Monthly Archives: September 2011

Configuring OpenSSH to accept public-key authentication

Configuring OpenSSH to accept public-key authentication

To enable your OpenSSH to accept version 2 public key, you would need to modify /etc/ssh/sshd_config. You could use vi editor (or whatever editor you are familiar with) to uncomment/add/modify the following lines to /etc/ssh/sshd_config:

# the default SSH port is 22, you could alter it if necessary
Port 22

# accept version 2 keys only
Protocol 2

# NEVER allow root to login directly over the net
PermitRootLogin no
StrictModes yes
MaxAuthTries 3

# enable public-key authentication
RSAAuthentication no
PubkeyAuthentication yes

# securing your OpenSSH
# do not use host-based authentication for security reason
RhostsRSAAuthentication no
HostbasedAuthentication no
IgnoreUserKnownHosts yes
PermitEmptyPassword no

# do not allow telnet-type login for security reason
ChallengeResponseAuthentication no
PasswordAuthentication no

X11Forwarding yes
X11DisplayOffset 10

After you have made changes to /etc/ssh/sshd_config, you would need to restart the OpenSSH daemon by executing `/etc/init.d/ssh restart` (on Ubuntu).

at command using

at command to schedule a command, a script, or a program to run at a specified date and time.

The at command  syntax:
at \\computername time /interactive | /every:date,… /next:date,… command
at \\computername id /delete | /delete/yesThe following list describes the parameters that you

Parameters
\\computername: Use this parameter to specify a remote computer. If you omit this parameter, tasks are scheduled to run on the local computer.
time: Use this parameter to specify the time when the task is to run. Time is specified as hours:minutes based on the 24-hour clock. For example, 0:00 represents midnight and 20:30 represents 8:30 P.M.
/interactive: Use this parameter to allow the task to interact with the desktop of the user who is logged on at the time the task runs.
/every:date,…: Use this parameter to schedule the task to run on the specified day or days of the week or month, for example, every Friday or the eighth day of every month. Specify date as one or more days of the week (use the following abbreviations: M,T,W,Th,F,S,Su) or one or more days of the month (use the numbers 1 through 31). Make sure that you use commas to separate multiple date entries. If you omit this parameter, the task is scheduled to run on the current day.
/next:date,…: Use this parameter to schedule the task to run on the next occurrence of the day (for example, next Monday). Specify date as one or more days of the week (use the following abbreviations: M,T,W,Th,F,S,Su) or one or more days of the month (use the numbers 1 through 31). Make sure that you use commas to separate multiple date entries. If you omit this parameter, the task is scheduled to run on the current day.
command: Use this parameter to specify the Windows 2000 command, the program (.exe or .com file), or the batch program (.bat or .cmd file) that you want to run. If the command requires a path as an argument, use the absolute path name (the entire path beginning with the drive letter). If the command is on a remote computer, use the Uniform Naming Convention (UNC) path name (\\ServerName\ShareName). If the command is not an executable (.exe) file, you must precede the command with cmd /c, for example, cmd /c copy C:\*.* C:\temp.
id: Use this parameter to specify the identification number that is assigned to a scheduled task.
/delete: Use this parameter to cancel a scheduled task. If you omit the id parameter, all scheduled tasks on the computer are canceled.
/yes: Use this parameter to force a yes answer to all queries from the system when you cancel scheduled tasks. If you omit this parameter, you are prompted to confirm the cancellation of a task.

Creating a Scheduled Task
type netstart tocheck taskscheduler running,if not netstart “task scheduler”
 
Eg: c:\> net start
SSDP Discovery Service
 System Event Notification
 System Restore Service
 Task Scheduler
 TCP/IP NetBIOS Helper
 Telephony
 Terminal Services
then type
at \\computername time /interactive | /every:date,… /next:date,… command

eg:at /every:W,F 08:45 move c:\test\mydumplog d:\mydump

To copy all files from the Documents folder to the MyDocs folder at midnight, type the following line, and then press ENTER:
at 00:00 cmd /c copy C:\Documents\*.* C:\MyDocsTo back up the Products server at 11:00 P.M. each weekday, create a batch file that contains the backup commands (for example, Backup.bat), type the following line, and then press ENTER to schedule the backup:
at \\products 23:00 /every:M,T,W,Th,F backupTo schedule a net share command to run on the Sales server at 6:00 A.M. and to redirect the listing to the Sales.txt file in the shared Reports folder on the Corp server, type the following line, and then press ENTER:
at \\sales 06:00 cmd /c “net share reports=d:\Documents\reports >> \\corp\reports\sales.txt”

Cancelig a Scheduled Task
at \\computername id /delete | /delete/yes

Note:
At does not automatically load Cmd.exe, the command interpreter, before running commands. If you are not running an executable (.exe) file, you must explicitly load Cmd.exe at the beginning of the command as follows:

cmd /c dir > c:\test.out

Commands scheduled with at run as background processes. Output is not displayed on the computer screen. To redirect output to a file, use the redirection symbol (>). If you redirect output to a file, you need to use the escape symbol (^) before the redirection symbol, whether you are using at at the command line or in a batch file. For example, to redirect output to Output.text

eg:at 14:45 c:\test.bat ^>c:\output.txt

other examples
To schedule a net share command to run on the Corp server at 8:00 A.M. and redirect the listing to the Maintenance server, in the Reports shared directory, and the Corp.txt file, type:

at \\corp 08:00 cmd /c “net share reports=d:\marketing\reports >> \\maintenance\reports\corp.txt”

To back up the hard drive of the Marketing server to a tape drive at midnight every five days, create a batch program called Archive.cmd, which contains the backup commands, and then schedule the batch program to run, type:

at \\marketing 00:00 /every:5,10,15,20,25,30 archive

To cancel all commands scheduled on the current server, clear the at schedule information as follows:

at /delete

To run a command that is not an executable (that is, .exe) file, precede the command with cmd /c to load Cmd.exe as follows:

cmd /c dir > c:\test.out

windows 2008 command based backup

Windows 2008 backup

Microsoft has been introused a volume level back up(volume shadow copy)and recovey solution in their new version of windows 2008 called as Windows server backup(WBAdmin),a MMc snap in based.This is a replacement of old style windows back up (Ntbackup.exe) and extremely faster and supports restoring from backup to a different hardware.

To be know Windows Server Backup is a disk-to-disk backup solution ,it does not support backing up to tapes.Which means backup targets are
Direct attached disk volumes
External USB drives
Network Shares
Recordable DVDs

Components using Windows Server Backup
Backup Management Console (WBADMIN.MSC) – A GUI
Command-line user interface (WBADMIN.EXE) – Using command operations
Backup Service (WBENGINE.EXE) – Running the jobs which we create
Set of Powershell Cmdlets

Windows Server Backup Features
# Simplified restoration. You can restore items by choosing a backup and then selecting specific items from that backup to restore. You can recover specific files from a folder or all the contents of a folder. In addition, previously, you needed to manually restore from multiple backups if the item was stored on an incremental backup. But this is no longer true—you can now choose the date of the backup version for the item you want to restore.

# Simplified recovery of your operating system. Windows Server Backup works with new Windows recovery tools to make it easier for you to recover your operating system. You can recover to the same server—or if the hardware fails, you can recover to a separate server that has similar hardware and no operating system.

#Faster backup technology. Windows Server Backup uses Volume Shadow Copy Service (VSS) and block-level backup technology to back up and recover your operating system, files and folders, and volumes. After the first full backup is created, you can configure Windows Server Backup to automatically run incremental backups by saving only the data that has changed since the last backup. Even if you choose to always perform full backups, your backup will take less time than it did in earlier versions of Windows.

#Offsite removal of backups for disaster protection. You can save backups to multiple disks in a rotation, which enables you to move disks from an offsite location. You can add each disk as a scheduled backup location and, if the first disk is moved offsite, Windows Server Backup will automatically save backups to the next disk in the rotation.

#Automatic disk usage management. After you configure a disk for a scheduled backup, Windows Server Backup automatically manages the disk usage—you do not need to be concerned about running out of disk space after repeated backups. Windows Server Backup will automatically reuse the space of older backups when creating new backups. The management tool displays the backups that are available and the disk usage information. This can help you plan for provisioning additional storage to meet your recovery objectives.

#Remote administration. Windows Server Backup uses an MMC snap-in to give you a familiar and consistent experience for managing your backups. After you install the snap-in, you can access this tool through Server Manager or by adding the snap-in to a new or existing MMC console. Then, you can manage backups on other servers by clicking the Action menu in the snap-in, and then clicking Connect to Another Computer.

For using the backup ,the difference from previous versions you must install the Windows Server Backup, Command-line Tools, and Windows PowerShell items that are available in the Add Features Wizard in Server Manager.

How to install backup and recovery tools
Step1:Click Start, click Server Manager, in the left pane click Features, and then in the right pane click Add Features. This opens the Add Features Wizard.

Step2:In the Add Features Wizard, on the Select Features page, expand Windows Server Backup Features, and then select the check boxes for Windows Server Backup and Command-line Tools.

Step3:Click Add Required Features, and then click Next.

Step4:On the Confirm Installation Selections page, review the choices that you made, and then click Install. If there is an error during the installation, it will be noted on the Installation Results page.

After installations to access the tool from

Step1:Windows Server Backup snap-in, click Start, click Administrative Tools, and then click Windows Server Backup.

Step2:Click Start, right-click Command Prompt, and then click Run as administrator. At the prompt, type: wbadmin

Location of the file is c:\windows\system32\wbadmin.exe
command line syntax:

Wbadmin start backup -backupTarget:\\[Server]\[Share name] -include:C: -vssFull -quiet

That command will perform a complete backup on the server without any user interaction.

Wbadmin enable backup :-Configures and enables a daily backup schedule.
This subcommand applies only to Windows Server 2008.

Wbadmin disable backup :-Disables your daily backups.This subcommand applies only to Windows Server 2008.

Wbadmin start backup :-Runs a one-time backup. If used with no parameters, uses the settings from the daily backup schedule.

Wbadmin stop job :-Stops the currently running backup or recovery operation.

Wbadmin get versions :-Lists details of backups recoverable from the local computer or, if another location is specified, from another computer.

Wbadmin get items :-Lists the items included in a specific backup.

Wbadmin start recovery :-Runs a recovery of the volumes, applications, files, or folders specified.

Wbadmin get  :-Shows the status of the currently running backup or recovery operation.

Wbadmin get disks :-Lists disks that are currently online.

Wbadmin start systemstaterecovery :-Runs a system state recovery.

Wbadmin start systemstatebackup :-Runs a system state backup.

Wbadmin delete systemstatebackup :-Deletes one or more system state backups.

Wbadmin start sysrecovery :-Runs a recovery of the full system (at least all the volumes that contain the operating system’s state). This subcommand applies only to Windows Server 2008, and it is only available if you are using the Windows Recovery Environment.

Wbadmin restore catalog :-Recovers a backup catalog from a specified storage location in the case where the backup catalog on the local computer has been corrupted.

Wbadmin delete catalog :-Deletes the backup catalog on the local computer. Use this command only if the backup catalog on this computer is corrupted and you have no backups stored at another location that you can use to restore the catalog.

Gnu Utilities for windows

Gnu Utilities (GnuWin)are similar like opensource licence(Not missing your unix command line tools) provided with any standard 32-bits MS-Windows operating system, such as MS-Windows 95 / 98 / ME / NT / 2000 / XP / 2003 / Vista.

CoreUtils for Windows

File utilities:

* chgrp: Changes file group ownership.
* chown: Changes file ownership.
* chmod: Changes file permissions.
* cp: Copies files.
* dd: Copies and converts a file.
* df: Shows disk free space on filesystems.
* dir: Gives a brief directory listing.
* dircolors: Setup program for the color output of GNU ls.
* du: Shows disk usage on filesystems.
* install: Copies file and sets its permissions.
* ln: Creates file links.
* ls: Lists directory contents.
* mkdir: Creates directories.
* mkfifo: Creates FIFOs (named pipes).
* mknod: Creates special files.
* mv: Moves files.
* rm: Removes (deletes) files.
* rmdir: Removes empty directories.
* shred: Destroy data in files.
* sync: Synchronizes filesystem buffers and disk.
* touch: Changes file timestamps.
* vdir: Long directory listing.

Text utilities:

* cat: concatenates and prints files on the standard output
* cksum: checksum and count the bytes in a file
* comm: compares two sorted files line by line
* csplit: splits a file into sections determined by context lines
* cut: remove sections from each line of files
* expand: convert tabs to spaces
* fmt: simple optimal text formatter
* fold: wrap each input line to fit in specified width
* head: output the first part of files
* join: join lines of two files on a common field
* md5sum: compute and check MD5 messsage digest
* nl: number lines of files
* od: dump files in octal and other formats
* paste: merge lines of files
* ptx: produce a permuted index of file contents
* pr: convert text files for printing
* shasum: compute and check SHA1 message digest
* sort: sort lines of text files
* split: split a file into pieces
* sum: checksum and count the blocks in a file
* tac: concatenates and prints files in reverse
* tail: outputs the last part of files
* tr: translates or deletes characters
* tsort: perform topological sort
* unexpand: convert spaces to tabs
* uniq: remove duplicate lines from a sorted file
* wc: prints the number of bytes, words, and lines in files

Shell utilities:

* [ – Check file types and compare values
* basename – Removes the path prefix from a given pathname.
* chroot – Changes the root directory.
* date – Prints/sets the system date and time.
* dirname – Removes the last level or filename from a given pathname.
* echo – Prints a line of text.
* env – Displays/modifies the environment.
* expr – Evaluates expressions.
* factor – Prints prime factors.
* false – Returns an unsuccessful exit status.
* groups – Print the groups that the user is a member of.
* hostid – Print the numeric identifier for the current host
* hostname – Print or set the machine name.
* id – Print real/effective uid/gid.
* logname – Print current login name.
* nice – Modify scheduling priority.
* nohup – Allows a command to continue running after logging out.
* pathchk – Check file name portability.
* pinky – Lightweight finger
* printenv – Prints environment variables.
* printf – Formats and prints data.
* pwd – Print the current working directory.
* seq – Print numeric sequences.
* sleep – Suspends execution for a specified time.
* stty – Print/change terminal settings.
* su – Allows you to adopt the id of another user or superuser.
* tee – Sends output to multiple files.
* test – Evaluates an expression.
* true – Returns a successful exit status.
* tty – Print terminal name.
* uname – Print system information.
* users – Print current user names.
* who – Print a list of all users currently logged in.
* whoami – Print effective user id.
* yes – Print a string repeatedly.

Refferences:
http://www.gnu.org/software/coreutils
http://unxutils.sourceforge.net/
http://lifehacker.com/354014/get-gnu-tools-on-windows-with-unixutils
http://www.mingw.org/
http://irsoft.de/web/Win32GNUtils
http://www.ltr-data.se/opencode.html/

process explorer

Process Explorer

The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you’ll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you’ll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.

Tool can be found http://technet.microsoft.com/en-us/sysinternals/bb896653

Sysinternals Process Utilities

Sysinternals Process Utilities
Autoruns
See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.

Handle
This handy command-line utility will show you what files are open by which processes, and much more.

ListDLLs
List all the DLLs that are currently loaded, including where they are loaded and their version numbers. Version 2.0 prints the full path names of loaded modules.

PortMon
Monitor serial and parallel port activity with this advanced monitoring tool. It knows about all standard serial and parallel IOCTLs and even shows you a portion of the data being sent and received. Version 3.x has powerful new UI enhancements and advanced filtering capabilities.

ProcDump
This new command-line utility is aimed at capturing process dumps of otherwise difficult to isolate and reproduce CPU spikes. It also serves as a general process dump creation utility and can also monitor and generate process dumps when a process has a hung window or unhandled exception.

Process Explorer
Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.

Process Monitor
Monitor file system, Registry, process, thread and DLL activity in real-time.

PsExec
Execute processes remotely.

PsGetSid
Displays the SID of a computer or a user.

PsKill
Terminate local or remote processes.

PsList
Show information about processes and threads.

PsService
View and control services.

PsSuspend
Suspend and resume processes.

PsTools
The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.

ShellRunas
Launch programs as a different user via a convenient shell context-menu entry.

VMMap
See a breakdown of a process’s committed virtual memory types as well as the amount of physical memory (working set) assigned by the operating system to those types. Identify the sources of process memory usage and the memory cost of application features.

Tools:
http://technet.microsoft.com/en-us/sysinternals/bb795533

runas command

runas is a command in the Microsoft Windows line of operating systems that allows a user to run specific tools and programs under a different username to the one that was used to logon to a computer interactively. It is similar to the Unix command sudo, but uses a completely separate account rather than adding privileges to an existing one.

C:\Documents and Settings\admin>runas
RUNAS USAGE:

RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]
/user:<UserName> program

RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]
/smartcard [/user:<UserName>] program

/noprofile        specifies that the user’s profile should not be loaded.
This causes the application to load more quickly, but
can cause some applications to malfunction.
/profile          specifies that the user’s profile should be loaded.
This is the default.
/env              to use current environment instead of user’s.
/netonly          use if the credentials specified are for remote
access only.
/savecred         to use credentials previously saved by the user.
This option is not available on Windows XP Home Edition
and will be ignored.
/smartcard        use if the credentials are to be supplied from a
smartcard.
/user             <UserName> should be in form USER@DOMAIN or DOMAIN\USER
program         command line for EXE.  See below for examples

Examples:
> runas /noprofile /user:mymachine\administrator cmd
> runas /profile /env /user:mydomain\admin “mmc %windir%\system32\dsa.msc”
> runas /env /user:user@domain.microsoft.com “notepad \”my file.txt\””

NOTE:  Enter user’s password only when prompted.
NOTE:  USER@DOMAIN is not compatible with /netonly.
NOTE:  /profile is not compatible with /netonly.

runas /profile /env /user:domain\administrator “mmc %windir%\system32\dsa.msc”

Windows 2003 event logs

Windows 2003 event logs

Event Viewer displays items logged by the system when actions happen within a Windows Server 2003 system.

Application: Shows events recorded by applications that are installed on the system.
System: Shows Windows system events.
Security: Contains records of logon/logoff actions and privilege use.

Other logs are Microsoft Office and Internet Explorer, Active Directory, and File Replication Services ,DNS etc

Types of he logs are Information Warnings and Errors

Eg:
Event Type:    Information
Event Source:    Microsoft Office 12 Diagnostics
Event Category:    None
Event ID:    213
Date:        3/16/2011
Time:        8:59:50 PM
User:        N/A
Computer:    xyz
Description:
The default thresholds are being used.

How to view event logs
———————-
1 Type eventvwr in RUN window
2 Start > Programs > Administrative tools > Event Viewer
3 Right click > My computer > Manage > Event Viewer

To clear a log of all the events
——————————–
In the left pane of the Computer Management Console, right-click the event log you want to clear and select Clear Log.
Windows Server 2003 will ask you if you want to save the contents of the file before clearing it. Click Yes and then choose a location to save the contents of the log.
Click Save. This will back up the contents of that log and clear it.

How to change the size of a log
——————————-
Right-click the log file object for which you wish to adjust the size and select Properties.
Enter the new file size in the Maximum Size box (the default is 512 KB), then click OK.

Maintaining log files automatically
———————————–
When the log files are created, they are assigned a default size of 512 KB. This size is usually easy to manage; however, if the system is accessed frequently and processes many logons, the Security log may become full more often than you like. If this happens, the PC will prevent logons by anyone who is not a member of the administrators group(This is not an issue on a server system)

When the maximum log size is reached,Available options are
Overwrite events as needed (overwrite the oldest events first)
Overwrite events older than xx days
Do not overwrite events (clear logs manually)

Archiving the Event Logs
————————
Logs can be archived in three formats:

Event log format for access in Event Viewer

Tab-delimited text format, for access in text editors or word processors or import into spreadsheets and databases

Comma-delimited text format, for import into spreadsheets or databases

Creating Log Archives in the Event Viewer Format:
In the Computer Management console, double-click the Event Viewer entry. You should now see a list of event logs.

Right-click the event log you want to archive and select Save Log File As from the shortcut menu.

In the Save As dialog box, select a directory and a log filename.

In the Save As Type dialog box, Event Log (*.evt) will be the default file type.

Choose Save.

Creating Log Archives In Other Formats:
In the Computer Management console, double-click on the Event Viewer entry. You should now see a list of event logs.

Right-click on the event log you want to archive and select Save Log File As from the shortcut menu.

In the Save As dialog box, select a directory and a log filename.

Using the Save As Type drop-down list box select the Text or CSV log file format.

Choose Save.

Rotate logs
———–
Here’s a VBS script that will save your event log and clear it. Put this in a scheduled task.

strComputer = “.”
Set objWMIService = GetObject(“winmgmts:{impersonationLevel=impersonate,(Backup)}!\\” & strComputer & “\root\cimv2”)
Set colLogFiles = objWMIService.ExecQuery(“Select * from Win32_NTEventLogFile Where LogFileName=’Application'”)
For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog(“c:\\application” & year(Now) & “_” & month(Now) & “_” & day(Now) & “_” & hour(now) & “_” & minute(now) & “.evt”)
objLogFile.ClearEventLog
Next

Refferences:
http://msdn.microsoft.com/en-us/library/aa394593%28v=vs.85%29.aspx
http://ss64.org/viewtopic.php?id=1269

Event Log Explorer for analyze event logs

Event Log Explorer for analyze event logs

Event Log Explorer is a good tool for viewing, monitoring and analyzing events recorded in Security, System, Application and another logs of Microsoft Windows NT/2000/XP/2003 operating systems.

It helps to quickly browse, find and report on problems, security warnings and all other events that are generated within Windows, alsoview the description of each event.

Main features and benefits of Event Log Explorer at glance:

Multiple-document or tabbed-document user interface depending on user preferences

Favorites computers and their logs are grouped into a tree
Manual and automatic backup of event logs
Event descriptions and binary data are in the log window
Advanced filtering by any criteria including event description text
Quick Filter feature allows you to filter event log in a couple of mouse clicks
Log loading options to pre-filter event logs
Fast navigation between events with bookmarks
Compatibility with well-known event knowledgebases (EventID.com and Microsoft knowledgebase)
Color coding by Event ID
Print and export to different formats
Export log to different formats
Read damaged EVT files and generate EVT files from event views.

Tool can be find from http://www.eventlogxp.com/

SNMP on linux

To install and configure snmpd on a linux machine

Type the following command to install net-snmpd
# yum install net-snmp-utils net-snmp-libs
Configure snmpd, open /etc/snmp/snmpd.conf
# vi /etc/snmp/snmpd.conf
Append / modify it as follows (see snmpd.conf man page for details):

com2sec local     localhost           public
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
view all    included  .1                               80
access MyRWGroup “”      any       noauth    exact  all    all    none
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root  (configure /etc/snmp/snmp.local.conf)
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat

Save and close the file. Turn on snmpd service:
# /etc/init.d/snmpd start
# chkconfig snmpd on
Make sure you are getting information from snmpd:
# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex

%d bloggers like this: