Tuesday, January 30, 2018

import ldap db dump

 you have an ldap db dump called import.ldif . you need to replace  
 an existing ldap database with import.ldif . do this:  
   
 !/bin/bash  
   
 TIMESTAMP=$(date '+%Y%m%d%H%M')  
   
 /etc/init.d/slapd stop ;  
 mv /var/lib/ldap /var/lib/ldap-$TIMESTAMP ;  
 mkdir /var/lib/ldap ;  
 cp /etc/ldap/DB_CONFIG /var/lib/ldap ;  
 slapadd -c -l /tmp/import.ldif ;  
 chown -R openldap.openldap /var/lib/ldap ;  
 /etc/init.d/slapd start  
   

Friday, January 26, 2018

bind9 logging reprise

 in a previous post i mentioned how to do bind9 logging.  
 i found there was too much information in the single file.  
 instead, i have culled out the different notices in to separate files.  
   
 for logrotate, since all the log files are in one directory, all you  
 need to do is place a wildcard attribute in the configuration file.  
   
 and apparmor may hate you and deny you ability to create logs.  
 if you're like me and like logs to be created under the daemon's name  
 e.g. /var/log/bind for bind...  
   
 edit:  
 /etc/apparmor.d/usr.sbin.named   
 and give it /var/log/bind/** rw,  
 as opposed to /var/log/named ** rw,  
   

 # bind.local.log 
  
 logging {  
   channel query_log {  
     file "/var/log/bind/query.log" versions 3 size 5m;  
     // Set the severity to dynamic to see all the debug messages.  
       print-category yes;  
     print-severity yes;  
     print-time yes;  
     severity dynamic;  
     };  
   channel update_debug {  
     file "/var/log/bind/update_debug.log" versions 3 size 5m;  
     severity debug ;  
     print-category yes;  
     print-severity yes;  
     print-time yes;  
     };  
   channel security_info {  
     file "/var/log/bind/security_info.log" versions 3 size 5m;  
     severity info;  
     print-category yes;  
     print-severity yes;  
     print-time yes;  
     };  
   channel bind_log {  
     file "/var/log/bind/bind.log" versions 3 size 5m;  
     severity info;  
     print-category yes;  
     print-severity yes;  
     print-time yes;  
     };  
   category queries {  
     query_log;   
     };  
   category security {  
     security_info;  
     };   
   category update-security {  
     update_debug;  
     };  
   category update {  
     update_debug;  
     };  
   category lame-servers {  
     null;  
     };  
   category default {  
     bind_log;  
     };  
 };  
   
 # /etc/logrotate.d/bind    
     
 /var/log/bind/*.log {   
  daily   
  missingok   
  rotate 7   
  compress   
  delaycompress   
  notifempty   
  create 644 bind bind   
  postrotate   
   /usr/sbin/invoke-rc.d bind9 reload > /dev/null   
  endscript   
 }   

Tuesday, January 23, 2018

flush rndc

 my bind9 dns server is reporting different ips for a host when i...
  
 localhost $ dig @localhost.ip address  
   
 and  
   
 remotehost $ dig @localhost.ip address  
   
 this is due to a weirdo cache on localhost.  
 the best thing to do is flush the dns cache.  
   
 localhost $ rndc flush  
   
 easy.  

bind9 logs be freed of syslog

 I want to know who is requesting what on my bind9 server.  
 Time to cull out those logs from /var/log/syslog .  
   
 $ vi /etc/bind/named.conf  
   
 just before named.conf.local , put in this line:  
   
 include "/etc/bind/named.conf.log";  
   
 $ vi /etc/bind/named.conf.log  
   
 logging {  
  channel bind_log {  
   file "/var/log/bind/bind.log" versions 3 size 5m;  
   severity info;  
   print-category yes;  
   print-severity yes;  
   print-time yes;  
  };  
  category default { bind_log; };  
  category update { bind_log; };  
  category update-security { bind_log; };  
  category security { bind_log; };  
  category queries { bind_log; };  
  category lame-servers { null; };  
 };  
   
   
 see that directory? create it and perm it  
   
 $ mkdir /var/log/bind ; chown bind:bind /var/log/bind  
   
 your logs will be large with all that debug stuff. rotate them!  
   
 $ vi /etc/logrotate.d/bind   
   
 /var/log/bind/bind.log {  
  daily  
  missingok  
  rotate 7  
  compress  
  delaycompress  
  notifempty  
  create 644 bind bind  
  postrotate  
   /usr/sbin/invoke-rc.d bind9 reload > /dev/null  
  endscript  
 }  
   
 $ /etc/init.d/bind9 restart  
   
 excitement.  

Thursday, January 18, 2018

robocopy a local user profile between servers

 robocopy c:\Users\source \\newserver\C$\Users\source *.* /mir /sec /r:1 /w:1 /LOG:C:\Mirlog.txt /XD “RECYCLER” “Recycled” “System Volume Information” /XF “desktop.ini” “thumbs.db”  

get all ip addresses from netlogon.log and mail it

name this something.ps1 and run it to get all ipdresses from netlogon.log and mail them to yourself.
 # Script to get the IP addresses of clients from the Netlogon.log file of all domain controllers in the current domain  
 # from the current month and the previous month  
   
 ################################Start Functions####################################  
   
 function GetDomainControllers {  
   $DCs=[system.directoryservices.activedirectory.domain]::GetCurrentDomain() | ForEach-Object {$_.DomainControllers} | ForEach-Object {$_.Name}  
   return $DCs  
 }  
   
 function GetNetLogonFile ($server) {  
   #build Path variable  
   $path= '\\' + $server + '\c$\windows\debug\netlogon.log'  
   #Try to connect to $path and get the file contents or throw an error  
   try {$netlogon=get-content -Path $path -ErrorAction stop}  
   catch { "Can't open $path"}  
   #reverse the array's order so we are now working from the end of the file back  
   [array]::Reverse($netlogon)  
  #clear out the holding variable  
   $IPs=@()  
   #go through the lines  
   foreach ($line in $netlogon) {  
     #split the line into pieces using a space as the delimiter  
     $splitline=$line.split(' ')  
     #Get the date stamp which is in the mm/dd format  
     $logdate=$splitline[0]  
     #split the date  
     $logdatesplit=($logdate.split('/'))  
     [int]$logmonth=$logdatesplit[0]  
     #only worry about the last month and this month  
     if (($logmonth -eq $thismonth) -or ($logmonth -eq $lastmonth)) {  
       #only push it into an array if it matches an IP address format  
       if ($splitline[5] -match '\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b'){  
         $objuser = new-object system.object  
         $objuser | add-member -type NoteProperty -name IPaddress -value $splitline[5]  
         $objuser | add-member -type NoteProperty -name Computername -value $splitline[4]  
         $objuser | add-member -type NoteProperty -name Server -value $server  
         $objuser | add-member -type NoteProperty -name Date -value $splitline[0]  
         $objuser | add-member -type NoteProperty -name Time -value $splitline[1]  
         $IPs+=$objuser  
       }  
     } else {  
       #break out of loop if the date is not this month or last month  
       break  
     }  
   }  
   return $IPs  
 }  
   
 ###############################End Functions#######################################  
   
 ###############################Main Script Block###################################  
 #Get last month's date  
 $thismonth=(get-date).month  
 $lastmonth=((get-date).addmonths(-1)).month  
   
 #get all the domain controllers  
 $DomainControllers=GetDomainControllers  
 #Get the Netlogon.log from each DC  
 Foreach ($DomainController in $DomainControllers) {  
   $IPsFromDC=GetNetLogonFile($DomainController)  
   $allIPs+=$IPsFromDC  
 }  
 #Only get the unique IPs and dump it to a CSV file  
 $allIPs | Sort-Object -Property IPaddress -Unique | Export-Csv "C:\NetlogonIPs.csv"  
   
 #Set up mail variables  
 $from="me@here"  
 $to="me@here"  
 $subject="IP addresses in Netlogon.log file from the last month"  
 $attach="C:\NetlogonIPs.csv"  
 $body="File containing all unique IPs listed in the netlogon.log file for all the Domain Controllers in the company domain."  
 #Send mail message  
 Send-MailMessage -from $from -To $to -subject $subject -SmtpServer smtpserver -Body $body -BodyAsHtml -Attachments $attach