Posts Tagged ‘basics’

A Bash Quicky

Thursday, August 30th, 2012

In our last episode spelunking a particularly shallow trough of bash goodness, we came across dollar sign substitution, which I said mimics some uses of regular expressions. Regex’s are often thought of as thick or dense with meaning. One of my more favorite descriptions goes something like, if you measured each character used in code for a regex in cups of coffee, you’d find the creators of this particular syntax the most primo, industrial-strength-caffeinated folks around. I’m paraphrasing, of course.

Now copy-pasta-happy, cargo-culting-coders like myself tend to find working code samples and reuse salvaged pieces almost without thinking, often recognizing the shape of the lines of code more than the underlying meaning. Looping back around to dollar sign substitution, we can actually interpret this commonly used value, assigned to a variable meaning the name of the script:
${0##*/}
Okay children, what does it all mean? Well, let’s start at the very beginning(a very good place to start):
${0}The dollar sign and curly braces force an evaluation of the symbols contained inside, often used for returning complex series of variables. As an aside, counting in programming languages starts with zero, and each space-separated part of the text is defined with a number per place in the order, also known as positional parameters. The entire path to our script is given the special ‘seat’ of zero, so this puts the focus on that zero position.

Regrouping quickly, our objective is to pull out the path leading up to the script’s name. So we’re essentially gathering up all the stuff up to and including the last forward slash before our scripts filename, and chuckin’ them in the lorry bin.
${0##*}To match all of the instances of a pattern, in our case the forward slashes in our path, we double up the number signs(or pound sign for telcom fans, or hash for our friends on the fairer side of the puddle.) This performs a “greedy” match, gobbling up all instances, with a star “globbing”, to indiscriminately mop up any matching characters encountered along the way.
${0##*/}Then we cap the whole mess off by telling it to stop when it hits the last occurrence of a character, in this case forward slash. And that’s that!

Pardon the tongue-in-cheek tone of this quick detour into a bash-style regex-analogue… but to reward the masochists, here’s another joke from Puppet-gif-contest-award-winner @pmbuko:

Email from a linux user: “Slash is full.” I wanted to respond: “Did he enjoy his meal?”

Configuring a Cisco ASA 5505 with the basics

Thursday, March 1st, 2012

The Cisco ASA 5505 is great for small to medium businesses. Below are the steps you will have to complete to configure your ASA to communicate with the internet. There are many more steps, options, and features to these devices (which later there will be more articles in regards to some of these features).

Bring your device into configuration mode
318ASA>en
Brings the device into enable mode

318ASA#config t
Change to configuration terminal mode

318ASA(config)#
The ASA is now ready to be configured when you see (config)#

Configure the internal interface VLAN (ASA’s use VLAN’s for added security by default)
318ASA(config)# interface Vlan 1

Configure interface VLAN 1
318ASA(config-if)# nameif inside
Name the interface inside

318ASA(config-if)#security-level 100

Set’s the security level to 100

318ASA(config-if)#ip address 192.168.5.1 255.255.255.0
Assign your IP address

318ASA(config-if)#no shut
Make sure the interface is enabled and active

Configure the external interface VLAN (This is your WAN\internet connection)
318ASA(config)#interface Vlan 2
Creates the VLAN2 interface

318ASA(config-if)# nameif outside
Name’s the interface outside

318ASA(config-if)#security-level 0
Assigns the most strict security level to the outside interface (lower the number the higher the security).

318ASA(config-if)#ip address 76.79.219.82 255.255.255.0
Assign your Public Address to the outside interface

318ASA(config-if)#no shut
Enable the outside interface to be active.

Enable and assign the external WAN to Ethernet 0/0 using VLAN2
318ASA(config)#interface Ethernet0/0
Go to the Ethernet 0/0 interface settings

318ASA(config-if)#switchport access vlan 2
Assign the interface to use VLAN2

318ASA(config-if)#no shut
Enable the interface to be active.

Enable and assign the internal LAN interface Ethernet 0/1 (note ports 0/1-0/7 act as a switch but all interfaces are disabled by default).
318ASA(config)#interface Ethernet0/1
Go to the Ethernet 0/1 interface settings

318ASA(config-if)#no shut
Enable the interface to be active.
If you need multiple LAN ports you can do the same for Ethernet0/2 to 0/7.

To have traffic route from LAN to WAN you must configure Network Address Translation on the outside interface
318ASA(config)#global (outside) 1 interface
318ASA(config)#nat (inside) 1 0.0.0.0 0.0.0.0

***NOTE for ASA Version 8.3 and later***
Cisco announced the new Cisco ASA software version 8.3. This version introduces several important configuration changes, especially on the NAT/PAT mechanism. The “global” command is no longer supported. NAT (static and dynamic) and PAT are configured under network objects. The PAT configuration below is for ASA 8.3 and later:

318ASA(config)#nat (inside,outside) dynamic interface

For more info you can reference this article from Cisco with regards to the changes – http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html

Configure the default route (for this example default gateway is 76.79.219.81)
318ASA(config)#route outside 0.0.0.0 0.0.0.0 76.79.219.81 2 1

Last but not least verify and save your configurations. If you do not save your configurations you will have to.

Verify your settings are working. Once you have verified your configurations write to memory to save the configuration. If you do not write to memory your configurations will be lost upon the next reboot.

318ASA(config)#wr mem

Basic SonicWALL Router Setups

Tuesday, October 11th, 2011

A work in progress…

1. Register the Sonicwall appliance at www.mysonicwall.com A new account may be created for this purpose

2. Download the latest firmware from mysonicwall.com

3. Disable popup blocking on your browser

4. The default IP of a factory Sonicwall device is 192.168.168.168. Connect to the Sonicwall (you need to adjust your Ethernet NIC’s config to match the Sonicwall’s network settings)

5. Follow the setup wizard and define a WAN IP, LAN IP, and DHCP range of IPs

6. Upload the newer firmware downloaded above and boot from it

7. In the https://[Sonicwall IP Address]/diag.html screen, uncheck the box ““Enforce Host Tag Search with for CFS”

8. Use the Public Server Wizard to create additional systems on the LAN that need to be publicly accessible. Note that the default WAN IP address provided in the wizard is the SonicWALL’s, but you can enter a different WAN IP; this creates a NAT policy using a new Address Object in the WAN zone

9. If more than one service needs to be visible for a system (ie, a mail sever needing 993, 587, 465, etc.), just select a single service during the wizard setup and then modify the “Service Group” that the wizard creates to include additional services that you want visible

10. For site-to-site VPN, follow the documentation in the SonicOS Administrators guide. Typically we have found that setting the VPN policy up in Aggressive Mode works more reliably than Main Mode

Copy a User in Active Directory

Tuesday, January 4th, 2011

Creating new users in Active Directory is a fairly straight forward process. But often times it is easier to copy a user than create a new one. If you have a user that belongs to all the groups as you want a new user to be apart of, you can make life easy by making a copy of that user. To do that, you will need to remote into the domain controller with the domain administrator account or an account with administrator privileges.

Once you log on, go to start and then click on programs and choose Administrative Tools. Choose Active Directory Users and Groups. The best thing to do is to search for the user that you want to model the new user after. Before you do the search, go to view and chose Advanced Options. Then do a search. To do a search click on the search button at the top. It is the second to last button

In the next box, type in the name of the user that you want to use as the model. Make sure that Entire directory is selected.

Right click on the user and go to properties. Then click on the object tab. It will list what Organizational Unit that the user is in. Navigate to that user by using the folders on the left side of the screen, then right-click on the user and choose copy. A window will come up and you will need to type in the new users information.

After you complete this process, you will be asked to provide a password. By default, there are some password policies that you will want to maintain. Make sure that the password has at least one lower case, upper case and special case character. It has to be at least 8 characters long.

Once that completes, the new user has been completed and is ready to use, unless you would like to change group memberships, policies, etc.

Force Quit Applications in Mac OS X

Wednesday, October 2nd, 2002

There are several ways to force an application to quit.
* Choose Apple menu > Force Quit, select the application in the list, and click Force Quit.
* Press the Command, Option, and Esc keys at the same time. Then select the application in the list and click Force Quit.
* Hold down the Option key and press the application icon in the Dock.

After you force an application to quit, try using it again. If you continue to have problems, you may need to install the application again or contact the application’s maker for more help.