Category Archives: Tools

Get CVE information from NIST NVD and RHEL

Just two littel scripts that come handy if you want to download all the CVE info in JSON format for offline use.

#!/bin/bash
urls=$(curl https://nvd.nist.gov/vuln/data-feeds#JSON_FEED | grep 'https://' | grep -i json.gz | sed 's/.*href=//g' | cut -d\'  -f2)

mkdir -p ./nistNvdJson
cd nistNvdJson
for l in $urls;
do
wget $l
done
gunzip *
Donwload NIST NVD CVEs in JSON

 

#!/bin/bash


loopVar=1
dataDir="rhelCveData"
mkdir $dataDir -p
echo "getting data:"
T="$(date +%s)"
while [[ $loopVar -ne 0 ]];
do
        echo -n "-$loopVar- "
        data=$(curl -s https://access.redhat.com/labs/securitydataapi/cve.json?page=$loopVar)
        if [[ "$data" == "[]" ]]; then
                loopVar=0
        else
                toFile=$toFile${data:1:-1}", "
                let loopVar=loopVar+1
        fi
done
T="$(($(date +%s)-T))"
echo "[${toFile::-2}]" >> "$dataDir/rhelCve.json"
sed -i 's/^\[\]$//g' "$dataDir/rhelCve.json"
printf "Got data in: %02dd:%02dh:%02dm:%02ds\n" "$((T/86400))" "$((T/3600%24))" "$((T/60%60))" "$((T%60))"
Get CVE infos for RHEL

 

Additional information:
If you query the NIST NVD Data and search for RHEL CPEs you won’t get a lot of hits as only a smal percentage of the CVEs that affect Red Hat software has the correct CPE attached. However – NIST NVD is nice to have because in the Red Hat CVEs only the total CVSS score is listed but no detailed vulnerability metrics are included.

Windwos telephone activiation – shortcut

When using the telephone activiation select the option that MS sends you a link to an activation page. http://md.vivr.io/XxX0c0C Use the link and the following commands on the computer to extracte the activaition ID from the system, paste it on the webinterface and copy the confirmation ID back to the system. To paste the activiation ID on the Microsoft Website use the cscript command to print the ID to the command prompt, copy it to Keepass in the autotype field and use the autotype option to paste the blocks. To strip the response NPP + the follwoing regex can be used: [A-Z]|\t|\n -> Strips all upper case characters, tabstops and CRs

 

Tools Needed:

  • KeePass (or any other autotype tool)
  • Notepad++
    NPP-Regex for search and replace: [A-Z]|\t|\n

 

Commands:

#Install Productkey
slmgr /ipk <ProductKey>

#Display activation ID
cscript C:\Windows\System32\slmgr.vbs /dti

From <https://social.technet.microsoft.com/Forums/windows/de-DE/3ead2d77-00fc-4c06-b4c0-82eae0ebc2bc/save-slmgr-dli-output-to-text-file?forum=w7itproinstall>

#install confirmation ID from Microsoft
slmgr /atp <Confirmation ID>

#Check Status
slmgr /dlv

OR
slmgr /dli

From <http://www.thewindowsclub.com/view-licensing-status-activation-id-windows-slmg

Flashing NextThing C.H.I.P. with a Raspberry Pi

Today I somehow bricked my CHIP (I think it wasn’t the wised idea to set the system-target to network_online) as I didn’t get access via serial connection or ssh.
It wasn’t that much of a problem as I wanted to set up the CHIP as a headless system.
So the journey begins (http://docs.getchip.com/chip.html#installing-c-h-i-p-sdk) with setting up Virtual Box + Extension pack and installing vagrant on my Windows 10 (Git was already installed).

After everything was installed I started the VM wich was setup by vagrant and ran the chip-update-firmware.sh script to start the upgrade, but it failed with “Waiting for fel……………………………TIMEOUT”.
The reason was, that regardless of the USB-rules in the Vagrantfile, the CHIP was not available in the VM. Easy to check with “lsusb”. No Big deal – As the VM is available in the VirtualBox Manager we can boot it up from there and just attach the CHIP-USB-Device to the VM.

waiting for fel…OK -> 🙂
BUT:
waiting for fastboot……………………………TIMEOUT
-> 🙁

So, it seems that after the reboot of the CHIP windows is not recognizing it the right way and also has some problems to pass it through to the VM.

I dind’t find a fix for that problem, but reportedly a physical Ubuntu installation should would (regarding to some forum post on the NextThing BBS). Too bad I only have Fedora on a laptop, but no Ubuntu – but I had a Raspberry which i was currently not using, so I gave it a try and it worked out quite nice.

I used a “Jessy lite” and installed the following packages:

sudo apt-get install android-tools-fastboot u-boot-tools u-boot cbootimage uuid-dev libacl1-dev liblzo2-dev libusb-1.0-0-dev libusb++-dev libusb-1.0-0 libusb-dev git
git clone https://github.com/NextThingCo/CHIP-SDK
cd CHIP-SDK
sudo ./setup_ubuntu1404.sh
cd CHIP-Tools
sudo ./chip-legacy-update.sh -f -s
Install packages and flash the CHIP

(I don’t think that all the packages are needed, but i got some errors and hence installed everything I thought fix those errors)
After that & a reboot of my CHIP i was able to access it again with:

screen /dev/ttyACM0 115200

 

Zabbix – Clear hosts from untemplated items

Sometimes you run into the problem, that you have a host which had a template attached but somebody wanted to replace the template or something like that and unfortunately hit just “Unlink” instead of “Unlink and Clear” and all the items are still in the host.

If you have only one host it’s normaly no problem to delete all items per hand, but if you have multiple of those hosts it’s quite some work do remove the old items.

Solution nr. one would be tu use the filters to select all items in a specified host group and delte those items, but the applications, discovery rules and so on will still remain in the hosts and have to be deleted in a 2nd/3rd step.

See the Screenshot below:Zabbix Host configuration - item filters

 

My preferred solution for this problem is a simple regex based find/replace with Notepad++.
Herefor an export of the affected hosts is needed. The xml-file could be opend with NPP and the following regexes are needed for find/replace (CTRL+H) to remove the unwanted items.

Find what: (<discovery_rules>[\s\S]*?<\/discovery_rules>)|(<triggers>[\s\S]*?<\/triggers>)|(<inventory>[\s\S]*?<\/inventory>)|(<items>[\s\S]*?<\/items>)

Replace with: (?1<discovery_rules />)(?2<triggers />)(?3<inventory />)(?4<items />)

In the above example multiple regexes with multiple replace-patterns are used to replace the items, discovery rules, triggers an inventory and reset it.

Cisco Deployment Guide

Today I received an useful link regarding Cisco L2 Access Switch-deployments with some interesting settings I wasn’t aware of till know.
The document is available via the following Link.

http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Oct2015/CVD-Campus_LAN_L2_Access_Simplified_Dist_Deployment-Oct2015.pdf

Putty – Terminal “halts/freezes” after CTRL+S

Did you ever work with vi/nano (whatever)  and wanted to save a file?
If you are not that hardcore a linux person who does everything on a terminal and also works with Windows, you know that it is always a good idea to press CTRL+S once in a while to save your progress.

I press this shortcut automatically and it even happens to me while working on a putty session, which results in a “freezed” terminal session.
The reason for this behavior is that ctrl+s sends “XOFF” and putty stopps displaying any output, but still accepts keystrokes.

But its also easy to disable XOFF again – just press CTRL+Q and putty will continue to show your output on the screen. 🙂

Install Zabbix on Raspberry PI 2

Wouldn’t it be cool to monitor your home? For example all your devices, but also temperature and other sensors an have all that data accessible via a web interfaces?

I think it would so, i thought about setting up Zabbix for home monitoring, but on the RaPi B and B+ it’s not the most performant setup, So i decided to try it again with the PI2.

This post provides a short log on how I set it up.

At first we have to download the source from Zabbix’ SF-page because there is no official package for the ARM-architecture available.

cd /opt
wget http://downloads.sourceforge.net/project/zabbix/ZABBIX%20Latest%20Stable/2.4.6/zabbix-2.4.6.tar.gz?r=http%3A%2F%2Fwww.zabbix.com%2Fdownload.php&ts=1441447329&use_mirror=skylink^C
mv zabbix-2.4.6.tar.gz\?r\=http\:%2F%2Fwww.zabbix.com%2Fdownload.php zabbix-2.4.6.tar.gz
tar xfvz zabbix-2.4.6.tar.gz
cd zabbix-2.4.6/


#With ./configure --help we can see all the availalbe switches which can be used to compile zabbix.
root@raspberrypi /opt/zabbix-2.4.6 # groupadd zabbix
root@raspberrypi /opt/zabbix-2.4.6 # useradd -g zabbix zabbix
root@raspberrypi /opt/zabbix-2.4.6 # ./configure --help


#I used the follwoing switches to compile the zabbix server and agent, use a MySQL-DB, enable jabber-support, lib-xml2 - which is needed for webmonitoring, net-snmp, ssh and curl which is alos needed for webmonitoring. IPMI can be useful if you also hav a realy server with a BMC to monitor. But for most homeusers the IPMI-option is not neede if you only want to monitor your home and thats it. If you have a LDAP/AD-environment where you want to integrate zabbix you also should use the ldap-switch, but I think most home users also do not have a directory service running at home. 😉

#If this command is run there will ocure some erroes in most cases because there are missing dependencies

./configure --enable-server --enable-agent --with-mysql --with-jabber --with-libxml2 --with-net-snmp --with-ssh2 --with-libcurl


apt-get install apache2 php5-mysql mysql-server mysql-common mysql-utilities libiksemel-dev libiksemel-utils libxml2-dev libxml2-utils libxml2 snmp libsnmp-dev libsnmp-perl libssh2-1-dev libssh2-1 libcurl3 libghc-curl-dev libmysql++-dev php5-gd

#now all dependencies should be resolved
./configure --enable-server --enable-agent --with-mysql --with-jabber --with-libxml2 --with-net-snmp --with-ssh2 --with-libcurl

#copy init scripts
cp /opt/zabbix-2.4.6/misc/init.d/debian/* /etc/init.d/
#copy webfrontend
cp -r /opt/zabbix-2.4.6/frontends/php/* /var/www/zabbix/
chown -R www-data:www-data /var/www/zabbix/


#create the database
#at first log in to your mysql-server as a root useradd and runn the following commands
mysql -uroot -p
create database zabbix character set utf8 collate utf8_bin;
CREATE USER 'zabbix'@'localhost' IDENTIFIED BY 'zabbix';
GRANT ALL PRIVILEGES ON zabbix.* TO 'zabbix'@'%' WITH GRANT OPTION;
mysql -uzabbix -pzabbix zabbix < /opt/zabbix-2.4.6/database/mysql/schema.sql
mysql -uzabbix -pzabbix zabbix < /opt/zabbix-2.4.6/database/mysql/images.sql
mysql -uzabbix -pzabbix zabbix < /opt/zabbix-2.4.6/database/mysql/data.sql

#adapt configuration files at /usr/local/etc/ like in the attached examples
#create dircetories for logfiles:
mkdir -p /var/log/zabbix
chown -R zabbix:zabbix /var/log/zabbix/

#create dirs for alert & external scripts 
mkdir -p /var/zabbix/alertscripts
mkdir -p /var/zabbix/externalscripts
chown -R zabbix:zabbix /var/zabbix/


#configure php-settings
vim /etc/php5/apache2filter/php.init
post_max_size = 16M
max_execution_time = 300
max_input_time = 300
#select timezone from http://php.net/manual/en/timezones.php and set:
date.timezone = <TIMEZONE>

#restart/reload webserver to accept changes
service apache2 restart
service zabbix-server restart
service zabbix-agent restart

#open http://<zbxip>/zabbix in browser and finish installation
zabbix installation

 

zabbix-conf

Getting vCenter alarms to Zabbix

VMware is a relay nice product, but there is one little problem. It’s realy hard to monitor VMware products with SNMP or any other “old school” technologies.
The actual problem is to get an alarm in Zabbix if there occures an error on the vCenter. So Zabbix is used as an umbrella monitoring for the whole environment.
All this could also be done with SNMP-Traps what would be a lot easier – at first appereance, but Zabbix is … how do I say … not the best tool to monitor events. It’s designed to monitor statuses.

So it’s designed to continuously monitor as specific value – if this value raises over a defined alert-value an alert is displayed and when it falls below the value the problem disappears.
With events there is the problem that we get only one single value which describes the error. So firstly we have to analyze the received value/message and secondly – how do we know when the problem is okay again? And thats one of the design flaws of Zabbix – you do not have any possibilty to reset such events to “OK” if such an event happend.
So we need to monitor the vCenter alarms, because this alerts are raised if an problem occures and disappear if the problem changes to OK again.

So how do we get all the vCenter alarms to zabbix? I don’t want to copy/create all the alarms by hand because its a dynamic environment and alarms could be added or deleted, so the system has to “import” the alarms “on the fly” from the vCenter.
Since Zabbix 2.0 there exist discovery rules which are kind of helpful to import dynamic values. So I’m using a discovery to peridodically pull the data from the vCenter and create an item for every alarm. All the alarms in the vCenter need to be configured to run a custom alarm when an alarm becomes active which sends the current status to zabbix and voilá – we are done.

Continue reading Getting vCenter alarms to Zabbix

Useful tools for PXE

In this post a collection of useful tools which can be used in PXE is introduced.

Continue reading Useful tools for PXE