Benutzer-Werkzeuge

Webseiten-Werkzeuge


know-how:tools

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen RevisionVorhergehende Überarbeitung
Nächste Überarbeitung
Vorhergehende Überarbeitung
know-how:tools [2021/01/12 14:46] – [crunch] ccknow-how:tools [2024/02/26 10:30] (aktuell) cc
Zeile 1: Zeile 1:
 +~~ODT~~
 ====== Need to have ====== ====== Need to have ======
 +
 +===== wipe =====
 +  * In meinem Fall im Einsatz bei einer Live PXE Debian Variante um Rechner zu wipen die nicht mehr gebraucht werden
 +  * **Achtung** Löscht alle Platten die gefunden werden (!)
 +
 +  * **wipe.sh**
 +<code>
 +#!/bin/bash
 +
 +GRACE_TIME="10"
 +TIMES_OVERWRITE="2"
 +
 +while (($GRACE_TIME > 0)) ; do 
 +
 + sleep 1
 +
 + ((GRACE_TIME--))
 +
 +done
 +
 +HARDDISKS=$(lsblk -p -d -n -l -o NAME,TYPE | grep -i disk | awk '{print $1}')
 +
 +echo "MACHINE: "
 +
 +echo "--------------------"
 +
 +dmidecode --type '1'
 +
 +echo "--------------------"
 +
 +procCount=0
 +
 +for CURRENT_HARDDISK in $HARDDISKS ; do 
 +
 +
 + echo "Harddisk - $CURRENT_HARDDISK - Debug below"
 +
 + echo "-------------------------"
 +
 + for i in $(seq 1 $TIMES_OVERWRITE ) ; do 
 +
 + dd if=/dev/zero of=$CURRENT_HARDDISK bs=16M 2>&1 &
 + # https://stackoverflow.com/questions/356100/how-to-wait-in-bash-for-several-subprocesses-to-finish-and-return-exit-code-0 
 +
 + pids[${procCount}]=$!
 +
 + ((procCount++))
 +
 +
 + done
 +
 +
 +
 + echo "-------------------------"
 +
 +done
 +
 +# https://stackoverflow.com/questions/356100/how-to-wait-in-bash-for-several-subprocesses-to-finish-and-return-exit-code-0 
 +echo "Process Count Waiting: $procCount"
 +
 +for pid in "${pids[*]}" ;
 +do
 + wait $pid
 + done
 +
 +sync
 +</code>
 +
 +===== checkDNSEntriesLDAP =====
 +  * Active Directory auf seine Konsistenz überprüfen - forward lookup und reverse lookup der Einträge sollten übereinstimmen
 +  * Getestet auf: Ubuntu 18.04 
 +  * Pakete erforderlich: php , php-ldap , php-mbstring
 +  * **Achtung** ich benutze hier bewusst die tls verschüsselte Variante von ldap d.h. ldaps - die CA von der das Zertifikat für den AD Server unterschrieben wurde befindet sich unter **/usr/share/ca-certificates/** und wurde mit **dpkg-reconfigure ca-certififcates** ins System "integriert" auch der Hostname stimmt mit dem Hostnamen aus den Zertifikatsinfos überein
 +
 +
 +  * **/usr/local/bin/checkDNSEntriesLDAP.php**
 +<code>
 +<?php
 +
 +$server = "ldaps://AD_SERVER:636";
 +//domain user to connect to LDAP
 +$user = "STANDARD_USER_DOMAIN@DOMAIN_ACTIVE_DIRECTORY";
 +//user password
 +$passwd = "PASSWORD_STANDARD_USER_DOMAIN";
 +
 +//zB: OU=EDV1,OU=Workstations,OU=Ressourcen,OU=VirtualSchool,DC=schule,DC=intern
 +$dn = array(0=>"DN_NAME_LDAP_PFAD1",1=>"DN_NAME_LDAP_PFAD2");
 +
 +
 +$search="(objectClass=computer)";
 +
 +
 +$errDNS=0;
 +$countAll=0;
 +$okDNS=0;
 +
 +for ($j=0; $j<count($dn); $j++)
 +{
 +        $ds=ldap_connect($server);
 +       $r=ldap_bind($ds, $user , $passwd);
 +
 + $sr=ldap_search($ds, $dn[$j], $search, array(0=>"dNSHostName",1=>"distinguishedName"));
 +
 + $data = ldap_get_entries($ds, $sr);    
 +       
 +
 +         $countAll+=$data["count"];
 +
 + for ($i=0; $i<$data["count"]; $i++) 
 + {
 +
 +
 + if(isset($data[$i]["dnshostname"][0]))
 + {
 +
 + $ip=gethostbyname($data[$i]["dnshostname"][0]);
 + if($ip!=$data[$i]["dnshostname"][0])
 + {
 +
 + $reverseLookup=gethostbyaddr($ip);
 +
 + if(mb_strtolower($reverseLookup) != mb_strtolower($data[$i]["dnshostname"][0]) )
 + {
 +
 + echo "FAIL Hostname: ".$data[$i]["dnshostname"][0]." IP: ".$ip." Reverse: ".$reverseLookup."\n";
 +                       $errDNS++;
 +
 + }
 + else
 + {
 + $okDNS++;
 + }
 +
 +
 +
 + }
 + else
 + {
 + echo "FAIL NO-IP Entry: ".$data[$i]["dnshostname"][0]."\n";
 +                $errDNS++;
 + }
 +
 + }
 + else
 + {
 + echo "FAIL NO DNSHostname: ".$data[$i]["distinguishedName"][0]."\n";
 + $errDNS++;
 + }
 +
 +
 + }
 +
 + ldap_close($ds);
 +}
 +
 +echo "Summary:\n";
 +echo "All Computer objects found: ".$countAll."\n";
 +echo "All Computer objects ok: ".$okDNS."\n";
 +echo "Consistency integrity: ";
 +printf("%.2f \n",(($okDNS/$countAll)*100));
 +echo "Errors computer count: ".$errDNS."\n";
 +echo "OU's that i looked for :\n";
 +print_r($dn);
 +
 +echo "\n";
 +
 +
 +?>
 +
 +</code>
  
 ===== mac-switchport ===== ===== mac-switchport =====
Zeile 348: Zeile 519:
  
 For detailed information see the manual. For detailed information see the manual.
 +</code>
 +  * **Uptime** bei tcp-timestamps ermitteln / ist **keine exakte Wissenschaft**
 +  * https://floatingoctothorpe.uk/2018/detecting-uptime-from-tcp-timestamps.html
 +<code>
 +hping3 --count 2 --syn --destport 22 --tcp-timestamp 10.0.23.245
 +HPING 10.0.23.245 (eth0 10.0.23.245): S set, 40 headers + 0 data bytes
 +len=56 ip=10.0.23.245 ttl=64 DF id=0 sport=22 flags=SA seq=0 win=65160 rtt=7.6 ms
 +  TCP timestamp: tcpts=1138723235
 +
 +len=56 ip=10.0.23.245 ttl=64 DF id=0 sport=22 flags=SA seq=1 win=65160 rtt=3.5 ms
 +  TCP timestamp: tcpts=1138724235
 +  HZ seems hz=1000
 +  System uptime seems: 13 days, 4 hours, 18 minutes, 44 seconds
 +
 +
 +--- 10.0.23.245 hping statistic ---
 +2 packets transmitted, 2 packets received, 0% packet loss
 +round-trip min/avg/max = 3.5/5.6/7.6 ms
 +
 +</code>
 +
 +===== consumeDHCP =====
 +  * DHCP Server leases aufsaugen / mit **clean** werden die Reservierungen wieder **released**  getestet mit Debian Bookworm u. dnsmasq 2.89
 +  * **consumeDHCP.sh**
 +
 +<code>
 +#!/bin/bash
 +
 +NIC_INTERFACE="$1"
 +NUMBER="$2"
 +BRIDGE_NAME="br-dhcp"
 +
 +
 +function bailout 
 +{
 + echo -e "$1"
 + echo -e "Usage: $0 nic Number_of_Ips"
 + echo -e "Usage: $0 clean"
 + exit 2
 +}
 +
 +function clean
 +{
 + count="1"
 + tap_names="tap-foo-hoo"
 + while ( ip addr ls "$tap_names-$count" &>/dev/null ) 
 + do
 + echo "releasing: $tap_names-$count ..."
 + dhclient -r --no-pid -d -lf /var/lib/dhcp/dhclient-"$tap_names-$count".lease "$tap_names-$count"
 + ip li set dev "$tap_names-$count" down 
 + ip li del "$tap_names-$count"
 + ((count++))
 +        done
 +
 + pgrep -a "dhclient" | grep "tap-foo-hoo" | awk '{print $1}' | xargs kill -9 &>/dev/null
 +
 +}
 +
 +which macchanger > /dev/null || bailout "Cannot find macchanger : apt-get install macchanger"
 +which ip > /dev/null || bailout "Cannot find ip to create tap interface: apt-get install iproute2"
 +which dhclient > /dev/null || bailout "Cannot find dhclient: apt-get install isc-dhcp-client"
 +
 +[[ $# != 2 && $# != 1 ]] && bailout "Parameters missing.."
 +
 +if [ "$1" == "clean" ] ; then
 +clean
 +exit 0
 +
 +fi
 +
 + (( NUMBER > 0 ))  || bailout "Number needs to be more than 0"
 +
 +ip addr ls $NIC_INTERFACE &> /dev/null || bailout "Cannot find interface: $NIC_INTERFACE"
 +
 +clean
 +
 +ip li set dev $NIC_INTERFACE up
 +
 +for i in $(seq 1 $NUMBER); do
 +  tap_names="tap-foo-hoo-$i"
 + ip li add link $NIC_INTERFACE "$tap_names" type macvlan
 + ip li set dev "$tap_names" down
 + macchanger -r "$tap_names" > /dev/null
 + ip li set dev "$tap_names" up
 +
 +  dhclient --no-pid -lf /var/lib/dhcp/dhclient-"$tap_names".lease "$tap_names" &
 +  
 +done
 +
 +
 +exit 0
 </code> </code>
  
know-how/tools.1610459206.txt.gz · Zuletzt geändert: 2021/01/12 14:46 von cc