NAIT's LINUX (UNIX) CORE CERTIFICATE

I had the pleasure of taking the NAIT "Linux (Unix) Core Certificate Program".   The reason I had chosen this program to update my skills is in our computing environment about 60% of our servers use open source software.  From the web server to the firewalls to the NAS devices the majority of our major infrastructure is or will be running on some sort of Linux/Unix system.  I was looking to improve my use and knowledge of the operating system.  I feel this course did exactly that; it is a course that I would highly recommend.  The following is a summary of the course, how I felt the course went and what I learned.

The NAIT course is broken down into 5 smaller courses.

CCTM520	Linux/Unix Essentials and Command Line
CCTM530	Linux/Unix Installation and Management
CCTM540	Linux/Unix Shell Scripting and Automation
CCTM550	Linux/Unix Administration
CCTM560	Linux/Unix Networking

The instructor for the course is Harm Gerding

Overall I found this course very informative and that I didn't know Linux as well as I thought I did.  I picked up may more skills and updated ones I already had.  I found him knowledgeable, and confident when presenting.  His classroom exercises were well thought out and engaging.


Course CCTM520 - Linux/Unix Essentials and Command line

This course is really basic, it covers the following:

• different distributions
• desktop applications, x windows and accessiblity
• general operating system use, how to use Man (manual pages) and info
• editing and the manipulation of files, permissions, pipes, redirects, and STDIO
• system variables, shells, and set command

I found this course to be a really good base for everything that followed; the notes provided were clear and concise.  I was worried that this course would be too basic, but I was happily mistaken, I really enjoyed this course and picked up several more tools that I now regularly use.  The most useful thing that was covered is vi.  I found it great and use many of the features in the program now that I didn't otherwise know about.

Course CCTM530 - Linux/Unix Installation and Management

The course is exactly what the title says it is, the installation and management of Linux on systems.

Course objectives:

• selecting a distro
• partitioning and installing linux
• using yum and apt for installing, updating and removing software
• creating archive files
• determining who is logged in
• maintaining skeleton directories, profiles, setting limits and other settings
• servers vs desktops vs virtual machines
• file system types
• basic user and group management, authentication and security
• time, timezone  and ntp
• managing and maintaining logs, logging and journalctl

This was an interesting part of the course, it is always fun to do a fresh install of an OS, and having a look at systemd the relatively new core for Linux was interesting and very informative.

Course CCTM540 - Linux/Unix Shell Scripting and Automation

I found this part of the course to be the most fun and rewarding.  I come from a web programming background (PHP, Javascript and CSS is what I mostly use) I took the Certificate course mainly for this course and it was well worth it.  There are many things in shell scripting that are different then in web programming, and since I do need to automate a lot of what I do I found this course to be the most useful.  Through the extent of this course we created many small shell scripts and we were given a useful guide when to use and not to use shell scripts.  I found after this course I am better able to write my own shell scripts and I understand how the Linux Operating system works especially with variables (now I can fix some of my older scripts) and reading and understanding scripts is much easier too.

Course CCTM550 - Linux/Unix Administrator

I found this part of the course really good as well especially using the updated command line commands.

Course Objectives:

• Sudo, su and security
• TCP Wrappers
• basic networking, and troubleshooting
• netstat, ip command, and ping
• file/printer sharing and printing
• using virtual machines
• backup and restore strategies and techniques
• intro to mail servers/MTA ssh and telnet
• GnuPG config, usage and revocation

This course was really good for getting us to use the commands and seeing the differences between the legacy commands vs the new commands.  I have been forcing myself to use the new commands to get use to them, they do require some getting use to but I have found it to be time well spent.

Course CCTM560 - Linux/Unix Networking

This part of the course was a lot of fun.  It took everything we had learn and forced the class to use it.  It involved setting up our own Lan, with specific ip addresses and subnets, making everything route properly to each network and out to the internet.  We discussed best practices, planning, dealing with and managing issues.

Course Objectives:

• connecting between machines and enabling/disabling network services
• covering common tcp/udp services and ports
• network troubleshooting
• tcpdumps, wireshark, port scans and nmap
• name resolution, dig and nslookup
• host vs network security.

Summary:

I found this course a great experience.  Harm is knowledgeable, he took his time and answered questions the students had and kept everyone very engaged.  The course covered a lot of material in two weeks and could have easily been much longer.  In fact we were not able to cover everything in the material (specifically IPv6) however the notes are good enough to go with on their own and there was a lot of discussion about IPv6 during the networking part of the course.  I would recommend this course to anyone if you have the computer skills and understanding to handle it.  I came out of this course knowing much more then I did before and many concepts are much clearer now then they were before.

Getting CMD Line FTP to work on Windows with a PFSense Firewall

PFSense Firewall Fix For Windows FTP

With PFSense especially with version 2.2 there is a known bug that it kills Windows Command line FTP (linux and Mac OS FTP though the cmd line work fine), which is a real pain if your on a Windows platform and your trying to automate something where a typical piece of software won't cut it.   There is FTP proxy plugin, but it is in beta, and at least for me it didn't seem to work.  https://forum.pfsense.org/index.php?topic=89841.0  at least it didn't for me.  I'd also rather not open a bunch of ports and have to manage and monitor all the different ports required in the firewall. 

I needed to setup an automated process on a windows client (no choice propriety software requires windows) to FTP text files to a old IBM mainframe FTP.  To work around this issue I found a nice piece of software from IPSwitch called Move It Freely.  You install the software and I highly recommend letting the software create the environmental variable so you can call the software from anywhere in the system.  In your .bat files or VB Scripts if you call ftps instead of ftp it calls the "Move It Freely" client.  Once you are connected make sure you change your transfer type to passive as Windows CMD Line FTP (ftp.exe) defaults with active as does Move it Freely.  That is why in windows FTP you need to put the command QUOTE PASV to enable passive mode.

Documentation for move it freely can be found here. 

https://moveitsupport.ipswitch.com/SUPPORT/mifreely/mifreely.htm#examples

Windows Command Line FTP Info

Here is an example of a bat file to upload a file.

ftps $HOST -user:$Username -password:$Password

cd $directory

prompt

bin

hash

passive

put $FILE

quit

How to Install .NET framework 3.5 on Windows 7 Embedded

You can view the video on the installation of .net 3.5 on my Youtube Channel. 

To install .NET framework 3.5 on Windows 7 Embedded, it is really a easy process once you know how to do it.  This is an update to my previous post, I decided that I would make this one extremely easy to follow with step by step directions.  My other post only worked occasionally, this one I've made sure it has worked every time that you do it.  There are some files you will need before we proceed.

Chrome or Firefox to get the files you will need.
.net verification tool
The full .net 3.5 Framework 

As you know with windows 7 how you would typically install the .net framework is though the add and remove programs.  This is restricted in Windows 7 Embedded.

To add .net 3.5 you typically go though the Programs and Features Category
and select Turn Windows Features on or off

This post will by pass this restriction without doing any registry edits or messing around with security settings.  For the rest of this post I will be working out of the downloads directory.  I've already loaded chrome and have downloaded the .net verification tool and the Full full .net 3.5 Framework 

open cmd prompt as administrator go to your downloads directory

and extract dotnetfx35.exe using command
dotnetfx35.exe /x:

You will get a prompt asking where you want to save the extracted files.  I am saving it to a folder called net35

Once extracted we will need to go to  net35 -> wcu -> dotNetFramework


You will then be prompted to save the extracted files.  I've put mine in a folder called net35

Navigate to net35 -> wcu -> dotNetFramework

run the extract command in the command prompt again and save the extracted files to the same directory

dotNetFx35Setup.exe /x:

inside of dotNetFX30 install the following files
netfx30a_x86
WCF
WCS
WF_32

This will install the essential files for .NET3, which is required before .NET3.5

Go up one directory level and go to the folder TOOLS and Install chwireg

Then go up a directory level find and run the setup application in compatibility mode vista sp1 and as administrator.

You can verifiy that .NET 3.5 SP1 has been installed by using the net_setupverifier

As you can see I have .NET 2 SP2, .NET 3 SP2 and .NET 3.5 SP1 all installed.

A couple other tools you may want to use or look at using once the frameworks are installed.

.NET Repair Tool go to https://support.microsoft.com/en-us/kb/2698555

.NET Clean-Up Tool http://blogs.msdn.com/b/astebner/archive/2013/11/06/10464416.aspx

Veeam Backup and Recovery

If you need to make a name change to the server that is installed with your veeam backup and recovery software there are a couple things you will need to change if you don't want to uninstall and reinstall the software.

For the Backup Service you need to change these two registry keys

Veeam refers to the local computer name in a couple of registry entries and promptly stopped working.

The keys for the backup service are:

HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\SqlServerName

HKLM\SOFTWARE\Veeam\Veeam Backup Catalog\CatalogSharedFolderPath

For the SQL database service it is in

HKLM\SOFTWARE\Microsoft\MSSQLServer\LASTCONNECT

Printing a customized fixed header from MS Excel on every page

How to set a number of columns or rows in MS Excel to print on every page.  This should apply to MS Office 2007 and later.

In MS office ribbon go to the Page Layout Tab -> Print Titles

Then you will see this page setup pop up screen.

In the rows to repeat at top put in the range that you want to put on every page.  In this case I want rows 33 to 36 to repeat on every page I print.

Then select print preview to see the rows repeated on the top of every page.

Then Print your document.

Cyptowall 3. From Infection to Recovery.

Cyptowall 3.  From Infection to Recovery.

Disclaimer - for protection of the companies and their staff involved I will not name or reference them any other way then "The Company" and "Staff". 

 

A few companies I've consulted with were hit with Cryptowall version 3.  The entry point was a staff member who opened something in the email they shouldn't have.  Their computer was protected with a "tier 1" anti-virus (For the record I use the term "Tier 1" very loosely.  The infected machines were using all up-to-date well known corporate anti-virus).

After the staff member opened the email attachment I'm told the anti-virus had claimed it blocked the infection, it however did not.  The virus ran until the staff member went home; there was no alerting the IT staff due to a lack of procedural operations if such an event were to occur.  Also IT staff being contractors or on call.   The virus encrypted almost all files on all mapped network windows file shares.  1/5 of all the files were encrypted and 1/2 of all the files were infected on all the shared drives for all users.
 

It is well known and documented that once infected with a ransomware the only course of action is to recover from an offline backup or pay the ransom.  As all the most recent files were encrypted the oldest backup were 1 to 2 weeks old which was an acceptable lost to the organizations involved.  Due to the size of the file shares doing an offline backup every night was not an option for the company; the backup drives are rotated weekly.  Archiving files are also not considered a high priority due to the price and size of hard drives.  The time to sift through and decide what projects and files can be archived can be time consuming. 

I was however able to get back approximately 2/3 of the differential data from the drives using some recovery software and specifying the date range from the last backup to the day before the virus infected the system.  My preferred choice of recovery software for windows is Active Undelete.

The software is very intuitive, reasonably priced and has helped me recover more files for clients from accidental deletion, dead hard drive or an accidental format. I ran a full drive scan, took about 6 hours through USB 3 on a laptop to recover the differential data.  Of that differential data 80% of the data appeared to be uncorrupted,usable and accurate as of the day modified.

I will be doing a follow up post on this for a backup solution that is ransomware resistant to with-in 24 hours from the time of the infection.  It really is a post you don't want to miss.

Cisco did a very good blog post on the technical aspects of cryptowall 3.

http://blogs.cisco.com/security/talos/cryptowall-3-0

Here are some links on the very first type of this crypto-ransomware cryptolocker.
http://en.wikipedia.org/wiki/CryptoLocker

The TWIT network did a great breakdown on cryptolocker on Security Now!
http://twit.tv/show/security-now/427