IT Knowledge

I’m a big fan of powershell. Now for a customer we’re hosting a windows 2003 server running exchange 2003. Since we use BigBrother as a monitoring tool we don’t have all the luxuries that more sophisticated monitoring tools have. So i’ve written a little script that does queue monitoring for you.

##
# Exchange queue monitoring for exchange 2003
# Written by Marcel Stangenberger
#
# Created on 27/10/2009
# Version 1.0
##

$queuecount = ((Get-WmiObject -class Exchange_SMTPQueue -Namespace ROOT\MicrosoftExchangev2 |select-object LinkName,MessageCount | where {$_.MessageCount -gt “9″}).count)
$queueview = (Get-WmiObject -class Exchange_SMTPQueue -Namespace ROOT\MicrosoftExchangev2 |select-object LinkName,MessageCount,Size)
$redalert = “red ” + (get-date)
$greenalert = “green ” + (get-date)
$tmppath = “C:\Program Files\Quest Software\Big Brother\BBNT\tmp\queue”
$logpath = “C:\Program Files\Quest Software\Big Brother\BBNT\Logs\queue”

if ( test-path $tmppath )
{
remove-item $tmppath
}

if ( $queuecount -eq $null )
{
$greenalert | out-file -encoding ASCII $tmppath
$queueview | out-file -encoding ASCII $tmppath -append
}
Else
{
$redalert | out-file -encoding ASCII $tmppath
$queueview | out-file -encoding ASCII $tmppath -append
}

if ( test-path $logpath )
{
remove-item $logpath
}

move-item $tmppath $logpath

In windows 2003, using a NTP source for time sync a bit of a bother, you had to set it up manually, reset the services and then pray that it would work :

- net time /setsntp:”ntp.xs4all.nl”
- w32tm /query /peers
- net stop w32time
- net start w32time
- w32tm /resync
- w32tm /query /peers
- open up regedit, go to HLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProvider\NtpClient
- locate the SpecialPollInterval DWORD value. Change this to Decimal 43200 (Hex 0000a8c0)
- net stop w32time
- net start w32time
- w32tm /resync

But now, in windows 2008 this entire piece can be replaced by a oneliner :

w32tm /config /manualpeerlist:”ntp.xs4all.nl”

Now i know there are many solutions to fight against ssh dictionary attacks. I’m adding a null-routing solution to the options. This script searches /var/log/syslog (or any other logfile you specify) for specific keywords (you specify) and then adds the IP to the null route list. Enjoy

*UPDATE* i fixed a bug in the script where the date was one number causing the cut field to get “from” instead of the IP.

#!/bin/bash

# Define variables
WORKDATE=`date | cut -f 2,3 -d ” “`
WORKDAY=`date | cut -f 3 -d ” “`
LOGFILE=/var/log/syslog
TMPFILE=/tmp/ssh_attempts
IPFILE=/etc/nullroute
CMD=/sbin/route
MASK=255.255.255.255
DFGW=127.0.0.1

# Search attempts
if [ -z $WORKDAY ];
then
cat $LOGFILE | grep “$WORKDATE” | grep sshd | grep Invalid | cut -f 11 -d ” ” > $TMPFILE
else
cat $LOGFILE | grep “$WORKDATE” | grep sshd | grep Invalid | cut -f 10 -d ” ” > $TMPFILE
fi

# Add to nullroutes
for IP in `cat $IPFILE`;
do
if [ -z "`cat $TMPFILE | grep $IP`" ];
then
echo $IP >> $TMPFILE
fi
done
uniq < $TMPFILE > $IPFILE

# Add nullroutes to table
for ROUTE in `cat $IPFILE`;
do
if [ -z "`$CMD -n | grep $ROUTE`" ];
then
echo “adding $ROUTE to null routes…”
$CMD add -host $ROUTE gw $DFGW
fi
done

One of the most annoying things when deploying a windows VM from a template in VMWare ESX 3.5 is that the regional settings get all messed up. Especially when using the dutch region settings and a us or us international keyboard (which actually all dutch are using!)….

Now to fix this i wrote a little script that will resolve the issue. It exists of 2 parts, 1 batch file that can be called by the customization wizard when running the vmware customizations (i’ll show you how to set this up a bit later) and a .reg file with the actual change.

The change that these two files make is also described in Microsoft article KB138354

keyboard.cmd

@ECHO OFF
goto SET_VAR

:: Set variables
:SET_VAR
set RUNPATH=c:\windows
set KEYFILE=”c:\install\uskeyboard.reg”
goto DO_CHANGE

:: Load the registry change
O_CHANGE
start /wait %RUNPATH%\regedit.exe /s %KEYFILE%
goto END

:: All done
:END
exit

uskeyboard.reg

Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Keyboard Layout\Preload]
“1″=”00000409″

Now to use this scripting in the most efficient way, first create a new template or temporary convert your template to a VM and start it up. Next create a directory c:\install and create the two above mentioned file in that directory. Then go to the VMware Infrastructure manager and click “Edit -> Customization Specifications” and doubleclick on the template  you use to deploy your VM’s.

Now keep clicking next until you get to the “Run Once” option and fill in “c:\install\keyboard.cmd”.

After this keep clicking next again until you finished it.

From now on the default keyboard settings on your login screen will be US English after deploying your VM (or any other language you specify in the .reg file).

Enjoy