利用既有SSH通道傳送X畫面
ssh -X -v username@server
2009年6月10日 星期三
2009年6月8日 星期一
監控FS存取狀態
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colShare = objWMIService.ExecNotificationQuery("Select * From __InstanceCreationEvent Within 10 Where TargetInstance ISA 'Win32_ServerConnection'")
Do While True
Set objShare = colShare.NextEvent
If Right(objShare.TargetInstance.ShareName,1) <> "$" Then
Wscript.echo objShare.TargetInstance.ShareName
Wscript.echo objShare.TargetInstance.ComputerName
Wscript.echo objShare.TargetInstance.UserName
Wscript.echo objShare.TargetInstance.NumberOfFiles
Wscript.echo objShare.TargetInstance.ActiveTime
End If
'ShareName
'ComputerName
'UserName
'上述三者為pk,當比對不到資料時進行DUMP
Loop
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colShare = objWMIService.ExecNotificationQuery("Select * From __InstanceCreationEvent Within 10 Where TargetInstance ISA 'Win32_ServerConnection'")
Do While True
Set objShare = colShare.NextEvent
If Right(objShare.TargetInstance.ShareName,1) <> "$" Then
Wscript.echo objShare.TargetInstance.ShareName
Wscript.echo objShare.TargetInstance.ComputerName
Wscript.echo objShare.TargetInstance.UserName
Wscript.echo objShare.TargetInstance.NumberOfFiles
Wscript.echo objShare.TargetInstance.ActiveTime
End If
'ShareName
'ComputerName
'UserName
'上述三者為pk,當比對不到資料時進行DUMP
Loop
重整user本機群組
可以在AD上透過此script來達成修改本機群組的需求
Set WshShell = WScript.CreateObject("WScript.Shell")
HostName = WshShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set oADsSysInfo = CreateObject("ADSystemInfo")
'get domain dns name
'Set GroupSetup = objWMIService.ExecQuery("select Domain from Win32_ComputerSystem where PartOfDomain = True")
'For Each objGroupSetup in GroupSetup
' LocalDomain = objGroupSetup.Domain
'Next
'convert domain from dns name
'If Trim(LocalDomain) <> "" Then
' RegKey = """HKLM\Software\Microsoft\Windows nt\CurrentVersion\Winlogon\DomainCache""|find/I """ & LocalDomain & """"
' Result = WshShell.Exec("%ComSpec% /c reg query " & RegKey ).StdOut.ReadAll
' For Each tmp in Split(Result,vbCrLf)
' If Trim(tmp) <> "" Then
' Data = Split(Tmp,vbTab)
' If UCASE(data(2)) = UCASE(LocalDomain) Then
' Domain = UCase(Trim(data(0)))
' End If
' ENd If
' Next
'End If
Domain = oADsSysInfo.DomainShortName
set colGroup = objWMIService.ExecQuery("select * from Win32_Group where ((SID = 'S-1-5-32-544') and (Domain = '" & HostName & "')) or ((SID like 'S-1-5-%-512') and (Domain = '" & Domain & "'))")
For Each objGroup in colGroup
If UCase(objGroup.Domain) = UCase(HostName) Then
LocalAdminGroup = objGroup.name
Else
DomainAdminGroup = objGroup.name
End If
next
set colAccount = objWMIService.ExecQuery("select * from Win32_UserAccount where SID like 'S-1-5-%-500' and Domain = '" & HostName &"'")
For Each objAccount In colAccount
LocalAdminUser = objAccount.name
next
'remove account from local administrators
' Set objGroup = GetObject("WinNT://" & HostName & "/" & LocalAdminGroup)
' Set memberlist = objGroup.members
' For Each member In memberlist
' Tmp = Split(member.Parent,"/")
' If UCase(Tmp(UBound(Tmp))) = UCase(HostName) Then 'local account
' If UCase(member.Name) <> UCase(LocalAdminUser) Then
' objGroup.Remove(member.AdsPath)
' End If
' Else 'Domain Account
' If UCASE(member.AdsPath) <> UCASE("WinNT://" & Domain & "/" & DomainAdminGroup) Then ' Keep domain admins in the local administrators group
' objGroup.Remove(member.AdsPath)
' End If
' End IF
' next
'change local admin password
' set objUser = GetObject("WinNT://" & HostName & "/" & LocalAdminUser)
' objUser.SetPassword("Password")
Set WshShell = WScript.CreateObject("WScript.Shell")
HostName = WshShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set oADsSysInfo = CreateObject("ADSystemInfo")
'get domain dns name
'Set GroupSetup = objWMIService.ExecQuery("select Domain from Win32_ComputerSystem where PartOfDomain = True")
'For Each objGroupSetup in GroupSetup
' LocalDomain = objGroupSetup.Domain
'Next
'convert domain from dns name
'If Trim(LocalDomain) <> "" Then
' RegKey = """HKLM\Software\Microsoft\Windows nt\CurrentVersion\Winlogon\DomainCache""|find/I """ & LocalDomain & """"
' Result = WshShell.Exec("%ComSpec% /c reg query " & RegKey ).StdOut.ReadAll
' For Each tmp in Split(Result,vbCrLf)
' If Trim(tmp) <> "" Then
' Data = Split(Tmp,vbTab)
' If UCASE(data(2)) = UCASE(LocalDomain) Then
' Domain = UCase(Trim(data(0)))
' End If
' ENd If
' Next
'End If
Domain = oADsSysInfo.DomainShortName
set colGroup = objWMIService.ExecQuery("select * from Win32_Group where ((SID = 'S-1-5-32-544') and (Domain = '" & HostName & "')) or ((SID like 'S-1-5-%-512') and (Domain = '" & Domain & "'))")
For Each objGroup in colGroup
If UCase(objGroup.Domain) = UCase(HostName) Then
LocalAdminGroup = objGroup.name
Else
DomainAdminGroup = objGroup.name
End If
next
set colAccount = objWMIService.ExecQuery("select * from Win32_UserAccount where SID like 'S-1-5-%-500' and Domain = '" & HostName &"'")
For Each objAccount In colAccount
LocalAdminUser = objAccount.name
next
'remove account from local administrators
' Set objGroup = GetObject("WinNT://" & HostName & "/" & LocalAdminGroup)
' Set memberlist = objGroup.members
' For Each member In memberlist
' Tmp = Split(member.Parent,"/")
' If UCase(Tmp(UBound(Tmp))) = UCase(HostName) Then 'local account
' If UCase(member.Name) <> UCase(LocalAdminUser) Then
' objGroup.Remove(member.AdsPath)
' End If
' Else 'Domain Account
' If UCASE(member.AdsPath) <> UCASE("WinNT://" & Domain & "/" & DomainAdminGroup) Then ' Keep domain admins in the local administrators group
' objGroup.Remove(member.AdsPath)
' End If
' End IF
' next
'change local admin password
' set objUser = GetObject("WinNT://" & HostName & "/" & LocalAdminUser)
' objUser.SetPassword("Password")
windows預設分享權限設置
機碼位置
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\DefaultSecurity
此內容會被經過編碼,導致無法直接進行修改
可以透過tweakui將預設值修改完成後,匯出重新整入系統
注意:因為此為HKLM等級機碼,非一般user即可套用,此時可採用GPO的開機指令碼,亦或是利用autohotkey來作patch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\DefaultSecurity
此內容會被經過編碼,導致無法直接進行修改
可以透過tweakui將預設值修改完成後,匯出重新整入系統
注意:因為此為HKLM等級機碼,非一般user即可套用,此時可採用GPO的開機指令碼,亦或是利用autohotkey來作patch
exchange使用空間監控通知
If Weekday(Date) <2 OR Weekday(Date)>6 Then
Wscript.Quit
End If
ExChangeServer = "kido.idv.tw"
ExtremeSize = 50*1024
Set objService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & ExChangeServer & "\root\MicrosoftExchangeV2")
Set colSettings = objService.ExecQuery("Select * from Exchange_Mailbox")
On Error Resume Next
For Each obj in colSettings
If Instr(UCase(obj.MailboxDisplayName),"(NTCTX)") And CLng(obj.Size) > CLng(ExtremeSize) Then
Result = Result & "" & vbCrLf &_
"" & obj.MailboxDisplayName & " " & vbCrLf &_
"" & obj.Size & " " & vbCrLf &_
"" & obj.TotalItems & " " & vbCrLf &_
" "
End If
Next
If Result <> "" Then
Mail "Mailbox healthy check!",RebuildMsg(Result)
End If
Function RebuildMsg(msg)
msg = "" &_
"
RebuildMsg = msg
End Function
Sub Mail(Subject,Content)
MailFrom = "kido@kido.idv.tw"
MailTo = "kido@kido.idv.tw"
If Len(Content) = 0 Then
Exit Sub
End If
Set objEmail = CreateObject("CDO.Message")
objEmail.From = MailFrom
objEmail.To = MailTo
objEmail.Cc = MailCC
objEmail.Subject = Subject
objEmail.HTMLBody = Content
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = ExChangeServer
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objEmail.Configuration.Fields.Update
objEmail.Send
End Sub
除此方法外~~上可利用powershell來作~~功能相同~~都是利用WMI去截取Exchange的值
Wscript.Quit
End If
ExChangeServer = "kido.idv.tw"
ExtremeSize = 50*1024
Set objService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & ExChangeServer & "\root\MicrosoftExchangeV2")
Set colSettings = objService.ExecQuery("Select * from Exchange_Mailbox")
On Error Resume Next
For Each obj in colSettings
If Instr(UCase(obj.MailboxDisplayName),"(NTCTX)") And CLng(obj.Size) > CLng(ExtremeSize) Then
Result = Result & "
"
"
"
"
End If
Next
If Result <> "" Then
Mail "Mailbox healthy check!",RebuildMsg(Result)
End If
Function RebuildMsg(msg)
msg = "
| " & "Emp Name" & " | " & vbCrLf &_" & "Mail Size (KB)" & " | " & vbCrLf &_" & "Mail Count" & " | " & vbCrLf &_
RebuildMsg = msg
End Function
Sub Mail(Subject,Content)
MailFrom = "kido@kido.idv.tw"
MailTo = "kido@kido.idv.tw"
If Len(Content) = 0 Then
Exit Sub
End If
Set objEmail = CreateObject("CDO.Message")
objEmail.From = MailFrom
objEmail.To = MailTo
objEmail.Cc = MailCC
objEmail.Subject = Subject
objEmail.HTMLBody = Content
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = ExChangeServer
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objEmail.Configuration.Fields.Update
objEmail.Send
End Sub
除此方法外~~上可利用powershell來作~~功能相同~~都是利用WMI去截取Exchange的值
iptables的設定
1:先將iptables全數
iptables -F
iptables -Z
iptables -X
2:確認現有policy chain
iptables -L
3:定立規則並初始化policy chain
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -P INPUT DROP
4:初始化本機連線,啟用連線保留功能,方便遠端調整
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
5:新增區塊連入
iptables -A INPUT -s NETWORKID/NETMASK -j ACCEPT
6:將設定寫回系統
/etc/init.d/iptables save active
iptables設定的porting -> /etc/sysconfig/iptables
sample!
# Generated by iptables-save v1.2.11 on Tue Sep 16 20:00:17 2008
*filter
:INPUT ACCEPT [3181787:4475034848]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1601837:84186272]
-A INPUT -s ! 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 22 -j DROP
-A INPUT -d 192.168.0.51 -p tcp -m iprange --src-range 192.168.0.1-192.168.0.10 -m tcp --dport 5500 -j DROP
COMMIT
# Completed on Tue Sep 16 20:00:17 2008
iptables -F
iptables -Z
iptables -X
2:確認現有policy chain
iptables -L
3:定立規則並初始化policy chain
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -P INPUT DROP
4:初始化本機連線,啟用連線保留功能,方便遠端調整
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
5:新增區塊連入
iptables -A INPUT -s NETWORKID/NETMASK -j ACCEPT
6:將設定寫回系統
/etc/init.d/iptables save active
iptables設定的porting -> /etc/sysconfig/iptables
sample!
# Generated by iptables-save v1.2.11 on Tue Sep 16 20:00:17 2008
*filter
:INPUT ACCEPT [3181787:4475034848]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1601837:84186272]
-A INPUT -s ! 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 22 -j DROP
-A INPUT -d 192.168.0.51 -p tcp -m iprange --src-range 192.168.0.1-192.168.0.10 -m tcp --dport 5500 -j DROP
COMMIT
# Completed on Tue Sep 16 20:00:17 2008
2009年6月7日 星期日
傳送互動式job至用戶端
一般要讓指令碼在用戶端執行~~僅需使用wmi中win32_process處理即可
若要讓指令碼作互動執行,則需透過Win32_ScheduledJob來處理~~
此外尚可透過現成的sysinternal的工具來直接部屬會更快速~~
On Error Resume Next
RemoteHost = "kido"
SendSourceToRemote RemoteHost
InstallScheduleJob RemoteHost
Sub SendSourceToRemote(RemoteHost)
Set WshShell = CreateObject("WScript.Shell")
ScriptPath = Left(WScript.ScriptFullName,Len(WScript.ScriptFullName) - Len(WScript.ScriptName))
SRCFile = ScriptPath & "writeEventLog.vbs"
DestPath = "c$\"
WshShell.Exec("cmd.exe /c xcopy " & SRCFile & " \\" & RemoteHost & "\" & DestPath & " /Y").StdOut.ReadAll
End Sub
Sub InstallScheduleJob(RemoteHost)
Const Delay = 2
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate, authenticationLevel=pktPrivacy}!\\" & RemoteHost & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
For Each obj in colItems
LocalDateTime = obj.LocalDateTime
CurrentTimeZone = obj.CurrentTimeZone
Next
CurrentTime = Mid(LocalDateTime,9,2) & ":" & Mid(LocalDateTime,11,2)
ScheduleTime = "********" & Replace(FormatDateTime(DateAdd("n", Delay ,CurrentTime),4),":","") & "00.000000" & CurrentTimeZone
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objNewJob = objWMIService.Get("Win32_ScheduledJob")
errcode = objNewJob.Create("c:\writeEventLog.vbs", ScheduleTime ,False, 0, , True, JobID)
End Sub
2009年6月5日 星期五
透過VNC連線terminal 0的圖形化界面
在資安論壇參考門神兄的文章~~打算利用VNC來讓user擷取自己Linux機器的畫面~~
由於我的平台都是Linux~~且使用vino-preferences發現都會有問題(很多人有問,我也懶得找root cause)~~
最後利用下列方法,一樣讓user可以透過VNC去把畫面傳到另外一台Linux的Terminal去~~
1:假設原本有跑vino-preferences的話,先把它停掉
issue# gconftool-2 -s -t bool /desktop/gnome/remote_access/enabled false
2:確認設定VNC密碼
issue# vncpasswd
3:開啟桌面連線通道
issue# x0vncserver PasswordFile=~/.vnc/passwd display=:0
4:透過VNC Viewer連線終端(其中可考慮使用vnc over ssh方式加強安全性)
2009年6月4日 星期四
vnc server設置
issue # vncserver :1
set vnc password -> issue # vncpasswd
connect to VNC server through VNC viewer
變更VNC登入畫面 issue # vi ~/.vnc/xstartup
follow the instructions to perform change on VNC
註:當X未被正常結束,此時會發生登入錯誤,必須要將/tmp/下的快取資料刪除才可恢復正常
set vnc password -> issue # vncpasswd
connect to VNC server through VNC viewer
變更VNC登入畫面 issue # vi ~/.vnc/xstartup
follow the instructions to perform change on VNC
註:當X未被正常結束,此時會發生登入錯誤,必須要將/tmp/下的快取資料刪除才可恢復正常
vnc over ssh
如果只有兩台電腦跑的話~~server啟用VNC後~~client端用下列方式來處理
ssh -N -T -L 9999:VNC_SERVER:VNC_PORT username@ssh_tunnel_machine
連線後把這個指令往背景丟~~Ctrl +z --> bg
接著啟用vncviewer連線~vncviewer 127.0.0.1:9999
username@ssh_tunnel_machine這個就是作X forward的通道~~
假設網路架構如下
A (LAN_IP) (WAN_IP) <-----> B (WAN_IP) (LAN_IP) C(LAN_IP)
若A在NAT下面~~B可以透過網路連到,C不可以透過網路連到~~
那麼A就是run這個指令去初始化X forward通道 ssh -N -T -L 9999:C_LAN_IP:VNC_PORT username@B_WAN_IP
接下來client只要初始連線vncviewer 127.0.0.1:9999
注意:因為你用A去建X forward通道~~所以是用127.0.0.1~~如果你中間有其他的機器在建SSH通道~~那麼vncviewer的連線目標應該為建立起X forward通道的IP跟你指定他通道的PORT~~
ssh -N -T -L 9999:VNC_SERVER:VNC_PORT username@ssh_tunnel_machine
連線後把這個指令往背景丟~~Ctrl +z --> bg
接著啟用vncviewer連線~vncviewer 127.0.0.1:9999
username@ssh_tunnel_machine這個就是作X forward的通道~~
假設網路架構如下
A (LAN_IP) (WAN_IP) <-----> B (WAN_IP) (LAN_IP) C(LAN_IP)
若A在NAT下面~~B可以透過網路連到,C不可以透過網路連到~~
那麼A就是run這個指令去初始化X forward通道 ssh -N -T -L 9999:C_LAN_IP:VNC_PORT username@B_WAN_IP
接下來client只要初始連線vncviewer 127.0.0.1:9999
注意:因為你用A去建X forward通道~~所以是用127.0.0.1~~如果你中間有其他的機器在建SSH通道~~那麼vncviewer的連線目標應該為建立起X forward通道的IP跟你指定他通道的PORT~~
vnc session share
用途描述:可以讓一個VNC Session給多人共同連線使用~~
ex: server端開一個vnc的session :1~~多於1個以上的client去共同連線~~
server端開vncserver就略過~~直接講client~~
只要用option shared即可~~
vncviewer Shared=1 server_ip:port
預設狀態下大家都可以去管理該session~~如果要設定只有read只要用Viewonly
vncviewer Shared=1 Viewonly=1 server_ip:port
如果你電腦開N個VNC session~~那麼session間都可以獨立運作~~每一個session都可以獨立作share的功能~~
註:VNC服務不需倚賴X,是故再runlevel 3, VNC服務即可啟用
ex: server端開一個vnc的session :1~~多於1個以上的client去共同連線~~
server端開vncserver就略過~~直接講client~~
只要用option shared即可~~
vncviewer Shared=1 server_ip:port
預設狀態下大家都可以去管理該session~~如果要設定只有read只要用Viewonly
vncviewer Shared=1 Viewonly=1 server_ip:port
如果你電腦開N個VNC session~~那麼session間都可以獨立運作~~每一個session都可以獨立作share的功能~~
註:VNC服務不需倚賴X,是故再runlevel 3, VNC服務即可啟用
2009年6月1日 星期一
解壓縮rpm
今天使用tar ball要安裝xv,發現問題不少~~最後決定使用rpm安裝~~
但是礙於rpm會限制於單台電腦使用~~且我必須部署約40台主機,太耗費人力了~~加上先前有把/usr/local/bin給導出到NFS的空間~~
所以決定由rpm去retrieve出執行檔案~~並且擺到/usr/local/bin下作統一部署
確定rpm是有效的
1:下載rpm檔案後~~ issue# rpm -ivh xv-3.10a-13.i386.rpm
2:嘗試執行xv ~~ issue# xv
3:檢查rpm套件~~ issue# rpm -qa|grep xv
4:移除rpm套件~~ issue# rpm -e xv-3.10a-13
5:將檔案解壓縮~~ rpm2cpio xv-3.10a-13.i386.rpm| cpio -idmv
6:把相關檔案擷取出來即可
但是礙於rpm會限制於單台電腦使用~~且我必須部署約40台主機,太耗費人力了~~加上先前有把/usr/local/bin給導出到NFS的空間~~
所以決定由rpm去retrieve出執行檔案~~並且擺到/usr/local/bin下作統一部署
確定rpm是有效的
1:下載rpm檔案後~~ issue# rpm -ivh xv-3.10a-13.i386.rpm
2:嘗試執行xv ~~ issue# xv
3:檢查rpm套件~~ issue# rpm -qa|grep xv
4:移除rpm套件~~ issue# rpm -e xv-3.10a-13
5:將檔案解壓縮~~ rpm2cpio xv-3.10a-13.i386.rpm| cpio -idmv
6:把相關檔案擷取出來即可
訂閱:
文章 (Atom)