PowerShell can access the registry on a remote computer. There doesn’t appear to be built-in cmdlets to do it, so we have to do it the old fashioned way.
The example below will return some important information about a domain controller: Continue reading “Remote Registry with PowerShell”
Configure and test the iptables script similar to the example below.
The following commands will flush existing rules and set the default rule to drop traffic:
# Flush existing rules
iptables -F -t nat
# Set default policies to DROP
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
Continue reading “Configure IPTables”
Allow all user to sudo without password
<username> ALL=(ALL) NOPASSWD: ALL
Allow members of the wheel group to sudo without password
%wheel ALL=(ALL) NOPASSWD: ALL
Allow user to sudo for the listed commands
<username> ALL=/sbin/shutdown -h now, reboot, tcpdump
The Secure Shell daemon should be hardened to prevent unauthorized access before being put into production.
Verify that /etc/ssh/sshd_config contains the following lines and that they are not commented out.
- Protocol 2
- IgnoreRhosts yes
- HostbasedAuthentication no
- PermitRootLogin no
- Banner /etc/issue (See banner example below)
- PermitEmptyPasswords no
- AllowTcpForwarding no (unless needed)
- X11Forwarding no
- AllowUsers <username1> <username2> (Optional)
- DenyUsers <username1> <username2> (Optional) Continue reading “Configure SSHD for Security”
Webmin makes it easy to perform administrative tasks via a web interface. Once the Webmin repos are installed the package can be installed using Yum.
Download and install the key for the Webmin repo
rpm --import jcameron-key.asc
Continue reading “Install Webmin on CentOS 6”
Problems with a host’s secure channel can be responsible for a number of authentication issues.
Each host that is joined to Active Directory maintains a local secret, or password, that is created by the client and stored in Active Directory. The client will initiate a password change every 30 days by default. Active Directory will store the current password as well as the previous password in the computer object for the joined host. Each time the client creates a new password, it creates the new password locally and stores it in the registry and then attempts to update the password in Active Directory. If the Active Directory password update is unsuccessful, the client keeps the newly created password and continues to attempt updating the Active Directory password. Continue reading “Reset Secure Channel”
I’ve created the exact same lab a dozen times with the same three Linux hosts. It’s time to automate the process with a script. The scripts assume that the virtual switches are already created, although their creation or a check to verify their existence could easily be added.
The first host, RT-ISP-01, is a router that has one interface on the connected to the “External” switch for access to the Internet and an interface on the “Network A” and “Network B” private switches. The other two hosts, SVR-A-01 and SVR-B-01, are attached to the “Network A” and “Network B” respectively.
Each host gets 512MB of RAM and a single 40GB hard drive.
The initial setup of these Linux hosts require that legacy interfaces are used at first. The script removes the default interface and adds the appropriate legacy interfaces.
Each host has its DVD drive configured to contain the Linux install ISO so that it is ready to go when the host is started. Continue reading “PowerShell to Create Multiple Hyper-V VMs”