Tuesday, April 24, 2012

Installation of Dionaea on Ubuntu


1.Set up the repository and install dionaea:
sudo add-apt-repository ppa:honeynet/nightly
sudo apt-get update
sudo apt-get install dionaea




2.Set up directory:


sudo mkdir -p /var/dionaea/wwwroot
sudo mkdir -p /var/dionaea/binaries
sudo mkdir -p /var/dionaea/log
sudo chown -R nobody:nogroup /var/dionaea/






3.Edit config file:


sudo mv /etc/dionaea/dionaea.conf.dist /etc/dionaea/dionaea.conf
sudo sed -i 's/var\/dionaea\///g' /etc/dionaea/dionaea.conf
sudo sed -i 's/log\//\/var\/dionaea\/log\//g' /etc/dionaea/dionaea.conf



4. Create a Dionaea in \etc\init.d:


sudo vi /etc/init.d/dionaea


add the following to the file.




#!/bin/sh


dionaea -c /etc/dionaea/dionaea.conf -w /var/dionaea -u nobody -g nogroup -D






5. Add execute permission to file:


sudo chmod +x /etc/init.d/dionaea






6. Set up dionaes as the startup service:


sudo update-rc.d dionaea defaults






7. Launch dionaea manually at the first time:


sudo /etc/init.d/dionaea





8. Check established connection log:

grep established /var/dionaea/log/dionaea.log | grep connection












Posted by



at





No comments:
  


































          

        

          

        

Monday, April 23, 2012


          

        









Allow Anonymous Relay on an Exchange 2010 Receive Connector










1. Create a New Receive Connector



New-ReceiveConnector -Name "Anonymous Relay" -Usage Custom -PermissionGroups AnonymousUsers -Bindings 10.2.x.xx:25 -RemoteIpRanges 192.168.x.xx 



2. Grant Relay Permission to Anonymous Connections









Get-ReceiveConnector
"Anonymous Relay" | Add-ADPermission -User "NT
AUTHORITY\ANONYMOUS LOGON" -ExtendedRights
"Ms-Exch-SMTP-Accept-Any-Recipient"












Posted by



at





No comments:
  


































          

        

          

        

Monday, April 16, 2012


          

        









PowerShell Script for Monitor SMTP Servers










1. Create a serverstatus.csv file like the following, to list all the SMTP servers that you need to monitor.

 #TYPE System.Management.Automation.PSCustomObject

"Name","IP","LastStatus","CurrentStatus","Updatetime"

"MKxxMX01","208.x.x.x","SUCCESS","SUCCESS","4/16/2012 10:24 AM"

"MKxxMX02","71.x.x.x","SUCCESS","SUCCESS","4/16/2012 10:24 AM"

"MKxxMAL03","192.168.10.x","SUCCESS","SUCCESS","4/16/2012 10:24 AM"

"MKxxMAL04","192.168.10.x","SUCCESS","SUCCESS","4/16/2012 10:24 AM"

"MKxxMAL01","192.168.40.x","SUCCESS","SUCCESS","4/16/2012 10:24 AM"







2.Create a count.txt. Type 0 inside the file.  If it gets errors, it sends our alert, very 15 minutes. If it keeps getting more than 4 errors, it will send out the alert every 1 hour. 



0







3.Create InfoRecipients.txt. List the mail address who will receive the alter.



6264x63xxx@tmomail.net,ts@xxxxxxxx.com,xxxx.techsupport@gmail.com







4.PowerShell Script.





##########################################################



##        Send mail to test the mail server!!           ##



##########################################################



$ErrorActionPreference = "silentlycontinue"



#$ErrorActionPreference = "continue"



[Int]$Count= Get-Content -Path count.txt



$CurrentStatus = "SUCCESS"



$Serverlist = Import-Csv serverstatus.csv



$emailFrom = "SMTPtest@xxxamericaxx.com"



$emailTo = Get-Content -Path testaddress.txt



$subject = "Mail test from Chicago every 15 minutes"



$body = "Mail test from Chicago DataCenter."







foreach ( $Server in $Serverlist)



{



 $Server.LASTSTATUS=$Server.CURRENTSTATUS



 $smtpServer= $Server.IP



 $smtp = new-object Net.Mail.SmtpClient($smtpServer)



 $smtp.Send($emailFrom, $emailTo, $subject, $body)



 $TestStatus=$?



 if ($TestStatus)



  {



  $Server.CurrentStatus= "SUCCESS"



  }



  ELSE



  {



  $Server.CURRENTSTATUS= "FAILURE"



  $CurrentStatus = "FAILURE"



     }



 $Server.UPDATETIME = Get-Date -Format g



}







$Serverlist | Export-Csv serverstatus.csv



If ($CurrentStatus -eq "SUCCESS")



 { 



 $count = 0



 }



 Else



 { 



 $count += 1



 }



Set-Content -Path count.txt -Value $Count



$Modulo = $count % 4



#####################################################



###              Send out SMS!!                   ###



#####################################################



$body=""



$Needtosend="False"



foreach ( $Server in $Serverlist)



{



 if (($Server.LastStatus -eq "FAILURE") -or ($Server.CurrentStatus -eq "FAILURE"))



 {



 $Needtosend="True"



 $body=$body+$server.Name+","+$Server.CurrentStatus+","+$server.Updatetime+".  "



 }



}



If (($Needtosend -eq "True") -and (($Count -le 1) -or ($Modulo -eq 2 )))



 {



 $emailTo = get-content -path InfoRecipients.txt



 $subject = "Mail Server testing Alert."



 $smtpServer = "smtpserver.xxxamericaxx.com"



 $smtp = new-object Net.Mail.SmtpClient($smtpServer)



 $smtp.Send($emailFrom, $emailTo, $subject, $body)



    Set-Content -Path LastResult.txt -Value $body



 }
















Posted by



at





No comments:
  


































          

        

          

        

Wednesday, April 11, 2012


          

        









WMWare Server 2.0 Restart Guest Dos Script












@echo off



REM power off VM.

vmrun -T server -h https://127.0.0.1:8333/sdk -u vmusername -p Password stop "[standard] GuestVMName\GuestVMName.vmx" soft



REM detect vm is off or not.

:while



vmrun -T server -h https://127.0.0.1:8333/sdk -u vmusername -p Password list | FINDSTR /C:"GuestVMName.vmx"

IF %ERRORLEVEL% EQU 0 (

 PING 127.0.0.1 -n 60

 GOTO while

) ELSE (

 PING 127.0.0.1 -n 15

 vmrun -T server -h https://127.0.0.1:8333/sdk -u vmusername -p Password start "[standard] GuestVMName\GuestVMName.vmx"

        PING 127.0.0.1 -n 15

 EXIT

)









Posted by



at





No comments:
  


































          

        

          

        

Tuesday, April 10, 2012


          

        









VMWare 2.0 Guest switches












Add the following Switches on the  *.VMX file can improve the Guest OS performance 




sched.mem.pshare.enable = "FALSE"

mainMem.useNamedFile = "FALSE"

prefvmx.minVmMemPct = "100"



MemAllowAutoScaleDown = "FALSE"

MemTrimRate = "0"





Disable the TCP Offload Engine features in the driver on the 
host to improve guest network performance.


Disable the TCP Offload Engine features on the host:


Go to 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters


    

  1. Create a key named DisableTaskOffload, of type DWORD.

  2. Set the value of the key to 1 .

  3. Close the Registry Editor and restart the computer. 
    4. 













Posted by



at





No comments:
  


































          

        

          

        

Monday, April 9, 2012


          

        










Java Script for LAN Web Proxy Setting










1. Create Java Script.

FileName: wpad.pac

Java Script Content for Wpad.pac




function FindProxyForURL(url, host)
{
  if  (
 (isPlainHostName(host)) ||
 (dnsDomainIs(host,".xxxxxxx.com")) ||
 (dnsDomainIs(host,".aesdirect.gov")) ||
 (dnsDomainIs(host,".adobe.com")) ||
 (dnsDomainIs(host,".symantec.com")) ||
 (dnsDomainIs(host,".symantecliveupdate.com")) ||
 (dnsDomainIs(host,".windowsupdate.com")) ||
 (dnsDomainIs(host,".microsoft.com")) ||
 (dnsDomainIs(host,".smartxxxxx.com")) ||
 (dnsDomainIs(host,".citigroup.com")) ||
 (dnsDomainIs(host,".citibank.com")) ||
 (isInNet(host,"192.168.0.0","255.255.0.0")) ||
 (isInNet(host,"208.xx.xx.0","255.255.255.0")) ||
 (isInNet(host,"127.0.0.1","255.255.255.255")) ||
 (isInNet(host,"172.28.1.0","255.255.255.0")) ||
 (isInNet(host,"172.29.1.0","255.255.255.0")) ||
 (isInNet(host,"172.16.52.0","255.255.255.0"))
 )
 return "DIRECT";
  else return "PROXY proxyservername.xxxxx.com:port#; DIRECT";
}












2. Put the wpad.pac on webserver. 


   The url is http://webservername/wpad.pac












3. Configure AD Group Policy to Apply the proxy setting.


   Go to User Configuration---Windows Settings---Internet Explorer Maintenance---Connection---Automatic Browser Configuration---(1.Enable Automatic Configuration. 2. enter the Automatic proxy URL.).


    Please see the following picture.






   










Posted by



at





No comments:
  


































        

      









Subscribe to:
Posts (Atom)