The commande here allow to show all the rules,
netsh advfirewall firewall show rule dir=in name=all
I would like to filter
rules which are related to the port 445.
currently enabled rules.
I read the documentation and i could see that for example, the optional option [dir=in|out] is not documented.
How can it be achieved? Where a documentation about undocumented possibilities
I may use VB script or Powershell 2.0 if required.
These are the only two undocumented options I know of:
dir (direction) - in or out
status - enabled or disabled
We can build a netsh query that gets close and is just missing the port part:
netsh advfirewall firewall show rule status=enabled name=all
We can look for the port requirement using powershell's select-string (disclaimer that I'm not good at regex so there might be a better one, but this seems to work)
select-string -pattern "(LocalPort.*445)|(LocalPort.*Any)" -context 9,4
The select-string matches anything that is specific to rule 445, and also rules that apply to any port. The context argument will display the rest of the rule for us (otherwise we'll just get the LocalPort line)
The final command ends up being
netsh advfirewall firewall show rule status=enabled name=all | select-string -pattern "(LocalPort.*445)|(LocalPort.*Any)" -context 9,4
This works for me, let me know if it gives you any issues or you want something else.
Related
I am using Florian Roth's auditd rules (Florian Roth rules. I add them using auditctl -R /etc/audit/rules.d/audit.rules. There are no errors when I load the rules. I restart the service and use auditctl -l to list them. They consistently stop after this rule:
-a always,exclude -F msgtype=CRYPTO_KEY_USER
It shows all rules up and including the line above, even if I comment it out. Why is it doing that? Can auditd only display a certain number of rules? (seems unlikely).
Is there something I am doing wrong?
This happens on both Centos 7, Debian 10, and Debian 11 hosts.
Edit: when I manually try to add the rule above, and any other rules below, it says the rules already exist.
I recently changed the IP address of Exim that email sending uses a different IP address from the main shared IP of WHM.
Now I realized that I need to change the SPF value 100's of domains from WHM
From
"v=spf1 +a +mx +ip4:xxx.xxx.xxx.xxx ~all"
to
"v=spf1 +a +mx +ip4:xxx.xxx.xxx.xxx +ip4:xxx.xxx.xxx.yyy ~all"
Is there a fast way to do this aside from manually editing each domain?
You can change all domain zone through command line using replace command
Please check it : http://www.computerhope.com/unix/replace.htm
WHM v. 78 has new feature that allows adding new hosts for all domains in the WHM system.
On the WHM 78 release notes page, search for "New settings for smarthost route lists" to learn how to do it.
Also even in older WHM version one can use SPF installer script. Currently the example command to make sure some domain has additional values 1.2.3.4 and host.name.tld is:
/usr/local/cpanel/bin/spf_installer cpanelusername '+ip4:1.2.3.4,+include:host.name.tld' 0 1 0
Note the + signs and comma between the two values. The command will make sure the SPF has these two values beside the server IP value that is added by WHM by default.
To apply on all users, i did:
for user in $(ls -A1 /var/cpanel/users/ | grep -Ev "system|\."); do /usr/local/cpanel/bin/spf_installer "$user" '+ip4:1.2.3.4,+include:host.name.tld' 0 1 0;done
to check the result, do command
dig txt hosteddomain.com
(if the domain is behind proxy like cloudflare, the result will not be visible immediately)
If I create a host alias in ~/.ssh/config like the following one:
host myhost
hostname myhost.mysubnet.mynet.com
hostname myhost.mynet.com
user igordcard
I am able to connect to myhost.mysubnet.mynet.com perfectly using ssh myhost. However, when this hostname is not reachable, it will never connect. Is there a way to set a timeout for the first hostname so it can automatically try the second one, and so on? If not, is there any other way for achieving almost the same effect?
Thank you.
This answer reflects the exact implementation of the workaround I decided to do, based on the page link provided by damienfrancois and the answer by pcm which is inside that page.
Under ~/.bashrc I've added the following at the end:
nets=$(hostname -I)
if [[ "$nets" == *192.168.* ]]
then
alias ssh='ssh -F .ssh/config.alt'
fi
Which gets the list of network interfaces' addresses connected and then tries to match a segment of a specific network address with that list to check if we are connected to some network and, if so, an alias for ssh is set to use an alternative ssh config file.
This workaround is obviously subject to failure, for instance when the host moves from network to network but these networks share the same network prefix. However, for my specific case (and many others), this is enough.
Got a weird Glassfish issue here. Here's how to reproduce it:
(1) Install Glassfish v3
(2) Start your default domain:
$GLASSFISH_HOME/bin/asadmin start-domain domain1
(3) Change the admin port (you'll need to enter admin uid & password, in our script we use the -u & -W parameters):
$GLASSFISH_HOME/bin/asadmin set configs.config.server-config.network-config.network-listeners.network-listener.admin-listener.port=34848
(4) Shut down the domain:
$GLASSFISH_HOME/bin/asadmin stop-domain domain1
You'll see this doesn't work. You get:
CLI306 Warning - server is not running.
Command stop-domain executed successfully.
But your Glassfish process is still running. Worse, when you attempt to start the process you'll get a warning that some of your ports are already in use. Of course they are, the old process has still got 'em! Your only way out is killall -9 java
While some of the config changes are dynamic it seems this one isn't but the domain stop assumes it is dynamic and uses the new port to try and execute the command.
Possible solutions are:
(1) Use sed on domain.xml - would prefer not to as it's complicated & risky grepping through XML code. I've seen Glassfish change the order of attributes in this file so we can't just sed for port="4848"
(2) Use the scripted installer rather than the zip file and feed the parameters to the setup program as an answer file - this is problematic for our install scripts which are required to be idem potent.
(3) Use a custom crafted zip of the Glassfish install archive with domain.xml already changed - not an option as the port we are setting may change in the future.
This is almost the definition of a corner case but one we need to solve. For now we're going to sed domain.xml but it would be nice to know if there was a way that's possible via the CLI.
You might want to do the following instead...
install v3 by unzipping
delete domain1
create a new domain1 using the ports that you prefer.
The man page for the create-domain subcommand will have all the details
start this new domain...
No extra start or stop necessary (and you can skip step 2 if you are willing to remember to say 'asadmin start-domain mydomain' instead of 'asadmin start-domain'
Sed wasn't as bad as I thought it might be, here's what I did:
cd $GLASSFISH_HOME
sed -i.bak '/<network-listener[^>]*name="admin-listener"/s/port="4848"/port="34848"/g' glassfish/domains/domain1/config/domain.xml
It's still a bug that asadmin thinks the port change is dynamic when it isn't but I can live with this hack.
I know this is simple.. I am jus missing something.. I give up!!
#!/bin/sh
export http_proxy='http://unblocksitesnow.info'
rm -f index.html*
strace -Ff -o /tmp/mm.log -s 200 wget 'http://slashdot.org'
I have used different proxy servers.. to no avail.. I get some default page..
In /etc/wgetrc use_proxy = on
Actually I am trying to use this setting(http_proxy) with python's urllib2. It access some default page as well..
strace - does a dns lookup of the proxy server
GET http://slashdot.org/ HTTP/1.0\r\nUser-Agent: Wget/1.11.4\r\nAccept: /\r\nHost: slashdot.org\r\n\r\n
Any pointers??
For some apps, HTTP_PROXY is case sensitive. It's best to set it in upper case.
# export HTTP_PROXY=http://server/
or
# export HTTP_PROXY=http://server:8888/
The problem was I was using proxy sites. These sites expect you to send GET request to the proxy site (with the target site as parameter in URL or whatever site specific mechanisms they implement).
I was looking for proxy sites like http://www.proxy4free.com/page1.html
I connect to their respective ports and send a get request to the original target site..
Often you need a port with the proxy-server, for example:
export http_proxy=http://unblocksitesnow.info:30000
Also, the single quotes are not needed.
On Debian/Ubuntu if you need apt-get via the proxy you will also need to update
/etc/apt/apt.conf
If the file doesnt exist, create it and apt-get update to confirm
As well as export http_proxy="<ADD>:<PORT>"