Sophos Duplicate IDs

I found my self in a large environment where someone decided to deploy an image with Sophos installed. This resulted in all the computers being seen as 1 single computer in the Sophos Enterprise Console.

This caused me to write the following scripts. sophosFindDuplicate.pl scan the IIS logs looking for duplicate GUIDs from computer. It will output the IPs of the machines. This command will let you remotely fix the machines.(Remeber to whitelist psexec in Sophos)

psexec @hosts.txt -u domain\user -p password -c batchfile.bat

sophosFixDuplicate.cmd

@echo off
net stop "Sophos Message Router"
net stop "Sophos Agent"
net stop "Sophos AutoUpdate Service"

echo y|del "C:\Program Files\Sophos\AutoUpdate\machine_ID.txt"
echo y|del "C:\ProgramData\Sophos\AutoUpdate\machine_ID.txt"

reg delete "HKLM\Software\Sophos\Messaging System\Router\Private" /v pkc /f
reg delete "HKLM\Software\Sophos\Messaging System\Router\Private" /v pkp /f

reg delete "HKLM\Software\Sophos\Remote Management System\ManagementAgent\Private" /v pkc /f
reg delete "HKLM\Software\Sophos\Remote Management System\ManagementAgent\Private" /v pkp /f

reg delete "HKLM\Software\Wow6432Node\Sophos\Messaging System\Router\Private" /v pkc /f
reg delete "HKLM\Software\Wow6432Node\Sophos\Messaging System\Router\Private" /v pkp /f

reg delete "HKLM\Software\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private" /v pkc /f
reg delete "HKLM\Software\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private" /v pkp /f

net start "Sophos Message Router"
net start "Sophos Agent"
net start "Sophos AutoUpdate Service"

sophosFindDuplicate.pl

#Stephen
#Check for Duplicates
use Data::Dumper;

$file = "\\\\sophos-c108-01\\W3SVC1\\u_ex110822.log";
my %hash = ();
my %hDup = ();

open FILE, $file or die $!;

while () {
  @data = ($_ =~ /(\b143\.55\.\d{1,3}\.\d{1,3}\b).*?(\b143\.55\.\d{1,3}\.\d{1,3}\b).*?(\{{0,1}[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\}{0,1})/);
	#print $data[0] . "\n";
	if ((exists $hash{$data[2]}) && ($hash{$data[2]} ne $data[1]))
	{
		if(not exists $hDup{$data[1]})
		{
			print $data[1] . "\n";
			$hDup{$data[1]} = $data[1];
		}
	}
	else
	{
		$hash{$data[2]} = $data[1];
	}
}

close(FILE);

IMAP Copy to local file.

I had a mail server that only supported IMAP, but their webmail interface is horrible. So I decided to write a small script to grab the email from the imap server and save it locally. In my case the local directory is the mail directory in cpanel so I can use gmail to grab the emails via POP3 to use gmail. The mail flow is:

IMAP SERVER -> SCRIPT -> LOCAL POP3 -> GMAIL

imapscript

 Nmsgs}",0);
foreach ($result as $overview) 
{
	echo "$overview->subject\n";
	$mailfile = tempnam("/home/mth/mail/stephenjc.com/asa/cur/","EMAIL-");
	$message =  imap_fetchbody($srcstream,$overview->uid,"",FT_UID);
	$localmail = fopen($mailfile, "w");
	fwrite($localmail,$message);
	fclose($localmail);
	imap_mail_move($srcstream,$overview->msgno,'Forwarded'); 

}

imap_expunge($srcstream);
imap_close($srcstream);
echo "deleteing lock\n";
unlink($lockfile);

echo '     ]]> ';
?>

ReadyNAS Google Authenticator

I just finished configuration Google two-factor authentication on my ReadyNAS for ssh authentication. It works well so far.

You need to install the Root SSH Add-on from the forums so you can ssh into your readynas.


apt-get update
apt-get install mercurial make gcc apt-utils libc6-dev gdb libtag1-dev uuid-dev libpam0g-dev

The just follow these instructions
http://www.mnxsolutions.com/security/two-factor-ssh-with-google-authenticator.html

Macintosh Logon Scripts

Here is a set of Mac logon scripts I wrote for a Windows/AD environment. There are a set of plist files that launch perl scripts and different stages. The logon scripts are local and self-update from the sysvol directory.

edu.fitsuny.mac_logon_init.plist





	Label
	edu.fitsuny.edu.mac_system_logon
	ProgramArguments
	
		/etc/etsscripts/mac_logon_init.pl
	
	RunAtLoad
	


edu.fitsuny.mac_user_logon.plist





	Label
	edu.fitsuny.mac_user_logon
	ProgramArguments
	
		/etc/etsscripts/mac_user_logon.pl
	
	RunAtLoad
	


mac_system_logon.pl

#!/usr/bin/perl -l
#Please make your function a sub and then call it.
#FYI: an error here will break the entire script
open (LOG, '>>/tmp/logon_system.txt');
print LOG "Running System Hook V1.0 \n";

#remember with admitmac the username might be @fitsuny.edu
$username = $ARGV[0];


#updates the loader.pl just in case we make changes there.
updateloader();

sub updateloader
{
	system('smbclient //fit-c108-01/netlogon Password -U mac_logon -c \'get \\Macintosh\\installer\\mac_logon_init.pl /etc/etsscripts/mac_logon_init.pl\'');
	if ($? != 0)
	{ #try dc 1
		system('smbclient //fit-c108-02/netlogon Password -U mac_logon -c \'get \\Macintosh\\installer\\mac_logon_init.pl /etc/etsscripts/mac_logon_init.pl\'');
	if ($? != 0)
	{# failed again print error
		print LOG 'SYSTEM: Cannot download loader.pl script\n';
	}

	chmod(0755,'/etc/etsscripts/mac_logon_init.pl');
}
}
#!/usr/bin/perl -l
#Please make your process a sub and then call it.
#FYI: an error here will break the entire script
#This runs at user the user profie is in ~/ || mkdir() does not understand ~/
#
open (LOG, '>/tmp/logon_user.txt');
print LOG "Running User Hook V1.0 \n";

#remember with admitmac the username might be @fitsuny.edu

my $username = $ENV{'USER'};
my $profiledir = $ENV{'HOME'};

if ( $username =~ m/[@]/ )
{
	my @tmpusername = split(/@/,$username);
        $username = $tmpusername[0];
}
print LOG "USER: username " . $username . "\n";

#system test script, an example of giving the user a GUI popup box from a perl script
#system('osascript -l AppleScript -e \'tell Application "Finder" to display dialog "Call Frank"\'');

#get Prirole once
$usertype = get_prirole();
print LOG "USER: using prirole " . $usertype . "\n";

disable_dsstore();
mount_winfs();
#emgmesg();

#their profile is in Users which means they are not using admit mac
if ($profiledir =~ m/\/Users\//)
{
	mount_stanNDrive();	
}



sub disable_dsstore
{
	#this will disable .DS_STORE on network volumes
	#This will stop some weird bugs

	system('defaults write com.apple.desktopservices DSDontWriteNetworkStores true');
}

sub mount_stanNDrive
{
	use Net::LDAP;

	$ldap = Net::LDAP->new ('fit-c108-01') or die "$@";
	$ad = $ldap->bind('cn=ldapsearch,ou=fitusers,dc=fitsuny,dc=edu', password => 'password);
	$ad = $ldap->search (base => 'ou=FitUsers,dc=fitsuny,dc=edu',
        	                filter => "(&(cn=" . $username . "))",
        	                attrs => ['homeDirectory'],
        	                );

	$ad->code && die $ad->error;


	$winHomeDir =  $ad->entry->get_value('homeDirectory');
	$ad = $ldap->unbind;

	$winHomeDir =~ s/\\\\/smb:\/\//;
	$winHomeDir =~ s/\\/\//g;

	$osascript = qq[mount volume "$winHomeDir"];
	system( "osascript -e '$osascript'");

}
sub mount_winfs
{
	#check to make sure mount exists
	#check pri-role to see what server they are on

	my $pilot_user  = shift;

	my $servershare;
	$servershare = 'fs-c108-03/student_home$/'  if ifmember($username,'students') ;
	$servershare = 'fs-c108-04/faculty_home$/'  if ifmember($username,'faculty')  ;

	return unless $servershare; # Don't attempt mount if no Y: drive for user

	my $winfs_path = '//' . $servershare . $username;
	$mntfolder = $ENV{'HOME'} . '/Desktop/' . $username . '_CAMPUSFILES';

	print LOG $servershare . "\n";
	print LOG $mntfolder . "\n";
	system('mkdir ' . $mntfolder);
    	system('mount_smbfs -o nobrowse ' . $winfs_path . ' ' . $mntfolder);

	#get list of mounts
	$mountlist = `mount`;
	if ($mountlist =~ m/CAMPUSFILES/ix) 
	{# Successful mount
	} 
	else 
	{# Match attempt failed
		system('rm -dfr ' . $mntfolder);
	}

}

sub get_prirole
{
	my $ldapsearch = qq[ldapsearch -h ldap.fitsuny.edu -b "dc=fitsuny,dc=edu" -LLL -x "(uid=$username)" fitprirole];
	my $usertype = `$ldapsearch`;

	$usertype =~ s/^.*fitprirole:\s+(.*)$/$1/s;

	return $usertype;
}

sub ifmember
{
#does not do nested groups.

	$_username = shift;
	$_group = shift;
	use Net::LDAP;
	$ldap = Net::LDAP->new ('fit-c108-01') or die "$@";
	$ad = $ldap->bind('cn=ldapsearch,ou=fitusers,dc=fitsuny,dc=edu', password => 'password');
	$ad = $ldap->search (base =>'ou=FiTUsers,dc=fitsuny,dc=edu',
				filter => "(&(cn=" . $_username . ")(memberof=cn=" . $_group . ",ou=fitgroups,dc=fitsuny,dc=edu))",
				#attrs => ['memberOf'],
				);
	$ad->code && $ad->error;

	return $ad->count();
				

}


sub emgmesg
{
$message = "LOGIN TO MyFIT TO REGISTER FOR EMERGENCY MESSAGE NOTIFICATIONS
Get timely announcements in the event of a campus emergency or a weather-related closure of the college via text message, email, or voicemail.

Would you like to sign up now?";

#icons Types (stop, note, caution)
$icon = 'note';

#button types (ok, yesno)
$buttons = 'yesno';

#action
$action = 'http://myfit.fitnyc.edu';

if($icon eq 'stop')
	{
		$ic = '0';
	}
	elsif($icon eq 'note')
	{
		$ic = '1';
	}
	elsif($icon eq 'caution')
	{
		$ic = '2';
	}

	if($buttons eq 'ok')
	{
		$bu = '{"OK"}';
	}
	elsif($buttons eq 'yesno')
	{
		$bu = '{"YES","NO"}';
	}

	#mac way
	$result = `/usr/bin/osascript <<-EOF

    tell application "System Events"
        activate
        display dialog "$message" buttons $bu with icon $ic
    end tell

EOF`;

chomp($result);
if (($buttons eq 'yesno') && ($result eq 'button returned:YES'))
{
	system('open ' . $action);
}
}

Network Shares Migration Script

Some times its just easier to use command line tools then using WMI. This simple script migrates out shared folder system into the new structure that is the teachers name with two folders underneath it.

migrate.vbs

Set fso = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")

Set folder = fso.GetFolder("f:\shares\")
rcopy = "robocopy /e /zb /move /r:1 /w:1 "

For each folderIdx In folder.SubFolders
	objshell.run "net share " & folderIdx.Name & " \\servername /delete", 1 , true
	if instr(1,folderIdx.Name,"_drop",1) <> 0 then
		fteacher = replace(folderIdx.Name,"_drop","",1,-1,1)
		objshell.run rcopy & folderIdx.path & " f:\transportshare\" & fteacher & "_transport\DropBox\", 1, true
	elseif instr(1,folderIdx.Name,"_ffs",1) <> 0 then
		fteacher = replace(folderIdx.Name,"_ffs","",1,-1,1)
		objshell.run rcopy & folderIdx.path & " f:\transportshare\" & fteacher & "_transport\FFS\", 1, true
	end if
Next