set-Location c:\
Add-PSSnapin Quest.ActiveRoles.ADManagement
Get-PSsnapin
Set-QADPSSnapinSettings -DefaultSizeLimit 0
Get-Command Get-QAD*
Get-QADUser -sl 0 -IncludeAllProperties -SerializeValues
PS C:\> Get-QADUser spider001 -sl 0 -IncludeAllProperties -SerializeValues > C:\User.txt
PS C:\> Get-QADUser spider001 -sl 0 -IncludedProperties userAccountControl,’msDS-SupportedEncryptionTypes’ | Format-Tabl
e name,userAccountControl,’msDS-SupportedEncryptionTypes’
Name userAccountControl msDS-SupportedEncryptionTypes
spider001 2163200 31
PS C:\> Set-QADUser spider002 -objectAttributes @{‘msDS-SupportedEncryptionTypes’=31}
PS C:\> Set-QADUser spider002 -objectAttributes @{‘userAccountControl’=2163200}
PS C:\> Set-QADUser spider003 -objectAttributes @{‘msDS-SupportedEncryptionTypes’=31}
PS C:\> Set-QADUser spider003 -objectAttributes @{‘userAccountControl’=2163200}
PS C:\> Get-QADUser spider002 -sl 0 -IncludedProperties userAccountControl,’msDS-SupportedEncryptionTypes’ | Format-Tabl
e name,userAccountControl,’msDS-SupportedEncryptionTypes’
Name userAccountControl msDS-SupportedEncryptionTypes
spider002 2163200 31
3.1.1.005-GEN000100.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
#!/bin/bash
# Copyright (C) 2011 simonalsa
# http://www.simonalsa.com
# Author Simon Alonso Sanchez <simonalsa@simonalsa.com>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2
# of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Security Technical Implementation Guide (STIG)
# Security Readiness Review (SRR)
# Tested in GNU/Linux Debian distribution
# STIG|SRR definition
NUMBER="3.1.1.005"
LABEL="GEN000100"
# Section:
SECTION="Linux overview and site information"
# Process:
PROCESS="Operating system"
# Description:
DESCRIPTION="Checks the Linux supported release"
# Include global preferences
if [ -e $PWD/preferences.cfg ]; then
source $PWD/preferences.cfg
else
echo -e "Can not include the global preferences at $PWD/preferences.cfg \r"
exit
fi
# Include local preferences
if [ -e $PWD/$NUMBER-$LABEL.prefs ]; then
source $PWD/$NUMBER-$LABEL.prefs
else
echo -e "Can not include the local preferences at $PWD/$NUMBER-$LABEL.prefs \r"
exit
fi
# Section.Description
echo -e "STIG|SRR definition \r"
echo -e "\t Number: $NUMBER \r"
echo -e "\t Label: $LABEL \r"
echo -e "\t Section: $SECTION \r"
echo -e "\t Process: $PROCESS \r"
echo -e "\t Description: $DESCRIPTION \r"
echo -e "\r"
# Perform
if [ -x $CMD_LSB_RELEASE ]; then
CMD=$($CMD_LSB_RELEASE -d -s)
if [ $? -eq 0 ]; then
echo -e "Linux LSB release: \r"
echo -e "\t $CMD \r"
else
echo -e "Can not locate the Linux LSB release \r"
fi
else
echo -e "Can not locate the $CMD_LSB_RELEASE in the filesystem \r"
exit
fi
if [ -x $CMD_UNAME ]; then
CMD=$($CMD_UNAME)
if [ $? -eq 0 ]; then
KERNEL_NAME=$($CMD_UNAME --kernel-name)
KERNEL_RELEASE=$($CMD_UNAME --kernel-release)
KERNEL_VERSION=$($CMD_UNAME --kernel-version)
KERNEL_MACHINE=$($CMD_UNAME --machine)
KERNEL_PROCESSOR=$($CMD_UNAME --processor)
KERNEL_HARDWARE=$($CMD_UNAME --hardware-platform)
KERNEL_OS=$($CMD_UNAME --operating-system)
echo -e "Kernel release: \r"
echo -e "\t Name: $KERNEL_NAME \r"
echo -e "\t Release: $KERNEL_RELEASE \r"
echo -e "\t Version: $KERNEL_VERSION \r"
echo -e "\t Machine: $KERNEL_MACHINE \r"
echo -e "\t Processor: $KERNEL_PROCESSOR \r"
echo -e "\t Hardware: $KERNEL_HARDWARE \r"
echo -e "\t Operating system: $KERNEL_OS \r"
else
echo -e "Can not locate the Linux Kernel release \r"
fi
else
echo -e "Can not locate the $CMD_UNAME in the filesystem \r"
exit
fi
echo -e "\r" |
3.1.1.005-GEN000100.bash
Sample output
simonalsa@Desktop-01:~/$ bash 3.1.1.005-GEN000100.bash
STIG|SRR definition
Number: 3.1.1.005
Label: GEN000100
Section: Linux overview and site information
Process: Operating system
Description: Checks the Linux supported release
Linux LSB release:
Debian GNU/Linux 6.0.3 (squeeze)
Kernel release:
Name: Linux
Release: 2.6.32-5-amd64
Version: #1 SMP Thu Nov 3 03:41:26 UTC 2011
Machine: x86_64
Processor: unknown
Hardware: unknown
Operating system: GNU/Linux
Tags: Checks, linux, release, SRR, STIG, supported
Debian, Linux, Programación, Scripting, Scripts, Security, Shell, SRR, STIG | salonso | 
January 26, 2012 9:24 pm | 
Comments (0)
The objective is the reuse about variables and why not all GNU/Linux distributions installs the commands by default in the same place
I am going to allocate a variable per each different command. This file will be included in other shell scripts.
preferences.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| CMD_AWK="/usr/bin/awk"
CMD_CAT="/bin/cat"
CMD_CHGRP="/bin/chgrp"
CMD_CHMOD="/bin/chmod"
CMD_DD="/bin/dd"
CMD_DIFF="/usr/bin/diff"
CMD_ECHO="/bin/echo"
CMD_FIND="/usr/bin/find"
CMD_GREP="/bin/grep"
CMD_LAST="/usr/bin/last"
CMD_LASTB="/usr/bin/lastb"
CMD_LS="/bin/ls"
CMD_LSB_RELEASE="/usr/bin/lsb_release"
CMD_MKDIR="/bin/mkdir"
CMD_MKFS="/sbin/mkfs.ext2"
CMD_MKNOD="/bin/mknod"
CMD_MOUNT="/bin/mount"
CMD_MYSQL="/usr/bin/mysql"
CMD_PHP="/usr/bin/php5"
CMD_SED="/bin/sed"
CMD_SEQ="/usr/bin/seq"
CMD_SORT="/usr/bin/sort"
CMD_STAT="/usr/bin/stat"
CMD_TAIL="/usr/bin/tail"
CMD_TOUCH="/bin/touch"
CMD_TUNE2FS="/sbin/tune2fs"
CMD_UNAME="/bin/uname"
CMD_YES="/usr/bin/yes"
CMD_WC="/usr/bin/wc" |
This shell script "preferences.bash" checks the availability about each command defined in the variables saved in the data file "preferences.cfg".
preferences.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| #!/bin/bash
# Check the availability about the commands that will be used
# Include global preferences
source $PWD/preferences.cfg
CMD=$($CMD_CAT $PWD/preferences.cfg)
echo -e "Check the availability about the commands that will be used \r"
# Checks if path is ok
for line in $CMD;
do
TEST=$($CMD_ECHO "$line" | $CMD_AWK -F= '{ print $2 }' | $CMD_SED 's/"//g')
echo -n ""
if [ -e $TEST ]; then
echo -n "[Passed]"
else
echo -n "[Failed]"
fi
echo -n " ... $TEST"
echo -e "\r"
done; |
Sample output
Check the availability about the commands that will be used
[Passed] … /usr/bin/awk
[Passed] … /bin/cat
[Passed] … /bin/chgrp
[Passed] … /bin/chmod
[Passed] … /bin/dd
[Passed] … /usr/bin/diff
[Passed] … /bin/echo
[Passed] … /usr/bin/find
[Passed] … /bin/grep
[Passed] … /usr/bin/last
[Passed] … /usr/bin/lastb
[Passed] … /bin/ls
[Passed] … /usr/bin/lsb_release
[Passed] … /bin/mkdir
[Passed] … /sbin/mkfs.ext2
[Passed] … /bin/mknod
[Passed] … /bin/mount
[Failed] … /usr/bin/mysql
[Failed] … /usr/bin/php5
[Passed] … /bin/sed
[Passed] … /usr/bin/seq
[Passed] … /usr/bin/sort
[Passed] … /usr/bin/stat
[Passed] … /usr/bin/tail
[Passed] … /bin/touch
[Passed] … /sbin/tune2fs
[Passed] … /bin/uname
[Passed] … /usr/bin/yes
[Passed] … /usr/bin/wc
Tags: available, bash, commands, filesystem, shell script, testing
Linux, Programación, Scripting, Scripts, Security, Shell, SRR, STIG | salonso | 8:21 pm | Comments (0)
This script export all the virtual machines that are in halted state availables in Xen XCP’s domain.
The process is simple. Exports the virtual machine to the filesystem and compress the exported virtual machine into the filesystem. Repeat the process for each one virtual machine available in the Xen XCP’s domain.
Finally (as you want) shut down the host
Backup.bash
1 #/bin/bash
2
3 DATESTAMP=$(date +%F)
4
5 UUIDS=$(xe vm-list | grep uuid | awk -F: ‘ { print $2 }’ | sed ‘s/ //g’)
6
7 for UUID in $UUIDS
8 do
9 NAME=$(xe vm-list uuid=$UUID | grep name | awk -F: ‘ { print $2 }’ | sed ‘s/ //g’)
10 if [ $NAME != "Controldomainonhost" ]; then
11 xe vm-export filename=/backup/$UUID\_$NAME\_$DATESTAMP.xva uuid=$UUID
12 if [ $? -eq 0 ]; then
13 echo -e "The virtual machine $NAME has been exported"
14 else
15 echo -e "Can not export the virtual machine $NAME"
16 fi
17
18 gzip -9 /backup/$UUID\_$NAME\_$DATESTAMP.xva
19 rm -f /backup/$UUID\_$NAME\_$DATESTAMP.xva
20 fi
21 done
22
23
24 shutdown -h now
Result
[root@thor 20120118]# ls -lh *.gz | awk ‘{ print $9,"(",$5,")" }’
10761c7f-70a2-1263-43d4-53fdd059cf81_Log-Server-1.0_2012-01-18.xva.gz ( 417M )
16d0b2d3-51c1-e692-7f90-2473277b0f50_Web-Server-2.0_2012-01-18.xva.gz ( 1.1G )
1b8feb8e-04fe-2a4e-5716-dde1e375b2f9_LDAP-Server-2.0_2012-01-18.xva.gz ( 394M )
3e7ae452-52fb-7f3b-b105-087981a8a8b0_Application-Server-01_2012-01-18.xva.gz ( 994M )
46f069fb-0ca1-cbb0-d64c-2a5ea1d2a4bb_File-Server-2.0_2012-01-18.xva.gz ( 37G )
526e3294-b61b-7c39-debb-325d238c85f9_DNS-Server-1.0_2012-01-18.xva.gz ( 731M )
668d4e9b-cb44-24f7-7d23-2e0efc6627c3_Sql-Server-1.0_2012-01-18.xva.gz ( 7.4G )
6a7bea88-8b49-bc77-6cc9-06601aea6eaf_XCP-Server-1.1_2012-01-18.xva.gz ( 515M )
88357478-ac9e-51d1-b27d-2a9da6d75a3d_LDAP-Server-1.0_2012-01-18.xva.gz ( 380M )
910cbd07-3dde-974d-5595-3021103ad656_File-Server-1.0_2012-01-18.xva.gz ( 78G )
9e07177c-5bee-61a3-f743-6675f6a6a81e_DNS-Server-2.0_2012-01-18.xva.gz ( 435M )
f8c2291a-a387-69ca-a95e-e0383f717f83_Debian-Desktop-1.0_2012-01-18.xva.gz ( 1.1G )
Tags: backup, compress, domain, Export, Virtual Machines, XCP, Xen
Linux, Programación, Scripting, Scripts, Shell, Virtualization, XEN | salonso | January 19, 2012 8:54 pm | Comments (1)
This simple script lets read the uuid and name about each Xen XCP’s VM and shutdown one by one if the Xen Guest Tools are installed in each VM
Take care about NFS’s mounts because if the NFS server goes offline before the NFS clients then you must stop the services manually before the shutdown process will be effective
The script must be runned as Xen XCP domain administrator privileges
Shutdown.bash
1 #/bin/bash
2
3 DATESTAMP=$(date +%F)
4
5 UUIDS=$(xe vm-list | grep uuid | awk -F: ‘ { print $2 }’ | sed ‘s/ //g’)
6
7 for UUID in $UUIDS
8 do
9 NAME=$(xe vm-list uuid=$UUID | grep name | awk -F: ‘ { print $2 }’ | sed ‘s/ //g’)
10 if [ $NAME != "Controldomainonhost" ]; then
11 xe vm-shutdown uuid=$UUID
12 if [ $? -eq 0 ]; then
13 echo -e "The virtual machine $NAME has been stopped"
14 else
15 echo -e "Can not stop the virtual machine $NAME"
16 fi
17 fi
18 done
19
20
21 #shutdown -h now
Console stdout
[root@thor Script]# bash Shutdown.bash
The virtual machine Application-Server-01 has been stopped
The virtual machine LDAP-Server-1.0 has been stopped
The virtual machine LDAP-Server-2.0 has been stopped
The virtual machine File-Server-1.0 has been stopped
The virtual machine Web-Server-2.0 has been stopped
The virtual machine File-Server-2.0 has been stopped
You attempted an operation on a VM that was not in an appropriate power state at the time; for example, you attempted to start a VM that was already running. The parameters returned are the VM’s handle, and the expected and actual VM state at the time of the call.
vm: 10761c7f-70a2-1263-43d4-53fdd059cf81 (Log-Server-1.0)
expected: running
actual: halted
Can not stop the virtual machine Log-Server-1.0
The virtual machine Application-Server-03 has been stopped
The virtual machine Debian-Desktop-1.0 has been stopped
The virtual machine DNS-Server-1.0 has been stopped
The virtual machine Application-Server-02 has been stopped
The virtual machine DNS-Server-2.0 has been stopped
The virtual machine Sql-Server-1.0 has been stopped
The virtual machine Web-Server-1.0 has been stopped
The virtual machine Web-Server-3.0 has been stopped
Load the snap into the Powershell environment
set-Location c:\
Add-PSSnapin Quest.ActiveRoles.ADManagement
Get-PSsnapin
Set-QADPSSnapinSettings -DefaultSizeLimit 0
Get-Command Get-QAD*
Next, define the users domain into a CSV file. For example “USERS.csv”
name, displayName, givenName, sn, sAMAccountName, UserPassword
Troy Williams,Troy Williams (O),Troy,Williams,troy.williams,XXXXX
Beth Williams,Beth Williams (O),Beth,Williams,beth.williams,YYYYY
Note that the CSV file must be saved and encoded in Unicode format not in ANSI. Use the notepad to alter this feature.
Finally, load and pipe the CSV content using the Import-CSV to the new-qadUser cmdlet
Import-CSV .\USERS.csv | %{new-qadUser -ParentContainer ‘OU=PruebaSimon,DC=simonalsa,DC=com’ -DisplayName $_.’displayName’ -FirstName $_.’givenName’ -LastName $_.’sn’ -Name $_.’name’ -sAMAccountName $_.’sAMAccountName’ -UserPassword $_.’UserPassword’ }
Powershell Community Extensions
Web: http://pscx.codeplex.com/
Download: Pscx-2.0.0.1.zip
This variable contains the directory from which the script module is being executed. This variable allows scripts to use the module path to access other resources.
Cmd>set PSScriptRoot=T:\Trabajo\Powershell
This variable contains a list of module locations.
Cmd>set PSModulePath=T:\Trabajo\Powershell
Powershell> Import-Module Pscx
I got two files to perform the Site Collection Back Up of a Sharepoint Server.
My username have the same rights that the username who have installed Sharepoint Server.
Backup.bat start up Powershell script.
Backup.ps1 adds the Sharepoint Powershell Snap-In to Powershell shell and performs the Site Collection Backup Up.
Backup.bat
IOF>>
Powershell Backup.ps1
<<EOF
Backup.ps1
IOF>>
Add-PSSnapin Microsoft.SharePoint.PowerShell
<<EOF
MS Sharepoint Backup Procedures
Back up a farm (SharePoint Server 2010)
http://technet.microsoft.com/en-us/library/ee428316.aspx
When you are moving or migrating a WordPress’s solution between diferent web servers and domains you must update the dabatase parameters if your want work with WordPress in the new environment.
The database parameters are “siteurl” and “home” option. You can find this parameters into the table wp_options.
SQL> update wp_options set option_value=”http://www.simonalsa.com” where option_name=”siteurl” or option_name=”home”
Using Quest QAD cmdlets,
Make a new group
PS C:\> new-QADGroup -ParentContainer ‘OU=Users,DC=simonalsa,DC=com’ -Name ‘Group1′ -samAccountName Group1′ -GroupType ‘Security’ -GroupScope ‘Global’
Add user to the group
PS C:\> add-QADGroupMember Group1 SIMONALSA\User1
Subscribe