Diary of technical happenstance, simple Internet accessible scratchpad, and brain dump to save myself later
Pages
▼
Tuesday, September 12, 2006
Repartee LX serial integration
1. To see live PMS and SMDI data along the lines of the DOS systems' ALT-8 command, set the startup line to ^# T12. Open a terminal and navigate to the /opt/vmail directory. Type tail -f REPLOG12.9 where 12.9 is the current day and month. You should see live replog parsed data on all serial ports.
Thursday, September 07, 2006
AD last login time
Nice script to find a user's last logon time from AD. It even converts the time result to human readable format.
' This VBScript code prints the last logon timestamp for a user.
' ---------------------------------------------------------------
' From the book "Active Directory Cookbook" by Robbie Allen
' Publisher: O'Reilly and Associates
' ISBN: 0-596-00466-4
' Book web site: http://rallenhome.com/books/adcookbook/code.html
' ---------------------------------------------------------------
' ------ SCRIPT CONFIGURATION ------
'strUserDN = "" ' e.g. cn=rallen,ou=Sales,dc=rallencorp,dc=com
strUserDN = "cn=Web Maxtor,ou=MyOffice,ou=MyOrganization,dc=MyDomain,dc=com"
' ------ END CONFIGURATION ---------
set objUser = GetObject("LDAP://" & strUserDN)
set objLogon = objUser.Get("lastLogonTimestamp")
intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart
intLogonTime = intLogonTime / (60 * 10000000)
intLogonTime = intLogonTime / 1440
WScript.Echo "Approx last logon timestamp: " & intLogonTime + #1/1/1601#
' This VBScript code prints the last logon timestamp for a user.
' ---------------------------------------------------------------
' From the book "Active Directory Cookbook" by Robbie Allen
' Publisher: O'Reilly and Associates
' ISBN: 0-596-00466-4
' Book web site: http://rallenhome.com/books/adcookbook/code.html
' ---------------------------------------------------------------
' ------ SCRIPT CONFIGURATION ------
'strUserDN = "
strUserDN = "cn=Web Maxtor,ou=MyOffice,ou=MyOrganization,dc=MyDomain,dc=com"
' ------ END CONFIGURATION ---------
set objUser = GetObject("LDAP://" & strUserDN)
set objLogon = objUser.Get("lastLogonTimestamp")
intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart
intLogonTime = intLogonTime / (60 * 10000000)
intLogonTime = intLogonTime / 1440
WScript.Echo "Approx last logon timestamp: " & intLogonTime + #1/1/1601#
Monday, September 04, 2006
PIX 501 install the easy way
Having found an old NFR PIX 501 from a previous employer in my basement, I decided the WPA-PSK encrypted WLAN I had based out of my home office just wasn't secure enough to hide my daughter's Barbie video games and my surfing history from the rest of the world. Of course I could spend $50.00 on a Linksys jobby running WPA2-AES, but that costs $50.00. I was going to make my measely little Netgear WGR614 responsible for my new DMZ, serving my work laptop on my couch. Everything else would sit behind the PIX, behind the Netgear.
Cisco was kind enough to include a browser based GUI in their PIX 501 firewalls, and you can typically reach it at https://192.168.1.1. I figured it would be helpful for a quick config, given my few demands. Wrong. Stay away.
Here's the network:
Cable based ISP DHCPing me one address ---> Netgear WGR614 at 10.10.10.1 broadcasting "SuperCrapNet" on b/g channel 1 ---> PIX501 at 10.10.10.2 (outside) and 192.168.1.1 (inside) ---> Me.
Here's my major changes via console, coutesy of Cisco.com with my site specific additions and changes:
!--- Enable error and more severe syslog messages
!--- to be saved to the local buffer.
logging buffered errors
!--- Send syslog messages to a syslog server
!--- on the inside interface if you want.
logging host inside 192.168.1.220
!--- define the interface addresses
ip address outside 10.10.10.2 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
!--- Using Pix version 5.2 or higher allows for a single
!--- outside IP address to be used the PIX and for PAT
global (outside) 1 interface
!--- If USING OLDER SOFTWARE:
!--- Define a Network Address Translation (NAT) pool that
!--- internal hosts use when going out to the Internet.
global (outside) 1 10.10.10.3-10.10.10.9
!--- Define a Port Address Translation (PAT) address that
!--- is used once the NAT pool is exhausted.
global (outside) 1 10.10.10.10
!--- END IF
!--- Allow all internal hosts to use
!--- the NAT or PAT addresses specified above.
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
!--- Apply access list 100 to the outside interface.
access-group 100 in interface outside
!--- Define a default route to the ISP's router,
!--- or in my case, the next router in line
route outside 0.0.0.0 0.0.0.0 10.10.10.1 1
!--- Allow the hosts on the 192.168.1.0 network
!--- to be able to Telnet to the inside of the PIX.
telnet 192.168.1.0 255.255.255.0 inside
!--- Setup DHCP DNS entry since outside interface is static
dhcpd dns 10.10.10.1
!--- Write configuration to the terminal for review
write term
!--- write to memory
write mem
Cisco was kind enough to include a browser based GUI in their PIX 501 firewalls, and you can typically reach it at https://192.168.1.1. I figured it would be helpful for a quick config, given my few demands. Wrong. Stay away.
Here's the network:
Cable based ISP DHCPing me one address ---> Netgear WGR614 at 10.10.10.1 broadcasting "SuperCrapNet" on b/g channel 1 ---> PIX501 at 10.10.10.2 (outside) and 192.168.1.1 (inside) ---> Me.
Here's my major changes via console, coutesy of Cisco.com with my site specific additions and changes:
!--- Enable error and more severe syslog messages
!--- to be saved to the local buffer.
logging buffered errors
!--- Send syslog messages to a syslog server
!--- on the inside interface if you want.
logging host inside 192.168.1.220
!--- define the interface addresses
ip address outside 10.10.10.2 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
!--- Using Pix version 5.2 or higher allows for a single
!--- outside IP address to be used the PIX and for PAT
global (outside) 1 interface
!--- If USING OLDER SOFTWARE:
!--- Define a Network Address Translation (NAT) pool that
!--- internal hosts use when going out to the Internet.
global (outside) 1 10.10.10.3-10.10.10.9
!--- Define a Port Address Translation (PAT) address that
!--- is used once the NAT pool is exhausted.
global (outside) 1 10.10.10.10
!--- END IF
!--- Allow all internal hosts to use
!--- the NAT or PAT addresses specified above.
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
!--- Apply access list 100 to the outside interface.
access-group 100 in interface outside
!--- Define a default route to the ISP's router,
!--- or in my case, the next router in line
route outside 0.0.0.0 0.0.0.0 10.10.10.1 1
!--- Allow the hosts on the 192.168.1.0 network
!--- to be able to Telnet to the inside of the PIX.
telnet 192.168.1.0 255.255.255.0 inside
!--- Setup DHCP DNS entry since outside interface is static
dhcpd dns 10.10.10.1
!--- Write configuration to the terminal for review
write term
!--- write to memory
write mem