Archive for the ‘Documentation’ Category

Email Subject decoding using base64 in linux

I did a little exercise to figure out a way to decode the encoded subject of some email messages.

Here is the decoded subject I was using:

Alaska is cool, go whale watching and glacier gazing (from 75%-off)

Here is the fully encoded subject of that message:

=?UTF-8?B?QWxhc2thIGlzIGNvb2wsIGdvIHdoYWxlIHdhdGNoaW5nIGFuZCBnbGFjaWVyIGdhemluZyAoZnJvbSA3NSUtb2ZmKQ==?=

Here is the command I used to decode the string:

$ echo QWxhc2thIGlzIGNvb2wsIGdvIHdoYWxlIHdhdGNoaW5nIGFuZCBnbGFjaWVyIGdhemluZyAoZnJvbSA3NSUtb2ZmKQ== | base64 -d
Alaska is cool, go whale watching and glacier gazing (from 75%-off)

Note: the leading and trailing did need to be stripped off for this to work successfully. It is perfectly within the standards to encode the email subjects like this. Unfortunately, spammers have known this for many years.

MSSQL Notes

To determine a view definition:

SELECT DEFINITION FROM sys.sql_modules WHERE object_id = OBJECT_ID(‘viewschema.viewname‘)

To list all the tables in a database:

SELECT * FROM INFORMATION_SCHEMA.TABLES

To list all the columns and tables in a database:

SELECT * FROM INFORMATION_SCHEMA.COLUMNS

OUTER JOIN example:

SELECT xx.column1, yy.column2
FROM table1 xx
LEFT OUTER JOIN DB2.schema1.table2 yy ON xx.column1 = yy.column2

Change the time format:
Some CONVERT statements to the time format from DATETIME to something else:

DECLARE @SOMETIME DATETIME
SET @SOMETIME = ‘2020-01-31 11:00:00 AM’
SELECT CONVERT(VARCHAR(20), @SOMETIME, 22)
01/31/20 11:00:00 AM

This one has the four digit year:

DECLARE @SOMETIME DATETIME
SET @SOMETIME = ‘2020-01-31 11:00:00 AM’
SELECT CONVERT(VARCHAR(20), DATEADD(Hour, -8, @RECEIPTDATE), 101) + ‘ ‘ + CONVERT(VARCHAR(20), DATEADD(Hour, -8, @RECEIPTDATE), 8)
01/31/2020 11:00:00

Selecting records based on time example:
This will returns records (in this case just a bunch of time variables), if the the @SOMEDATETIME variable is between now and one hour ago:

DECLARE @SOMEDATETIME DATETIME
DECLARE @CURRENTDATETIME DATETIME
DECLARE @CURRENTDATETIMEMINUS DATETIME
SET @SOMEDATETIME = ‘2020-01-31 15:30:00.000’
SET @CURRENTDATETIME = CONVERT(VARCHAR(20), GETDATE(), 101) + ‘ ‘ + CONVERT(VARCHAR(20), GETDATE(), 8)
SET @CURRENTDATETIMEMINUS = CONVERT(VARCHAR(20), DATEADD(Hour, -1, @CURRENTDATETIME), 101) + ‘ ‘ + CONVERT(VARCHAR(20), DATEADD(Hour, -1, @CURRENTDATETIME), 8)

SELECT @SOMEDATETIME AS SOMEDATETIME
, @CURRENTDATETIMEMINUS AS CURRENTDATETIMEMINUS
, @CURRENTDATETIME AS CURRENTDATETIME
WHERE @SOMEDATETIME
BETWEEN @CURRENTDATETIMEMINUS AND @CURRENTDATETIME

SPF Verification in Postfix

OS: CentOS7

You should have your TXT record set in your DNS prior to implementing this on your server:
“v=spf1 mx ip4:aaa.bbb.ccc.ddd ip4:eee.fff.ggg.hhh -all”

Here is link I found useful to understand the options for the DNS record:
https://support.dnsimple.com/articles/spf-record/

You need to have the EPEL repository enabled to install the pypolicyd-spf package using the methodology I have outlined here.

To install and enable the EPEL repository:

# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Install the package Python package:

# yum install pypolicyd-spf

Modify the main.cf to add SPF verifcation to postix:
The master.cf and main.cf need to modified:

# cd /etc/postfix/
# cp -p master.cf master.cf.20190716
# vi master.cf

policy unix – n n – 0 spawn user=nobody argv=/bin/python /usr/libexec/postfix/policyd-spf

# cp -p main.cf main.cf.20190716
# vi main.cf

smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_unauth_destination
check_policy_service unix:private/policy

Note: the policy defined in the master.cf does not need to be named “policy”. However, if you change that, you need to also change it in your “check_policy_service” statement in the main.cf.

Restart postfix to implement changes:
# systemctl restart postfix

Adding a static routes in MacOS Mojave

To add a permanent static route in MacOS Mojave, open up a terminal session.

List all of your available network services. Services really just seem to be aliases for network interfaces.

$ sudo networksetup -listallnetworkservices
An asterisk (*) denotes that a network service is disabled.
USB-Serial Controller D
iPad USB
iPhone USB
Wi-Fi
Bluetooth PAN
Thunderbolt Bridge

You will be adding the route to a service, therefore, you will need to know which service to apply the route to.

In my case, I wanted to add the route to my wireless interface:

$ sudo networksetup -setadditionalroutes Wi-Fi network-destination destination-mask gateway-to-use
$ sudo networksetup -setadditionalroutes Wi-Fi 10.1.1.0 255.255.255.0 192.168.0.254

List all of your current routes:

$ sudo networksetup -getadditionalroutes Wi-Fi
10.1.1.0 255.255.255.0 192.168.0.254

To remove static routes from a network service just remove the parameters from the command you used to set the route:

$ sudo networksetup -setadditionalroutes Wi-Fi

Windows – How To Remove Windows Defender

OS Version: Windows Server 2016

The only situation where you would want to do this would be if you already had an up to date and supported malware detection application installed. If you do not know or are unsure, I definitely do NOT recommend this.

Logged in as Administrator, bring up Powershell.

PS> Uninstall-WindowsFeature -Name Windows-Defender

PS> Restart-Computer -ComputerName “localhost”

Background Intelligent Transfer Queue Management

I noticed a lot of the following events in a Windows event log:

Event ID: 16398 Bits-Client
A new BITS job could not be created.

Using Powershell is the best way to deal with this:

PS> Import-Module BitsTransfer

To list the entries (This should be 60 is you are getting the 16398 event, and the default has not been changed.):

PS> Get-BitsTransfer

To remove all the entries:

PS> Get-BitsTransfer -AllUsers | Remove-BitsTransfer

Using the legacy bitsadmin command:
This will display all the queue entries:

C:\> bitsadmin /List /AllUsers

You should see 60, if you are getting this message in the logs, since that is the default.

C:\> bitsadmin /AllUsers /Reset

Do a list again to verify that all have been canceled.

If that does not work, you do the following:

C:\> net stop Bits
C:\> cd C:\Users\All Users\AppData\Microsoft\Network\Downloader

Delete all the qmgr*.dat files in the directory:

C:\> del qmgr*.dat

Start the Background Intelligent Transfer Queue service:

C:\> net start Bits

Get-WMIObject blocked.

Remote server: Windows 2016

I had some issues using Get-WmiObject to work on a remote server in Powershell. I kept getting: “The RPC server is unavailable.” I verified that the “Windows Management Instrumentation” service was running.

It turns out it was the firewall blocking the request.

I used the following to open up ports for the program to access the server information:

C:>netsh advfirewall firewall set rule group=”Windows Management Instrumentation (WMI)” new enable=yes

Migrate gpg keys to new machine.

CentOS 7:

As the user on the machine where the keys are that you want to migrate:
Export the public keys:

gpg -a –export >mypublickey.asc

Export the private keys:

gpg -a –export-secret-keys > myprivatekey.asc

Export you trust database:

gpg –export-ownertrust > mytrust.db

Copy the mypublickeys.asc, myprivatekeys.asc and mytrust.db to the new machine.

Log into the new machine as the user you want the keys for:
Import the private key file:

gpg –import myprivatekey.asc

Import the public key file:

gpg –import mypublickey.asc

List the secret keys to verify:

gpg -K

List the public keys to verify:

gpg -k

Import the trustdb:

gpg –import-ownertrust mytrust.db

Ssh on different ports on different interfaces (linux).

To have sshd listen on a different port on two interfaces, you can configure the /etc/ssh/sshd_config like so:

vi /etc/ssh/sshd_config

ListenAddress 10.10.10.10:22
ListenAddress 11.11.11.11:6666

This will have sshd listening on port 22 on the interface configured with IP address 10.10.10.10 and port 6666 on the interface configured with IP address 11.11.11.11.

Restart sshd:

systemctl restart sshd

Cisco 3750 switch – multiple failover static routes

I needed to set up a few fail over routes in case an intermediate route became unavailable. And I needed to do this for two different scenarios.

Create your IP SLAs:

ip sla 1
icmp-echo 10.10.10.111 source-ip 10.10.10.123
timeout 1000
threshold 2
frequency 3
ip sla schedule 1 life forever start-time now

This is ping testing 10.10.10.111 from 10.10.10.123 to verify that the primary hop is available.

ip sla 2
icmp-echo 10.10.11.222 source-ip 10.10.22.123
timeout 1000
threshold 2
frequency 3
ip sla schedule 2 life forever start-time now

Likewise, this is ping testing 10.10.11.222 from 10.10.22.123 to verify that the primary hop is available.

Create your routes (Note: The IP security version of IOS is not needed for this.)::

ip route 0.0.0.0 0.0.0.0 10.10.10.111 track 1
ip route 0.0.0.0 0.0.0.0 10.10.10.222 10

In this case, the default route on the 3750 is to 10.10.10.111, however if it is unavailable, then the default route is to 10.10.10.222.

However, traffic to 10.10.11.10 and 192.168.0.20 should route to 10.10.11.222 by default and 10.10.11.223 when 10.10.11.222 is unavailable.

ip route 10.10.11.10 255.255.255.255 10.10.11.222 track 2
ip route 192.168.0.20 255.255.255.255 10.10.11.222 track 2
ip route 10.10.11.10 255.255.255.0 10.10.11.223
ip route 192.168.0.20 255.255.255.0 10.10.11.223

Activate the tracks with the following statements:

track 1 ip sla 1 reachability
track 2 ip sla 2 reachability

Here are some useful commands to look at the configuration/status:

#show ip sla application
IP Service Level Agreement Technologies

IPSLAs Infrastructure version: Engine-II

Supported Operation Types:
dhcp, dns, echo, ftp, http, jitter, mpls jitter, pathEcho
pathJitter, tcpConnect, udpEcho
Supported Features:
IPSLAs Event Publisher

IP SLAs low memory water mark: 8441624

Estimated system max number of entries: 6182
Estimated number of configurable operations: 4524
Number of Entries configured : 2
Number of active Entries : 2
Number of pending Entries : 0
Number of inactive Entries : 0

Last time the operation configuration changed: 17:54:49.625 PST Tue Nov 13 2018

#show ip sla configuration
IP SLAs, Infrastructure Engine-II

Entry number: 1
Owner:
Tag:
Type of operation to perform: echo
Target address: 10.10.10.111
Source address: 10.10.10.123
Request size (ARR data portion): 28
Operation timeout (milliseconds): 1000
Type Of Service parameters: 0x0
Verify data: No
Vrf Name:
Schedule:
Operation frequency (seconds): 3
Next Scheduled Start Time: Start Time already passed
Group Scheduled : FALSE
Randomly Scheduled : FALSE
Life (seconds): Forever
Entry Ageout (seconds): never
Recurring (Starting Everyday): FALSE
Status of entry (SNMP RowStatus): Active
Threshold (milliseconds): 2
Distribution Statistics:
Number of statistic hours kept: 2
Number of statistic distribution buckets kept: 1
Statistic distribution interval (milliseconds): 20
History Statistics:
Number of history Lives kept: 0
Number of history Buckets kept: 15
History Filter Type: None
Enhanced History:

Entry number: 2
Owner:
Tag:
Type of operation to perform: echo
Target address: 10.10.11.222
Source address: 10.10.22.123
Request size (ARR data portion): 28
Operation timeout (milliseconds): 1000
Type Of Service parameters: 0x0
Verify data: No
Vrf Name:
Schedule:
Operation frequency (seconds): 3
Next Scheduled Start Time: Start Time already passed
Group Scheduled : FALSE
Randomly Scheduled : FALSE
Life (seconds): Forever
Entry Ageout (seconds): never
Recurring (Starting Everyday): FALSE
Status of entry (SNMP RowStatus): Active
Threshold (milliseconds): 2
Distribution Statistics:
Number of statistic hours kept: 2
Number of statistic distribution buckets kept: 1
Statistic distribution interval (milliseconds): 20
History Statistics:
Number of history Lives kept: 0
Number of history Buckets kept: 15
History Filter Type: None
Enhanced History:

#show ip sla statistics

Round Trip Time (RTT) for Index 1
Type of operation: icmp-echo
Latest RTT: 1 ms
Latest operation start time: 11:29:19.092 PST Wed Nov 14 2018
Latest operation return code: OK
Number of successes: 151
Number of failures: 9
Operation time to live: Forever

Round Trip Time (RTT) for Index 2
Type of operation: icmp-echo
Latest RTT: 1 ms
Latest operation start time: 11:29:16.634 PST Wed Nov 14 2018
Latest operation return code: OK
Number of successes: 663
Number of failures: 26
Operation time to live: Forever

Return top

INFORMATION