Monday, October 26, 2015

Adding a drive to Ubuntu with VMware

Adding a drive to Ubuntu (Linux) after adding it with VMware

I assume you have created a drive and attached it to your guest and am not going to cover that here. This is how to get your system to see the drive you just added.

Find what host number your system is using.

grep mpt /sys/class/scsi_host/host?/proc_name
Here is an example from my system:


My system states host2 so to scan for new devices issue the command:
echo "- - -" > /sys/class/scsi_host/host2/scan
I let that run for a minute or so, it didn't seem like it was going to end on its own so I had to CTRL + C .  Next you need to create the partition on the disk, but you need to to find the device name. To do this, issue the command:
fdisk -l
It will list the device the device name, followed by details of the device, followed by partitions on the device. Since you just added a new device, the one you want will be the device name that does not have any partitions listed. An Example:


On my system the new drive is named sdb. Now, to create the partition. Issue the command (replace name of device with whatever your system name yours):
fdisk /dev/sdb
This will take you into the fdisk menu system. Do the following to create a new partition using default values:
n PRESS ENTER, PRESS ENTER, PRESS ENTER, PRESS ENTER, w PRESS ENTER

Now that we have a partition, it needs formatted. I am going to format the partition using ext4, to do so, issue this command:
mkfs.ext4 /dev/sdb1
Sdb because that was what my system named the device, the 1 is because it will be the first formatted partition on device.

Now that you have a formatted partition, it is time to mount it. Create a folder wherever you wish, for my system I am created a folder named data.
mkdir /data
To mount the disk so you can use it without rebooting.
mount /dev/sdb1 /data

Now we need to inform the system to mount the disk on bootup so we don't have to keep issuing the mount command. Open up the fstab file using the following command and append the line of data:

vim /etc/fstab
 /dev/sdb1   /data  auto  defaults  0 0

Huzzah! You have yourself a mounted drive!

 

Tuesday, June 5, 2012

Manage Firefox via Group Policy - Easy Method

Manage Firefox via Group Policy - Easy Method


You would think that Firefox by now would have some sort of "official" way to manage their browser and start making inroads into the corporate market, given all the hatred of IE about vulnerabilities and standards.

But they haven't. 

I found a few methods, one promising one was www.frontmotion.com, but it is rebranded. A few other nasty hacks that didn't feel right.

So, here is my solution:

  • Create a group policy object
    • Per User
      • Login Script
  • Create a batch file containing the following and point your policy to run the batch file:
if exist "%APPDATA%\Mozilla\Firefox" for /D %%F in ("%APPDATA%\Mozilla\Firefox\Profiles\*") do copy /y \\*domain_name*\netlogon\user.js %%F

Replace with YOUR domain name, no * *. 

This checks to see if Firefox is installed, if it is, copy a file named user.js (will create in next step) to Firefox's profile directory. Why the fancy copy command? Because Firefox creates a random profile folder in the user's application directory. 
  • Create a file named "user.js" and put it in your domain netlogon share (\\*domain_name*\netlogon)
The contents of this file is what controls the settings of firefox, here is an example of my settings:

user_pref("network.automatic-ntlm-auth.trusted-uris", "webfilter1,webfilter2");
user_pref("browser.search.defaulturl","http://www.google.com/");
user_pref("browser.startup.homepage","http://www.google.com");
user_pref("update_notifications.provider.0.frequency",30);
user_pref("security.warn_viewing_mixed",false);
user_pref("browser.shell.checkDefaultBrowser",false);
user_pref("profile.confirm_automigration",false);
user_pref("startup.homepage_welcome_url", "");
user_pref("browser.search.update", false);
user_pref("app.update.enabled", false);
user_pref("extensions.update.enabled", false);

I am not explaining all the settings here, you can find more info about user.js file here: http://kb.mozillazine.org/User.js_file

Basically, any setting in Firefox's about:config, you can add using the format above, one per line. 

So here is how it works.

User logs in, user.js is copied to their computer, Firefox loads, reads it preferences from prefs.js then reads user.js and settings in the user.js file override the prefs.js file. 

Why not just edit the prefs.js file? Because Firefox will restore prefs.js on close, over-writing your file. 

Full Disclaimer: This method was developed by a buddy I work with. 

Wednesday, April 21, 2010

Got Conficker? Network Scan Detection of Infected Machines

So you got the Conficker. You could go to each machine and run the eye chart test ( http://www.confickerworkinggroup.org/infection_test/cfeyechart.html), but in a bigger environment, or if you prefer to work smarter and not harder, you need some sort of test to pinpoint which machines are infected.

Answer = nmap (http://nmap.org)

I am using the windows version. With the latest version, the Conficker check is included with the rest of the scripts. Fire up nmap, command line (adjust screen buffer to see all results) or the Zenmap GUI, and in the command box or line, type:

nmap -p 445 -d --script smb-check-vulns.nse --script-args safe=1

For example, to check the 192.168.1.0 network range, type:

nmap -p 445 -d --script smb-check-vulns.nse --script-args safe=1 192.168.1.1-254

It takes a few minutes, don't worry if the GUI says not responding, it's still working. When complete, you will see some results. Here is what to look for:


Nmap scan report for machine.domain.com (192.168.1.122)
Host is up, received arp-response (0.00013s latency).
Scanned at 2010-04-21 09:29:26 Eastern Daylight Time for 1s
PORT    STATE SERVICE      REASON
445/tcp open  microsoft-ds syn-ack
MAC Address: 00:06:5B:2A:81:72 (Dell Computer)


Host script results:


| smb-check-vulns:  
|   MS08-067: CHECK DISABLED (remove 'safe=1' argument to run)
|   Conficker: Likely CLEAN
|   regsvc DoS: CHECK DISABLED (add '--script-args=unsafe=1' to run)
|_  SMBv2 DoS (CVE-2009-3103): CHECK DISABLED (add '--script-args=unsafe=1' to run)

Don't worry about the "CHECK DISABLED", those are extra checks that could crash a system, that is why we used the "--script-args safe". Look for "Conficker: Likely CLEAN". If it's good, you will see the clean message, if not, you will see the "Conficker: Likely Infected" message.

You will  get some other messages about not being able to check, those are usually network devices or other OS's that couldn't get Conficker anyway. Be sure to check though!

So now you know WHICH machines, WHAT to do about it?

Get the removal tool from here (http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99)

Run the tool, reboot, patch - each OS has different patch. The tool will tell you which one to get, do a Google search on it, download it, install it.

Install Antivirus!

Jeremy

Wednesday, April 14, 2010

Evil HP Color Laserjet 3500 - PCL XL Error

So we have this HP Color Laserjet 3500. Everything seems OK. Then, when trying to print from a particular program (based on Crystal Reports), we get a print out with the following:


PCL XL error

          Subsystem:       Kernal
          Error:               ColorSpaceMismatch
          Operator:         VendorUnique
          Position:           9

OK, google time. Whoa, a lot of people with this issue. Use the PCL driver, Use the PS driver they say.

Yeah.

It turns out, that HP had the brilliant idea (or you did, depending on which way you look at it) to save some money on hardware by using your PC power to do the printing legwork instead of the printer. Well, it SOUNDS good, but it turns out there may be some compatibility issues. 

They call it (maybe others do too, we just standardize on HP printers) Host Based printing. There is no PCL, PCL5, PCL5e, PS, etc, it does magic. Some programs don't like this magic. 

As I searched Internet and found the same problem over and over, with some clever solutions (HP has a "beta" fix to download, use a generic driver, other "thoughtful" solutions) - that did not work for me - I decided to go with a workaround. 

Install PrimoPDF, print to it, let it open after creation, then print. Extra work? Yes, but they did not want to buy a "standard" PDL (I believe it's called) printer with PCL support. 

So I finish uninstalling all the crap I just put on, reboot, Windows finds the printer, I point to the location of the SAME file I used for the initial install, let it finish, test page, and done. 

Just for S!@# and giggles, I had the user try to print again. WTF, it worked! For the love of God do not mess with that printer!

Bottom line - I hate that model now, and if you are having the same issue, load everything (even all the crap you don't need), load the beta fix driver, use the HP uninstaller in the start menu, restart, let windows find it, point to the "host based" driver from the HP website (not the big one, that is the "load everything" one), test page, and give it a shot!

BTW, some details of setup:

Windows XP Pro 32 bit
USB connection
User had local admin rights

- Jeremy

Wednesday, March 3, 2010

Windows XP Embedded - Does it need Antivirus?

We recently had an outbreak of the Conficker virus. While most of our PC's were protected, we did find some rogue windows devices. A converted picture frame, a recycled PC pointing to an old AV server with outdated definitions, etc.

I also found a PC that is running Windows XP Embedded. The vendor states (they installed it as part of a plotter system) that they never have had a virus on their systems as they do not talk to the Internet.

Well, Conficker spreads via the local LAN via a Windows vulnerability. Normally, our domain PC's are auto patched, but this one is not on our domain. It also does not have antivirus.

So, can it be infected? I googled "windows XP embedded virus" and it seems multiple vendors make products for them, leading me to believe - yes, they can be infected. I also read something about XPe (XP Embedded) having a special EWF - Enhanced Write Filter. The feeling I am getting is that EWF prevents writes to the hard drive. So should that keep if from being infected? Also, did the vendor configure EWF correctly?

Vendor won't let me in to the system to run a scan - don't know what they are afraid of. When I try to boot from a CD with a rescue disk to scan, the system will not accept my "boot from IDE CDROM" selection. Of course the BIOS is password protected.

Any thoughts?

Jeremy

Saturday, October 17, 2009

The Techie Generation?

My 12 year old daughter, whom I have built a PC from the ground up with, just asked me if she could have accidentally "unplugged" the flash plug-in. As in, physically, because she was under the desk plugging in another laptop.

/facepalm

Sunday, August 2, 2009

Burning mp4 files to DVD

I have some mp4 files that are encoded with H.264/MPEG-4 AVC video codec and mp4a: MPEG-4 AAC LC audio codec - according to GSpot Codec analyzer. I am using Windows 7, and want to burn these files onto a DVD using the DVD standard (not just data that will play in a PC). The built in DVD maker states it does not support these files. Handbrake errors out when I try to convert them, and a couple shareware programs just have not worked. Any ideas?

EDIT - ConvertXtoDVD 3