Author Archives: AnonIT

Create a temporary folder in powershell

I needed to create a temporary folder. I modified the code found here https://stackoverflow.com/questions/34559553/create-a-temporary-directory-in-powershell. One issue in the original code was the chance (albeit extremely slight) of having a name collision with an existing folder. The script below checks and tries 5 times before failing. It isn’t neat, and is somewhat of a brute force method of getting around the issue, but it gets the job done. You can see the modified code here https://pastebin.com/DPfj3iT7

Install Unifi Controller on Rasperry PI

Install pi
enable ssh
connect to wifi
change password
sudo apt-get install rpi-update && echo Y | sudo rpi-update
sudo apt-get update && sudo apt-get upgrade -y
sudo apt-get -y install oracle-java8-jdk
https://help.ubnt.com/hc/en-us/articles/115015026968-UniFi-Supported-Java-JRE-Version

Add unifi to sources list
echo ‘deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti’ | sudo tee -a /etc/apt/sources.list.d/100-ubnt.list > /dev/null

sudo apt-get -y install dirmngr
Add key to our raspberry pi
sudo apt-key adv –keyserver keyserver.ubuntu.com –recv 06E85760C0A52C50
sudo apt-get update
sudo apt-get install unifi -y
sudo systemctl stop mongodb
sudo systemctl disable mongodb
sudo reboot
logon to website: https://%controllerIP%:8443

References: https://community.ubnt.com/t5/UniFi-Wireless/UniFi-Controller-5-5-on-Raspberry-Pi/td-p/2045751

Delete declined updates in WSUS

We have all seen poorly maintained WSUS servers.  This script can assist by deleting declined updates.  Combine this with a number of other methods of housekeeping on WSUS servers.

Additionally using the script we can see all the objects returned by the command $wsus.getupdates() | get-member | select name

Name
----
AcceptLicenseAgreement
Approve
ApproveForOptionalInstall
CancelDownload
CreateObjRef
Decline
Equals
ExpirePackage
ExportPackageMetadata
GetChangesFromPreviousRevision
GetHashCode
GetInstallableItems
GetLicenseAgreement
GetLifetimeService
GetRelatedUpdates
GetSummary
GetSummaryForComputerTargetGroup
GetSummaryPerComputerTargetGroup
GetSupportedUpdateLanguages
GetType
GetUpdateApprovals
GetUpdateCategories
GetUpdateClassification
GetUpdateEventHistory
GetUpdateInstallationInfoPerComputerTarget
InitializeLifetimeService
PurgeAssociatedReportingEvents
Refresh
RefreshUpdateApprovals
ResumeDownload
ToString
AdditionalInformationUrls
ArrivalDate
CompanyTitles
CreationDate
DefaultPropertiesLanguage
Description
HasEarlierRevision
HasLicenseAgreement
HasStaleUpdateApprovals
HasSupersededUpdates
Id
InstallationBehavior
IsApproved
IsBeta
IsDeclined
IsEditable
IsLatestRevision
IsSuperseded
IsWsusInfrastructureUpdate
KnowledgebaseArticles
LegacyName
MsrcSeverity
ProductFamilyTitles
ProductTitles
PublicationState
ReleaseNotes
RequiresLicenseAgreementAcceptance
SecurityBulletins
Size
State
Title
UninstallationBehavior
UpdateClassificationTitle
UpdateServer
UpdateSource
UpdateType

Create a DHCP Superscope

A transient (we were bought in to assist migration to new MSP) customer wanted to increase DHCP addresses without creating a VLAN.  They were looking at increasing their available IP addresses by about 200, and their current network was a /24 (192.168.17.0).

image

Firstly, add the new gateway IP address to the router.  In this case (on a Server 2008 Windows router), 192.168.17.1 was the original router IP, we add 192.168.18.1.

On the DHCP server, right click IPv4 and select New Scope…

Follow the wizard…

Assign the IP range to exclude and a delay if necessary

Change the default duration if necessary (default 8 days)

More than likely you will need to configure DHCP options

Add the router address as used above

Add DNS Servers in

Add WINS if necessary

Activate the scope

And click Finish

Your DHCP console should look something similar to this:

Right click on IPv4 and select New Superscope…

Click Next

Name the Superscope and click Next

image

Add the available scopes you wish to include in the Superscope and click Next

Click Finish

You should then see devices picking up an address from the 2nd scope as appropriate.

image

 

You can see more details on the Console icons here:

http://anonit.net/server-2008-r2-dhcp-console-icons-reference/

http://anonit.net/server-2003-2008-dhcp-console-icons-reference/

 

Now off to fix the next few issues at this site:

image

image

References:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc757614(v=ws.10)

https://msdn.microsoft.com/en-us/library/dd891486.aspx

Install JDK10 on raspberry pi

install pi – http://anonit.net/headless-install-of-raspbian-jessie/

enable ssh
connect to wifi
change password

sudo apt-get install rpi-update && echo Y | sudo rpi-update
sudo apt-get update && sudo apt-get upgrade -y

(using nano instead of vi)

sudo apt-get install pv
sudo dd if=/dev/zero bs=1M count=1024 | pv | sudo dd of=/var/SWAPFILE
sudo mkswap /var/SWAPFILE
sudo nano /etc/dphys-swapfile

Modify the following lines:

CONF_SWAPFILE=/var/SWAPFILE

CONF_SWAPSIZE=1024

reboot

check the swap file size with

swapon -s
The swap size should be 1048572 (ish)
sudo apt-get install openjdk-9-jdk
sudo apt-get install build-essential libx11-dev libxext-dev libxrender-dev libxtst-dev libxt-dev libcups2-dev libasound2-dev libfontconfig1-dev zip mercurial

hg clone http://hg.openjdk.java.net/jdk/jdk10
(clones the repo – may take some time (30 mins internet dependant))
cd jdk10
bash configure –disable-warnings-as-errors –with-native-debug-symbols=none –with-version-pre=”armhf” –with-version-build=46 –with-version-opt=””
make LOG=cmdlines images
(builds java from source – may take some time (210 mins))
test:
cd jdk10/build/linux-arm-normal-server-release/jdk/
bin/java -version
openjdk version “10-armhf” 2018-03-20
OpenJDK Runtime Environment (build 10-armhf+46)
OpenJDK Server VM (build 10-armhf+46, mixed mode)

 

References: https://blogs.oracle.com/jtc/build-jdk-10-for-your-raspberry-pi-right-on-your-device

 

Connect to Exchange powershell remotely

Connect to Exchange powershell remotely using the following commands

$exchCred=Get-Credential
$exchUri=”
http://servername/powershell”

$exchSession=New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $exchUri -Authentication Kerberos -Credential $exchCred
Import-PSSession $exchSession

$exchCred is the credentials used to connect

$exchUri is the Uri of the Exchange server powershell virtual directory.  EG: http://exchange.anonit.net/powershell

 

To remove the session at the end, use Remove-PSSession $exchSession

 

See the powershell script here

 

Reference:

https://community.spiceworks.com/scripts/show/3956-connect-to-exchange-powershell-remotely

 

Install netdata on C.H.I.P (or a raspberry PI)

 
Netdata details: https://github.com/firehol/netdata/wiki

Requirements:
C.H.I.P: http://anonit.blogspot.com.au/2016/08/installing-chip-headless.html; or
Raspberry PI:  http://anonit.blogspot.com.au/2016/05/headless-install-of-raspbian-jessie.html

Logon to the device using SSH.
Check if CURL is installed by using the command
which curl
if it is not installed then install using sudo apt-get install curl.
Install the full install packages for netdata:
curl -Ss ‘https://raw.githubusercontent.com/firehol/netdata-demo-site/master/install-required-packages.sh’ >/tmp/kickstart.sh && bash /tmp/kickstart.sh -i netdata-all
(There is a minimum install package that can be used if necessary: curl -Ss ‘https://raw.githubusercontent.com/firehol/netdata-demo-site/master/install-required-packages.sh’ >/tmp/kickstart.sh && bash /tmp/kickstart.sh -i netdata)
Download the netdata installer:
git clone https://github.com/firehol/netdata.git –depth=1
go into the netdata folder:
cd netdata
install netdata:
sudo ./netdata-installer.sh
Once installed, you can access the website on %IPADDRESS%:19999
to update, go into the netdata folder:
cd netdata
and run the updater:
sudo ./netdata-updater.sh
references:  https://github.com/firehol/netdata/wiki/Installation

Installing Pi-hole on a C.H.I.P

Requirements: C.H.I.P configured as: http://anonit.blogspot.com.au/2016/08/installing-chip-headless.html, with a static IP address

Type the command
sudo cp /etc/resolv.conf resolv.conf.bak
sudo nano /etc/resolv.conf

Edit the nameserver to have the DNS forwader settings of your choice.

Save and Exit Nano.

Install curl using the command

sudo apt-get –y install curl

Download and install pi-hole:
wget –O basic-install.sh https://install.pi-hole.net
chmod +x basic-install.sh
./basic-install.sh

Press OK

You should donate (I did!).  Press OK

Chose wlan0 and press OK (wlan1 is bluetooth)

Choose IPv4, IPv6 or both and press OK

If the IP address is correct, select YES

If the IP address you have assigned the CHIP is within the DHCP range of your DHCP Server or router, you may need to exclude this IP address, or modify the range.
Click OK

Select the DNS servers to use as forwarders.  If you are not sure, choose Google, and select OK.

Once the install is complete, press OK

You can add additional block lists by doing the following:
sudo cp /etc/pihole/adlists.default /etc/pihole/adlists.list
sudo nano /etc/pihole/adlists.list

Add the bottom to the file (or add your own)

##############
# Additional #
##############
#easylist
https://easylist.to/easylist/easylist.txt
https://easylist-downloads.adblockplus.org/easyprivacy.txt
#malwaredomains
http://www.malwaredomainlist.com/hostslist/hosts.txt
http://mirror1.malwaredomains.com/files/justdomains
#Peter Lowes Ad Server List
https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext
#Ublock Filters
https://github.com/gorhill/uBlock/blob/master/assets/ublock/filters.txt
https://github.com/gorhill/uBlock/blob/master/assets/ublock/badware.txt
https://github.com/gorhill/uBlock/blob/master/assets/ublock/privacy.txt
https://github.com/gorhill/uBlock/blob/master/assets/ublock/unbreak.txt
Reboot the chip with
sudo reboot

Change the DNS on your computer / or router to point to the IP address of the chip.  In a Window DNS environment, change the DNS forwarders

You can check the status and modify the blocklist / whitelist by navigating to:
http://nnn.nnn.nnn.nnn/admin/

References:
https://github.com/pi-hole/pi-hole
http://jacobsalmela.com/network-wide-hardware-ad-blocking-9-chip-hole/