All posts by bsdman

Currently working as an IT Manager. Worked for an OIT company as a Network Engineer in 2011. Worked for a Medical IT company as the Network Administrator 2009-2011. Worked as the Senior Systems Administrator at a computer reseller from 2005-2009. Worked as a Computer Consultant for several small companies from 2007-2009. Worked as a Computer Technician at a computer reseller from 2002-2004.
Linux

OSSIM Block Connection Attempts

Leave a comment

I installed alien vault’s OSSIM (the community/free one) and added my subnets for scans. Unfortunately my APC PDUs and batteries really dislike having connection attempts every 2 hours.

Options would include deleting the range and adding smaller ranges, blocking via a firewall, or disabling alerts on the APCs for connection attempts.

So I opted for the easiest of blocking via the firewall:

SSH to my OSSIM box and “jailbreak” to get to a shell

Create a Shell script
nano block_apc.sh

iptables -A OUTPUT -d 10.4.0.241 -j DROP
iptables -A OUTPUT -d 10.4.0.242 -j DROP
iptables -A OUTPUT -d 10.4.0.243 -j DROP
iptables -A OUTPUT -d 10.4.0.244 -j DROP
iptables-save

Ctrl X
Y

Make the Shell script Executable
chmod +x block_apc.sh

Run the Shell script
./block_apc.sh

Microsoft

Microsoft CA Delete Old Certificates

Leave a comment

I had an issue where a certificate template was inadvertently used for all users and machines. Creating a new request daily. For 3 months. Without overwriting the old request. Ouch.

So in my Certificate Authority MMC I saw under Issued Certificates thousands of certs that were expired and I wanted them to just go away. Enter the Admin Command Prompt (I didn’t try with powershell).

certutil -deleterow 5/10/2016 Cert
Apparently this command will only delete up to 3000 per attempt, so I had to run it a few times to get my results.

https://technet.microsoft.com/en-us/library/cc732443.aspx?f=255&MSPPError=-2147217396#BKMK_deleterow

Microsoft, Networking

Powershell Add Certificates to Firefox User

Leave a comment

As we recently implemented a MITM SSL inspection web filter, I needed a way to install the locally signed certificate into the firefox stores on managed devices.

Firefox, by default, does not use the built-in certificate store and instead chooses to utilize its own. Chrome/IE/Edge do not have this same issue and the GPO setup to publish an internal certificate to domain computers is working wonderfully. Firefox, on the other hand, is not so helpful.

After some research it was obvious the best solution was to use powershell/certutil to force an import of the certificate into the local profile’s store. I must admit it took me about 10 minutes to realize that Mozilla/Firefox has its own version of certutil that IS NOT the same as the windows certutil… SMH.

I’ve zipped up the required files as of 02/2017 here.

And here is the ps1 script I used which assumes you installed the OS on the C:\ drive with most of the defaults:

#Script adds Radius Certificate to independent Firefox certificate store since the browser does not use the Windows built in certificate store

#list all Firefox profiles so we can push the certificate to ALL
$ProfilePath = “C:\Users\” + $env:username + “\AppData\Roaming\Mozilla\Firefox\Profiles\”
$ProfilePath = $ProfilePath + (Get-ChildItem $ProfilePath | ForEach-Object { $_.Name }).ToString()

#Update for untangle
certutil.exe -A -n “Name of Certificate” -t “CT,C,C” -i “certificate_from_content_filter_or_UTM.crt” -d $ProfilePath

Linux, Networking

Add Self-Signed Certificate to Ubuntu

Leave a comment

I’m currently running Untangle as my firewall/router UTM and recently enabled SSL Inspection. Unfortunately apt-get was breaking on my linux boxen, so I had to import the certificate.

On my linux box I ran the following and it worked fine:
wget http://firewallURL/cert
mv cert cert.crt
sudo cp cert.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates

Linux

Natural Scrolling Ubuntu

Leave a comment

So I’m going through a bit of a Linux kick lately and one of the things I ended up doing was installing Ubuntu 16.04LTS on my Dell 7370 laptop. Afterwards, I started to get sick of the scrolling with two fingers on the touch pad – I was pretty used to the “natural scrolling” function on the laptops.

All of the guides were pointing me towards opening the Mouse/Touchpad settings, but there was no checkbox for Natural scroll anywhere to be found.

User “goetzc” from askubuntu.com pointed me in the right direction:
nano /usr/share/X11/xorg.conf.d/50-synaptics.conf
Find the section that says “Identifier ‘touchpad catchall’
Mine now says:

Section “InputClass”
Identifier “touchpad catchall”
Driver “synaptics”
MatchIsTouchpad “on”
MatchDevicePath “/dev/input/event*”
Option “NaturalScrolling” “on”
Option “MiddleEmulation” “on”
Option “Tapping” “on”
Option “DisableWhileTyping” “on”
EndSection

**EDIT**
I just realized that I couldn’t see the option in my Mouse settings panel because I had a non-compatible theme running that ruined the visuals of many options. Oh well, live and learn I guess.

Microsoft

Search O365 Exchange Forward Rules

Leave a comment

IT and the Legal team recently started working on correcting several key issues. One of those included the ability to keep company email from auto forwarding out to other non-company accounts/companies/etc.

Open a powershell prompt (run as administrator)
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session
foreach ($i in (Get-Mailbox -ResultSize unlimited)) { Get-InboxRule -Mailbox $i.DistinguishedName | where {$_.ForwardTo} | fl MailboxOwnerID,Name,ForwardTo >> c:\text\Forward_Rule_list.txt }

If you receive an error “Files cannot be loaded because running scripts is disabled on this system”
Set-ExecutionPolicy RemoteSigned

Linux, Microsoft

Webserver CA SSL Request, Linux Windows

Leave a comment

I had a need to create a certificate for a new webserver. I have Linux machines available on my Windows dowmain that has a certificate authority advertised in active directory.

On your linux machine (that has openssl)
openssl req -new -sha256 -newkey rsa:2048 -nodes -keyout webserver1.key -out webserver1.csr

Generating a 2048 bit RSA private key
……………………………………+++
…………………………………..+++
writing new private key to ‘webserver1.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:NO
Locality Name (eg, city) [Default City]:Town
Organization Name (eg, company) [Default Company Ltd]:Winks
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server’s hostname) []:webserver1.localdomain.local
Email Address []:support@localdomain.local

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Copy the CSR to your clipboard
nano webserver1.csr
Copy all of the text including the “–BEGIN” and “–END”

Create the certificate request on your CA

https://certificateauthority/certsrv
Create a new request – Advanced certificate request
Paste the copied text
Select webserver for the certificate template
Submit

I always download as a base64 encoded certificate. I then copied the .cer to my linux box to run the next steps.

On your linux machine create the PFX
openssl pkcs12 -inkey webserver1.key -in webserver1.cer -export -out webserver1.pfx

Enter Export Password:
Verifying – Enter Export Password:

Copy the PFX back to your window machine, double click, enter the passcode, and away you go.