One of the networks I manage needed a quick cheap solution for monitoring if a few servers were up. Came up with a C# Windows Service application that pings the servers every 15 minutes. If the ping fails for a system it will wait another 5 seconds and try it again. If both fail it will add it to a report that is emailed to the network admins. Below is the code for the test console app.
--------C# Test Console App Code-----------
using System;
using System.Collections;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Net;
using System.Net.NetworkInformation;
using System.Net.Mail;
using System.Data;
namespace PING
{
class Program
{
static void Main(string[] args)
{
//Int for Counting Failed Pings
int pingFail = 0;
//String Builder for Email Message
StringBuilder stbFail = new StringBuilder();
//Hashtable for Server Name and IP Addresses
Hashtable servers = new Hashtable();
//Server Name is Key and IP Address is Value
servers.Add("Server1", "192.168.xxx.xxx");
servers.Add("Server2", "192.168.xxx.xxx");
servers.Add("Server3", "192.168.xxx.xxx");
servers.Add("Server4", "192.168.xxx.xxx");
servers.Add("Server5", "192.168.xxx.xxx");
servers.Add("Server6", "192.168.xxx.xxx");
servers.Add("Firewall1", "192.168.xxx.xxx");
servers.Add("Firewall2", "192.168.xxx.xxx");
servers.Add("Transwall1", "192.168.xxx.xxx");
foreach (DictionaryEntry de in servers)
{
//Ping Server IP. If It Fails Ping Again Five Seconds Later
if (!PingCheck(de.Value.ToString()))
{
//Pausing for Five Seconds
System.Threading.Thread.Sleep(5000);
//Second Ping Check on Failed IP
if (!PingCheck(de.Value.ToString()))
{
//Increment Verified Fail and Add Server Info to Report
pingFail++;
stbFail.AppendLine(de.Key.ToString() + " at " + de.Value.ToString() + " is down");
}
}
}
//Email Failed Pings to Network Admin(s)
if (pingFail > 0)
{
//Create Mail Message and Send
MailAddress maFrom = new MailAddress("notifyingsystem@mydomain.edu");
MailAddress maTo = new MailAddress("guycomingintooffice@mydomain.edu");
MailMessage message = new MailMessage(maFrom, maTo);
message.Subject = "Failed Ping Report";
message.IsBodyHtml = false;
message.Body = stbFail.ToString();
SmtpClient mail = new SmtpClient();
mail.Host = "smtp.mydomain.edu";
mail.Send(message);
}
}
static bool PingCheck(string strAddr)
{
bool pingStatus = false;
Ping pingSender = new Ping();
PingOptions options = new PingOptions();
options.DontFragment = true;
string data = "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb";
byte[] buffer = Encoding.ASCII.GetBytes(data);
int timeout = 120;
PingReply replyPing = pingSender.Send(strAddr, timeout, buffer, options);
if (replyPing.Status == IPStatus.Success)
{
pingStatus = true;
}
return pingStatus;
}
}
}
Thursday, May 13, 2010
Monday, May 3, 2010
DHCP Reservations via PowerShell and Exported .CSV Leases File
Ran into an issue with having to transfer DHCP reservations from one stand alone Windows 2008 server to a Windows 2008 R2 server. When I tried the export and import netsh commands they failed. Not wanting to manually create the whole class C worth of reservations again I came up with this more efficient method.
Basically, here are the steps: log onto the old DHCP server and export the current leases to a .csv file. Copy that file over to the new DHCP server. Place the PowerShell script (code listed below) into the same directory as the .csv file. Then run the script and watch the happiness.
Found the idea for the Add-Content part via another site. PowerShell is such a interesting creature.
#-------------Code from dhcpRes.ps1-----------------------------------------------------------
# IP Address of the Current DHCP Server Running the Script
$server = "192.168.2.1"
# The Scope IP Address
$scope = "192.168.2.0"
# Netsh Commands File
$commands = "dhcp.txt"
# Exported .CSV File of DHCP Leases from Other DHCP Server
$leases = import-csv "dhcp.csv"
$leases | % {
add-content -path $commands -value "dhcp server $server scope $scope add reservedip $($_.'Client IP Address') $($_.'Unique ID') `"$($_.'Unique ID')`""
}
netsh exec $commands
#End of Code
Basically, here are the steps: log onto the old DHCP server and export the current leases to a .csv file. Copy that file over to the new DHCP server. Place the PowerShell script (code listed below) into the same directory as the .csv file. Then run the script and watch the happiness.
Found the idea for the Add-Content part via another site. PowerShell is such a interesting creature.
#-------------Code from dhcpRes.ps1-----------------------------------------------------------
# IP Address of the Current DHCP Server Running the Script
$server = "192.168.2.1"
# The Scope IP Address
$scope = "192.168.2.0"
# Netsh Commands File
$commands = "dhcp.txt"
# Exported .CSV File of DHCP Leases from Other DHCP Server
$leases = import-csv "dhcp.csv"
$leases | % {
add-content -path $commands -value "dhcp server $server scope $scope add reservedip $($_.'Client IP Address') $($_.'Unique ID') `"$($_.'Unique ID')`""
}
netsh exec $commands
#End of Code
Friday, February 12, 2010
Windows 2008 TS RemoteApp
Last month I pushed out a legacy application using Windows 2008 Terminal Services RemoteApp. I was very pleased with how easy it was and I won't go into setting up RemoteApp since there is more than enough documentation online for that; however, I will give a couple of points to consider.
Computer Configuration / Policies / Administrative Templates / System / Group Policy
User Group Policy loopback processing mode = Enabled (Mode - Merge)
Computer Configuration / Policies / Administrative Templates / Windows Components / Terminal Services / Terminal Server / Session Time Limits
Set time limit for active but idle Terminal Services sessions = Enabled (Idle session limit - 16 hours)
Set time limit for active Terminal Services sessions = Enabled (Active Session limit - 16 hours)
Set time limit for disconnected sessions = Enabled (End a disconnected session - 1 hour)
Set time limit for logoff of RemoteApp sessions = Enabled (RemoteApp session logoff delay - 30 minutes)
Terminate session when time limits are reached = Enabled
User Configuration / Policies / Administrative Templates / Control Panel / Display
Screen Saver = Disabled
- RemoteApp opens on the primary monitor and cannot be moved to another
- Disable the user screen saver on the terminal server. Otherwise, a user that leaves the RemoteApp up but idle will lock out their session on the server and they will need to restart the RemoteApp.
- Since closing the RemoteApp won't log the user off the terminal server, limit the user's sessions on the server. This can be done either through a group policy or RemoteApp settings on the server.
Computer Configuration / Policies / Administrative Templates / System / Group Policy
User Group Policy loopback processing mode = Enabled (Mode - Merge)
Computer Configuration / Policies / Administrative Templates / Windows Components / Terminal Services / Terminal Server / Session Time Limits
Set time limit for active but idle Terminal Services sessions = Enabled (Idle session limit - 16 hours)
Set time limit for active Terminal Services sessions = Enabled (Active Session limit - 16 hours)
Set time limit for disconnected sessions = Enabled (End a disconnected session - 1 hour)
Set time limit for logoff of RemoteApp sessions = Enabled (RemoteApp session logoff delay - 30 minutes)
Terminate session when time limits are reached = Enabled
User Configuration / Policies / Administrative Templates / Control Panel / Display
Screen Saver = Disabled
Wednesday, January 27, 2010
Fun C# ASP.NET Page for Lotto Numbers
To lighten the mood in my office, I came up with fun C# ASP.NET page to randomly display lotto numbers. It's configured for the Cali lotto format but you can easily modify it for whatever state your in. Enjoy.
using System;
using System.Web;
using System.Text;
public partial class numbers : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void GetLottoNumbers(object sender, EventArgs e)
{
ArrayList arlNum = new ArrayList();
Random RandomClass = new Random();
while (arlNum.Count < 5)
{
int g = RandomClass.Next(1, 56);
if (!arlNum.Contains(g))
{
arlNum.Add(g);
}
}
arlNum.Sort();
pnlNum.Visible = true;
lblN1.Text = arlNum[0].ToString();
lblN2.Text = arlNum[1].ToString();
lblN3.Text = arlNum[2].ToString();
lblN4.Text = arlNum[3].ToString();
lblN5.Text = arlNum[4].ToString();
lblN6.Text = RandomClass.Next(1, 46).ToString();
btnNumbers.Text = "Get Another Set";
}
}
-----------------------Portion of numbers.aspx------------------------------
<h2>IT Retirement Numbers</h2>
<hr />
<p><strong>Would you like to see some IT retirement numbers?</strong></p>
<asp:Button ID="btnNumbers" runat="server" Text="Get Numbers" OnClick="GetLottoNumbers" />
<asp:Panel ID="pnlNum" runat="server" Visible="false">
<br />
Here you go...
<asp:Label ID="lblN1" runat="server" Width="20" />
<asp:Label ID="lblN2" runat="server" Width="20" />
<asp:Label ID="lblN3" runat="server" Width="20" />
<asp:Label ID="lblN4" runat="server" Width="20" />
<asp:Label ID="lblN5" runat="server" Width="20" />
and mega number
<asp:Label ID="lblN6" runat="server" Width="20" />
</asp:Panel>
using System;
using System.Web;
using System.Text;
public partial class numbers : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void GetLottoNumbers(object sender, EventArgs e)
{
ArrayList arlNum = new ArrayList();
Random RandomClass = new Random();
while (arlNum.Count < 5)
{
int g = RandomClass.Next(1, 56);
if (!arlNum.Contains(g))
{
arlNum.Add(g);
}
}
arlNum.Sort();
pnlNum.Visible = true;
lblN1.Text = arlNum[0].ToString();
lblN2.Text = arlNum[1].ToString();
lblN3.Text = arlNum[2].ToString();
lblN4.Text = arlNum[3].ToString();
lblN5.Text = arlNum[4].ToString();
lblN6.Text = RandomClass.Next(1, 46).ToString();
btnNumbers.Text = "Get Another Set";
}
}
-----------------------Portion of numbers.aspx------------------------------
<h2>IT Retirement Numbers</h2>
<hr />
<p><strong>Would you like to see some IT retirement numbers?</strong></p>
<asp:Button ID="btnNumbers" runat="server" Text="Get Numbers" OnClick="GetLottoNumbers" />
<asp:Panel ID="pnlNum" runat="server" Visible="false">
<br />
Here you go...
<asp:Label ID="lblN1" runat="server" Width="20" />
<asp:Label ID="lblN2" runat="server" Width="20" />
<asp:Label ID="lblN3" runat="server" Width="20" />
<asp:Label ID="lblN4" runat="server" Width="20" />
<asp:Label ID="lblN5" runat="server" Width="20" />
and mega number
<asp:Label ID="lblN6" runat="server" Width="20" />
</asp:Panel>
Friday, January 22, 2010
OpenBSD Transparent Firewall for Server Room Switch
Below is the rule set for an OpenBSD transparent firewall to protect servers on the same switch from unauthorized hosts on the local network. This ruleset assumes that there is a network firewall in place and only filters on MAC addresses of the local network clients and devices.
The firewall is setup with three network interfaces and sits between the server room network access port and the switch for the server room. The third interface is needed for remote ssh access and is plugged into a regular port on the switch.
Here is a link to my old post on MAC filtering using a Bridge and Packet Tagging
#############################################################
# Macros and Tables
#############################################################
# Interfaces
switch_if = "bge0"
nap_if = "bge1"
ssh_if = "em0"
############################################################
# Logging, Timeouts, Limits, Interface skips, Scrubs
############################################################
# Set logging interface
set loginterface $nap_if
# Revised - Adaptive Set higher state limits
set timeout { adaptive.start 10000, adaptive.end 110000 }
set limit states 100000
set timeout interval 10
# Normalize all incoming/outgoing traffic to prevent malformed packets
match in all scrub (no-df)
# Don't filter on loopback interface or ssh_if
set skip on lo0
set skip on em0
###########################################################
# Rules
###########################################################
# Block Traffic from Unauthorized Hosts into Servers
block in log on $nap_if all label "block in"
# Allow All Traffic on Switch Interface
pass in quick on $switch_if all
pass out quick on $switch_if all
# Allow All Traffic From Servers Behind Switch to Rest of Network
pass out quick on $nap_if all
# Allow Traffic from Known Good Mac Addresses into Servers
pass in quick on $nap_if all tagged goodmac
# Allowing Broadcast UDP into Servers
pass in quick on $nap_if proto udp to any port { 67 68 137 138 1900 3702 }
The firewall is setup with three network interfaces and sits between the server room network access port and the switch for the server room. The third interface is needed for remote ssh access and is plugged into a regular port on the switch.
Here is a link to my old post on MAC filtering using a Bridge and Packet Tagging
#############################################################
# Macros and Tables
#############################################################
# Interfaces
switch_if = "bge0"
nap_if = "bge1"
ssh_if = "em0"
############################################################
# Logging, Timeouts, Limits, Interface skips, Scrubs
############################################################
# Set logging interface
set loginterface $nap_if
# Revised - Adaptive Set higher state limits
set timeout { adaptive.start 10000, adaptive.end 110000 }
set limit states 100000
set timeout interval 10
# Normalize all incoming/outgoing traffic to prevent malformed packets
match in all scrub (no-df)
# Don't filter on loopback interface or ssh_if
set skip on lo0
set skip on em0
###########################################################
# Rules
###########################################################
# Block Traffic from Unauthorized Hosts into Servers
block in log on $nap_if all label "block in"
# Allow All Traffic on Switch Interface
pass in quick on $switch_if all
pass out quick on $switch_if all
# Allow All Traffic From Servers Behind Switch to Rest of Network
pass out quick on $nap_if all
# Allow Traffic from Known Good Mac Addresses into Servers
pass in quick on $nap_if all tagged goodmac
# Allowing Broadcast UDP into Servers
pass in quick on $nap_if proto udp to any port { 67 68 137 138 1900 3702 }
Tuesday, January 12, 2010
Manually Rotating OpenBSD PF Logs
While installing a new OpenBSD transparent bridge, the need came up to view with Wireshark a relatively new pf log file. Thanks to some colleagues at work I was able to accomplish this task by two quick commands.
$ su root
# newsyslog /var/log/pflog
Another way to do this is a simple tcpdump command.
$ sudo tcpdump -nettti pflog0 -w pfdumpfile
$ su root
# newsyslog /var/log/pflog
Another way to do this is a simple tcpdump command.
$ sudo tcpdump -nettti pflog0 -w pfdumpfile
Wednesday, October 28, 2009
Squid on OpenBSD Gateway Firewall
Running Squid on an OpenBSD gateway firewall allows you a nice transparent client web proxy. Below are my notes for installation and configuration.
Installing
# pkg_add -v ftp://..../packages/i386/squid-2.7.STABLE6.tgz
Create the required swap directories
# squid -z
Start squid automatically upon boot. Add to /etc/rc.local
if [ -x /usr/local/sbin/squid ]; then
echo -n ' squid'; /usr/local/sbin/squid
fi
Configuration and File Locations
Configuration file (squid.conf) is located in /etc/squid
Log files (access.log*) are located in /var/squid/logs
Edit HTML error file (ERR_ACCESS_DENIED) is located in
/usr/local/share/squid/errors/English
Rotate the Squid log files once a day by adding the cron job. (sudo crontab -e)
0 0 * * * /usr/local/sbin/squid -k rotate
Redirect Rule for PF
rdr on $int_if proto tcp from $mynet to any port { 80 8080 } -> 127.0.0.1 port 3128
squid.conf settings
Network Settings
Port used by squid and mode (around line 930) http_port 127.0.0.1:3128 transparent
hostname for server (around line 3,000): visible_hostname mywebproxy.mydomain.net
Defining Access Lists (around line 500 of the squid.conf)
Remote domains
acl support.microsoft.com dstdomain support.microsoft.com
or for a list of domains in a text file (use .domain.com to get all sites in domain)
acl bad_sites dstdomain "/etc/squid/blocked_domains.txt"
Client IPs
acl labstation src XXX.XXX.3.3
acl local_net src XXX.XXX.3.0/24
or for a list of IPs in a text file
acl labstations src "/etc/squid/labstations.txt"
Destination IPs
acl badguy dst 156.17.17.19
or for a list of IPs in a text file
acl badguys dst "/etc/squid/badguys.txt"
Requested File Extensions
acl badfiletypes url_regex -i \.wmf$ \.exe$ \.zip$ \.bat$ \.msi$ \.vb$ \.vbs$ \.mde$ \.reg$
Client Access Rules (around line 650)
Rule logic is based upon first rule matching wins and allows or denies access
Allowing the safe_sites acl
http_access allow safe_sites
Denying the badfiletypes acl
http_access deny badfiletypes
Last two rules should allowing traffic for your clients acl and then block traffic from all others
http_access allow local_net
http_access deny all
Squid Commands
Reload the configuration file
# sudo squid -k reconfigure
Rotate the logs and cache
# sudo squid -k rotate
Installing
# pkg_add -v ftp://..../packages/i386/squid-2.7.STABLE6.tgz
Create the required swap directories
# squid -z
Start squid automatically upon boot. Add to /etc/rc.local
if [ -x /usr/local/sbin/squid ]; then
echo -n ' squid'; /usr/local/sbin/squid
fi
Configuration and File Locations
Configuration file (squid.conf) is located in /etc/squid
Log files (access.log*) are located in /var/squid/logs
Edit HTML error file (ERR_ACCESS_DENIED) is located in
/usr/local/share/squid/errors/English
Rotate the Squid log files once a day by adding the cron job. (sudo crontab -e)
0 0 * * * /usr/local/sbin/squid -k rotate
Redirect Rule for PF
rdr on $int_if proto tcp from $mynet to any port { 80 8080 } -> 127.0.0.1 port 3128
squid.conf settings
Network Settings
Port used by squid and mode (around line 930) http_port 127.0.0.1:3128 transparent
hostname for server (around line 3,000): visible_hostname mywebproxy.mydomain.net
Defining Access Lists (around line 500 of the squid.conf)
Remote domains
acl support.microsoft.com dstdomain support.microsoft.com
or for a list of domains in a text file (use .domain.com to get all sites in domain)
acl bad_sites dstdomain "/etc/squid/blocked_domains.txt"
Client IPs
acl labstation src XXX.XXX.3.3
acl local_net src XXX.XXX.3.0/24
or for a list of IPs in a text file
acl labstations src "/etc/squid/labstations.txt"
Destination IPs
acl badguy dst 156.17.17.19
or for a list of IPs in a text file
acl badguys dst "/etc/squid/badguys.txt"
Requested File Extensions
acl badfiletypes url_regex -i \.wmf$ \.exe$ \.zip$ \.bat$ \.msi$ \.vb$ \.vbs$ \.mde$ \.reg$
Client Access Rules (around line 650)
Rule logic is based upon first rule matching wins and allows or denies access
Allowing the safe_sites acl
http_access allow safe_sites
Denying the badfiletypes acl
http_access deny badfiletypes
Last two rules should allowing traffic for your clients acl and then block traffic from all others
http_access allow local_net
http_access deny all
Squid Commands
Reload the configuration file
# sudo squid -k reconfigure
Rotate the logs and cache
# sudo squid -k rotate
Subscribe to:
Posts (Atom)