Philips Hue - User Management & Some How To

In case you want to get more information out ouf your hue bridge:

Open your API debug website on your bridge:

http://ip_of_your_hue_bridge/debug/clip.html

This will bring you to:

CLIP API Debugger

------------------------------
Create user

To create a user fill the following fields:

URL:

/api/

Message Body:

{"devicetype":"my_hue_app#iPhone Dr. No"}

Push the button "POST"

You will get an output like:

[{"success":{"username": "TSmirSrsdsfw3er-st4rs4rm0mns-j723rJz"}}]
------------------------------
Show config
Note this output as this is your valid username for the next actions.
Now you can use this created user "TSmirSrsdsfw3er-st4rs4rm0mns-j723rJz" to get more information out of your system like:

URL:

/api/TSmirSrsdsfw3er-st4rs4rm0mns-j723rJz

Push the button "GET"
------------------------------

URL:

/api/TSmirSrsdsfw3er-st4rs4rm0mns-j723rJz/config

Push the button "GET"

Delete a user
/api/<username>/config/whitelist/<username2>

Win Server 2012 R2 as timeserver

Just a few thinks to do:

Start PowerShell

1. net stop w32time
2. w32tm /config /syncfromflags:manual /manualpeerlist:0.de.pool.ntp.org
3. w32tm /config /reliable:yes
4. net start w32time

SSL PFX to PEM and KEY

In case you have a wildcard PFX certificate and you need a PEM and your private KEY:

A *.pfx certificate is a PKCS#12 format and includes both the certificate and the private key.

1. Export the private key

openssl pkcs12 -in ABC.pfx -nocerts -out privatekey.pem -nodes

2. Export the certificate

openssl pkcs12 -in ABC.pfx -nokeys -out cert.pem

3.  Remove the passphrase from the private key

openssl rsa -in privatekey.pem -out server.key 

openBSD some hints

Packages

export PKG_PATH=http://openbsd.cs.fau.de/pub/OpenBSD/$(uname -r)/packages/$(uname -p)/

Clamav

pkg_add c-icap-clamav-0.4.3.tgz

OS X :create bootable USB device using ISO file

In case you need a  bootable USB stick an you just have an ISO file ...

1.) search for the name of your USB device ( e.g. /dev/disk4) 


diskutil list


2.) convert your iso image to a dmg file
 
hdiutil convert -format UDRW -o yourimage yourimage.iso 

3.)  unmount your USB stick
 
diskutil unmountDisk /dev/disk4 

4) write your DMG to the stick

sudo dd if=yourimage.dmg of=/dev/disk4 bs=10m 

5) unmount your USB stick 

diskutil unmountDisk /dev/disk4

Tomcat Confluence and SSL

In case you try to enable SSL at your confluence environment:

First create your PKCS12 Certificate

openssl pkcs12 -export -in <your .cer certificate> -inkey <your private keyfile> -out tomcat.p12 -name tomcat -CAfile <cacertfile> -caname root

-> give a export passwort i.e.'tomcat-password'

then

keytool -importkeystore -deststorepass 'keystorepassword' -destkeypass 'password-of-certificate' -destkeystore <tomcatkeystorefile> -srckeystore tomcat.p12 -srcstoretype PKCS12 -srcstorepass 'tomcat-password' -alias tomcat

You need to change 8443 to 443:

sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443

sudo /sbin/iptables-save > /etc/iptables/rules.v4

Don't forget to install:

apt install iptables-persistent 

Protect PHP Admin with IPTables

just in case you have phpAdmin running at port 2000 and you want to protect it:

iptables -I INPUT -m tcp -p tcp --dport 2000 -j ACCEPT

service iptables save

to block 

iptables -I INPUT -m tcp -p tcp --dport 2000 -j REJECT

service iptables save

Iridium 9555 time correction

In case your Iridium 9555 shows as date March 3, 2015 please dial:

*#99#2014051114235500# 

Press Green Key

Turn power Off

---

In case you want to test your Iridium 9555 just call (toll free)

0014807525105

Certs ssh authorized_keys automatic login does not work

Hi,

in case you are using CENTOS and you stored your authorized_keys in /home/USER/.ssh/ you may wondering, why an automatic login does not work.

Check the rights of your authorized_keys:

-rw-rw-r-- is too much.

This solves your problem (login as current user!)

chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

openSSL SSL Certificate check and other hints

In case you need to confirm, that your private key matches to your certificate:

openssl x509 -noout -modulus -in server.crt | openssl md5

openssl rsa -noout -modulus -in server.key | openssl md5


Check Certificate

openssl x509 -text -noout -in ABC.crt 

Apache

Some "Bookmarks" you need for fast debugging:

sudo netstat -ltnp | grep '443'

vi httpd.conf

chown clamav:clamav /var/log/clamav/freshclam.log

apachectl -k stop

apachectl testconfig

NMAP on OpenBSD

First you have to add the correct Path environment

export PKG_PATH=http://mirror.esc7.net/pub/OpenBSD/`uname -r`/packages/`machine -a`/

Then you can add the package:

pkg_add -v nmap

How to display User's Password Expiry on Server 2012 R2

How to see user's password expiry status:

PowerShell Script: display.ps1



$Users = Get-ADUser -Filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties msDS-UserPasswordExpiryTimeComputed, PasswordLastSet, CannotChangePassword

$Users | select Name, @{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}, PasswordLastSet

MX Record

Two easy ways to get information about MX Server:

In case you have a real operating system:

dig -t MX cnn.com

or

host cnn.com

In case you use windows:

nslookup -querytype=MX cnn.com

FreeBSD pflog auswerten

sudo tcpdump -n -e -ttt -r /var/log/pflog

Auswertungen:

sudo tcpdump -n -e -ttt -r /var/log/pflog port 80
sudo tcpdump -n -e -ttt -r /var/log/pflog port 80 and host 10.1.1.2

PF Log

$ sudo pfctl -n -f /etc/pf.conf 

-n: rules check

after this:
                                               

$ sudo pfctl -f /etc/pf.conf

---

Block nasty Guys:

table <badhosts> persist
block in quick on fxp0 from <badhosts> to any




$ sudo pfctl -t badhosts -T add 1.2.3.4

$ sudo pfctl -t badhosts -T delete 1.2.3.4

$ sudo pfctl -t bad hosts -T show

Kali Linux 2.0 Parallels Tools installation

In case you can't install Parallels Tools:

Add the needed resources first:

/etc/apt/sources.list

just add:

deb http://ftp.de.debian.org/debian/ stable main contrib non-free
deb-src http://ftp.de.debian.org/debian/ stable main contrib non-free
deb http://security.debian.org/ stable/updates main contrib non-free
deb-src http://security.debian.org/ stable/updates main contrib non-free

MAC DNS Cache reset

sudo killall -HUP mDNSResponder

Cisco ASA 5505 Update

How to upload a *.bin file to an ASA 5505:

enable
copy tftp flash

conf t

boot system disk0:/asa1234.bin

asdm image disk0:/asdm-1234.bin
write memory
reload

SMTP via Telnet

Just use telnet to test an SMTP Mail Server

telnet mail.abcdef.com 25

helo test.mydomain

mail from:me@abcdef.com
rcpt to:me@abcdef.com
data
From: Joker
To: User
Subject: Headline

Odroid X3 und OpenHab

Just another how to - in case you have to reinstall your infrastructure..

1.
Get your OS image at http://com.odroid.com/sigong/nf_file_board/nfile_board_view.php?keyword=&tag=ODROID-U3&bid=199
2.
For Windows-User download a image writer from:
http://com.odroid.com/sigong/nf_file_board/nfile_board_view.php?keyword=&tag=ODROID-U3&bid=199
3.
Follow the instructions to write the image ..
4.

ClamAV - CentOS Update Probleme

In case the command freshclam get an error like:

freshclam

ERROR: Can't create temporary directory /var/lib/clamav/clamav-d20d60c1871cfa7f444225c0fe0356e0.tmp

Hint: The database directory must be writable for UID 494 or GID 494

Just change the owner to:

chown clamav:clamav /var/lib/clamav

Fibaro Door Sensor FGK 101 reset

Don't worry, it took me SEVERAL attempts to reset a sensor...

1. Take off the Sensor's cover
2. Remove battery
3. Make sure the back TMP button is NOT pushed
4. Touch the Sensor's body with a magnet
5. Insert the battery
6. Remove the magnet from the Sensor's body
7. Remove the battery
8. Re-install the battery
9. Reset will be confirmed by double LED blink.

to complete the confusion - for another sonsor this worked (afer a dozend attemps)

1. Take off the Sensor's cover
2. Remove battery
3. Make sure the back TMP button IS pushed
4. Touch the Sensor's body with a magnet
5. Insert the battery
6. Remove the magnet from the Sensor's body
7. Remove the battery
8. Re-install the battery
9. Reset will be confirmed by double LED blink.

ESXi useful command

For the cut and paste nerds...

Maintenance Mode On:

vim-cmd hostsvc/maintenance_mode_enter

Maintenance Mode Off:

vim-cmd hostsvc/maintenance_mode_exit

esxcli software vib install -v /tmp/... --no-sig-check for .vib

esxcli software vib update -d /tmp/.. --no-sig-check for .zip

esxcli software vib list

esxcli storage vmfs extent list

voma -m vmfs -f check -d /vmfs/devices/disks/vml.0

Autostart Folder Windows Server 2012 R2

A) Win + R
B) shell:Startup
C) Have Fun

VMWARE ESXi 5.1 Harddisk Monitoring

You want to monitor your ADAPTEC attached HDD:

Download the package:
https://www.adaptec.com/de-de/speed/raid/storage_manager/msm_vmware_v1_08_21375_zip.php

ESXi Update VMware

Quick and Easy way to update an ESXi Host

Infos at: https://kb.vmware.com/s/article/2143832

DONT FORGET TO HAVE YOUR RAID DRIVER AVAILABLE..

1) enable SSH
2) Download from vmware.com/patch/download

3) cd /tmp

4) vim-cmd hostsvc/maintenance_mode_enter

5) esxcli software vib update -d /vmfs/volumes/datastore1/...

6) reboot

7) vim-cmd hostsvc/maintenance_mode_exit

or:

esxcli network firewall ruleset set -e true -r httpClient

vim-cmd hostsvc/maintenance_mode_enter 

esxcli software sources profile list --depot=https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml | grep -i ESXi-6.7 | sort

esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-6.7.0-20190802001-standard

esxcli network firewall ruleset set -e false -r httpClnt

Prismcube

[reader]
label                         = skyV14
protocol                      = internal
device                        = /dev/sci0
caid                          = 098C
boxid                         = 12345678
detect                        = cd
mhz                           = 600
cardmhz                       = 500
group                         = 1
emmcache                      = 1,3,2