Enable:
config system global
set daily-restart enable
set restart-time 02:00
end
Disable:
config system global
set daily-restart disable
end
Schedule a reboot on a FortiGate
Leave a reply
xrdp on Kali
apt-get update apt-get full-upgrade -y apt-get install -y kali-desktop-xfce xorg xrdp echo "[i] Configuring xrdp to listen to port 3390 (but not starting the service)" sed -i 's/port=3389/port=3390/g' /etc/xrdp/xrdp.ini sudo /etc/init.d/xrdp start sudo systemctl enable xrdp
Access it from MS RDP using port 3390 (it translates to 3389 – see the line with sed to change)
from https://www.kali.org/docs/general-use/xfce-with-rdp/
Fortigate FG-IR-19-007
Nessus shows a vulnerability – Fortinet FortiOS < 5.6.10 / 6.0 < 6.0.7 / 6.2.x < 6.2.1 Vulnerable Encryption (FG-IR-19-007)
Description
The remote host is running a version of FortiOS that has not yet enabled private-data-encryption. A authorized remote user with access or knowledge of the standard encryption key could gain access and decrypt the FortiOS backup files and all non-administor passwords and private keys.’ (CVE-2019-6693)
Solution
Ensure that Fortinet FortiOS has been updated to 5.6.10, 6.0.7, 6.2.1, or later.
Additionally the user will need to set the private-data-encryption attribute based on instructions contained in FG-IR-19-007 advisory.
Additionally the user will need to set the private-data-encryption attribute based on instructions contained in FG-IR-19-007 advisory.
See Also
Output
FortiOS is currently running a vulnerable configuration, Based on private-data-encryption is currently not enabled. Please ensure private-data-encryption is enabled.
Generate a 32 digit hex string, and enter the following commands:
#config system global
# set private-data-encryption enable
# end
Please type your private data encryption key (32 hexadecimal numbers):
<ENTER 32 DIGIT HEX STRING>
Please re-enter your private data encryption key (32 hexadecimal numbers) again:
<ENTER 32 DIGIT HEX STRING>
References:
https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=FG-IR-19-007
delete lines containing $STRING in vscode
Needed to search CSV file for a specific string, and delete any lines containing that string. Strangely enough I was already looking at the file in VSCode so decided to use that for the replace.
Do a search and replace, select regex, and use the format
^.*($STRING).*\n?
Where wordToSearchFor is the word to remove the entire line of, and use a replace entry of blank. ($STRING can’t contain a pipe character).
eg: ^.*(c:0u.c).*\n
The good thing about VSCode is it allows you to see the results of the query before performing the replace.
Enabling SSH on Kali
This will probably work for other distributions as well. Be aware this enables password auth.
apt install openssh-server
mkdir /etc/ssh/defaultkeys
mv /etc/ssh/ssh_host_* /etc/ssh/defaultkeys/
dpkg-reconfigure openssh-server
systemctl enable ssh.service
systemctl start ssh.service
systemctl status ssh.service
Edit /etc/ssh/sshd_config
and the following:
PubkeyAuthentication yes
PasswordAuthentication no
To use key based authentication.
Exchange Online EOP processing order
The order of processing for the email protection type: This order is not configurable, and is described in the following table:
| Order | Email protection | Category | Where to manage |
|---|---|---|---|
| 1 | Malware | CAT:MALW | Configure anti-malware policies in EOP |
| 2 | Phishing | CAT:PHSH | Configure anti-spam policies in EOP |
| 3 | High confidence spam | CAT:HSPM | Configure anti-spam policies in EOP |
| 4 | Spoofing | CAT:SPOOF | Spoof intelligence insight in EOP |
| 5* | User impersonation (protected users) | UIMP | Configure anti-phishing policies in Microsoft Defender for Office 365 |
| 6* | Domain impersonation (protected domains) | DIMP | Configure anti-phishing policies in Microsoft Defender for Office 365 |
| 7 | Spam | CAT:SPM | Configure anti-spam policies in EOP |
| 8 | Bulk | CAT:BULK | Configure anti-spam policies in EOP |
Stop Fortigate prompting for — More —-
Stop a fortigate prompting for — More —- when doing a show
config system console
set output standard
end
OpenVPN failing to connect – failed to negotiate cipher with server
I couldn’t change the server config, and the ovpn file being used had:
cipher AES-256-GCM
# openvpn --version OpenVPN 2.6.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
From what I could see at https://github.com/OpenVPN/openvpn-gui/issues/381 I modified the ovpn file and changed the cipher AES-256-GCM line to
data-ciphers AES-256-GCM
Adding a new disk to an LVM with esx
$ lsblk
Look at disks to check what is already in use
Add disk in vcenter
$ for h in $(ls /sys/class/scsi_host); do
echo ‘- – -‘ > /sys/class/scsi_host/$h/scan
done
$ for h in $(ls /sys/class/scsi_host); do
echo '- - -' > /sys/class/scsi_host/$h/scan
done
$ lsblk
look at disks, it should be added
fdisk -l
take note of added disk
eg: /dev/sdc
fdisk /dev/sdc n - new partition p - primary 1 defaults w - write
pvscan
take note of disk /dev/sdc1
pvcreate /dev/sdc1
vgdisplay
take note of vg name, eg: ubuntu-vg
vgextend ubuntu-vg /dev/sdc1
pvscan
disk should be added
lvdisplay
take note of LV name (logical volume name), eg: /dev/ubuntu-vg/ubuntu-lv
lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv
resize2fs -p /dev/ubuntu-vg/ubuntu-lv
Upgrading Debian Buster to Bullseye
sudo apt update sudo apt -y remove apt-listchanges sudo apt -y upgrade sudo apt -y full-upgrade sudo apt -y autoremove sudo sed -i 's/buster/bullseye/g' /etc/apt/sources.list sudo sed -i 's/buster/bullseye/g' /etc/apt/sources.list.d/*.list sudo sed -i 's#/debian-security bullseye/updates# bullseye-security#g' /etc/apt/sources.list export LC_ALL=C sudo apt update sudo apt -y upgrade sudo apt -y full-upgrade sudo apt -y autoremove
References: https://linuxize.com/post/how-to-upgrade-debian-10-to-debian-11/