DevRandom

All my side adventures that don't deserve a book.

Linux

Linux

LVM Shenanigans

Making a larger partition from new disk space

Enlarge the partition with parted

parted (select disk)
resizepart #
100%

LVM: we need to tell the LV subsystem about the new disk space; we do this by first extending the physical volume which occupies the partition:

pvresize /dev/sdX#

then the logical volume

lvresize -r -l 100%PVS /dev/mapper/XXXXXXXX

Moving disk space around

File system check the volume to be shrunk, then shrink it by several GB more than you will be reclaiming. It will be enlarged later. Shrink the volume by your desired amount.

Assuming an end goal of 200G

e2fsck -f /dev/foo/roo
resize2fs /dev/foo/roo 180G
lvreduce -L /dev/foo/roo 200G

Enlarge your target voume to take all now free space

lvresize -r -l 100%PVS /dev/foo/boo

Fix the filesystems

resize2fs /dev/foo/roo
resize2fs /dev/foo/boo
Linux

Discline

Available here, this terminal app provides a simple way to access discord in a minimal or covert fashion.

The docmentation is relatively straight forward, the only issue I encounted was aqcuiring the token. I used a YouTube video because the guide on the git page didn't seem to work for Chromium derivatives. This guides says hit F12, then go to your networking tab. Reload the discord page and look for the "application" field that was returned. The long string following "authorization" is your token, it can look very diffrerent from the one provided on the git page.

You can do some fun things with this, like setting your active game.

From what I can see, all basic commands are based on the client, there are not global commands that are interpreted by the server. All functionality used by the CLI client will need to be bot based.

Issues:

I have noticied that commands to switch servers and channels can be iffy, needing to be entered multiple times.

Linux

SELinux Debugging

I was looking to debug SELINUX on a new server and kept finding complex specialty commands, like here but all of those utilities are huge or not existent in default repos of Centos7, so I found more native ways to troubleshoot.

cat /var/log/audit/audit.log | grep type=AVC
getsebool -a
setsebool <bool> <on/off>

Through the logs I found that I was having issues with httpd write to a directory, cache was also in that error so I applied

semanage fcontext -a -t httpd_cache_t "/webapps/cache(/.*)?"
restorecon -Rv /webapps

This set and then applied the new policy to the offending directory.

This helped

Linux

OpenSUSE PlexMediaPlayer "CA Bundle not found"

sudo ln -s /var/lib/ca-certificates/ca-bundle.pem /etc/ssl/cert.pem

Linux

Linux Permissions

Give full control to files and directories for user and group

find /that/dir -type f -exec chmod u+rw,g+rw {} + ; find /that/dir -type d -exec chmod u+rwx,g+rwx {} +
Linux

Centos7 Root password reset

There are issues with selinux contexts if you just reset with any of the old fashion methods.

Procedure 25.5. Resetting the Root Password Using an Installation Disk

  1. Start the system and when BIOS information is displayed, select the option for a boot menu and select to boot from the installation disk.
  2. Choose Troubleshooting.
  3. Choose Rescue a Red Hat Enterprise Linux System.
  4. Choose Continue which is the default option. At this point you will be promoted for a passphrase if an encrypted file system is found.
  5. Press OK to acknowledge the information displayed until the shell prompt appears.
  6. Change the file system root as follows:
    sh-4.2# chroot /mnt/sysimage
  1. Enter the passwd command and follow the instructions displayed on the command line to change the root password.
  2. Remove the autorelable file to prevent a time consuming SELinux relabel of the disk:
    sh-4.2# rm -f /.autorelabel
  1. Enter the exit command to exit the chroot environment.
  2. Enter the exit command again to resume the initialization and finish the system boot.

I had issues with pam.d using "uid >=1000" as well, and then securetyy. I commented out the >=1000 lines from password-ac and system-auth-ac. I added tty1 to /etc/securetty

Linux

Centos 7 Static IP

TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eth0"
ONBOOT="yes"
TYPE="Ethernet"
IPADDR=
NETMASK=
GATEWAY=
UUID="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
DEVICE="eth0"
DNS1=
DNS2=
DOMAIN=

Powershell

Powershell

Snippets

Admin check, just run Test-IsAdmin to call the function and output true or false. I use this for logging. If you want a hard fail for lack of admin use #Requires -RunAsAdministrator

function Test-IsAdmin {
    try {
        $identity = [Security.Principal.WindowsIdentity]::GetCurrent()
        $principal = New-Object Security.Principal.WindowsPrincipal -ArgumentList $identity
        return $principal.IsInRole( [Security.Principal.WindowsBuiltInRole]::Administrator )
    } catch {
        throw "Failed to determine if the current user has elevated privileges. The error was: '{0}'." -f $_
    }
}

Start service on remote machine

Get-Service -ComputerName <machine> -Name <service> | Set-Service -Status Running

Grep

| findstr -i <term>

Connect to Sharepoint online

# the name appearing in the URL of your sharepoint site before sharepoint.com
$orgName=""
# connect without using get-credential so that the modern prompt is generated allowing 2FA
Connect-SPOService -Url https://$orgName-admin.sharepoint.com```
Powershell

Windows specs

$admin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)

Get-Date
Write-Host "`n" -NoNewline

function Get-OS{
    $OSInfo = Get-WmiObject Win32_OperatingSystem
    $OS = $OSInfo.Version
    return $OS
}
Write-Host "OS: " -NoNewline
Get-OS
Write-Host "`n" -NoNewline

function Get-CPU{
    $CPUInfo = Get-WmiObject Win32_Processor
    $CPU = $CPUInfo.Name
    return $CPU
}
Write-Host "CPU: " -NoNewline
Get-CPU
Write-Host "`n" -NoNewline

function Get-Temperature {
    $t = Get-WmiObject MSAcpi_ThermalZoneTemperature -Namespace "root/wmi" -ErrorAction SilentlyContinue
    $returntemp = @()
    if ($t){
        foreach ($temp in $t.CurrentTemperature) {
            $currentTempKelvin = $temp / 10
            $currentTempCelsius = $currentTempKelvin - 273.15

            $currentTempFahrenheit = (9/5) * $currentTempCelsius + 32

            $returntemp += $currentTempCelsius.ToString() + " C : " + $currentTempFahrenheit.ToString() + " F : " + $currentTempKelvin + "K"  
        }
    }
    else {
        $returntemp = "Not supported"
        }
    return $returntemp
}
Write-Host "CPU Temperature: " -NoNewline
Get-Temperature
Write-Host "`n" -NoNewline

function Get-Mobo{
    $moboBase = Get-WmiObject Win32_BaseBoard
    $moboMan = $moboBase.manufacturer
    $moboMod = $moboBase.product
    $mobo = $moboMan + " | " + $moboMod
    return $mobo
}
Write-Host "Motherboard: " -NoNewline
Get-Mobo
Write-Host "`n" -NoNewline

function Get-GPU {
    $GPUbase = Get-WmiObject Win32_VideoController
    $GPUname = $GPUbase.Name
    $GPU= $GPUname + " at " + $GPUbase.CurrentHorizontalResolution + "x" + $GPUbase.CurrentVerticalResolution
    return $GPU
}
Write-Host "Graphics Card: " -NoNewline
Get-GPU
Write-Host "`n" -NoNewline

function Get-Startup {
    $startBase = Get-CimInstance Win32_StartupCommand
    $startNames = $startBase.Caption
    return $startNames
}
Write-Host "Startup Tasks for user: "
Get-Startup
Write-Host "`n" -NoNewline

function Get-Processes {
    $procBase = Get-Process
    $procTrash = $procBase.ProcessName
    $procClean = $procTrash | select -Unique
    return $procClean
}
Write-Host "Running processes: "
Get-Processes
Write-Host "`n" -NoNewline

Write-Host "Services: " -NoNewline
Get-Service | Format-Table

if ($admin -eq $true) {
function Get-SMART {
    $smartBase = gwmi -namespace root\wmi -class MSStorageDriver_FailurePredictStatus
    $smartValue = $smartBase | Select InstanceName, PredictFailure | Format-Table
    return $smartValue
}
Write-Host "Basic SMART: " -NoNewline
Get-SMART
}

Windows

Windows

Webcert from AD

openssl genrsa -out server.key 4096
openssl req -new -key server.key -out server.csr
certreq -submit -attrib "CertificateTemplate:WebServer" server.csr server.cer

You now have server.key, server.csr and server.cer

Use the .key as the key then concatenate server.cer ontop of the root cert.

Windows

SQL recovery

  1. THIS DIDNT WORK, the user was not an admin though they could auth

The local group that looks similair to SQLServerMSSQLUser$$SQLEXPRESS is a local admin group for the installed SQL, adding your user to that makes you an admin of the DB

  1. WORKED

Single User mode

net stop SQLSERVICE
net start SQLSERVICE /m
sqlcmd -S ./dbname
CREATE LOGIN fooroo WITH PASSWORD='P@ssword123'
GO
ALTER SERVER ROLE sysadmin ADD MEMBER fooroo
GO
Windows

Recover Workstation/Server Trust

Server or workstations with RSAT

netdom resetpwd /s:ActiveDirectoryServerName /ud:Domain\Username /pd:*

Workstations

Reset-ComputerMachinePassword -Credential <admin username> -Server <server>

Windows

Activate Eval Edition Server

dism /online /set-edition:ServerStandard /ProductKey:<key> /AcceptEula

Windows

Recovering a corrupt domain controller (C00002E2)

While using a 2016 domain controller at work in a system where it was the sole controller, it corrupted during a move. The server would boot to the C00002E2 stopcode. This is caused by corrupt transaction logs, it was likely abrubptly powered off. My first reaction is off course extreme dismay, but I had done this once before, so I know it was fixable.

I found this great article, though it was slightly flawed, these are more concise notes.

To get Server 2016 into the special "Directory Services Restore Mode (DSRM)" mode, you need to get into the recovery menu. Interupting boot twice will load you to the recovery menu. Choose Troubleshoot -> Start Up Settings -> Restart. Once booted into the recovery select "Directory Services Repair Mode"

Troubleshoot.png

StartUpSettings.png

ADBootSettings.png

Load up an admin command prompt and follow below.

To check the integrity of your database, this should fail with "CORRUPTED", it is the reason you are here.

ESENTUTL /g C:\windows\NTDS\ntds.dit /!10240 /8 /o

To attempt a soft reset use the below, this apparently fails more often that it works.

NTDSUTIL
Activate Instance ntds
Files
info
Recover

Quit all the way back to your C:\ prompt. Next you check your log files, this will say CORRUPT as well.

ESENTUTL /ml c:\windows\ntds\edb

Now you will need to navigate into C:\Windows\NTDS and append .bak to every .log file there, this is the first step of a hard reset, the second step is the next command.

Warning: Upon successful completion, ESENTUTL /p returns the database to the state of its last committed transaction. Recent changes may be lost; for this reason a full System State restore from daily backup is the best-practice method of recovering an AD server.

ESENTUTL /p C:\Winnt\NTDS\ntds.dit /!10240 /8 /o

Run our first command to check the new health

ESENTUTL /g C:\Winnt\NTDS\ntds.dit /!10240 /8 /o

Another check

NTDSUTIL
Activate Instance ntds
sem data ana
go

If a problem is detected (I did not have one) run go fix in the same prompt

Windows

Pulling ical (sharing) links from 365 mailboxes

I did this for a dashboard originally, and then also did it to sync my personal calendar to Nextcloud. It is a nice long list of commands but relatively straight forward.

To start a session set your execution policy and provide credentials. The credentials are your full email and password. As far as I can tell, this is a universal section that doesn't need to be modified.

Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

The next session is where you get your URLs from, you need to substitute email@domain.com and Calendar for your target user and calendar name (Calendar is default). This also generates an HTML link, it is a pretty display.

Import-PSSession $Session
Set-MailboxCalendarFolder email@domain.com:\Calendar -PublishEnabled $true
Set-MailboxCalendarFolder -DetailLevel fulldetail -identity email@domain.com:\Calendar
Get-MailboxCalendarFolder email@domain.com:\Calendar | fl

Game-Related

Game-Related

ArcheRage Paypal Donation

Using Paypal to donate to ArcheRage at the current time is difficult. The following (convoluted) method is shown to work though.

  1. You need to buy a PixelCard from https://pixelgamecard.com. Register an email with them and then log into the site.

    pixel1.PNG

  2. After login choose "Purchase" in the top menu.

    pixel2.PNG

  3. You will be making a "SUPER REWARDS" purchase.

    pixel3.PNG

  4. Once you make your purchase choose "Account" on the top menu.