DevRandom

All my side adventures that don't deserve a book.

Linux

Linux

LVM Shenanigans

Making a larger partition from new disk space

Enlarge the partition with parted

parted (select disk)
resizepart #
100%

LVM: we need to tell the LV subsystem about the new disk space; we do this by first extending the physical volume which occupies the partition:

pvresize /dev/sdX#

then the logical volume

by percentage

lvresize -r -l 100%PVS /dev/mapper/XXXXXXXX

by GB

lvresize -r -L +4GB /dev/mapper/XXXXXXXXX

If df -h still shows the wrong size then the above command didn't expand the FS as it should. This could be due to version issues of the tools. Run resize2fs on the mapped volume.


Moving disk space around

File system check the volume to be shrunk, then shrink it by several GB more than you will be reclaiming. It will be enlarged later. Shrink the volume by your desired amount.

Assuming an end goal of 200G

e2fsck -f /dev/foo/roo
resize2fs /dev/foo/roo 180G
lvreduce -L 200G /dev/foo/roo

Enlarge your target voume to take all now free space

lvresize -r -l 100%PVS /dev/foo/boo

Fix the filesystems

resize2fs /dev/foo/roo
resize2fs /dev/foo/boo
Linux

Discline

Available here, this terminal app provides a simple way to access discord in a minimal or covert fashion.

The docmentation is relatively straight forward, the only issue I encounted was aqcuiring the token. I used a YouTube video because the guide on the git page didn't seem to work for Chromium derivatives. This guides says hit F12, then go to your networking tab. Reload the discord page and look for the "application" field that was returned. The long string following "authorization" is your token, it can look very diffrerent from the one provided on the git page.

You can do some fun things with this, like setting your active game.

From what I can see, all basic commands are based on the client, there are not global commands that are interpreted by the server. All functionality used by the CLI client will need to be bot based.

Issues:

I have noticied that commands to switch servers and channels can be iffy, needing to be entered multiple times.

Linux

SELinux Debugging

I was looking to debug SELINUX on a new server and kept finding complex specialty commands, like here but all of those utilities are huge or not existent in default repos of Centos7, so I found more native ways to troubleshoot.

cat /var/log/audit/audit.log | grep type=AVC
getsebool -a
setsebool <bool> <on/off>

Through the logs I found that I was having issues with httpd write to a directory, cache was also in that error so I applied

semanage fcontext -a -t httpd_cache_t "/webapps/cache(/.*)?"
restorecon -Rv /webapps

This set and then applied the new policy to the offending directory.

This helped

Linux

OpenSUSE PlexMediaPlayer "CA Bundle not found"

sudo ln -s /var/lib/ca-certificates/ca-bundle.pem /etc/ssl/cert.pem

Linux

Linux Permissions

Give full control to files and directories for user and group

find /that/dir -type f -exec chmod u+rw,g+rw {} + ; find /that/dir -type d -exec chmod u+rwx,g+rwx {} +
Linux

Centos7 Root password reset

There are issues with selinux contexts if you just reset with any of the old fashion methods.

Procedure 25.5. Resetting the Root Password Using an Installation Disk

  1. Start the system and when BIOS information is displayed, select the option for a boot menu and select to boot from the installation disk.
  2. Choose Troubleshooting.
  3. Choose Rescue a Red Hat Enterprise Linux System.
  4. Choose Continue which is the default option. At this point you will be promoted for a passphrase if an encrypted file system is found.
  5. Press OK to acknowledge the information displayed until the shell prompt appears.
  6. Change the file system root as follows:
    sh-4.2# chroot /mnt/sysimage
  1. Enter the passwd command and follow the instructions displayed on the command line to change the root password.
  2. Remove the autorelable file to prevent a time consuming SELinux relabel of the disk:
    sh-4.2# rm -f /.autorelabel
  1. Enter the exit command to exit the chroot environment.
  2. Enter the exit command again to resume the initialization and finish the system boot.

I had issues with pam.d using "uid >=1000" as well, and then securetyy. I commented out the >=1000 lines from password-ac and system-auth-ac. I added tty1 to /etc/securetty

Linux

Centos 7 Static IP

TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eth0"
ONBOOT="yes"
TYPE="Ethernet"
IPADDR=
NETMASK=
GATEWAY=
UUID="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
DEVICE="eth0"
DNS1=
DNS2=
DOMAIN=
Linux

Grep

Search recursivley though all files for a term, and only display the file name in which the term is found.
grep -nrl term

Search for 2 independent terms.
grep -e term1 -e term2 FILE

Linux

What is the difference between "|", ">", and ">>"

At the most basic command 1 | command 2 sends the output from the first command as the input for the second command (pipe reads from STDOUT and writes to STDIN).

cat file.txt | grep "tux" will print out the file, and then use it as the input for the grep command.

> and >> are basically aliases for the tee command. The tee command writes files (tee reads from STDIN and writes to STDOUT). > is an alias for | tee and >> is an alias for | tee --append

If I want to write the current files in my home directory to a file I would use ls ~/ > files.txt The output of ls is now stored in the file files.txt.

I now want to add the contents of / into the same file. But using > again will overwrite the file, it will always clear all data from a file and replace it with its own load.

To add text to the end of a file we need >>. Using ls / >> files.txt will result in the contents of ~/ being in the top of our file and the contents of / being below that.

But > and >> are just aliases for a | tee command, you cannot write to a file you do not have permission for with these. If you need sudo to write a file, you will need to hand write out the full tee command. So to add the text Banner /etc/banner to the end of our sshd_config file we will need to use the command echo "Banner /etc/banner" | sudo tee --append /etc/ssh/sshd_config

Powershell

Powershell

Snippets

Admin check, just run Test-IsAdmin to call the function and output true or false. I use this for logging. If you want a hard fail for lack of admin use #Requires -RunAsAdministrator

function Test-IsAdmin {
    try {
        $identity = [Security.Principal.WindowsIdentity]::GetCurrent()
        $principal = New-Object Security.Principal.WindowsPrincipal -ArgumentList $identity
        return $principal.IsInRole( [Security.Principal.WindowsBuiltInRole]::Administrator )
    } catch {
        throw "Failed to determine if the current user has elevated privileges. The error was: '{0}'." -f $_
    }
}

Start service on remote machine

Get-Service -ComputerName <machine> -Name <service> | Set-Service -Status Running

Grep

| findstr -i <term>

Connect to Sharepoint online

# the name appearing in the URL of your sharepoint site before sharepoint.com
$orgName=""
# connect without using get-credential so that the modern prompt is generated allowing 2FA
Connect-SPOService -Url https://$orgName-admin.sharepoint.com```

Dates

$Date = Get-Date -Format yyyy-MM-dd
$Year = Get-Date -Format yyyy
$Month = Get-Date -Format MM
$Day = Get-Date -Format dd
$Hour = Get-Date -Format HH
$Minute = Get-Date -Format mm
$Second = Get-Date -Format ss
$Time = Get-Date -Format HH-mm-ss
$TimeStamp = Get-Date -Format s | foreach {$_ -replace ":", "-"}
Powershell

Storing and using credentials

Start with writing your password into a file

read-host -assecurestring | convertfrom-securestring | out-file C:\securestring.txt 

Next use the file in a script

$userName = "FooRoo"
$passWord = cat C:\securestring.txt | convertto-securestring
$credEntial = new-object -typename System.Management.Automation.PSCredential -argumentlist $userName,$passWord

<Command> -Credential $credEntial
Powershell

Template

<#
.SYNOPSIS
  <Overview of script>
.DESCRIPTION
  <Brief description of script>
.PARAMETER <Parameter_Name>
  <Brief description of parameter input required. Repeat this attribute if required>
.INPUTS
  <Inputs if any, otherwise state None>
.OUTPUTS
  <Outputs if any, otherwise state None - example: Log file stored in C:\Windows\Temp\<name>.log>
.NOTES
  Version:        1.0
  Author:         <Name>
  Creation Date:  <Date>
  Purpose/Change: Initial script development
  
.EXAMPLE
  <Example goes here. Repeat this attribute for more than one example>
#>

#----------[Initialisations]----------#

param (
	[Parameter(Mandatory=$True)]
	[Object]$param1, 
	[Parameter(Mandatory=$True)]
	[Object]$param2,
    [Object]$param3
)

#----------[Declarations]----------#


#----------[Functions]----------#


#----------Execution]----------#
Powershell

Running commands across an array or inventory (ansible like)

Windows

All the Windows jazz

Windows

Webcert from AD

openssl genrsa -out server.key 4096
openssl req -new -key server.key -out server.csr
certreq -submit -attrib "CertificateTemplate:WebServer" server.csr server.cer

You now have server.key, server.csr and server.cer

Use the .key as the key then concatenate server.cer ontop of the root cert.

Windows

SQL recovery

  1. THIS DIDNT WORK, the user was not an admin though they could auth

The local group that looks similair to SQLServerMSSQLUser$$SQLEXPRESS is a local admin group for the installed SQL, adding your user to that makes you an admin of the DB

  1. WORKED

Single User mode

net stop SQLSERVICE
net start SQLSERVICE /m
sqlcmd -S ./dbname
CREATE LOGIN fooroo WITH PASSWORD='P@ssword123'
GO
ALTER SERVER ROLE sysadmin ADD MEMBER fooroo
GO
Windows

Recover Workstation/Server Trust

Server or workstations with RSAT

netdom resetpwd /s:ActiveDirectoryServerName /ud:Domain\Username /pd:*

Workstations

Reset-ComputerMachinePassword -Credential <admin username> -Server <server>

Windows

Activate Eval Edition Server

dism /online /set-edition:ServerStandard /ProductKey:<key> /AcceptEula

Windows

Recovering a corrupt domain controller (C00002E2)

While using a 2016 domain controller at work in a system where it was the sole controller, it corrupted during a move. The server would boot to the C00002E2 stopcode. This is caused by corrupt transaction logs, it was likely abrubptly powered off. My first reaction is off course extreme dismay, but I had done this once before, so I know it was fixable.

I found this great article, though it was slightly flawed, these are more concise notes.

To get Server 2016 into the special "Directory Services Restore Mode (DSRM)" mode, you need to get into the recovery menu. Interupting boot twice will load you to the recovery menu. Choose Troubleshoot -> Start Up Settings -> Restart. Once booted into the recovery select "Directory Services Repair Mode"

Troubleshoot.png

StartUpSettings.png

ADBootSettings.png

Load up an admin command prompt and follow below.

To check the integrity of your database, this should fail with "CORRUPTED", it is the reason you are here.

ESENTUTL /g C:\windows\NTDS\ntds.dit /!10240 /8 /o

To attempt a soft reset use the below, this apparently fails more often that it works.

NTDSUTIL
Activate Instance ntds
Files
info
Recover

Quit all the way back to your C:\ prompt. Next you check your log files, this will say CORRUPT as well.

ESENTUTL /ml c:\windows\ntds\edb

Now you will need to navigate into C:\Windows\NTDS and append .bak to every .log file there, this is the first step of a hard reset, the second step is the next command.

Warning: Upon successful completion, ESENTUTL /p returns the database to the state of its last committed transaction. Recent changes may be lost; for this reason a full System State restore from daily backup is the best-practice method of recovering an AD server.

ESENTUTL /p C:\Winnt\NTDS\ntds.dit /!10240 /8 /o

Run our first command to check the new health

ESENTUTL /g C:\Winnt\NTDS\ntds.dit /!10240 /8 /o

Another check

NTDSUTIL
Activate Instance ntds
sem data ana
go

If a problem is detected (I did not have one) run go fix in the same prompt

Windows

Pulling ical (sharing) links from 365 mailboxes

I did this for a dashboard originally, and then also did it to sync my personal calendar to Nextcloud. It is a nice long list of commands but relatively straight forward.

To start a session set your execution policy and provide credentials. The credentials are your full email and password. As far as I can tell, this is a universal section that doesn't need to be modified.

Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

The next session is where you get your URLs from, you need to substitute email@domain.com and Calendar for your target user and calendar name (Calendar is default). This also generates an HTML link, it is a pretty display.

Import-PSSession $Session
Set-MailboxCalendarFolder email@domain.com:\Calendar -PublishEnabled $true
Set-MailboxCalendarFolder -DetailLevel fulldetail -identity email@domain.com:\Calendar
Get-MailboxCalendarFolder email@domain.com:\Calendar | fl
Windows

Sysvol

c:\windows\SYSVOL\SYSVOL

Game-Related

Game-Related

ArcheRage Paypal Donation

Using Paypal to donate to ArcheRage at the current time is difficult. The following (convoluted) method is shown to work though.

  1. You need to buy a PixelCard from https://pixelgamecard.com. Register an email with them and then log into the site.

    pixel1.PNG

  2. After login choose "Purchase" in the top menu.

    pixel2.PNG

  3. You will be making a "SUPER REWARDS" purchase.

    pixel3.PNG

  4. Once you make your purchase choose "Account" on the top menu.