krypted.com

Tiny Deathstars of Foulness

Tomcat logs events into the system log. You can use the get-wmiobject commandlet to see events. Here, we’ll look at a JSS and view only system events:

Get-WmiObject Win32_NTLogEvent -ComputerName $jss -Filter "LogFile='system'

We can then use AND to further constrain to specific messages, in this case those containing Tomcat:

Get-WmiObject Win32_NTLogEvent -ComputerName $jss -Filter "LogFile='system' AND (Message like '%Tomcat%')

We can then further constrain output to those with a specific EventCode with another compound statement:

Get-WmiObject Win32_NTLogEvent -ComputerName $jss -Filter "LogFile='system' AND (Message like '%Tomcat%') AND (EventCode=1024)

For a comprehensive list of Windows event codes, see https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx.

You could instead use get-eventlog to see system logs. For example, the following will list the latest 100 entries in the system log:

Get-Eventlog -LogName system -Newest 1000

And the following lists the number of unique entries in descending order using Sort-Object, along with the -Property option set to count:

Get-Eventlog -LogName system -Newest 1000 | Sort-Object -Property count -Descending

And the following would additionally constrain the output to entries with the word Tomcat using the -Message option:

Get-Eventlog -LogName system -Newest 1000 -Message "*Tomcat*" | Sort-Object -Property count -Descending

And to focus on a server called jss, use the -ComputerName option:

Get-Eventlog -LogName system -Newest 1000 -Message "*Tomcat*" -ComputerName "localhost" | Sort-Object -Property count -Descending

July 11th, 2017

Posted In: JAMF, Windows Server

Tags: , , , , , , ,

Leave a Comment

June 21st, 2017

Posted In: MacAdmins Podcast

Tags: , , , , ,

June 2nd, 2017

Posted In: Mac OS X, Mac OS X Server, Mac Security, MacAdmins Podcast

Tags: , , , , ,

Over the users I’ve written a good bit about pushing a workload off to a virtual machine sitting in a data center somewhere. The Google CloudPlatform has matured a lot and I haven’t really gotten around to writing about it. So… It’s worth going into their SDK and what it looks like from a shell using some quick examples.

For starters, you’ll need an account with Google Cloud Platform, at cloud.google.com and you’ll want to go ahead and login to the interface, which is pretty self-explanatory (although at first you might have to hunt a little for some of the more finely grained features, like zoning virtual instances.

The SDK

The SDK will include the gcloud command, which you’ll use to perform most tasks in the Google CloudPlatform. To install the SDK, go to https://cloud.google.com/sdk/downloads and download the appropriate version for your computer. If you’re on a mac, most likely the x86_64 version.

Next, move the downloaded folder to a permanent location and run the install.sh inside it, which will kindly offer to add gcloud to your path.

./install.sh

Welcome to the Google Cloud SDK!
To help improve the quality of this product, we collect anonymized usage data
and anonymized stacktraces when crashes are encountered; additional information
is available at <https://cloud.google.com/sdk/usage-statistics>. You may choose
to opt out of this collection now (by choosing ‘N’ at the below prompt), or at
any time in the future by running the following command:
gcloud config set disable_usage_reporting true
Do you want to help improve the Google Cloud SDK (Y/n)?  y
Modify profile to update your $PATH and enable shell command
completion?
Do you want to continue (Y/n)?  y
The Google Cloud SDK installer will now prompt you to update an rc
file to bring the Google Cloud CLIs into your environment.
Enter a path to an rc file to update, or leave blank to use
[/Users/charlesedge/.bash_profile]:
Backing up [/Users/charlesedge/.bash_profile] to [/Users/charlesedge/.bash_profile.backup].
[/Users/charlesedge/.bash_profile] has been updated.
==> Start a new shell for the changes to take effect.
For more information on how to get started, please visit:
https://cloud.google.com/sdk/docs/quickstarts

Inside that bin folder, you’ll find the gcloud python script, which once installed, you can then run. Next, you’ll need to run the init, which links it to your CloudPlatform account via oauth. To do so, run gcloud with the init verb, which will step you through the process:

gcloud init

Welcome! This command will take you through the configuration of gcloud.
Your current configuration has been set to: [default]
You can skip diagnostics next time by using the following flag:
gcloud init –skip-diagnostics

Network diagnostic detects and fixes local network connection issues.
Checking network connection…done.
Reachability Check passed.
Network diagnostic (1/1 checks) passed.

You must log in to continue. Would you like to log in (Y/n)? y

If you say yes in the above screen, your browser will then prompt you with a standard Google oauth screen where you’ll need to click Allow.

Now go back to Terminal and pick a “Project” (when you set up billing the default was created for you):

Pick cloud project to use:
[1] seventh-capsule-138123
[2] Create a new project
Please enter numeric choice or text value (must exactly match list
item):
1

The Command Line

Next, we’re gonna’ create a VM. There are several tables that lay out machine types. Let’s start by listing any instances we might have:

gcloud compute instances list

Listed 0 items.

Note: If you have a lot of these you can use  --regexp to filter them quickly.

Then let’s pick a machine type. A description of machine types can be found at https://cloud.google.com/compute/docs/machine-types. And an image. Images can be seen using the compute command with images and then list, as follows:

gcloud compute images list

Now, let’s use that table from earlier and make a custom machine using an ubuntu uri, a –custom-cpu and a –custom-memory:

gcloud compute instances create krypted1 –image https://www.googleapis.com/compute/v1/projects/ubuntu-os-cloud/global/images/ubuntu-1610-yakkety-v20170502 –custom-cpu 2 –custom-memory 5

You’ll then see that your VM is up, running, and… has an IP:

Created [https://www.googleapis.com/compute/v1/projects/seventh-capsule-138523/zones/us-central1-a/instances/krypted1].
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
krypted1 us-central1-a custom (2 vCPU, 5.00 GiB) 10.128.0.2 104.154.169.65 RUNNING

Now let’s SSH in:

gcloud compute ssh krypted1

This creates ssh keys, adds you to the hosts and SSH’s you into a machine. So viola. You’re done. Oh wait, you don’t want to leave it running forever. After all, you’re paying by the minute… So let’s list your instances:

gcloud compute instances list

Then let’s stop the one we just created:

gcloud compute instances stop krypted1

And if you’d like, tear it down:

gcloud compute instances delete krypted1

Overall, super logical, very easy to use, and lovely command line environment. Fast, highly configurable VMs. Fun times!

May 18th, 2017

Posted In: cloud, Mac OS X, Ubuntu, Unix

Tags: , , , , , , ,

Added 3 new flags into precache tonight: –jamfserver, –jamfuser, and –jamfpassword. These are used to provide a Jamf Pro server (or cloud instance), the username to an account that can list the mobile devices on that server, and a password to that account respectively.

Basically, when you provide these, the script will pull a unique set of models and then precache updates for them. It’s similar to grabbing a list of devices:

curl -s -u myuser:mypassword https://myserver.jamfcloud.com/JSSResource/mobiledevices

And then piping the output of a device list to:

perl -lne 'BEGIN{undef $/} while (/<model_identifier>(.*?)<\/model_identifier>/sg){print $1}'

And then running that array as an input to precache.py. Hope this helps make the script more useful!

May 13th, 2017

Posted In: iPhone, Mac OS X Server

Tags: , , , , , ,

April 23rd, 2017

Posted In: iPhone, MacAdmins Podcast, Mass Deployment

Tags: , , , ,

MySQL usually pulls settings from a my.cnf file. However, you can end up with settings in include files, which can be defined in the my.cnf using the following directives:

include /home/mydir/myopt.cnf
includedir /home/mydir

Because of this, and the fact that you might not have access to all locations of .cnf files on a filesystem, you can also grab them using the SHOW VARIABLES option within SQL, obtained by

/usr/local/mysql/bin/mysql -uroot -p mypassword -e "SHOW VARIABLES;" > /tmp/SQLSettings.txt

In the above command, -uroot defines we’ll be accessing with the root user, -p defines the password (listed as mypassword) and the -e defines that we want to execute a command and then quit. We then use > to dump the output into the defined file.

April 21st, 2017

Posted In: Mac OS X, SQL

Tags: , , ,

There’s a macOS tool called AssetCacheLocatorUtil located at /usr/bin/AssetCacheLocatorUtil. The output is in… stderr. Because stderr is so fun to work with (note that sed -i only works with stdin). So, to update the caching server(s) you are using and only print the IP address of those, you’d do the following:

/usr/bin/AssetCacheLocatorUtil 2>&1 | grep guid | awk '{print$4}' | sed 's/^\(.*\):.*$/\1/' | uniq

If you use Jamf Pro and would like to use this as an extension attribute, that’s posted here: https://github.com/krypted/cachecheck. I didn’t do any of the if/then there, as I’d usually just do that on the JSS.

April 17th, 2017

Posted In: Mac OS X, Mac Security, Mass Deployment, Network Infrastructure, precache

Tags: , , , , , , , , , ,

April 6th, 2017

Posted In: MacAdmins Podcast

Tags: , , , , , ,

There are two useful commands when scripting operations that involve filenames and paths. The first of these is dirname: dirname can be used to return the directory portion of a path. The second is basename: basename can be used to output the file name portion of a path.

For our first example, let’s say that we have an output of /users/krypted, which we know to be the original short name of my user. To just see just that username, we could use basename to call it:

basename /users/charlesedge

Basename can also be used to trim output. For example, let’s say there was a document called myresume.pdf in my home folder and we wanted to grab that without the file extension. We could run basename using the -s option, followed by the string at the end that we do not want to see to output of (the file extension:

basename -s .pdf /users/charlesedge/myresume.pdf

The dirname command is even more basic. It outputs the directory portion of the file’s path. For example, based on the same string, the following would tell you what directory the user is in:

dirname /users/charlesedge

A great example of when this gets more useful is keying off of currently active data. For example, if we’re scripting a make operation, we can use the which command to get an output that just contains the path to the make binary:

which make

We can then wrap that for expansion and grab just the place that the active make binary is stored:

dirname `which make`

This allows us to key other operations off the path of an object. A couple of notable example of this is home or homeDirectory paths and then breaking up data coming into a script via a positional parameter (e.g. $1).

You can also use variables as well. Let’s say that

homedir=/users/krypted ; dirname $homedir

Finally, keep in mind that dirname is relative, so if you’re calling it for ~/ then you’ll see the output at that relative path.

April 5th, 2017

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , ,

Next Page »