach.net/depo/view.asp?Index=1098&ScriptType=vbscript
‘
‘ Thanks
‘
‘======================
Dim strComputername, serialnumber, manu, name, model, ipad
Dim warrantyinfo, friendlyproduct, desc, liston
GetMachine
GetInformation
warrantyinfo = WarrantyCheck(serialnumber, model)
ShowInformation
WScript.Quit
sub GetMachine
strComputerName = InputBox(”Please enter the machine name you would” & VbCrLf & _
“like to target. Leave the period (.) to” & VbCrLf & _
“target this machine: “, “TARGET MACHINE”)
End Sub
Sub GetInformation
On Error Resume Next
strWinMgt = “winmgmts://” & strComputerName & “”
Set CompSysSet = GetObject(strWinMgt).ExecQuery(”select * from Win32_ComputerSystem”)
If Err.Number > 0 Then
ShowErr Err.Number
End If
For Each CompSys In CompSysSet
model = trim(CompSys.model)
manu = replace(Trim(CompSys.Manufacturer),”,”,” “)
name = Trim(CompSys.Name)
Next
Set CompSysSet = GetObject(strWinMgt).ExecQuery(”select * from Win32_BIOS”)
For Each CompSys In CompSysSet
serialnumber = CompSys.serialnumber
Next
Set objWMIService = GetObject(”winmgmts:\\” & strcomputername & “\root\cimv2″)
Set IPConfigSet = objWMIService.ExecQuery _
(”Select * from Win32_NetworkAdapterConfiguration”,,48)
For Each IPConfig In IPConfigSet
If instr(lcase(IPConfig.DNSDomain),THISDOMAIN) > 0 Then
for Each IPValue in IPConfig.IPAddress
ipad = IPValue
Next
End If
Next
Set strWinMgt = Nothing
Set objWMIService = Nothing
End Sub
Sub ShowErr (err_number)
Select Case err_number
Case 462
WScript.Echo “TARGET machine <" & strComputername & "> is unavailable!” & VbCrLf & _
“Please check the IP address or ” &_
“machine name and try again”
Case Else
End Select
WScript.Quit
End Sub
Sub ShowInformation
WScript.Echo Trim(UCase(name)) & “,” & Trim(manu) & “,” & trim(ucase(replace(model,”%23″,”#”))) & _
“{” & friendlyproduct & “},” & Trim(serialnumber) & “,” & Trim(warrantyinfo) & _
“, IP: ” & ipad
End Sub
Function WarrantyCheck(serialnumber, ByVal model)
pn = “”
If model = “Not needed” Then
model = “”
End If
If Len(trim(serialnumber)) <= 10 Then
pn = trim(Whatstheproductnumber(model))
Else
pn = ""
End If
Dim hugeArr, minfo
Dim returnStr, strInfo
sn = serialnumber
url = “http://h20000.www2.hp.com/bizsupport/TechSupport/WarrantyResults.jsp?lang=en&cc=us&prodSeriesId=96266&prodTypeId=12454&sn=” & sn & “&pn=” & pn & “&country=US&nickname=&find=Display+Warranty+Information+%C2%BB”
Set objHTTP = CreateObject(”MSXML2.XMLHTTP”)
Call objHTTP.Open(”GET”, url, FALSE)
objHTTP.Send
returnStr = objHTTP.ResponseText
product_friend = InStr(returnStr, “Product description”) + Len(”Product description”)
eo_friendlyproduct = InStr(Mid(returnStr,product_friend+5,80),” “,”"),” ”
int_date_is_here = InStr(str_i, str_date_placer)
str_date_of_warranty = Mid(str_i, int_date_is_here + Len(str_date_placer), 11)
‘— look for strings ‘Active’ or ‘Expired’
int_isactive = 0
int_isactive = InStrRev(str_i,”>Active<")
str_warranty = IIF(int_isactive > 0, “ACTIVE - Ends on: “, “EXPIRED - Ended on: “)
WarrantyCheck = “Status: ” & str_warranty & str_date_of_warranty
End Function
Function Whatstheproductnumber(modelin)
modelin = Trim(Replace(modelin,”(”,” “))
modelin = Trim(Replace(modelin,”)”,” “))
If InStr(modelin, ” “) > 0 Then
modelin = Mid(modelin, InStrRev(modelin,” “))
End If
If InStr(modelin, “#”) > 0 Then
modelin = Replace(modelin, “#”, “%23″)
End If
Whatstheproductnumber= modelin
End Function
Function IIF(expr, truepart, falsepart)
If expr Then
IIF = truepart
Else
IIF = falsepart
End If
End Function
Sending Remote Assistance Requests
January 4th, 2007
Insert this into the target of a shortcut and you’ll be able to send a remote assistance request to a hostname or IP. A pop-up will appear on the target desktop and they will be allowed to accept or deny your assistance.
%windir%\explorer.exe “hcp://CN=Microsoft%20Corporation,L=Redmond,S=Washington,C=US/Remote%20Assistance/Escalation/Unsolicited/Unsolicitedrcui.htm”
« Previous Page — Next Page »