Syed Jahanzaib Personal Blog to Share Knowledge !

March 3, 2017

Cisco Access Point Short Notes !

Filed under: Cisco Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 4:58 PM

2017-03-03 16.47.48.jpg

 

Last year we replaced our old Cisco Aironet Access Points series with the new Ubiquiti AP-LR/AC model. Old switches were then placed in inventory to be used as a backup. Since these cisco AP were configured 8-10 years ago, therefore I had to reset all of them. I made short notes for the process, just in case I need it again in future or maybe useful for anyone else needing similar.

Syed.Jahanzaib


1- Cisco Aironet AP Reset to Factory Default

Note: I used Cisco Aironet AIR-AP1242AG-E-K9 access point model in this post

  1. Connect Console cable from the AP Console port to your PC COM port.
  2. Open Hyper Terminal and use below mentioned settings
    9600 baud
    8 data bits
    None parity
    1 stop bit
    Xon/Xoff Flow control .If xon/xoff flow control does not work, use no flow control.
  3. Disconnect power from access point
  4. Press and hold the MODE button while you reconnect power to the access point.
  5. Hold the MODE button until the Status LED turns amber (generally for 2-3 seconds max), and release the button
  6. After the AP reboots, it will come to default settings & you can re-configure the access point by using CLI or GUI. Default IP is 10.0.0.1

  7. The default username and password is cisco/Cisco [ 'C'  is capital in password]

As shown below ….


Press RETURN to get started.

Xmodem file system is available.
flashfs[0]: 158 files, 7 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 8549888
flashfs[0]: Bytes available: 7449088
flashfs[0]: flashfs fsck took 33 seconds.
Base ethernet MAC Address: 00:1e:be:25:68:d0
Initializing ethernet port 0...
Reset ethernet port 0...
Reset done!
ethernet link up, 100 mbps, full-duplex
Ethernet port 0 initialized: link is up
button pressed for 6 seconds
process_config_recovery: set IP address and config to default 10.0.0.1
Loading "flash:/c1240-k9w7-mx.124-10b.JA/c1240-k9w7-mx.124-10b.JA"...###########
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
######################################################

File "flash:/c1240-k9w7-mx.124-10b.JA/c1240-k9w7-mx.124-10b.JA" uncompressed and
installed, entry point: 0x3000
executing...

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco IOS Software, C1240 Software (C1240-K9W7-M), Version 12.4(10b)JA, RELEASE
SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 24-Oct-07 15:31 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x00859060

Initializing flashfs...

flashfs[1]: 157 files, 7 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 15998976
flashfs[1]: Bytes used: 8548352
flashfs[1]: Bytes available: 7450624
flashfs[1]: flashfs fsck took 4 seconds.
flashfs[1]: Initialization complete....done Initializing flashfs.
Radio 1 A506 7100 E8000000 A0000000 80000000 3
Radio 1 A506 6700 E8000100 A0040000 80010000 2

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-AP1242AG-E-K9 (PowerPCElvis) processor (revision A0) with 24566K/81
92K bytes of memory.
Processor board ID FCZ1213815G
PowerPCElvis CPU at 262Mhz, revision number 0x0950
Last reset from power-on
1 FastEthernet interface
2 802.11 Radio(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:1E:xx:xx:xx:xx
Part Number : 73-10256-06
PCA Assembly Number : 800-xxxxx-05
PCA Revision Number : A0
PCB Serial Number : FOCxxxxNE3
Top Assembly Part Number : 800-xxxx-01
Top Assembly Serial Number : FCZxxxxxxG
Top Revision Number : A0
Product/Model Number : AIR-AP1242AG-E-K9

Press RETURN to get started!


IP Related Configuration …

>

To configure new ip address


en
configure t
ip address 10.0.0.1 255.0.0.0
no ip route-cache

Now open browser and point to the ip you configured above, & do reset of config using express setup or as required 🙂

cisco aironet eexpres setup zaib.PNG


Howto ADD SSID

cisco-aironet-ssid-after-reset


Howto ENABLE RADIO / WiFi 

cisco-aironet-howto-enable-radio

Note: Enable Both Radio using above step …


To show current IP,

en
show ip interface brief

To Save Config

en
wr

 

Regard’s
Jz!

March 2, 2017

RM Reseller Monthly Report via GMAiL

Filed under: Radius Manager — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 11:07 AM

hosting-by-the-hour

Disclaimer: This is not a reliable method for some OP to acquire the monthly sale report done by reseller. It requires some criteria to match like strict account creation by specific reseller id only. Better to use provided GUI in DMA_RM to inquire the proper report.

This is just a personal way of collecting reporting via automated email which MUST be cross verified by the OP .

Z@iB


BASH:

Following is a bash script which will simply query invoices, categorize it according to reseller account, format it using html coding, sort, total and send email admin.

Logic:

When you will execute this script, it will fetch the reports from rm_users database using last month dates, it will auto calculate last month dates.

Example:

Current month is March,2017. the script will pick Last Month which was February,2017 and will calculate number of days as well using CAL function.

Sample of Report is as follows.

 

1

RM Reseller Monthly Report via email

2

RM Reseller Monthly Report via email

Schelde following script via crontab @monthly. Modify information as per your local network.



#!/bin/bash
# Script to query INVOICES section of Radius manager mysql, and
# categorize it according to resellers , calculate accounts,sort and total it.
# These are my personal way of doing things, and no one is bound to agree with these.
# Created: Year 2014
# set -x
# MYSQL USER ID PASSWORD
SQLUSER="root"
SQLPASS="YOUR_MYSQL_PASSWORD"

# DATE RELATED STUFF
LASTMY=`date +'%Y-%m' -d 'last month'`
LAST_MONTH_DIGIT=`date +'%m' -d 'last month'`
YEAR_DIGIT=`date +'%Y' -d 'last month'`
LAST_MONTH_LAST_DATE=`cal $LAST_MONTH_DIGIT $YEAR_DIGIT |egrep -v [a-z] |wc -w`
START="$LASTMY-01"
END="$LASTMY-$LAST_MONTH_LAST_DATE"
FMONTH=`date +'%B-%Y' -d 'last month'`
DATE=`date`

# EMAIL RELATED STUFF
TO1="YOUR_EMAIL_ID@hotmail.com"
GMAILID="GMAIL_ID_TO_SEND_EMAIL_FROM@gmail.com"
GMAILPASS="GMAIL_PASSWORD"
CONTENT_TYPE="text/html"

# LOG FILES
FILE="/tmp/dealer_renewal_month.html"
FINALFILE="/tmp/dealer_renewal_month_final.html"
COMPANY="ZAIB(Pvt)_Ltd.
This System is powered by Syed_Jahanzaib aacable@hotmail.com"
BODY_TITLE="Report For Dealer Account asof $FMONTH"
> $FILE
> $FINALFILE

# HTML BODY
echo "
<pre>" > $FILE
echo "<b>$BODY_TITLE</b>" >> $FILE
echo "<b>DEALER User's_Activated Used_Amount Balance</b>
" >> $FILE

# QUERY MANAGERS FROM RM_MANAGERS TABLE
mysql -u$SQLUSER -p$SQLPASS --skip-column-names -e "use radius; select managername from rm_managers;" | while read dealer
do
num=$[$num+1]
DEALER=`echo $dealer | awk '{print $1}'`

# GATHER DATA OF ACTIVE USERS, USED AMOUNT, CURRENT BALANCE, (MOBILE NUMBER IF SMS IS REQUIRED TO SEND)
ACTIVEUSERSNO=`mysql -uroot -p$PASS --skip-column-names -e "use radius; SELECT price FROM rm_invoices LEFT JOIN rm_users ON rm_users.username = rm_invoices.username WHERE date >= '$START' AND date <= '$END' AND (paymode = '0' OR paymode = '1' OR paymode = '2' OR paymode = '3' OR paymode = '4' OR paymode = '5' OR paymode = '6' OR paymode = '7' OR paymode = '8' OR paymode = '9' OR paymode = '10' OR paymode = '11' ) AND (invgroup = '0' ) AND invnum != '' AND rm_users.owner = '$DEALER';" | sed '/credited/d' | wc -l`
USEDAMOUNT=`mysql -uroot -p$PASS --skip-column-names -e "use radius; SELECT price FROM rm_invoices LEFT JOIN rm_users ON rm_users.username = rm_invoices.username WHERE date >= '$START' AND date <= '$END' AND (paymode = '0' OR paymode = '1' OR paymode = '2' OR paymode = '3' OR paymode = '4' OR paymode = '5' OR paymode = '6' OR paymode = '7' OR paymode = '8' OR paymode = '9' OR paymode = '10' OR paymode = '11' ) AND (invgroup = '0' ) AND invnum != '' AND rm_users.owner = '$DEALER';" | sed '/credited/d' | awk '{ sum+=$1} END {print sum}'`
BALANCE=`mysql -u$SQLUSER -p$SQLPASS --skip-column-names -e "use radius; select balance from rm_managers WHERE managername = '$DEALER';" |cut -f1 -d"."`
MOBILE=`mysql -u$SQLUSER -p$SQLPASS --skip-column-names -e "use radius; select mobile from rm_managers WHERE managername = '$DEALER';"`
SRV=`mysql -uroot -p$SQLPASS --skip-column-names -e "use radius; SELECT SQL_CALC_FOUND_ROWS rm_invoices.service FROM rm_invoices LEFT JOIN rm_users ON rm_users.username = rm_invoices.username WHERE date >= '$START' AND date <= '$END' AND (paymode = '0' OR paymode = '2' ) AND (invgroup = '0' OR invgroup = '1' ) AND invnum != '' AND rm_users.owner = '$DEALER' ORDER BY id LIMIT 0, 10000;" | sed '/credited/d' | awk '{print $1}' | sort | uniq -c`

#LOOK FOR ZERO VALUE AMOUNT AND REPLACE IT WITH 0 , IF FOUND
#if [ ! -n "$USEDAMOUNT" ]; then
#if [ "USEDAMOUNT == "" ]; then
#USEDAMOUNT="X"

# PRINT ALL GATHERED DATA INTO FILE
#echo "<b>$DEALER</b> $ACTIVEUSERSNO $USEDAMOUNT - $BALANCE
#------------------------------------------------------------------------" >> $FILE
#else

# PRINT ALL GATHERED DATA INTO FILE
echo "<b>$DEALER</b> $ACTIVEUSERSNO $USEDAMOUNT - $BALANCE

Details&nbsp;of&nbsp;Services&nbsp;Activated:
Qty Service&nbsp;Name

$SRV

------------------------------------------------------------------------" >> $FILE

#fi
done

# MAKE COLUMNS SO THAT IT GETs EASIER TO READS
sed -e 's/\t//g' $FILE | column -t | sed 's/ //g' | sed 's/ User/User/g' > $FINALFILE
# GATHER DATA OF ACTIVE USERS, USED AMOUNT, CURRENT BALANCE, (MOBILE NUMBER IF SMS IS REQUIRED TO SEND)
TOTNO=`mysql -uroot -p$PASS --skip-column-names -e "use radius; SELECT price FROM rm_invoices LEFT JOIN rm_users ON rm_users.username = rm_invoices.username WHERE date >= '$START' AND date <= '$END' AND (paymode = '0' OR paymode = '1' OR paymode = '2' OR paymode = '3' OR paymode = '4' OR paymode = '5' OR paymode = '6' OR paymode = '7' OR paymode = '8' OR paymode = '9' OR paymode = '10' OR paymode = '11' ) AND (invgroup = '0' ) AND invnum != '';" | sed '/credited/d' | wc -l`
SALES=`mysql -uroot -p$PASS --skip-column-names -e "use radius; SELECT price FROM rm_invoices LEFT JOIN rm_users ON rm_users.username = rm_invoices.username WHERE date >= '$START' AND date <= '$END' AND (paymode = '0' OR paymode = '1' OR paymode = '2' OR paymode = '3' OR paymode = '4' OR paymode = '5' OR paymode = '6' OR paymode = '7' OR paymode = '8' OR paymode = '9' OR paymode = '10' OR paymode = '11' ) AND (invgroup = '0' ) AND invnum != '';" | sed '/credited/d' | paste -sd+ | bc | cut -f1 -d"."`

echo "Total Users Activated/Renewed in $FMONTH = <b>$TOTNO</b>" >> $FINALFILE
echo "Total SALES Done in $FMONTH = <b>$SALES</b>" >> $FINALFILE
echo "
<b>$COMPANY</b>" >> $FINALFILE
echo "Generated on $DATE" >> $FINALFILE
echo "</pre>
" >> $FINALFILE

##Finally send email with all the data gathered USING SEND_EMAIL TOOL
/temp/sendEmail-v1.56/sendEmail -t $TO1 -u "INFO: GT DEALERS MONTHLY BILLING INFO for $FMONTH" -o tls=yes -s smtp.gmail.com:587 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$FINALFILE -o message-content-type=$CONTENT_TYPE
# Type file for view
cat $FINALFILE

 

February 27, 2017

Radius Manager Theme/Skin Collection

Filed under: Radius Manager — Tags: , — Syed Jahanzaib / Pinochio~:) @ 3:33 PM

Following are few customized themes for DMASOFTLAB Radius manager , Designed by various web developers.

  1. Digital Theme [Responsive as well, made by KANGNDO]
  2. Green Theme
  3. Blue Theme

 


General Steps to install theme

I assume you have DMASoftlab Radius Manager 4.1.x version installed and must be fully functional.

  • Download the theme file, unrar it in any temporary folder. you can use `tar zxvf filename.tar.gz /destination_folder`
  • Copy (or let’s say Overwrite) all the contents including files/folders from the (unzipped) folder name radiusmanager in /var/www/radiusmanager (or for CENTOS, its /var/www/html/radiusmanager). You can cp -vr syntax /source /target
  • Clear the browser cache, and reload the ACP administration control panel) page.

.


1- Digital Theme

Download Link: Radius Manager KANGNDO Theme Official Link

🙂

Sample Images:

1

2

3

4


2- Green Theme

Green Theme Download Link

green-1

 


Will update more later

 

Regard’s
Syed Jahanzaib

February 21, 2017

PowerShell Reference [Continued Post]

Filed under: Microsoft Related — Syed Jahanzaib / Pinochio~:) @ 8:34 AM

pwoershell-logo

coffe code.PNG

Following is reference post for Powershell command line usage to achieve different tasks. Recently I had to perform various administration tasks on more than 20 windows based servers , and using scripting it made my life a bit easier and I let the scripting  do the task on my behalf on scheduled basis 😉

These are very common tasks, commands but when you combine them with the Linux shell, they become ultra powerful and best thing is that you can create / add  some ‘ Artificial Intelligence ‘ in it. I have posted just basic level to hide the sensitivity of original tasks.

Following is collection of my own R&D, some commands are picked from Stackoverflow/Spicework forums as well.


General PowerShell Related CMD


Check PowerShell Version

$PSVersionTable.PSVersion
Upgrade PowerShell to Version 4 in Windows 7/2008 - 64bit
https://blogs.technet.microsoft.com/heyscriptingguy/2014/11/09/weekend-scripter-install-powershell-4-0-in-windows-7/

Execute Powershell script from Linux Shell using winexe

winexe -U DOMAIN/ID%’PASSWORD’ //IP_OR_NAME //101.11.12.38 ‘powershell.exe -inputformat none -command “dir”‘

winexe -U DOMAIN/ID%’PASSWORD’ //IP_OR_NAME ‘powershell.exe -inputformat none -command “c:\scripts\script_name.ps1″‘


Check Powershell Version & Process Architecture

#Check PowerShell Version
$PSVersionTable
# Check Processor Architecture
$env:PROCESSOR_ARCHITECTURE
# Get list of installed HOTFIX with details
Get-HotFix | Format-Table

 # Import Active Directory module

import-module activedirectory

Show folders that have not been updated/modified by X Period of Time

In my company I have Windows 2008 R2 [as a file sharing / backup server] with a centralized shared folder structure like this

  • D:\USERS
  • D:\USERS\USER1
    D:\USERS\USER1\AUTOBACKUP
    D:\USERS\USER1\DROP
    D:\USERS\USER1\EXHIBIT
  • D:\USERS\USER2
    D:\USERS\USER2\AUTOBACKUP
    D:\USERS\USER2\DROP
    D:\USERS\USER2\EXHIBIT

There are are around 100+ users folders and all users copy their important data on a daily basis there corresponding AUTOBACKUP folder. Every AUTOBACKUP folder have several sub folders and files in it.

My requirements was to somehow display ONLY the AUTOBACKUP folders name which are not updated in last 1 month, means no file in written in any autobackup or in its subfolders. (I dont requires drop/exhibit folders details as it can be updated by any1 , but autobackup can be updated only by the corresponding user)

Result Something like:

  • D:\USERS\USER1\AUTOBACKUP – Updated
  • D:\USERS\USER2\AUTOBACKUP – ALERT: Not updated since last month …

or show me result only for users whose auto backup have not updated from past month.

I tried to get result by powershell commands, but it shows me results if some one update the drop/exhibit too, and i want to exclude them in search criteria, the search should be done only in autobackup.

So here was the solution :)~

Get-WmiObject Win32_LogicalDisk -Filter "DriveType='3'" `
 -ComputerName SERVER_NAME | `
 Format-Table `
 @{l="Server";e={$_.SystemName}}, `
 @{l="Drive Letter";e={$_.DeviceID}}, `
 @{l="Free Space on Disk (GB)";e={"{0:n2}" -f ($_.freespace/1gb)}}, `
 @{l="Total Disk Space (GB)";e={"{0:n2}" -f ($_.size/1gb)}}, `
 @{l="Percentage Used";e={ "{0:P2}" -f (1 - ([Int64]$_.FreeSpace / [Int64]$_.Size)) }}

$PrettySizeColumn = @{name="Size";expression={
 $size = $_.Size
 if ( $size -lt 1KB ) { $sizeOutput = "$("{0:N2}" -f $size) B" }
 ElseIf ( $size -lt 1MB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1KB)) KB" }
 ElseIf ( $size -lt 1GB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1MB)) MB" }
 ElseIf ( $size -lt 1TB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1GB)) GB" }
 ElseIf ( $size -lt 1PB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1TB)) TB" }
 ElseIf ( $size -ge 1PB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1PB)) PB" } 
 $sizeOutput
}}

# change the folder name here ...
Get-ChildItem 'D:\USERS' -Directory | ForEach-Object {

$RecentAutoBackupFiles = @(
# change the folder name here too ...
 Get-ChildItem -Path "D:\USERS\$($_.Name)\autobackup" -File -Recurse | 
 Where-Object { $_.LastWriteTime -ge [datetime]::Now.AddMonths(-1) }
)

if (0 -eq $RecentAutoBackupFiles.Count)
 {
 "$($_.Name) "
 }
}

Result of above Script (which was executed using Linux bash script as usual:) )

1

 

2


Show Folder Size (in GB) | Sort by Size | Select top 10

This was intense task for me, and I was not able to sort it on my own. so I have to take help from stackoverflow and spicework forums.

Scenario:

We have a Windows 2008 R2  base file server where users have there shared folders.
Example:

  • D:\USERS
  • D:\USERS\USER1
  • D:\USERS\USER2
  • D:\USERS\USER3
  • D:\USERS\USER4
  • D:\USERS\USER5

All users folders have several hundreds sub folders in it.

Task:

Execute functions from Linux base system , which should remote to file server by winexe, execute powershell script, which should perform functions like

  • List all users folder name
  • Last modified time
  • Size conversion auto in kb/mb/gb ( order by size)
  • Email the result [customized] using sendEmail / gmail.

First the powershell script name foldersize.ps1 which will actually perform the functions on file server. we will copy this script in c:\temp on remote file server.

foldersize.ps1


param ($Path = ".")
$disk = ([wmi]"\\FILESERVER\root\cimv2:Win32_logicalDisk.DeviceID='D:'")
"D: GB Total = {0:#.0}
D: GB Used {2:#.0}
D: GB Free {1:#.0} " -f ($disk.Size/1GB),($disk.FreeSpace/1GB),($disk.Size/1GB-$disk.FreeSpace/1GB) | write-output

Get-WmiObject Win32_LogicalDisk -Filter "DriveType='3'" `
-ComputerName FILESERVER&nbsp;| `
Format-Table `
@{l="Server";e={$_.SystemName}}, `
@{l="Drive Letter";e={$_.DeviceID}}, `
@{l="Free Space on Disk (GB)";e={"{0:n2}" -f ($_.freespace/1gb)}}, `
@{l="Total Disk Space (GB)";e={"{0:n2}" -f ($_.size/1gb)}}, `
@{l="Percentage Used";e={ "{0:P2}" -f (1 - ([Int64]$_.FreeSpace / [Int64]$_.Size)) }}

$PrettySizeColumn = @{name="Size";expression={
$size = $_.Size
if ( $size -lt 1KB ) { $sizeOutput = "$("{0:N2}" -f $size) B" }
ElseIf ( $size -lt 1MB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1KB)) KB" }
ElseIf ( $size -lt 1GB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1MB)) MB" }
ElseIf ( $size -lt 1TB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1GB)) GB" }
ElseIf ( $size -lt 1PB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1TB)) TB" }
ElseIf ( $size -ge 1PB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1PB)) PB" }
$sizeOutput
}}

Get-ChildItem -Path $Path | Where-Object {$_.PSIsContainer} | ForEach-Object {
$size = ( Get-ChildItem -Path $_.FullName -Recurse -Force | where {!$_.PSIsContainer} | Measure-Object -Sum Length).Sum
$obj = new-object -TypeName psobject -Property @{
Path = $_.Name
Time = $_.LastWriteTime
Size = $size
}
$obj
} | Sort-Object -Property Size -Descending | Select-Object Path, Time, $PrettySizeColumn

try to execute this file on the file server from powershell terminal. It should give you proper results. JUST BE VERY SURE TO READ THE SCRIPT VERY WELL, AS IT SHOULD BE MODIFIED AS PER YOUR REQUIREMENTS, PLUS I USED DOMAIN ADMIN ID, SO I HAD ALL THE ACCESS ON ALL THE COMPUTERS FROM MY PC /REMOTELY AS WELL.

.\foldersize.ps1 -Path  \\FILESERVER\C$\Softwares\IMAGES_ISO

Once done,  make a bash script in your linux (ubuntu) system  which will execute the above script remotely and will customized the result and email to the admin.

BASH FILE / folder_iquiry.sh which will run the ps file from linux terminal


#!/bin/bash
#set -x
# This bash script will query remote file server storage using Powershell Commands.
# It will send report via email with relevant details like top used folders , Very useful some times.
# Syed Jahanzaib / aacableAThotmailDOTcom
# http://aacableDOTwordpressDOTcom
# 20-feb-2017
start=`date +%s`
COMPANY="ZAIB"
SRVNAME="SRV01"
SRV_FRIENDLY_NAME="File Server D:Drive"
IP="10.0.0.1"
DOMAIN="DC.LOCAL"
PASS="PASSWORD"
ID="ADMIN"
#TARGET DIRECTORY
TDIR="d:\users"
TEMP_HOLDER="/tmp/xdrive_temp_raw_report.txt"
TEMP_HOLDER_FINAL="/tmp/xdrive_final_mail_report.txt"
&gt; $TEMP_HOLDER
&gt; $TEMP_HOLDER_FINAL
DATE=`date`

# GMAIL DETAILS to send EMAIL alert
SENDMAILAPP="/temp/sendEmail-v1.56/sendEmail"
GMAILID="ADMIN_GMAIL_ID@gmail.com"
GMAILPASS="GMAIL_PASS"
# Add recipient email address below
ADMINMAIL1="aacableAThotmailDOTcom"

MSG_SUB="$COMPANY $SRV_FRIENDLY_NAME - $SRVNAME - / Weekly Report @ $DATE"
MSG_BODY="$COMPANY $SRV_FRIENDLY_NAME - $SRVNAME - Weekly Report for Users D: drive folder's sorted by size
@ $DATE
"

FOOTER="Automated Weekly Report Generated using Linux Powered Powershell !!
Sys. Admin
$COMPANY IS Dept."

echo "
$MSG_BODY
" &gt; $TEMP_HOLDER

#QUERY SERVER X: DRIVE
winexe -U $DOMAIN/$ID%"$PASS" //$IP 'powershell.exe -inputformat none -command "c:\temp\foldersize.ps1 -Path '"$TDIR"' ' &gt;&gt; $TEMP_HOLDER

# Remove Junk Line with unknonw character, which is unique or specific occured in my lab test

end=`date +%s`
echo "It took $(($end - $start)) seconds to complete this task..." &gt;&gt; $TEMP_HOLDER
echo "
$FOOTER" &gt;&gt; $TEMP_HOLDER

#Print result
cat $TEMP_HOLDER
#send email
sendemail -u "$MSG_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL1 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$TEMP_HOLDER -o message-content-type=text

# Script ends here

Now execute file from linux terminal like this…

/temp/folder_inquiry.sh

SAMPLE:

userreport.PNG


Show Folder Size (in GB) | Sort by Size | Select top 10

[This method have one BIG disadvantage, dueto 260 characters limit in windows, it may not show files/folders above then this limit. so it may not give your correct result if you have some deep folder structure/long files name in it.]

#Windows PS Version
ls c:\temp | select Name, @{Name="Type";Expression={if($_.psIsContainer){"---Directory---"}else{"---File---"}}}, @{Name="Size(GB)";Expression={[Math]::Round($(ls $_.FullName -recurse| measure Length -sum).Sum/1GB, 2)}}| sort -property "Size(GB)" -desc | Select -First 10

# Linux Winexe format
winexe -U DC/ID%PASS //IP 'powershell.exe -inputformat none -command "ls c:\backup\ | select Name, @{Name='"'"'"Type"'"'"';Expression={if($_.psIsContainer){'"'"'"Directory"'"'"'}else{'"'"'"File"'"'"'}}}, @{Name='"'"'"Size(GB)"'"'"';Expression={[Math]::Round($(ls $_.FullName -recurse| measure Length -sum).Sum/1GB, 3)}}| sort -property '"'"'"Size(GB)"'"'"' -desc | Select -First 10"'

Example of C:\temp contents …

  • C:\TEMP
  • C:\TEMP\FOLDER1
  • C:\TEMP\FOLDER-1\SUB_FOLDER
  • C:\TEMP\FOLDER-1\SUB_FOLDER_MORE
  • C:\TEMP\FOLDER2
  • C:\TEMP\FOLDER3

This will query all folders/sub-folders inside the c:\temp folder, and display only the main folders name including sizes of subfolder as well ..

Name Type Size(GB)
---- ---- --------
Win2008_test Directory 28.9
Ubuntu-PHP-API Directory 2.75
ubuntu-freeradius Directory 2.15
zaib_temp_radius Directory 2.09
MIKROTIK-1 - Copy Directory 0.39


Show files with Name & Size greater than 5 GB

[This was required in a script where I schedule it to email the top users in mail server by querying the folder directly]

Following command is formatted to be executed by WINEXE [Linux]

winexe -U $DOMAIN/$ID%"$PASS" //$IP 'powershell.exe -inputformat none -command "Get-ChildItem -Path '"$TDIR"' | Where-Object {$_.length -gt 5GB} | Sort-Object -descending -Property Length | Format-Table Name,@{name='"'"'Size GB'"'"';expression={$_.length/1GB};FormatString='"'"'N1'"'"'}"' | sed -e "$DEL_LINE" | sed '/^\s*$/d' |nl &gt;&gt; $TEMP_HOLDER

Script to get specific folder files and specific  folder total size, sort and email to admin on every Monday / Weekly

#!/bin/bash
#set -x
# This bash script will query remote lotus domino mail server storage using Powershell Commands.
# It will send report via email with erelevant details, Very useful some times.
# Syed Jahanzaib / aacableAThotmailDOTcom
# http://aacableDOTwordpressDOTcom
# 20-feb-2017
COMPANY="ZAIB"
SRVNAME="MYSRV"
IP="10.0.0.1"
DOMAIN="DC_NAME"
PASS="PASSWORD"
ID="ADMINISTRATOR"
TDIR="D:\lotus\domino\data\mail"
TDIR_FULL="D:\lotus"
TDIR_MAIL="D:\lotus\domino\data\mail"
TDIR_ARCH="D:\lotus\domino\data\archive"
# How many lines to be dleeted from winexe output for top users section
DEL_LINE="1,3d"
TEMP_HOLDER="/tmp/mail_top_users.txt"
TEMP_HOLDER_FULL="/tmp/mail_lotus_folder_size.txt"
&gt; $TEMP_HOLDER
DATE=`date`

# GMAIL DETAILS to send EMAIL alert
SENDMAILAPP="/temp/sendEmail-v1.56/sendEmail"
GMAILID="ADMIN_GMAIL_ID@gmail.com"
GMAILPASS="GMAIL_PASSWORD"
# Add recipient email address below
ADMINMAIL1="aacableAThotmailDOTcom"

MSG_SUB="$COMPANY Lotus Mail Server / Weekly Report @ $DATE"
MSG_BODY="$COMPANY - $SRVNAME - Lotus Mail Server Weekly Report for Total Usage and TOP users exceeding 5GB mailbox size
@ $DATE
"
FOOTER="Automated Weekly Report Generated using Linux Powered Powershell !!
Sys. Admin
$COMPANY IS Dept."

echo "
$MSG_BODY
" &gt; $TEMP_HOLDER

#Full size of Lotus Folder - Overall
FULL_SIZE=`winexe -U $DOMAIN/$ID%"$PASS" //$IP 'powershell.exe -inputformat none -command " "\"{0:N0}"\" -f ( (Get-ChildItem -Path '"$TDIR_FULL"' -Recurse | Measure-Object -Property Length -Sum ).Sum / 1GB)"' |sed '/^\s*$/d'`
echo "Lotus Total DATA size in GB = $FULL_SIZE" &gt;&gt; $TEMP_HOLDER

#Full size of Lotus MAIL Folder only
FULL_SIZE_MAIL=`winexe -U $DOMAIN/$ID%"$PASS" //$IP 'powershell.exe -inputformat none -command " "\"{0:N0}"\" -f ( (Get-ChildItem -Path '"$TDIR_MAIL"' -Recurse | Measure-Object -Property Length -Sum ).Sum / 1GB)"' |sed '/^\s*$/d'`
echo "Lotus Total User Inbox MAIL SIZE in GB = $FULL_SIZE_MAIL" &gt;&gt; $TEMP_HOLDER

#Full size of Lotus ARCHIVE Folder only
FULL_SIZE_ARCH=`winexe -U $DOMAIN/$ID%"$PASS" //$IP 'powershell.exe -inputformat none -command " "\"{0:N0}"\" -f ( (Get-ChildItem -Path '"$TDIR_ARCH"' -Recurse | Measure-Object -Property Length -Sum ).Sum / 1GB)"' |sed '/^\s*$/d'`
echo "Lotus User's ARCHIVE Folder SIZE in GB = $FULL_SIZE_ARCH" &gt;&gt; $TEMP_HOLDER

echo "----------------------------------------------
Lotus Users List whose inbox is exceeding 5 GB" &gt;&gt; $TEMP_HOLDER

#Only Top users exceeding 5GB
winexe -U $DOMAIN/$ID%"$PASS" //$IP 'powershell.exe -inputformat none -command "Get-ChildItem -Path '"$TDIR"' | Where-Object {$_.length -gt 5GB} | Sort-Object -descending -Property Length | Format-Table Name,@{name='"'"'Size GB'"'"';expression={$_.length/1GB};FormatString='"'"'N1'"'"'}"' | sed -e "$DEL_LINE" | sed '/^\s*$/d' |nl &gt;&gt; $TEMP_HOLDER

echo "

$FOOTER" &gt;&gt; $TEMP_HOLDER
# Display result by cat
cat $TEMP_HOLDER
# Send email
sendemail -u "$MSG_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL1 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$TEMP_HOLDER -o message-content-type=text

Result of above script …

1.PNG


PowerShell Get Folder / File ACL list

Get-Acl c:\temp | select -Expand Access

Sample Result:


PS C:\&gt; Get-Acl c:\temp | select -Expand Access
FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited : True
InheritanceFlags : None
PropagationFlags : None

FileSystemRights : 268435456
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : InheritOnly

FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : NT AUTHORITY\SYSTEM
IsInherited : True
InheritanceFlags : None
PropagationFlags : None

FileSystemRights : 268435456
AccessControlType : Allow
IdentityReference : NT AUTHORITY\SYSTEM
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : InheritOnly

FileSystemRights : ReadAndExecute, Synchronize
AccessControlType : Allow
IdentityReference : BUILTIN\Users
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None

FileSystemRights : Modify, Synchronize
AccessControlType : Allow
IdentityReference : NT AUTHORITY\Authenticated Users
IsInherited : True
InheritanceFlags : None
PropagationFlags : None

FileSystemRights : -536805376
AccessControlType : Allow
IdentityReference : NT AUTHORITY\Authenticated Users
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : InheritOnly

PS C:\&gt;


Regard’s
Syed Jahanzaib

February 16, 2017

Modifying ‘tombstoneLifetime’ value in Active Directory

Filed under: Microsoft Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 9:40 AM

Default lifetime for tombstone.jpg


What is tombstone Lifetime?

The AD tombstone lifetime determines how long deleted items exist in AD before they are purged, for example users  or other objects. The default value in Windows 2008 is 180 Days.

Why I need to modify its default value,  ?

We want to increase it for some audit purpose, specially to track deleted objects (example how many Users were deleted in last 1 or 2 years)

Let’s Start …

METHOD # 1 – Using GUI Method

Execute ADSIEdit tool by

%SystemRoot%\system32\adsiedit.msc

  • Now using ADSIEdit tool, connect to your domain controller.
  • Navigate to CN=Directory Services , Right click and select Properties.
  • Find tombstoneLifetime and Click Edit,
  • Now define value in days for how long you want to increase the value. I wanted 2 years so I put 630 . This values must be in DAYS.

As showed in the image below …

tombstone.PNG

Note: By Some mistake, i typed 630, whereas the actual number for 2 years is 730, so change it accordingly


METHOD # 2 – Using PowerSHELL Command

Setting Two Years Tombstone Lifetime

Import-Module ActiveDirectory
$ConfNameContext = Get-ADRootDSE | Select-Object -Expandproperty configurationNamingContext
Set-ADObject -Identity "CN=Directory Service,CN=Windows NT,CN=Services,$ConfNameContext" -Replace @{'tombstonelifetime'='730'}

Querying tombstoneLifetime value via command

 

# Using dsquery command

dsquery * " cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,dc=agp1" -scope base -attr tombstonelifetime

[COMMAND RESULT OUTPUT]

tombstonelifetime
730

# Using POWERSHELL 

#1

(get-adobject “cn=Directory Service,cn=Windows NT,cn=Services,$(([adsi](“LDAP://RootDSE”)).configurationNamingContext)” -properties “tombstonelifetime”).tombstonelifetime

#2

Import-Module ActiveDirectory
$ConfNameContext = Get-ADRootDSE | Select-Object -Expandproperty configurationNamingContext
Get-ADObject -Identity “CN=Directory Service,CN=Windows NT,CN=Services,$ConfNameContext” -properties tombstonelifetime |Format-List

Note / z@iB:

I found out that all commands doesn’t show default tombstoneLifetime. Once I modify the value, then I was able to see the value using above commands.

Regard’s
Syed Jahanzaib

February 15, 2017

Personnel Notes on Active Directory


ad

audit reporting in excel.PNG

Recently our IT dept was going through yearly Audit and we had to provide active directory details asked by the auditor team. I used few commands that saved lot of time to get our desired/trimmed results. and since I mostly use my Ubuntu box to manage large portion of my network, therefore i made few scripts using these commands to be executed from linux based pc.

I had to repeat the whole search criteria every time by refreshing the memory/google, and since it this is a repeating task , and I had to go through the search process every time, I thought to make all these documented so that I can retrieve them when required.

I also linked these scripts with the Linux base WEBMIN, so they can be called by GUI for support staff as well.


Most queries are executed from Linux base system using WINEXE, if you are using windows only then you may want to modify it as required, I am just showing an way of executing AD commands via powershell using *nix 🙂 . The most annoyed thing was to wrap the commands in single/double quotes along with other parameters to make it single liner execution bomb.

Some of following commands are wrapped for linux base execution, and some are common powershell commands, make sure to run import-module activedirectory command before querying AD instance]

Make sure to change the IP / credentials as required.




  • Command to Display Total Number Of Active Directory Users [Including disabled/enabled accounts as well]
(get-aduser -filter *).count
#OR
get-aduser -filter * | measure-object | select-object count
  • Command to Display Total Number Of Active Directory Users [Only ENABLED]
(get-aduser -filter *|where {$_.enabled -eq "True"}).count
#OR
get-aduser -filter 'enabled -eq $true' | measure-object | select-object count
  • Command to Display Total Number Of Active Directory Users [Only DISABLED]
(get-aduser -filter *|where {$_.enabled -ne "False"}).count
  • Command to Display All users along with every detail / information
winexe -U DOMAIN/ID%PASS //10.0.0.1 'powershell.exe -command "import-module activedirectory; Get-ADUser -Filter * -Properties *"'
  • Command to display only single user information as mentioned
winexe -U DOMAIN/ID%PASS //10.0.0.1 'powershell.exe -command "import-module activedirectory; Get-ADUser ZAIB-USER-NAME -Properties *"'
  • Command to display only specific information
winexe -U DOMAIN/ADMIN%"PASSWORD" //10.0.0.1 'powershell.exe -command "import-module activedirectory; Get-ADUser -Filter * -Properties * | select Name,UserPrincipalName,Enabled,LockedOut,Created,LastLogonDate"' 
  • Show Members from SPECIFIC GROUP group only
dsquery group -samid "Domain Admins" | dsget group -members | dsget user
  • Show specific user OU & MemberOf
$user = get-aduser USERNAME;
$memb = (GET-ADUSER –Identity USERNAME –Properties MemberOf | Select-Object MemberOf).MemberOf -replace "DC=DCNAME*" -replace "CN="
$uo = $user.distinguishedname.substring($user.distinguishedname.indexof(",") + 1,$user.distinguishedname.Length - $user.distinguishedname.indexof(",") - 1)
write-host "$($user.Name) = $($uo.split(',')[0])"
echo "Member of:" $memb
  • Command to get all users and show only following fields

UserPrincipalName,Created,Enabled,MemberOf

winexe -U DOMAIN/ID%PASSWORD //10.0.0.1 'powershell.exe -command "import-module activedirectory; Get-ADUser -Filter * -Properties * | select
UserPrincipalName,Created,Enabled,MemberOf |Format-Table -Property * -AutoSize | Out-String -Width 4096 | Out-File c:\1.txt"'
  • Query for speciifc User belongs to which groups
winexe -U DOMAIN/ID%PASS //10.0.0.1 'powershell.exe -command "import-module activedirectory; (GET-ADUSER –Identity zaib.user –Properties MemberOf |  Select-Object MemberOf).MemberOf"'
  • Get Members List of specific Group
winexe -U DOMAIN/ID%PASS //10.0.0.1 'powershell.exe -command "import-module activedirectory; Get-ADGroupMember "'"'Domain Admins'"' |Select name,distinguishedName |  Format-Table -AutoSize"'
#OR
winexe -U DOMAIN/ID%PASS //10.0.0.1 'powershell.exe -command "import-module activedirectory; Get-ADGroupMember "'"'Limited Internet Facility Group'"' |Select sAMAccountName| Format-Table -AutoSize"'
  • Show All Users Created Dated Only using PowerShell
winexe -U DOMAIN/ID%PASSWORD //10.0.0.1 'powershell.exe -command "import-module activedirectory; Get-ADUser -Filter * -Properties Created | Select-Object Name,Created | Sort-Object Created"'
  • Show Users created in Last 30 days
winexe -U DOMAIN/ID%PASSWORD //10.0.0.1 'powershell.exe -command "import-module activedirectory; $When = ((Get-Date).AddDays(-30)).Date; Get-ADUser -Filter {whenCreated -ge $When} -Properties whenCreated"'
  • Show Users created in specific after DATE RANGE
Get-ADUser -Filter * -properties whencreated | ? { $_.whenCreated -ge (get-date "January 1, 2017") -and  $_.whenCreated -le (get-date "January 31, 2017")} |Select Samaccountname,whenCreated,office 
  • Show Users created in specific after DATE RANGE
winexe -U DOMAIN/ID%PASS //10.0.0.1 'powershell.exe -command "import-module activedirectory;Get-ADUser -Filter * -properties whencreated | ? { $_.whenCreated -ge (get-date "'"'January 1, 2017'"') -and $_.whenCreated -le (get-date "'"'January 31, 2017'"')} |Select Samaccountname,whenCreated,office"'
  • Show Users DELETED in specific DATA RANGE … [powershell commands]
[datetime]$StartTime = "1/1/2017"
[datetime]$EndTime = "1/15/2017"
Get-ADObject -Filter {(isdeleted -eq $true) -and (name -ne "Deleted Objects") -and (ObjectClass -eq "user")} -includeDeletedObjects -property whenChanged | Where-Object {$_.whenChanged -ge $StartTime -and $_.whenChanged -le $EndTime} |Select Name,whenChanged |Format-Table
  • Show DISABLED Users Only …
#Method 1 using PS
winexe -U DOMAIN/ID%PASS //10.0.0.1 'powershell.exe -command "import-module activedirectory; search-adaccount -UsersOnly -AccountDisabled | select samAccountName"'
  • Show users who have not logged in Since 60 days

winexe -U DOMAIN/ID%PASS //10.0.0.1 'powershell.exe -command "import-module activedirectory; $domain = "DOMAIN-NAME"; $DaysInactive = 60; $time = (Get-Date).Adddays(-($DaysInactive)); Get-ADUser -Filter {LastLogonTimeStamp -lt $time -and enabled -eq $true} -Properties LastLogonTimeStamp"'
# Method 3 using dsquery
dsquery user "dc=Your_Domain_Name" -inactive 2

  • Show DISABLED Users Only using DSQUERY
dsquery user -disabled | dsget user -display -email -dept -title
  • Show Only Specific User Details [ Method#2]
winexe -U DOMAIN/ID%PASSWORD //10.0.0.1 'Net user ZAIB /domain"'

  • Get DHCP info from server to acquire some customized report
# 10.0.0.1 IS DOMAIN
# 101.0.0.0 is our scope
winexe -U DC/ID%PASSWRORD //10.0.0.1 'netsh dhcp server scope 101.0.0.0 show clients 1'
  • Dump DHCP SERVER DETAILS IN FILE for some specific purpose, i required to get mobile devices list
# Dump DHCP
# 101.11.11.5 IS DOMAIN
# 101.11.14. IS MOBILE DEVICES IP SERIES, SO WE ARE CATCHING IT
# 101.11.11.36 IS GATEWAY
# 101.11.11.6 IS OTHER GATEWAY
winexe -U DC/ID%PASSWD //101.11.11.5 'netsh dhcp server \\DCSERVERNAME dump' > /tmp/dhcp_temp.txt
cat /tmp/dhcp_temp.txt | grep 101.11.14. | awk '{ print $11,$12}' | sed -e 's/"101.11.11.6"//g' -e 's/"101.11.11.36"//g' -e 's/"//g' -e 's/ BOTH//g' | sed '/ \r/d' | sort
cat /tmp/dhcp_temp.txt | grep 101.11.14. | awk '{ print $11,$12}' | sed -e 's/"101.11.11.6"//g' -e 's/"101.11.11.36"//g' -e 's/"//g' -e 's/ BOTH//g' | sed '/ \r/d' | sort | wc -l

Regard’s
Syed Jahanzaib

February 13, 2017

Windows Event-Viewer Logging to MYSQL

Filed under: Uncategorized — Syed Jahanzaib / Pinochio~:) @ 2:10 PM

out-of-the-box

In our small office environment, we are using Windows 2008 R2 Active Directory for user management/authentication and control purpose. Dueto some standard operating procedure I was asked to log User Account Creation / Removal events in Linux base mySQL DB. Since windows doesn’t provide option to directly export event into linux base mysql, therefore I made an workaround for it using specific windows events tagged with task scheduler approach. Not to mention , this approach of using task scheduler with events is not a new thing, but it was definitely a bit confusing for a numbnuts like ME on how to acquire only the very specific fields trimmed according to our taste and get it logged in remote linux mysql db. but Alhamdulillah I managed to get it in few hours struggling.

z@iB

Items I used in this post are …

  • Windows 2008 R2 server with Active Directory
  • c:\temp folder to hold temporary information for the triggered event
  • e:\userlog\ folder to hold all logs
  • Event ID which will be logged in local log file and mySQL DB [as required] :

    4720

    New User Account Created

    4726

    User Account Deleted
  • Two batch files which will be executed when specific event will occur.
  • Mysql (I used mysql-5.7.17-winx64.zip) package to add entries in mySQL DB name events 

You can download mysql-5.7.17-winx64.zip from fmy Google Drive at

mysql-5.7.17-winx64 by Syed Jahanzaib


New Account Batch File for LOG [ac-new-log.bat]

@echo off
set MYSQL_HOST=10.0.0.1
set MYSQL_ID=your_mysqlid
set MYSQL_PASS=your_password
set MYSQL_DB=your_events
set MYSQL_TB=your_table
set ACTION=Account Created
set HOLDER=c:\temp\acnew-temp.txt
set LOGFILE=e:\userlog\users-created-log.log
type nul > %HOLDER%
wevtutil qe security /rd:true /f:text /c:1 /q:"*[System/EventID=4720]" > %HOLDER%
for /f "tokens=4" %%a in ('type %HOLDER% ^| find /i "Account Name"') do set accname=%%a
for /f "tokens=3" %%a in ('type %HOLDER% ^| find /i "Event ID"') do set eventid=%%a
for /f "tokens=2" %%a in ('type %HOLDER% ^| find /i "Date"') do set dt=%%a
set HEADER=%eventid% : %accname% / %ACTION% @ ... %dt%
echo %HEADER%
echo %HEADER% >> %LOGFILE%
c:\mysql\bin\mysql -h %MYSQL_HOST% -u%MYSQL_ID% -p%MYSQL_PASS% -e "use %MYSQL_DB%; INSERT INTO %MYSQL_TB% (eventid,type,account,msg) VALUES ('%eventid%','%ACTION
%','%accname%','%HEADER%');" 

Account Delete Batch File for LOG [ac-del-log.bat]

@echo off
set MYSQL_HOST=10.0.0.1
set MYSQL_ID=MY_ID
set MYSQL_PASS=MY_PASS
set MYSQL_DB=DB
set MYSQL_TB=TABLE
set ACTION=Account Deleted
set HOLDER=c:\temp\acdel-temp.txt
set LOGFILE=e:\userlog\users-deleted-log.log
type nul > %HOLDER%
wevtutil qe security /rd:true /f:text /c:1 /q:"*[System/EventID=4726]" > %HOLDER%
for /f "tokens=3" %%a in ('type %HOLDER% ^| find /i "Account Name"') do set accname=%%a
for /f "tokens=3" %%a in ('type %HOLDER% ^| find /i "Event ID"') do set eventid=%%a
for /f "tokens=2" %%a in ('type %HOLDER% ^| find /i "Date"') do set dt=%%a
set HEADER=%eventid% : %accname% / %ACTION% @ ... %dt%
echo %HEADER%
echo %HEADER% >> %LOGFILE%
c:\mysql\bin\mysql -h %MYSQL_HOST% -u%MYSQL_ID% -p%MYSQL_PASS% -e "use %MYSQL_DB%; INSERT INTO %MYSQL_TB% (eventid,type,account,msg) VALUES ('%eventid%','%ACTION%','%accname%','%HEADER%');" 

Attaching Batch files with Specific Event ID

On Domain Controller, open event viewer, goto 4720 event, right click and select ‘Attach Task to This Event‘ and in trigger select your batch file. (for account creation)

As showed in the image below

1- accoutn creation - attach batch file via event viewer.png

1.5 - triggers.PNG

2- trigger action.PNG

Repeat same for event id 4726.

Ok to finish it.


Creating DB in mySQL

Now create a new DB with required name and tables in mySQL …

One example is as follows.

mydb.sql


;-- MySQL dump 10.13 Distrib 5.5.54, for debian-linux-gnu (i686)
--
-- Host: localhost Database: events
-- ------------------------------------------------------
-- Server version 5.5.54-0ubuntu0.12.04.1

/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;

--
-- Table structure for table `mymaindb`
--

DROP TABLE IF EXISTS `mymaindb`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `mymaindb` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`datetime` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`eventid` varchar(40) DEFAULT NULL,
`type` varchar(255) NOT NULL,
`account` varchar(255) NOT NULL,
`msg` varchar(10000) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=462 DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;

--
-- Dumping data for table `mymaindb`
--

LOCK TABLES `mymaindb` WRITE;
/*!40000 ALTER TABLE `mymaindb` DISABLE KEYS */;
INSERT INTO `mymaindb` VALUES (459,'2017-02-13 08:39:45','4720','Account Created','testing.act','4720 : testing.act / Account Created @ ... 2017-02-13T12:02:05.777'),(461,'2017-02-13 08:49:46','4726','Account Deleted','testing.act','4726 : testing.act / Account Deleted @ ... 2017-02-13T12:02:38.521');
/*!40000 ALTER TABLE `mymaindb` ENABLE KEYS */;
UNLOCK TABLES;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;

/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;

-- Dump completed on 2017-02-13 14:47:11

to import above DB , use following command …

mysql -uroot -pROOTPASS < mydb.sql

Script Result in CMD:

Now try to create/delete a user account in active directory, and you will see the result in mysql db.

I recommend to debug first, to make sure things are working ok, execute the bat file manually to see the results

ac-new-log.bat

script result.PNG

.

Script Result in mySQL DB :

[all above fuss was made just to acquire only specific data trimmed as per out taste, and get it logged in in remote linux mySQL otherwise task was very easy in general]

phpmyadmin snapshot

php-result

mysql cmd line snapshot


mysql> select * from MY_DB;
+-----+---------------------+---------+-----------------+-------------+--------------------------------------------------------------------+
| id | datetime | eventid | type | account | msg |
+-----+---------------------+---------+-----------------+-------------+--------------------------------------------------------------------+
| 459 | 2017-02-13 13:39:45 | 4720 | Account Created | testing.act | 4720 : testing.act / Account Created @ ... 2017-02-13 13:39:45 |
| 461 | 2017-02-13 13:49:46 | 4726 | Account Deleted | testing.act | 4726 : testing.act / Account Deleted @ ... 2017-02-13 13:39:45 |
+-----+---------------------+---------+-----------------+-------------+--------------------------------------------------------------------+
2 rows in set (0.00 sec)


This is a itty-bitty example only, on how you can build your own customized solution using out of the box approach !

Syed Jahanzaib

February 8, 2017

Windows 7 Error: 0x800704cf / Unable to Access remote network shared resources

Filed under: Uncategorized — Syed Jahanzaib / Pinochio~:) @ 2:10 PM

windows-cannot-access-shared-folder

fotolia_3115040_m_tile

Windows cannot access \\testpc
Error Code: 0x800704cf

If your system is a workstation joined with local domain controller and you are getting above (same) error while trying to access ANY shared resource/system on the network, then you may try following fix. This error gave me straight 1 hour headache, so I really don’t want anyone else to bang their head on the wall for the same.

Fix >     :~)

  • Open (Currently active) Network Adapter properties,
  • UNCHECK the ‘Client for microsoft Networks‘  / OK
  • Open Regedit, & Navigate to “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetBT\Parameters”
  • Create a new key with following parameters

Type: DWORD Value
Name: SMBDeviceEnabled
Data: 1

  • Once Done, Restart your computer, & MAKE SURE TO ENABLE THE ‘CLIENT FOR MICROSOFT NETWORK’ in the adapter settings.

Now check and hopefully you will be able to access the shared resources without any error.

TIP/Additional Commands

  • ipconfig /flushdns
  • nbtstat -RR
  • netsh int ip reset
  • netsh winsock reset

Regard’s
Syed Jahanzaib

January 28, 2017

Acquiring Cisco Switch Customized Report via Sms/Email

Filed under: Cisco Related — Syed Jahanzaib / Pinochio~:) @ 10:02 AM

img_20170127_163525339


Scenario:

We have few Cisco switches installed in our network. the OP wants to receive specific switch report via email, by sending SMS to the system (on demand or scheduled), and the system should return the detailed report by email with following details ….

The Task is quite simple, and surely it can be done with more better approach or professional coding, but this is just mine exploration which is working fine for my static requirements. We can add about any other information in the script, as per required.


Requirements for report:

  • The report should be customized according to the OP taste. For this purpose we made an script which does the following
  • Check if IP is missing, exit with error, and return error by email to Admin, otherwise Continue to Next Step…
  • Check if IP is invalid, exit with error, and return error by email to Admin, otherwise Continue to Next Step…
  • Check if IP is not accessible by ping, exit with error, and return error by email to Admin, otherwise Continue to Next Step…
  • Check if SNMP UDP port 161 is not accessible by nmap, exit with error, and return error by email to Admin, otherwise Continue to Next Step…
  • Check if remote device is not a Cisco switch, exit with error, and return error by email to Admin, otherwise Continue to Next Step…
  • Automatically check for all available ports like 24/28/48/52 etc,
  • Check Switch Mode/Type/Firmware/CPU Usage/Switch Uptime/Vlan Count etc
  • Check all Ports Up/Down Status / Port Speed / Last Status Change etc
  • Script start/end Time stamp.

Tools Used in this post … [Extra]

  • Kannel/playsms for receiving SMS and execute the script which will in return sends response by email (or sms) [ I have covered kannel and playSMS in my previous guides at my blog]
  • nmap to query remote device SNMP UDP 161 port [you can use some other methods as well]
  • sendEmail tool to send email [you can use some other methods as well]
    • [ I have covered sendEmail tool usage in my previous guide at my blog]

This script may be valid for Cisco 3750 or 3560 switch only. modify it as required.

zaiB!


the Script!


#!/bin/sh
# Script to detect Cisco switch Port status / speed / Description with various checks
# Useful for admins who want to query there switch information by SMS ,
# like we can configure this script to be executed from incoming SMS (using playSMS) and send result by email
# Syed Jahanziab
# http:// aacable . wordpress . com / aacable @ hotmail . com

# to debug script , remove # from following line
#set -x

# Color Codes, we can use these codes to color our black world output
ESC_SEQ="\x1b["
COL_RESET=$ESC_SEQ"39;49;00m"
COL_RED=$ESC_SEQ"31;01m"
COL_GREEN=$ESC_SEQ"32;01m"

# Hostname and other Variables
# Take ip from command line variable
IP="$1"
# Switch SNMP community string
SNMP_STRING="PUBLIC"
HOSTNAME=`hostname`
COMPANY="zaib (Pvt) Ltd."
FOOTER="Powered By Syed.Jahanzaib"
DATE=`date`

# EMAIL RELATED and KANNEL INFO
# for down status, we have to use GMAIL to send email
KANNELURL="127.0.0.1:13013"
KANNELID="kannel"
KANNELPASS="KANNEL_PASS"
CELL1="03333021909"
CELL2="0333XXXXXX"
# GMAIL Section
GMAILID="YOUR_GMAIL_ID@gmail.com"
GMAILPASS="PASS"
ADMINMAIL1="aacableAThotmailDOTcom"
ADMINMAIL2="XXX_XXX@hotmail.com"

#Email Subject Body etc
EMAIL_SUB="INFO: Switch IP $IP - Report @ $DATE"
EMAIL_BODY="/tmp/$ip.email.txt"
echo "
$IP SWITCH QUERY Starts @ $DATE

"

echo "
$IP SWITCH QUERY Starts @ $DATE

" > $EMAIL_BODY
############ DIFFERENT ERROR's VARIABLES ###########
ERR_NOIP="ERROR: Please provide IP of switch

Eaxmple:
portquery 192.168.155.255"

ERR_INVALID_IP="ERROR: Invalid IP address detected. Please provide valid IP of switch

Eaxmple:
portquery 192.168.155.255"

ERR_PING_FAILED="ERROR: Switch IP $IP PING is DOWN ... cannot proceed further... Wziring"
ERR_SNMP="ERROR: Switch IP $IP SNMP not responding. Cannot continue without it... Exiting"
ERR_NO_CISCO="ERROR: $IP - Remote device type doesn't look like CISCO switch... Exiting"

PORTS_TMP_HOLDER="/tmp/$IP.port.numbers"
PORTS_TMP_HOLDER_FINAL="$IP.port.numbers.final"

# If IP is not provided with variable , give error
if [ -z "$IP" ]; then
echo "$ERR_NOIP"
# Send Email reply to Admin for IP not provided error
echo "$ERR_NOIP" >> $EMAIL_BODY
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL1 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL2 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
exit 1
fi

# Check for IP addrrss validity, IP must be in format like `port query10.0.0.1`
if expr "$IP" : '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' >/dev/null; then
echo "IP OK" > /dev/null
else
echo "$ERR_INVALID_IP"
# Send Email reply to Admin for invalid IP
echo "$ERR_INVALID_IP" >> $EMAIL_BODY
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL1 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL2 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
exit 1
fi

# Check if REMOTE DEVICE is accessibel or not, if not then EXIT immediately with error / zaib
#if [[ $(ping -q -c 3 P) == @(*100% packet loss*) ]]; then
PING_LOSS=`ping -c 1 -q $IP | grep -oP '\d+(?=% packet loss)'`
if [ "$PING_LOSS" = "100" ]; then
echo "$ERR_PING_FAILED"
# Send Email reply to Admin for IP not responding
echo "$ERR_PING_FAILED" >> $EMAIL_BODY
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL1 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL2 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
exit 1
fi

# Check if SNMP port is responding or not, because we require SNMP to query all results
SNMP_PORT_QUERY=`nmap -sU -p 161 $IP | grep open`
if [ -z "$SNMP_PORT_QUERY" ]; then
echo "$ERR_SNMP"
# Send Email reply to Admin for SNMP not responding
echo "$ERR_SNMP" >> $EMAIL_BODY
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL1 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL2 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
exit 1
fi

# Determine device OS type, if it doesnt contains 'Cisco IOS' word, then exit
DETECT_SW_OS=`snmpwalk -v1 -c $SNMP_STRING $IP 1.3.6.1.2.1.1.1 | grep -R "Cisco IOS"`
if [ -z "$DETECT_SW_OS" ]; then
echo "$ERR_NO_CISCO"
echo "$ERR_NO_CISCO" >> $EMAIL_BODY
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL1 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL2 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
exit 1
fi

# Switch name variable / mib etc
MIB="/cfg/mibs/HOST-RESOURCES-MIB"
SW_NAME=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP iso.3.6.1.2.1.1.5.0`
SW_MODEL=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP .1.3.6.1.2.1.47.1.1.1.1.13.1001`
SW_FW=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP .1.3.6.1.2.1.1.1.0 | sed -n '1p'`
SW_CPU_USAGE=`snmpwalk -Oqvn -v1 -c $SNMP_STRING $IP 1.3.6.1.4.1.9.2.1.56.0`
SW_UPTIME=`snmpwalk -v1 -c $SNMP_STRING $IP .1.3.6.1.2.1.1.3.0 | sed 's:.*)::'`
SW_VLAN_COUNT=`snmpwalk -v1 -c $SNMP_STRING $IP iso.3.6.1.2.1.47.1.2.1.1.2 | wc -l`
# Query Port number after trimming and store in file, it will be used for port counting and switch media type as well / zaib
snmpwalk -v1 -c gt $IP .1.3.6.1.2.1.2.2.1.2 | sed '/Stack\|Vlan\|Null/d' > $PORTS_TMP_HOLDER

# Count total ports in switch
PORT_COUNT=`cat $PORTS_TMP_HOLDER | wc -l`

# Query Switch type like if its megabit or gigabit, we will do it using FAST word, pretty lame but its working good for me / zaib
SW_TYPE_Q=`cat $PORTS_TMP_HOLDER | grep Fast`
if [ -z "$SW_TYPE_Q" ]; then

###########################################################
# Consider Switch as GIGAbit and do actions based upon it #
###########################################################

# Print
INFO_HEADER="Switch Model: $SW_MODEL
Switch Name: $SW_NAME
Switch type: GIGABIT Model
Switch Fw : $SW_FW
Switch Uptime: $SW_UPTIME
Switch CPU Usage: $SW_CPU_USAGE
Switch VLAN Numbers: $SW_VLAN_COUNT

Ports Status :
"
echo "$INFO_HEADER"

# Add text for Email Body
echo "$INFO_HEADER" >> $EMAIL_BODY

# Some junk maths
cat $PORTS_TMP_HOLDER | grep -o -P '.{0,0}101.{0,2}' | sed 's/101//' > $PORTS_TMP_HOLDER_FINAL
cat $PORTS_TMP_HOLDER_FINAL | while read ports
do
num=$[$num+1]
PORT_N=`echo $ports`
PORT_DESC_Q=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP 1.3.6.1.2.1.31.1.1.1.18.101$PORT_N | tr -d '"' | grep -E "[[:alnum:]]"`
SW_PORT_LAST_ST_CHANGE=`snmpwalk -On -v1 -c $SNMP_STRING $IP .1.3.6.1.2.1.2.2.1.9.101$PORT_N | sed 's:.*)::'`
if [ "$PORT_DESC_Q" = "" ]; then
PORT_DESC="n/a"
else
PORT_DESC="$PORT_DESC_Q"
fi
PORT_Q=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP 1.3.6.1.2.1.2.2.1.8.101$PORT_N`
if [ "$PORT_Q" -eq 1 ]; then
PORT_STATUS="UP"
else
PORT_STATUS="DOWN"
fi
if [ "$PORT_STATUS" = "DOWN" ]; then
PORT_SPEED="n/a"
else
PORT_SPEED_Q=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP iso.3.6.1.2.1.2.2.1.5.101$PORT_N`
PORT_SPEED=`echo $(($PORT_SPEED_Q/1000/1000)) mbps`
fi
PORT_NAME=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP 1.3.6.1.2.1.31.1.1.1.18.101$PORT_N`

# Finally Spit out all the info gaterhed by above junk code 😀 / zaib
echo "PORT_Number: $PORT_N / Status: $PORT_STATUS / Name: $PORT_DESC / Speed: $PORT_SPEED / Port_Last_Status_Change = $SW_PORT_LAST_ST_CHANGE"
#echo "PORT_Number: $PORT_N / Status: $PORT_STATUS / Name: $PORT_DESC / Speed: $PORT_SPEED / Port_Last_Status_Change = $SW_PORT_LAST_ST_CHANGE" >> $EMAIL_BODY
done

###########################################################
# Consider Switch as Megabit and do actions based upon it #
###########################################################
else
#Print
INFO_HEADER="Switch Model: $SW_MODEL
Switch Name: $SW_NAME
Switch type: MEGABIT Model
Switch Fw : $SW_FW
Switch Uptime: $SW_UPTIME
Switch CPU Usage: $SW_CPU_USAGE
Switch VLAN Numbers: $SW_VLAN_COUNT

Ports Status :
"
echo "$INFO_HEADER"
# Add text for Email Body
echo "$INFO_HEADER" >> $EMAIL_BODY

cat $PORTS_TMP_HOLDER | grep -o -P '.{0,0}100.{0,2}' | sed 's/100//' > $PORTS_TMP_HOLDER_FINAL
cat $PORTS_TMP_HOLDER_FINAL | while read ports
do
num=$[$num+1]
PORT_N=`echo $ports`
PORT_DESC_Q=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP 1.3.6.1.2.1.31.1.1.1.18.100$PORT_N | tr -d '"' | grep -E "[[:alnum:]]"`
SW_PORT_LAST_ST_CHANGE=`snmpwalk -On -v1 -c $SNMP_STRING $IP .1.3.6.1.2.1.2.2.1.9.100$PORT_N | sed 's:.*)::'`
if [ "$PORT_DESC_Q" = "" ]; then
PORT_DESC="n/a"
else
PORT_DESC="$PORT_DESC_Q"
fi
PORT_Q=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP 1.3.6.1.2.1.2.2.1.8.100$PORT_N`
if [ "$PORT_Q" -eq 1 ]; then
PORT_STATUS="UP"
PORT_SPEED_Q=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP iso.3.6.1.2.1.2.2.1.5.100$PORT_N`
PORT_SPEED=`echo $(($PORT_SPEED_Q/1000/1000)) mbps`
else
PORT_STATUS="DOWN"
PORT_SPEED="n/a"
PORT_NAME=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP 1.3.6.1.2.1.31.1.1.1.18.100$PORT_N`
fi
# Finally Spit out all the info gaterhed by above junk code 😀 / zaib
echo "PORT_Number: $PORT_N / Status: $PORT_STATUS / Name: $PORT_DESC / Speed: $PORT_SPEED / Port_Last_Status_Change = $SW_PORT_LAST_ST_CHANGE"
echo "PORT_Number: $PORT_N / Status: $PORT_STATUS / Name: $PORT_DESC / Speed: $PORT_SPEED / Port_Last_Status_Change = $SW_PORT_LAST_ST_CHANGE" >> $EMAIL_BODY
done
fi
# Send the result via EMAIL to admin emails as mentioned in start.
# Add footer
DATE=`date`
echo "
Switch Query Ends Here at $DATE

$COMPANY
$FOOTER"
echo "
Switch Query Ends Here at $DATE

$COMPANY
$FOOTER" >> $EMAIL_BODY
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL1 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
#cat $MSGDOWNHOLDER | curl "http://$KANNELURL/cgi-bin/sendsms?username=$KANNELID&password=$KANNELPASS&to=$CELL1" -G --data-urlencode text@-

# Script Ends here #

 


Result/Report Sample:

Result via Email:

1- sw-report.PNG


Result in CMD:


#### root@ubuntu:/temp# ./portquery.sh 192.168.255.254

192.168.255.254 SWITCH QUERY Starts @ Sat Jan 28 00:49:07 PKT 2017
Switch Model: "WS-C3750G-24PS-S"
Switch Name: "X-switch"
Switch type: GIGABIT Model
Switch Fw : "Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)
Switch Uptime: 13 days, 17:24:37.14
Switch CPU Usage: 6
Switch VLAN Numbers: 57

Ports Status :

PORT_Number: 01 / Status: UP / Name: n/a / Speed: 1000 mbps / Port_Last_Status_Change = 0:01:19.59
PORT_Number: 02 / Status: DOWN / Name: ServerX / Speed: n/a / Port_Last_Status_Change = 0:01:13.07
PORT_Number: 03 / Status: UP / Name: Server4 / Speed: 1000 mbps / Port_Last_Status_Change = 7 days, 23:46:45.26
PORT_Number: 04 / Status: UP / Name: n/a / Speed: 1000 mbps / Port_Last_Status_Change = 7 days, 23:46:44.53
PORT_Number: 05 / Status: UP / Name: n/a / Speed: 1000 mbps / Port_Last_Status_Change = 0:01:16.08
PORT_Number: 06 / Status: UP / Name: n/a / Speed: 1000 mbps / Port_Last_Status_Change = 7 days, 23:46:42.48
PORT_Number: 07 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.07
PORT_Number: 08 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.07
PORT_Number: 09 / Status: DOWN / Name: vlanX / Speed: n/a / Port_Last_Status_Change = 0:01:13.07
PORT_Number: 10 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 13 days, 1:53:58.05
PORT_Number: 11 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 12 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 13 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 14 / Status: DOWN / Name: test-trunk-XX-new / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 15 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 16 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 17 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 18 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 19 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 20 / Status: UP / Name: XXX_gb_media_test / Speed: 1000 mbps / Port_Last_Status_Change = 0:01:16.09
PORT_Number: 21 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 22 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 23 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 24 / Status: DOWN / Name: up_2_jr_sw / Speed: n/a / Port_Last_Status_Change = 0:01:11.68
PORT_Number: 25 / Status: UP / Name: up-2-XXX / Speed: 1000 mbps / Port_Last_Status_Change = 0:01:18.92
PORT_Number: 26 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:11.71
PORT_Number: 27 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:11.72
PORT_Number: 28 / Status: UP / Name: XXX-SWX by FC / Speed: 1000 mbps / Port_Last_Status_Change = 12 days, 10:12:00.62

Switch Query Ends Here at Sat Jan 28 00:49:22 PKT 2017

zaib (Pvt) Ltd.
Powered By Syed.Jahanzaib
Jan 28 00:49:26 ubuntu sendEmail[16553]: Email was sent successfully!


playSMS COMMAND sample config [for incoming sms action]

playsms command.PNG

playSMS log when incoming message with specific keyword ‘switch x.x.x.x’ is received

127.0.0.1 localhost 2017-01-28 01:11:32 PID588ba9743d5c2 - L2 kannel__call # start load:/var/www/playsms/plugin/gateway/kannel/geturl.php
127.0.0.1 localhost 2017-01-28 01:11:32 PID588ba9743d5c2 - L3 kannel__incoming # remote_addr:127.0.0.1 remote_host:localhost t:[2017-01-28 03:11:27] q:[+923333021909] a:[switch X.X.X.X] Q:[13013] smsc:[] smsc:[]
127.0.0.1 localhost 2017-01-28 01:11:32 PID588ba9743d5c2 - L3 recvsms # isrecvsmsd:1 dt:2017-01-28 03:11:27 sender:+923333021909 m:switch X.X.X.X receiver:13013 smsc:
127.0.0.1 localhost 2017-01-28 01:11:32 PID588ba9743d5c2 - L2 kannel__call # end load geturl
- - 2017-01-28 01:11:32 PID58798d2cbeb7d - L3 recvsmsd # id:261 dt:2017-01-28 03:11:27 sender:+923333021909 m:switch X.X.X.X receiver:13013 smsc:
- - 2017-01-28 01:11:32 PID58798d2cbeb7d - L3 recvsms_process # dt:2017-01-28 03:11:27 sender:+923333021909 m:switch X.X.X.X receiver:13013 smsc:
- - 2017-01-28 01:11:32 PID58798d2cbeb7d - L3 gateway_decide_smsc # SMSC supplied:[] configured:[] decided smsc:[]
- - 2017-01-28 01:11:32 PID58798d2cbeb7d - L3 sms__command # command_exec:/var/lib/playsms/sms_command/1/portquery.sh 'X.X.X.X'
- - 2017-01-28 01:11:58 PID58798d2cbeb7d - L3 recvsms_process # feature:sms_command datetime:2017-01-28 03:11:27 sender:+923333021909 receiver:13013 keyword:SWITCH message:X.X.X.X raw:switch X.X.X.X smsc:

once the sms is received the playsms will execute the script, and will reply back by email or sms OR according to the configuration set in the script.


Regard’s

Syed Jahanzaib

January 26, 2017

Check remote windows logged-in user/lock status via BASH

Filed under: Microsoft Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 10:42 AM

locked

Scenario:

We have Active Directory environment in our office. Clients OS are mixed starting from windows 2000/2003/2008 and Win7.
For some specific reasons/policy, our helpdesk staff is often required to inquire if the employee is working on his workstation or if his/her windows status is locked.

Solution:

Since I am using my Ubuntu box to manage most of the Active Directory functions using Webmin/BASH scripts, therefore I made a small bash script which queries for remote windows logged in user session and windows locked/unlocked status.

The bash script does the following …

  • Check for remote PC PING Status, if ping fails, exit with error
  • Get remote windows IP via NSLOOKUP using local DNS
  • Current Logged-in user and their status
  • Current status of windows either its locked/unlocked.
  • TRIM the results and display according to our taste

the Script!

> root@linux:/temp# cat winuserstatus.sh

#!/bin/bash
# Script to check remote windwos status, like Loggedin + Windows Lock/Unlock status
# More functions can be added/removed as required.
# I attached this script to webmin for our Support dept.
# Syed Jahanzaib / aacable.wordpress.com / aacable @ hotmail . com
# Created: 25-JAN-2017
# Revised: 29-JUN-2017
#set -x
QUSER_HOLDER="/tmp/$1.quser"
LOCK_HOLDER="/tmp/$1.lockstatus"
REMOTE_PC="$1"
PING_ATEMPTS="1"
PING_STATUS="/tmp/$1.ping.status"
LOCAL_DNS_IP="101.11.11.5#"

# Domain credentials details so that winexe can execute commands on all domain clients
DOMAIN="YOURDOMAINNAME"
DOMAIN_ADMIN="ADMINID"
ADMIN_PASS="PASSWORD"
# Empty All Holders
> $QUSER_HOLDER
> $LOCK_HOLDER
> $PING_STATUS
# Check if remote PC is accessibel or not,
## IF PING FAILS then inform accordingly and EXIT
ping -q -c $PING_ATEMPTS $REMOTE_PC &>/dev/null > $PING_STATUS
PING_RESULT=`cat $PING_STATUS`
if [ "$PING_RESULT" = "" ]; then
echo "ERROR: Unable to resolve hostnname using $LOCAL_DNS_IP DNS Server.
Unknown HOST. Exiting"
exit 1
fi
# Print PC NAME (from $1 variable)
echo "Remote PC : $1"
IPADD=`nslookup $1 | grep Address | sed /$LOCAL_DNS_IP/d`
# Print IP of remote PC via nslookp using local DNS
echo "IP $IPADD"
# If ping failed, then print Error and EXIT
if [[ $(ping -q -c $PING_ATEMPTS $REMOTE_PC) == @(*100% packet loss*) ]]; then
echo "$1 not responding to ping request, probably system is not UP & without ping the status cannot be queried. Exiting ..."
exit 1
fi
# Query remote windows Logged in user using Linux WINEXE tool
winexe -U $DOMAIN/$DOMAIN_ADMIN%"$ADMIN_PASS" //$1 "quser" > $QUSER_HOLDER
QUSER_RESULT=`cat $QUSER_HOLDER |grep "Failed"`

if [[ -n "$QUSER_RESULT" ]]; then
echo "User Status = ERROR: Ping is ok but unable to query the user status."
exit 1
fi
QUSER_RESULT=`cat $QUSER_HOLDER |grep "Active"`
if [[ -n "$QUSER_RESULT" ]]; then
echo "User Status = Logged in User found ... details as below ...
$QUSER_RESULT"
fi

# Query remote windows TASK list to find if windows is locked/unlocked
winexe -U $DOMAIN/$DOMAIN_ADMIN%"$ADMIN_PASS" //$1 "tasklist" > $LOCK_HOLDER
LOCK_RESULT=`cat $LOCK_HOLDER |grep -E "LogonUI.exe|logon.scr"`

#Check if Someone is logged in via RDP session
QUSER_RESULT=`cat $QUSER_HOLDER |grep "rdp-tcp#0"`
if [[ -n "$QUSER_RESULT" ]]; then
echo "It seems someone is logged IN from RDP Session."
fi

# CHeck if windows is unlocked locally
if [[ "$LOCK_RESULT" = "" ]]; then
echo "Windows Status = Windows is UN-LOCKED"
fi

#Check if windwos is LOCKED locallay
if [[ -n "$LOCK_RESULT" ]]; then
echo "Windows Status = Windows Local Login seems to be Locked!"
fi

# Script function ends here
# Thank you


Result:

winuserexec result.PNG


Regard’s
Syed Jahanzaib

« Newer PostsOlder Posts »

%d bloggers like this: