set-Location c:\
Add-PSSnapin Quest.ActiveRoles.ADManagement
Get-PSsnapin
Set-QADPSSnapinSettings -DefaultSizeLimit 0
Get-Command Get-QAD*
Get-QADUser -sl 0 -IncludeAllProperties -SerializeValues
PS C:\> Get-QADUser spider001 -sl 0 -IncludeAllProperties -SerializeValues > C:\User.txt
PS C:\> Get-QADUser spider001 -sl 0 -IncludedProperties userAccountControl,’msDS-SupportedEncryptionTypes’ | Format-Tabl
e name,userAccountControl,’msDS-SupportedEncryptionTypes’
Name userAccountControl msDS-SupportedEncryptionTypes
spider001 2163200 31
PS C:\> Set-QADUser spider002 -objectAttributes @{‘msDS-SupportedEncryptionTypes’=31}
PS C:\> Set-QADUser spider002 -objectAttributes @{‘userAccountControl’=2163200}
PS C:\> Set-QADUser spider003 -objectAttributes @{‘msDS-SupportedEncryptionTypes’=31}
PS C:\> Set-QADUser spider003 -objectAttributes @{‘userAccountControl’=2163200}
PS C:\> Get-QADUser spider002 -sl 0 -IncludedProperties userAccountControl,’msDS-SupportedEncryptionTypes’ | Format-Tabl
e name,userAccountControl,’msDS-SupportedEncryptionTypes’
Name userAccountControl msDS-SupportedEncryptionTypes
spider002 2163200 31
mmc adsiedit.msc || ADSI group policy editor
Encryption types allowed (default value 31):
- DES_CBC_CRC
- DES_CBC_MD5
- RC4_HMAC_MD5
- AES128_HMAC_SHA1
- AES256_HMAC_SHA1
mmc gpedit.msc || Local group policy
Encryption types:
- DES_CBC_CRC
- DES_CBC_MD5
- RC4_HMAC_MD5
- AES128_HMAC_SHA1
- AES256_HMAC_SHA1
mmc dsa.msc || Active Directory Users and Computers
Generate a hash for password
root@Desktop-01:/etc/grub.d# grub-mkpasswd-pbkdf2
Enter password:
Reenter password:
Your PBKDF2 is grub.pbkdf2.sha512.10000…..
Create and define restriction rules for grub
root@Desktop-01:/etc/grub.d# cat 40_custom
#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the ‘exec tail’ line above.
set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000……
Update the grub rules
root@Desktop-01:/etc/grub.d# grub-mkconfig
### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the ‘exec tail’ line above.
set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000……
### END /etc/grub.d/40_custom ###
root@Desktop-01:/etc/grub.d# update-grub
Generating grub.cfg …
Found background image: /usr/share/images/desktop-base/desktop-grub.png
Found linux image: /boot/vmlinuz-2.6.32-5-amd64
Found initrd image: /boot/initrd.img-2.6.32-5-amd64
done
OpenXenManager is a graphical interface to manage XenServer / Xen Cloud Platform (XCP) hosts through the network. OpenXenManager is an open-source multiplatform clone of XenCenter (Citrix).
Project homepage
http://sourceforge.net/projects/openxenmanager/
It is Open Source tool and developed in Phyton.
I dunno how it is developped but the most important dependencies for running it are packaged in Phyton. I am using it in Debian linux distribution since a year and works stable.
The purpose about this powerfull tool it is manage the Xen XCP’s domains and the virtual machines which are running into the domains using the Xen XCP’s hypervisor.
You can do the most important virtualization tasks with a couple of clicks using the graphical user interface.
Have more features than his brother Citrix XenCenter that only works under Windows platform.
It is easy install in every linux distribution, you only must deploy his dependencies before running it.
This is a nice tool.
Screenshots
3.1.1.005-GEN000100.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
#!/bin/bash
# Copyright (C) 2011 simonalsa
# http://www.simonalsa.com
# Author Simon Alonso Sanchez <simonalsa@simonalsa.com>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2
# of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Security Technical Implementation Guide (STIG)
# Security Readiness Review (SRR)
# Tested in GNU/Linux Debian distribution
# STIG|SRR definition
NUMBER="3.1.1.005"
LABEL="GEN000100"
# Section:
SECTION="Linux overview and site information"
# Process:
PROCESS="Operating system"
# Description:
DESCRIPTION="Checks the Linux supported release"
# Include global preferences
if [ -e $PWD/preferences.cfg ]; then
source $PWD/preferences.cfg
else
echo -e "Can not include the global preferences at $PWD/preferences.cfg \r"
exit
fi
# Include local preferences
if [ -e $PWD/$NUMBER-$LABEL.prefs ]; then
source $PWD/$NUMBER-$LABEL.prefs
else
echo -e "Can not include the local preferences at $PWD/$NUMBER-$LABEL.prefs \r"
exit
fi
# Section.Description
echo -e "STIG|SRR definition \r"
echo -e "\t Number: $NUMBER \r"
echo -e "\t Label: $LABEL \r"
echo -e "\t Section: $SECTION \r"
echo -e "\t Process: $PROCESS \r"
echo -e "\t Description: $DESCRIPTION \r"
echo -e "\r"
# Perform
if [ -x $CMD_LSB_RELEASE ]; then
CMD=$($CMD_LSB_RELEASE -d -s)
if [ $? -eq 0 ]; then
echo -e "Linux LSB release: \r"
echo -e "\t $CMD \r"
else
echo -e "Can not locate the Linux LSB release \r"
fi
else
echo -e "Can not locate the $CMD_LSB_RELEASE in the filesystem \r"
exit
fi
if [ -x $CMD_UNAME ]; then
CMD=$($CMD_UNAME)
if [ $? -eq 0 ]; then
KERNEL_NAME=$($CMD_UNAME --kernel-name)
KERNEL_RELEASE=$($CMD_UNAME --kernel-release)
KERNEL_VERSION=$($CMD_UNAME --kernel-version)
KERNEL_MACHINE=$($CMD_UNAME --machine)
KERNEL_PROCESSOR=$($CMD_UNAME --processor)
KERNEL_HARDWARE=$($CMD_UNAME --hardware-platform)
KERNEL_OS=$($CMD_UNAME --operating-system)
echo -e "Kernel release: \r"
echo -e "\t Name: $KERNEL_NAME \r"
echo -e "\t Release: $KERNEL_RELEASE \r"
echo -e "\t Version: $KERNEL_VERSION \r"
echo -e "\t Machine: $KERNEL_MACHINE \r"
echo -e "\t Processor: $KERNEL_PROCESSOR \r"
echo -e "\t Hardware: $KERNEL_HARDWARE \r"
echo -e "\t Operating system: $KERNEL_OS \r"
else
echo -e "Can not locate the Linux Kernel release \r"
fi
else
echo -e "Can not locate the $CMD_UNAME in the filesystem \r"
exit
fi
echo -e "\r" |
3.1.1.005-GEN000100.bash
Sample output
simonalsa@Desktop-01:~/$ bash 3.1.1.005-GEN000100.bash
STIG|SRR definition
Number: 3.1.1.005
Label: GEN000100
Section: Linux overview and site information
Process: Operating system
Description: Checks the Linux supported release
Linux LSB release:
Debian GNU/Linux 6.0.3 (squeeze)
Kernel release:
Name: Linux
Release: 2.6.32-5-amd64
Version: #1 SMP Thu Nov 3 03:41:26 UTC 2011
Machine: x86_64
Processor: unknown
Hardware: unknown
Operating system: GNU/Linux
Tags: Checks, linux, release, SRR, STIG, supported
Debian, Linux, Programación, Scripting, Scripts, Security, Shell, SRR, STIG | salonso | 
January 26, 2012 9:24 pm | 
Comments (0)
The objective is the reuse about variables and why not all GNU/Linux distributions installs the commands by default in the same place
I am going to allocate a variable per each different command. This file will be included in other shell scripts.
preferences.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| CMD_AWK="/usr/bin/awk"
CMD_CAT="/bin/cat"
CMD_CHGRP="/bin/chgrp"
CMD_CHMOD="/bin/chmod"
CMD_DD="/bin/dd"
CMD_DIFF="/usr/bin/diff"
CMD_ECHO="/bin/echo"
CMD_FIND="/usr/bin/find"
CMD_GREP="/bin/grep"
CMD_LAST="/usr/bin/last"
CMD_LASTB="/usr/bin/lastb"
CMD_LS="/bin/ls"
CMD_LSB_RELEASE="/usr/bin/lsb_release"
CMD_MKDIR="/bin/mkdir"
CMD_MKFS="/sbin/mkfs.ext2"
CMD_MKNOD="/bin/mknod"
CMD_MOUNT="/bin/mount"
CMD_MYSQL="/usr/bin/mysql"
CMD_PHP="/usr/bin/php5"
CMD_SED="/bin/sed"
CMD_SEQ="/usr/bin/seq"
CMD_SORT="/usr/bin/sort"
CMD_STAT="/usr/bin/stat"
CMD_TAIL="/usr/bin/tail"
CMD_TOUCH="/bin/touch"
CMD_TUNE2FS="/sbin/tune2fs"
CMD_UNAME="/bin/uname"
CMD_YES="/usr/bin/yes"
CMD_WC="/usr/bin/wc" |
This shell script "preferences.bash" checks the availability about each command defined in the variables saved in the data file "preferences.cfg".
preferences.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| #!/bin/bash
# Check the availability about the commands that will be used
# Include global preferences
source $PWD/preferences.cfg
CMD=$($CMD_CAT $PWD/preferences.cfg)
echo -e "Check the availability about the commands that will be used \r"
# Checks if path is ok
for line in $CMD;
do
TEST=$($CMD_ECHO "$line" | $CMD_AWK -F= '{ print $2 }' | $CMD_SED 's/"//g')
echo -n ""
if [ -e $TEST ]; then
echo -n "[Passed]"
else
echo -n "[Failed]"
fi
echo -n " ... $TEST"
echo -e "\r"
done; |
Sample output
Check the availability about the commands that will be used
[Passed] … /usr/bin/awk
[Passed] … /bin/cat
[Passed] … /bin/chgrp
[Passed] … /bin/chmod
[Passed] … /bin/dd
[Passed] … /usr/bin/diff
[Passed] … /bin/echo
[Passed] … /usr/bin/find
[Passed] … /bin/grep
[Passed] … /usr/bin/last
[Passed] … /usr/bin/lastb
[Passed] … /bin/ls
[Passed] … /usr/bin/lsb_release
[Passed] … /bin/mkdir
[Passed] … /sbin/mkfs.ext2
[Passed] … /bin/mknod
[Passed] … /bin/mount
[Failed] … /usr/bin/mysql
[Failed] … /usr/bin/php5
[Passed] … /bin/sed
[Passed] … /usr/bin/seq
[Passed] … /usr/bin/sort
[Passed] … /usr/bin/stat
[Passed] … /usr/bin/tail
[Passed] … /bin/touch
[Passed] … /sbin/tune2fs
[Passed] … /bin/uname
[Passed] … /usr/bin/yes
[Passed] … /usr/bin/wc
Tags: available, bash, commands, filesystem, shell script, testing
Linux, Programación, Scripting, Scripts, Security, Shell, SRR, STIG | salonso | 8:21 pm | Comments (0)
This bash shell script reads from file the configuration (Memory.pref) about the predefined virtual machines memory ram values and sets the values for each one virtual machines available (DMC dynamic and static range limits) in a Xen XCP domain.
Memory.bash
1 #!/bin/bash
2 VM_NAMES=$(for i in `xe vm-list params=name-label | grep "name-label" | grep -v "Control" | sort | awk -F": " ‘{ print $2 }’`; do echo $i ; done)
3 for VM_NAME in $VM_NAMES;
4 do
5 UUID=$(xe vm-list name-label=$VM_NAME params=uuid | grep uuid | awk -F": " ‘{ print $2 }’)
6 if [ $? -eq 0 ]; then
7 LIMITS=$(cat Memory.prefs | grep $VM_NAME)
8 if [ $? -eq 0 ]; then
9 MINIMUM_DYN=$(echo $LIMITS | awk -F":" ‘{ print $2 }’)
10 MINI_DYN=$[$MINIMUM_DYN * 1024 * 1024]
11 MAXIMUM_DYN=$(echo $LIMITS | awk -F":" ‘{ print $3 }’)
12 MAXI_DYN=$[$MAXIMUM_DYN * 1024 * 1024]
13
14 MINIMUM_ST=$(echo $LIMITS | awk -F":" ‘{ print $4 }’)
15 MINI_ST=$[$MINIMUM_ST * 1024 * 1024]
16 MAXIMUM_ST=$(echo $LIMITS | awk -F":" ‘{ print $5 }’)
17 MAXI_ST=$[$MAXIMUM_ST * 1024 * 1024]
18
19 #echo "DYN: $MINIMUM_DYN as $MINI_DYN ….VS… $MAXIMUM_DYN as $MAXI_DYN"
20 #echo "ST: $MINIMUM_ST as $MINI_ST ….VS… $MAXIMUM_ST as $MAXI_ST"
21
22 CHECK1=false
23 SETPARAM=$(xe vm-param-set uuid=$UUID memory-static-min=$MINI_ST)
24 if [ $? -eq 0 ]; then
25 CHECK1=true;
26 fi
27 SETPARAM=$(xe vm-param-set uuid=$UUID memory-static-max=$MAXI_ST)
28 if [ $? -eq 0 ]; then
29 CHECK2=true;
30 fi
31
32 if [ $CHECK1 = true ]; then
33 if [ $CHECK2 = true ]; then
34 echo "The DMC static range ( $MINIMUM_ST … $MAXIMUM_ST ) about $VM_NAME virtual machine has been updated successfully"
35 else
36 echo "Can not update the maximun DMC static range about $VM_NAME virtual machine"
37 fi
38 else
39 echo "Can not update the minimum DMC static range about $VM_NAME virtual machine"
40 fi
41
42 SETPARAM=$(xe vm-memory-dynamic-range-set uuid=$UUID min=$MINI_DYN max=$MAXI_DYN)
43 if [ $? -eq 0 ]; then
44 echo "The DMC dynamic range ( $MINIMUM_DYN … $MAXIMUM_DYN ) about $VM_NAME virtual machine has been updated successfully"
45 else
46 echo "Can not update the DMC dynamic range about $VM_NAME virtual machine"
47 fi
48 fi
49 fi
50 done
Set the default memory ram values for each virtual machine in "Memory.prefs"
Fields:
1- Virtual machine name as "name-label"
2.- DMC’s dynamic lower limit value about as "memory-dynamic-min"
3.- DMC’s dynamic higger limit value about as "memory-dynamic-max"
4.- DMC’s static lower limit as "memory-static-min"
5.- DMC’s static higger as "memory-static-max"
Memory.prefs
1 Application-Server-01:256:512:192:576
2 Application-Server-02:256:512:192:576
3 Application-Server-03:256:512:192:576
4 Debian-Desktop-1.0:256:384:224:416
5 DNS-Server-1.0:64:88:48:104
6 DNS-Server-2.0:64:88:48:104
7 File-Server-1.0:128:192:96:224
8 File-Server-2.0:128:192:96:224
9 LDAP-Server-1.0:64:88:48:104
10 LDAP-Server-2.0:64:88:48:104
11 Log-Server-1.0:64:88:48:104
12 Sql-Server-1.0:128:256:96:224
13 Web-Server-1.0:88:152:72:168
14 Web-Server-2.0:88:152:72:168
15 Web-Server-3.0:88:152:72:168
Output
[root@thor ~]# bash Memory.bash
The DMC static range ( 192 … 576 ) about Application-Server-01 virtual machine has been updated successfully
The DMC dynamic range ( 256 … 512 ) about Application-Server-01 virtual machine has been updated successfully
The DMC static range ( 192 … 576 ) about Application-Server-02 virtual machine has been updated successfully
The DMC dynamic range ( 256 … 512 ) about Application-Server-02 virtual machine has been updated successfully
The DMC static range ( 192 … 576 ) about Application-Server-03 virtual machine has been updated successfully
The DMC dynamic range ( 256 … 512 ) about Application-Server-03 virtual machine has been updated successfully
The DMC static range ( 224 … 416 ) about Debian-Desktop-1.0 virtual machine has been updated successfully
The DMC dynamic range ( 256 … 384 ) about Debian-Desktop-1.0 virtual machine has been updated successfully
The DMC static range ( 48 … 104 ) about DNS-Server-1.0 virtual machine has been updated successfully
The DMC dynamic range ( 64 … 88 ) about DNS-Server-1.0 virtual machine has been updated successfully
The DMC static range ( 48 … 104 ) about DNS-Server-2.0 virtual machine has been updated successfully
The DMC dynamic range ( 64 … 88 ) about DNS-Server-2.0 virtual machine has been updated successfully
The DMC static range ( 96 … 224 ) about File-Server-1.0 virtual machine has been updated successfully
The DMC dynamic range ( 128 … 192 ) about File-Server-1.0 virtual machine has been updated successfully
The DMC static range ( 96 … 224 ) about File-Server-2.0 virtual machine has been updated successfully
The DMC dynamic range ( 128 … 192 ) about File-Server-2.0 virtual machine has been updated successfully
The DMC static range ( 48 … 104 ) about LDAP-Server-1.0 virtual machine has been updated successfully
The DMC dynamic range ( 64 … 88 ) about LDAP-Server-1.0 virtual machine has been updated successfully
The DMC static range ( 48 … 104 ) about LDAP-Server-2.0 virtual machine has been updated successfully
The DMC dynamic range ( 64 … 88 ) about LDAP-Server-2.0 virtual machine has been updated successfully
The DMC static range ( 48 … 104 ) about Log-Server-1.0 virtual machine has been updated successfully
The DMC dynamic range ( 64 … 88 ) about Log-Server-1.0 virtual machine has been updated successfully
The DMC static range ( 96 … 224 ) about Sql-Server-1.0 virtual machine has been updated successfully
The DMC dynamic range ( 128 … 256 ) about Sql-Server-1.0 virtual machine has been updated successfully
The DMC static range ( 72 … 168 ) about Web-Server-1.0 virtual machine has been updated successfully
The DMC dynamic range ( 88 … 152 ) about Web-Server-1.0 virtual machine has been updated successfully
The DMC static range ( 72 … 168 ) about Web-Server-2.0 virtual machine has been updated successfully
The DMC dynamic range ( 88 … 152 ) about Web-Server-2.0 virtual machine has been updated successfully
The DMC static range ( 72 … 168 ) about Web-Server-3.0 virtual machine has been updated successfully
The DMC dynamic range ( 88 … 152 ) about Web-Server-3.0 virtual machine has been updated successfully
Runtime RAM values
"xentop"
Tags: bash, DMC, domain, dynamic, limits, memory, RAM, range, set, shell script, values, Virtual Machines, VM, XCP, Xen
Configuración, Virtualization, XEN | salonso | January 22, 2012 12:37 am | Comments (0)
Dynamic Memory Control (DMC) is a technology provided by Xen Cloud Platform (XCP).
DMC allows you to change the amount of host memory assigned to any running virtual server, without rebooting it.
Using DMC, it’s possible to operate a guest virtual machine in one of two modes:
1) Target Mode
The administrator specifies a memory target for the guest. XCP adjusts the guest’s memory allocation to meet the target.
2) Dynamic Range Mode
The administrator specifies a dynamic memory range for the guest. XCP chooses a target from within the range and adjusts the guest’s memory allocation to meet the target. Dynamic memory range represents the lower and upper limit of a dynamic memory range. It’s the minimum and maximun amount of memory that the administrator is happy for a guest to use.
You can alter the VM’s DMC mode "as you want" online without reboot it.
Check http://wiki.xensource.com/xenwiki/Dynamic_Memory_Control for more information
For example:
1) Mode As Target Mode ( 160 MB )
[root@thor ~]# xe vm-memory-target-set uuid=9e07177c-5bee-61a3-f743-6675f6a6a81e target=167772160
[root@thor ~]# xe vm-param-list uuid=9e07177c-5bee-61a3-f743-6675f6a6a81e | grep "memory-" | grep -v "last" | grep -v "recomendation"
…
…
memory-static-max ( RW): 167772160
memory-static-min ( RW): 67108864
…
…
[root@thor ~]# xe vm-param-get uuid=9e07177c-5bee-61a3-f743-6675f6a6a81e param-name=memory-target
167772160
"DNS-Server-XX"
2) Mode As Dynamic Range Mode ( [64...128] MB )
Set VM’s DMC limits
[root@thor ~]# xe vm-memory-dynamic-range-set uuid=9e07177c-5bee-61a3-f743-6675f6a6a81e min=67108864 max=134217728
Check VM’s DMS limits
[root@thor ~]# xe vm-param-list uuid=9e07177c-5bee-61a3-f743-6675f6a6a81e | grep "memory-" | grep -v "last" | grep -v "recommendations"
…
…
memory-dynamic-max ( RW): 134217728
memory-dynamic-min ( RW): 67108864
…
…
[root@thor ~]# xe vm-param-get uuid=9e07177c-5bee-61a3-f743-6675f6a6a81e param-name=memory-target
134217728
"DNS-Server-XX"
Really nice powerfull feature
Subscribe