Identifying Interfaces by flashing thier led's

You can use the ethtool to identify a network interface.
ethtool -p <interface>

You can see the result at the yellow blinking LED below.

Unfortunately not every network interface supports this feature.

Cheers,
Ori


00_Git

Git is a open source distributed version control system.
What does that mean?

The job of a Version Control System is to save files, provide access to them and document changes made to those files. Documented changes are what has been changed when by whom. Normally these systems get used to manage source code, however other types of data can get versionized in that manner as well. Often systems like this get referred to as a CVS rather then a VCS. It means the same.

In case it gets necessary to rollback to a version prioror to a specific change using Git or another VCS it is not a hard task. In software development companys there usually is a server that is running a VCS and the employees are connecting to that resource to apply changes to the code.

One problem with this is that this resource is only available inside the company network. If you are not in, have no VPN to the company network or the internet on one of the branches fails, you cannot commit changes to the code.

Before diving into the most common git terms and the concepts underneath them lets take a look at the distrubuted I mentioned in the beginning. In a classic VCS there is a centralized server that keeps track of code changes.

Distributed in this case means that EVERY user has a local copy of ALL changes. The advantage of this is that most of gits functions can be used without connecting to any server.

You are probably already realizing that versioning has a lingo in itself.
Earlier I was speaking of applying changes to code then I used the term committig changes.

Let me show you the most frequent terms you will face and what they mean.

Git Lingo
Pull - to download or refresh files that have been downloaded in the past and the related change history for those files

Commit - uploading or applying changes to files

Yes GIT does run on windows and it has a GUI.
No I will not get into that.

Now that this is out of the way, let us begin.
If git is already installed on your system you can find out by typing git --version

(To get git integrated into the shell, like in the screenshot above, take a look at my OhMyZsh Post 1 and Post 2.)

If git is not installed in your distro, you can install it using apt, yum, rpm etc.

apt install git

Cheers,
Ori


Setting up a SNAT

A SNAT or source NAT lets you redirect packets that are beeing sent to a specific IP and Port.

Lets say wo want to have a server in your internal network that you want to be able to ssh into using your Public IP on port 2022.

In the Policy Manager go to Edit > Add Policy...

There go to Manage Custom... > New... > Add... > Server Port: 2022

This way you define a template for a firewall rule that is looking at traffic inbound on port 2022.

Select this new template and select Add Policy...
Here you choose Any-External in the From field and at the to field click on Add... > Add SNAT... > Add... > Add... >

At IP Address or Interface you define the external IP that you want to connect to. At host the IP in your local network.

Now check the box that says set internal port to a different port to redirect traffic incomming on port 2022 to port 22.

Cheers,
Ori


Monitoring RegKeys

In this article I want to show you how you can use the Process Monitor from the Sysinternals of Microsoft to monitor the changes made to Registry Keys.

Also I use the Process Explorer, wich is a more powerfull Taskmanager ist. However the Taskmanager will do as well.

When you start the Process Monitor (procmon.exe) you will be presented with a filter pop-up.
Thank you, very intrusive of you.

Here you can filter what sort of activity you want to monitor.
Lets take a look of the installation process of WinRAR.

Start the installation and check for the PID (Process ID).

Select in the head of the

Wählt dann in der Kopfzeile des Filterdialoges PID is <PID> then include aus.

As in this filter options you also define what sort of events you do NOT want to see we will have to disable the filter for RegKeys.

Double negative and stuff.

After about 30 Seconds of software installation later procmon has filtered 2.5 million events and is displaying about 2600 that might be interresting to us.

Good but not good enaugh.
At this point I save (Strg + S) the results to a CSV file.

Then I open them in Excel to have a closer look at them.
Then I import the same data from the CSV again. Because.

Just leave all values on default, meaning that Excel expects values seperated by a comma from a CSV (Comma Seperated Value) file.

Now I can filter for single Registry Events.

Lets take a look at the most interresting Events.
RegCreateKey
RegSetInfoKey

That narrows it down to four.

Start the Windows Run dialog using Windows + R and enter RegEdit.

This way you can edit the Windows Registry.

If you want to learn more about the Windows Registry check out this techconsumerguide article on the subject.

Internet Explorer\BrowserEmulation does not sound that interresting.

Lets look at Software\WinRAR SFX an.
This RegKey holds the path to the WinRAR.exe.

Lets look at SyncRootManager.

Not all that impressive but I think you get the point.

Cheers,
Ori


Of Factorio

In my free time, amongst other things, I like to play a round of Factorio.
In a nutshell Factorio is a game centered around automating production.

I think this Video explains the concept of the game quite well.

https://www.youtube.com/watch?v=KVvXv1Z6EY8

This game can be played by multiple players on a server.
There is a nice Docker Container for Factorio that allows you to have your own server up and running in no time.

 

Unfortunately there is no easy way to allow other players uploading maps to the server.
So I came up with a solution using nextcloud.

What you need:

  • A Docker Host that is running the dtandersen/factorio container
  • A resource (like a nextcloud) that you can check a file from, download a savegame from and share with others

The Idea:

  • The Docker Host is running a script (see below) every minute

Add the following line to the /etc/crontab and use the path were you dropped that script.

* * * * * root /path/to/script.sh

  • This script checks the content of a textfile at a resource of your choice using ssh
  • In case the text file does not contain a 1, nothing happens
  • In case the file does contain a 1 the script will be run

The script:

  • Stops docker
  • Moves the currently running map in a backup directory
  • Then deletes the current savegame
  • Connects to a ressource, downloads *.zip and places them in the savegame directory
  • Changes the owner of the savegame so the docker container can work with it
  • Restarts docker
  • Writes into a logfile at the ressource

Directories:

  • The savegame directorz, mounted by the container is  /opt/factorio/save

You will have to change the script by hand, and generate the ssh keys.
It is not pretty but it does work.

 

Cheers,
Ori

 

#!/bin/bash
factorio=$(ssh root@IP 'cat path/to/Checkme.txt')

if (echo $factorio | grep -q "1")
then
service docker stop
cp /opt/factorio/saves/save.zip /opt/factorio/backup_save/save.zip
rm -rf /opt/factorio/saves/*
scp root@IP:/path/to/savegame/\*.zip /opt/factorio/saves/.
chown -R 845:845 /opt/factorio/saves

service docker start

ssh root@192.168.122.79 'echo "0" > path/to/Checkme.txt'
ssh root@192.168.122.79 'echo "Server rebooted at $(date +\%d-\%m-\%Y-\%H-\%M-\%S)" >> path/to/RebootLog.txt'
factorio=0
else
echo "DEBUG ME SEMPAI"
fi


Orca MSI Editor

The Orca MSI Editor is part of the Windows 10 SDK and enables you to edit the settings of an MSI file.
In the default settings the 4.4 MB lightweight SDK gets installed at C:\Program Files (x86)\Windows Kits\10 installiert.

In order to be able to edit MSI files we simply need to install the MSI Tools.

In the installation path you will find the subfolder WindowsSDK\Installers that contain the file Orca-x86_en-us.msi.
The full path in a default install is:

C:\Program Files (x86)\Windows Kits\10\WindowsSDK\Installers\Orca-x86_en-us.msi

After you have run this, in the context menu of right klicking an MSI file, you will find the option to  edit with Orca.

Using this tool you can do a lot of finetuning before rolling out a MSI.

Cheers,
Ori


[HP / Aruba ] Troubleshooting V-Lan issues / finding physical devices

In this article I want to show you how to find out where physical devices are connected to in a network using HP Switches.
Typical scenario, will happen from time to time:

  • A customer reports that a user cannot access resource X
  • You check his IP and see that he or she has a lease from a wrong network

Usually this means that the user is connected to a port configured with a wrong v-lan on it.
If there is a clean documentation that issue should be quite easy to solve.
Unfortunately you sometimes have to deal with customers that seem to have guerilla cabeling written in thier company policy or that have taken over a bad IT infrastructure. You will find a cable that runs into a (hopefully) labeled port in the wall and then ends up somewhere in some switch.
How do you find out what port has to be reconfigured in order for the customer to be able to work?

First find out the MAC Address of the device you want to find in your network.
At a windows machine use ipconfig, on Linux / Apple use ifconfig or ip.

Now login to one of the customers switches using SSH.
Check if LLDP is active.

show lldp config

If not you should enable LLDP on all devices first.
More details can be found here.

Then check the MAC Address Table of the Switch for the MAC Address of the device you are looking for.

show mac-address <MAC>

The Switch knows that MAC on port 49...
Port 49 on a 48 Port Switch is quite a Dead Giveaway that you are looking at a glas uplink to another switch.

Lets look at the MAC Table of port 49.
(Or rather filter for devices at that port)

show mac-address ethernet <Interface>

As expected there are quite a lot of devices there.
Lets check LLDP what is behind Port 49.

show lldp info remote-device ethernet <Interface>

Aha, another switch.
This way you can hop from device to device until you found out what port this device is connected to.

The you can change the v-lan config of that interface and everything should work as expected for the user.

THINK TWICE ABOUT WHAT YOU ARE DOING!
IF YOU MESS UP THE V-LAN CONFIG OF AN UPLINK YOU CAN END UP CRASHING THE ENTIRE NETWORK OR PARTS OF IT!

... and if in that case you are not on-site, good night!

Cheers,
Ori


02_OhMyZsh Plugins and Themes

OhMyZsh comes with a lot of Plugins that change the way the ZSH handels.
There is a Wiki on the official github page of the project, that only covers these plugins.

If you have a look into the .zshrc in your home directory you will find the part about plugins.

You can add any number of plugins you want from the above mentioned resource.
Now change into the directory .oh-my-zsh/
You will notice a couple of things.

The Tilde (~) that has shown you that you are in your home directory has changed to .oh-my-zsh.
So far so self explanatory.

ZSH has been, as shown in the above .zshrc screenshot, been started with the git plugin.
Since .oh-my-zsh is a pulled git repository, the prompt now shows git:
And since you are in the master branch of the repo, the promt reads git:(master).

In here you will find the directory themes that is containing (shocker) OhMyZsh's themes library.
These themes define what the zsh looks like.

If you want to know what to expect look at this.
To apply one of the themes to go your .zshrc and edit the line ZSH_THEME.
Just replace the default theme robbyrussell with a theme of your choice.

After you have saved your changes you can apply the changes by sourcing the .zshrc.
source ~.zshrc

If you now cd into .oh-my-zsh again, your prompt will look like this.

If you are in a repo and make changes to the branch that you are in, the color will change until you commit.
Now it is up to you, go and find the themes and plugins that make your day!

Cheers,
Ori


01_OhMyZsh installation

In this article I want to recommend to you using the very powerful zsh (z-shell) extension OhMyZsh.

First check if zsh is installed already.
which zsh

If not update your sources and install it.
apt install zsh

It makes sense to make zsh your default.
chsh -s $(which zsh)

After you log back in or reboot your machine you will be faced with the following:

I do recommend using option 2 as it will created the usual .rc file in your home dir that you would expect.
Then zsh will greet you with a very simplistic prompt.

If you have not installed it by now, install git.
apt install git

Now pull OhMyZsh from github and installit using curl or wget.

Curl
sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"

Wget
sh -c "$(wget https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh -O -)"

 

That was the entire magic, OhMyZsh is now installed.
See the other article(s) on what you can do with it.

Cheers,
Ori


05_Byobu nesting

Nesting means starting a byobu session within a byobu session. (Yo, dawg)
On one system that does not really make sense.

If you have a session on your local machine and then ssh into another machine just to start a byobu session there, you have a nested session.

If you now press for example Ctrl + a ---> c to open a new window, it will be opened on your local machine.
To send the same command one layer deeper, use Strg + a ---> ac.

This means that every a you are using is pushing your command one nesting layer up.
This is what this looks like on a nesting of three layers.

This way you can have a window for your host, one for each HV (hypervisor) and one for each VM on the HV.

Cheers,
Ori