Tuesday, March 31, 2015

New nagios check to see if all your network hosts are logging well in graylog2

Hooray! I' ve just completed another nagios script to help you find if some of your network hosts aren't logging well in graylog2. This script is using graylog2 API ex. http://graylog2.somehost.com:12900/api-browser and exchange JSON data. To understand the logic behind the script you are going to query the graylog2 api to send to you all the hosts for the last n hours.

for example:  ./check_graylog2_sources.pl -H 192.168.1.1 -P 12900 -u admin -p password -t 24 -s 60 -w 1 -c 2 -v  is checking host 192.168.1.1 on port 12900 with username admin and password "password" for the last 24h to see all the hosts are logging. -s switch is telling to script "You must see 60 total hosts" and if you get less than 60 hosts alert me with warning if missing 1 hosts or with critical if missing 2 or more hosts.

You can download the script here

:)

Sunday, February 8, 2015

Controlling Opsview downtimes from PowerShell (via REST API)

I'm currently developing an open source script to create scheduled downtimes from command line with Powershell called 'opsviewctl_dowtime.ps1'. Our Development team needs a custom script to create a scheduled downtimes in opsview, while they release their new code to the webservers. So now we 're no getting alerts (as sysadmins) if they are doing changes!

You can find my powershell script HERE. I would be happy to hear you for changes, improvments and new funtions! 



Saturday, January 24, 2015

Nagios script to check if windows Administrator account is enabled.

Many companies ...as mine nowadays, decide to disable default windows Administrator account for security reasons or to a have an account for third party partner and opening it only when this is absolute necessary for a while and then disable it again.

After a little search at Nagios Exchange i din't find something similar so i decide to create a simple script myself.

Here is my first basic script written in VBscript to check if specific account is disable or not. If this account is disabled returns OK, if not returns Critical and finally if account is not exist returns Warning.

Needs Opsview agent or NSClient++ to be running already on the system you 're trying to check and you must add the following line to opsview.ini or NSC.ini file, to let NRPE recognize it rightly.

check_mswin_user=cscript.exe //T:190 //NoLogo scripts\\check-user.vbs

After that, create check-user.vbs in scripts folder and paste the following code inside.

Const rOK = 0
Const rWarning = 1
CONST rCritical = 2
CONST rUnknown = 3
Const ADS_UF_ACCOUNTDISABLE = &H0002

strComputer = "."
strUser = "Administrator"

on error resume next
Set objUser = GetObject("WinNT://" & strComputer & "/" & strUser)

If IsObject(objUser) Then
flag = objUser.GET("UserFlags")
If flag AND ADS_UF_ACCOUNTDISABLE Then
    Wscript.Echo "OK: Account is disabled."
Wscript.Quit(rOK)
Else
   Wscript.Echo "CRITICAL: Account is not disabled."
   Wscript.Quit(rCritical)
End If
Else
      WScript.Echo "WARNING: User does not exist"
      Wscript.Quit(rWarning)

End If

Download: check-user.vbs

Pretty straight ...right? You can also change strUser value in anything you want :)

The last things is to restart opsview/nsclient service from windows services and create your new custom script using nagios check_nrpe
Here is a simple example: 
check_nrpe -H $HOSTADDRESS$ -c check_mswin_user

My next target is to parse user as an argument to make our life easier ;)




Tuesday, July 3, 2012


Disable DEP (data execution prevention) on Virtual Machine withWindows 2003 installed using vmrun command


vmrun -T ws -gu Administrator runProgramInGuest "C:\Users\Administrator\Documents\Virtual Machines\Windows Server 2003 Enterprise Edition (3)\Windows Server 2003 Enterprise Edition (3).vmx" -activeWindow C:\windows\system32\bootcfg.exe /raw "/noexecute=AlwaysOff" /ID 1
Automatic revert a vmware snapshot for all virtual machines with Vbscript




Dim objShell,msg


Set objShell = CreateObject("WScript.Shell")
Set objWshScriptExec = objShell.Exec("""C:\Program Files (x86)\VMware\VMware Workstation\vmrun.exe"" -T ws list")
Set objStdOut = objWshScriptExec.StdOut


count = 0


    Do Until objStdOut.AtEndOfStream
countN = 0
        count = count+1
        strLine = objStdOut.ReadLine


        If count>1 Then
        
Set objShellN = CreateObject("WScript.Shell")        
Set objWshScriptExecN = objShellN.Exec("""C:\Program Files (x86)\VMware\VMware Workstation\vmrun.exe"" -T ws listSnapshots " & """" & strLine & """")
Set objStdOutN = objWshScriptExecN.StdOut


Do Until objStdOutN.AtEndOfStream
countN = countN+1
        strLineN = objStdOutN.ReadLine


        If countN>1 Then
        Set objShellV = CreateObject("WScript.Shell")        
        objShellV.Run("""C:\Program Files (x86)\VMware\VMware Workstation\vmrun.exe"" -T ws revertToSnapshot " & """" & strLine & """" & " " & strLineN)
WScript.Sleep(15000)
End If
       
        Loop

Set objShellX = CreateObject("WScript.Shell")
objShellX.Run("""C:\Program Files (x86)\VMware\VMware Workstation\vmrun.exe"" start " & """" & strLine & """")
WScript.Sleep(15000)
        End If


    Loop


WScript.Quit
And if you have 32bit system simply change "Program Files (x86)" with "Program Files"

Saturday, June 23, 2012

Automatic connect Checkpoint SecuRemote VPN with a script


C:
cd \
cd Program Files\CheckPoint\SecuRemote\bin
scc.exe setmode cli
scc.exe up myusername mypassword123
scc.exe c CONNECTION1
Full list of all adobe activation servers for host file



127.0.0.1 hl2rcv.adobe.com
127.0.0.1 t3dns.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns-5.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 ood.opsource.net
127.0.0.1 practivate.adobe
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.wip.adobe.com
127.0.0.1 ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 ereg.wip4.adobe.com
127.0.0.1 wip.adobe.com
127.0.0.1 wip1.adobe.com
127.0.0.1 wip2.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wip4.adobe.com
127.0.0.1 www.wip.adobe.com
127.0.0.1 www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com
127.0.0.1 www.wip3.adobe.com
127.0.0.1 www.wip4.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.91
127.0.0.1 125.252.224.90
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 preactivate.adobe.com
127.0.0.1 wwis-dubc1-vip30.adobe.com
127.0.0.1 wwis-dubc1-vip31.adobe.com
127.0.0.1 wwis-dubc1-vip32.adobe.com
127.0.0.1 wwis-dubc1-vip33.adobe.com
127.0.0.1 wwis-dubc1-vip34.adobe.com
127.0.0.1 wwis-dubc1-vip35.adobe.com
127.0.0.1 wwis-dubc1-vip36.adobe.com
127.0.0.1 wwis-dubc1-vip37.adobe.com
127.0.0.1 wwis-dubc1-vip38.adobe.com
127.0.0.1 wwis-dubc1-vip39.adobe.com
127.0.0.1 wwis-dubc1-vip40.adobe.com
127.0.0.1 wwis-dubc1-vip41.adobe.com
127.0.0.1 wwis-dubc1-vip42.adobe.com
127.0.0.1 wwis-dubc1-vip43.adobe.com
127.0.0.1 wwis-dubc1-vip44.adobe.com
127.0.0.1 wwis-dubc1-vip45.adobe.com
127.0.0.1 wwis-dubc1-vip46.adobe.com
127.0.0.1 wwis-dubc1-vip47.adobe.com
127.0.0.1 wwis-dubc1-vip48.adobe.com
127.0.0.1 wwis-dubc1-vip49.adobe.com
127.0.0.1 wwis-dubc1-vip50.adobe.com
127.0.0.1 wwis-dubc1-vip51.adobe.com
127.0.0.1 wwis-dubc1-vip52.adobe.com
127.0.0.1 wwis-dubc1-vip53.adobe.com
127.0.0.1 wwis-dubc1-vip54.adobe.com
127.0.0.1 wwis-dubc1-vip55.adobe.com
127.0.0.1 wwis-dubc1-vip56.adobe.com
127.0.0.1 wwis-dubc1-vip57.adobe.com
127.0.0.1 wwis-dubc1-vip58.adobe.com
127.0.0.1 wwis-dubc1-vip59.adobe.com
127.0.0.1 wwis-dubc1-vip61.adobe.com
127.0.0.1 wwis-dubc1-vip62.adobe.com
127.0.0.1 wwis-dubc1-vip63.adobe.com
127.0.0.1 wwis-dubc1-vip64.adobe.com
127.0.0.1 wwis-dubc1-vip65.adobe.com
127.0.0.1 wwis-dubc1-vip66.adobe.com
127.0.0.1 wwis-dubc1-vip67.adobe.com
127.0.0.1 wwis-dubc1-vip68.adobe.com
127.0.0.1 wwis-dubc1-vip69.adobe.com
127.0.0.1 wwis-dubc1-vip70.adobe.com
127.0.0.1 wwis-dubc1-vip71.adobe.com
127.0.0.1 wwis-dubc1-vip72.adobe.com
127.0.0.1 wwis-dubc1-vip73.adobe.com
127.0.0.1 wwis-dubc1-vip74.adobe.com
127.0.0.1 wwis-dubc1-vip75.adobe.com
127.0.0.1 wwis-dubc1-vip76.adobe.com
127.0.0.1 wwis-dubc1-vip77.adobe.com
127.0.0.1 wwis-dubc1-vip78.adobe.com
127.0.0.1 wwis-dubc1-vip79.adobe.com
127.0.0.1 wwis-dubc1-vip80.adobe.com
127.0.0.1 wwis-dubc1-vip81.adobe.com
127.0.0.1 wwis-dubc1-vip82.adobe.com
127.0.0.1 wwis-dubc1-vip83.adobe.com
127.0.0.1 wwis-dubc1-vip84.adobe.com
127.0.0.1 wwis-dubc1-vip85.adobe.com
127.0.0.1 wwis-dubc1-vip86.adobe.com
127.0.0.1 wwis-dubc1-vip87.adobe.com
127.0.0.1 wwis-dubc1-vip88.adobe.com
127.0.0.1 wwis-dubc1-vip89.adobe.com
127.0.0.1 wwis-dubc1-vip90.adobe.com
127.0.0.1 wwis-dubc1-vip91.adobe.com
127.0.0.1 wwis-dubc1-vip92.adobe.com
127.0.0.1 wwis-dubc1-vip93.adobe.com
127.0.0.1 wwis-dubc1-vip94.adobe.com
127.0.0.1 wwis-dubc1-vip95.adobe.com
127.0.0.1 wwis-dubc1-vip96.adobe.com
127.0.0.1 wwis-dubc1-vip97.adobe.com
127.0.0.1 wwis-dubc1-vip98.adobe.com
127.0.0.1 wwis-dubc1-vip99.adobe.com
127.0.0.1 wwis-dubc1-vip100.adobe.com
127.0.0.1 wwis-dubc1-vip101.adobe.com
127.0.0.1 wwis-dubc1-vip102.adobe.com
127.0.0.1 wwis-dubc1-vip103.adobe.com
127.0.0.1 wwis-dubc1-vip104.adobe.com
127.0.0.1 wwis-dubc1-vip105.adobe.com
127.0.0.1 wwis-dubc1-vip106.adobe.com
127.0.0.1 wwis-dubc1-vip107.adobe.com
127.0.0.1 wwis-dubc1-vip108.adobe.com
127.0.0.1 wwis-dubc1-vip109.adobe.com
127.0.0.1 wwis-dubc1-vip110.adobe.com
127.0.0.1 wwis-dubc1-vip111.adobe.com
127.0.0.1 wwis-dubc1-vip112.adobe.com
127.0.0.1 wwis-dubc1-vip113.adobe.com
127.0.0.1 wwis-dubc1-vip114.adobe.com
127.0.0.1 wwis-dubc1-vip115.adobe.com
127.0.0.1 wwis-dubc1-vip116.adobe.com
127.0.0.1 wwis-dubc1-vip117.adobe.com
127.0.0.1 wwis-dubc1-vip118.adobe.com
127.0.0.1 wwis-dubc1-vip119.adobe.com
127.0.0.1 wwis-dubc1-vip120.adobe.com
127.0.0.1 wwis-dubc1-vip121.adobe.com
127.0.0.1 wwis-dubc1-vip122.adobe.com
127.0.0.1 wwis-dubc1-vip123.adobe.com
127.0.0.1 wwis-dubc1-vip124.adobe.com
127.0.0.1 wwis-dubc1-vip125.adobe.com
127.0.0.1 crl.verisign.net
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 tpractivate.adobe.newoa
127.0.0.1 practivate.adobe.ntp
127.0.0.1 practivate.adobe.ipp
127.0.0.1 www.adobeereg.com
127.0.0.1 adobeereg.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 209.34.83.73:443
127.0.0.1 209.34.83.73:43
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.67:443
127.0.0.1 209.34.83.67:43
127.0.0.1 209.34.83.67
127.0.0.1 199.7.52.190:80
127.0.0.1 199.7.52.190
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 199.7.54.72:80
127.0.0.1 199.7.54.72