Month: October 2024

  • Run a Script using Windows Task Scheduler

    Run a Script using Windows Task Scheduler

    Begin

    By default, a task will only run when a user is logged in. If you want to run a task after hours or over night, you will need to select “run whether the user is logged in or not” and “run with highest privilege’s”, so it runs in admin mode. Finally, you will need to add the user to the local admin group.

    Some blog posts will say, you still can get a task to run if a regular user is not logged in. You can add the user to the local security group policy under “logon as a batch job” by going to secpol.msc, security settings, user rights assignment, logon as batch job, and add the user. I tested this multiple times and could not get this method to work when attempting to run a PowerShell script. Perhaps, this only works for true batch scripts.

    Let’s assume, I want to run a PowerShell script every hour of every day (i.e. 24 x7). First, check if your user is a local administrator. Go to Computer management, system tools, local users and groups, administrators. Verify he is included.

    Run the task scheduler and select create a task.

    General Tab

    Configure the Name, User account, Run whether the users is logged on or not, and Run with highest privileges, as it needs to run in admin mode when the user is logged out. Next, select Configure for Windows 10.

    Triggers Tab

    Select to run starting at 1:00 PM, every hour, and verify the task is enabled.

    Action Tab

    The script must be stored under the local user’s profile to get it to execute!! i.e. C:\users\username\tasks\yourscript.ps1.

    Program: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    Argument: -nologo -ExecutionPolicy Bypass -windowstyle Hidden -file C:\Users\user1\scripts\report.ps1

    Common PowerShell arguments are:

    • -NoProfile, meaning do not load the users profile (use when you have custom setting in the script).
    • -ExecutionPolicy Bypass, means allow the script to run with no conditions (i.e. it is not signed).
    • -Windowstyle Hidden, means do not display the PS window.
    • -nologo, means to suppress the PS copyright info when PS starts (provides a cleaner process).
    • -file /path/filename.ps1, enter full path to your script.

    Conditions Tab

    Make no changes.

    Settings Tab

    Make no changes. Do not enable “if task fails. then restart”. If your password expires, it will keep locking your AD account.

  • Split Text Data into Columns Using Microsoft Excel

    Split Text Data into Columns Using Microsoft Excel

    Split out data from Excel

    A common task to perform is when you have data in a text file and you need to copy and paste the data into excel and then split the date into columns. Unfortunately, when you do this it will put all the date in a single column. You have to then split out the date into columns using the below method.

    Process

    Highlight and copy date from notepad.

    Paste data into excel. All data will be pasted into the first column only!

    Select data, text to column, delimited, and then next.

    Select the items you want to use as separators, usually tabs and spaces. Then hit next or finish.

  • Synchronize the Time & Date in Ubuntu

    Synchronize the Time & Date in Ubuntu

    Understanding Time

    Time is a critical component of every computer. When to run updates, launch scheduled tasks, or just to keep user’s informed, are all dependent on time.

    Every computer has a built in clock on the motherboard, usually powered by a battery, to keep track of the time. This hardware based clock is called the Real Time Clock (RTC) and is used to power the human readable ‘system time’, based on time zones.

    • System Time = Uses Time Zones
    • RTC = Real Time Zone = Uses Hardware clock

    Unfortunately, the hardware clock will always eventually get out of sync with real time and need to be adjusted. This occurs because of power outages, battery on the MB dies, or other reasons.

    Ubuntu Settings

    Two commands are used to control the date and time. First, the ‘timedatectl‘ command is used to set the time zone. Next, the ‘timesyncd‘ command is used start or stop the sync service and to turn on or off the network time protocol (NTP).

    An older process to manage these functions is called ntpd. While this process is still supported, it is recommended to use the newer methods.

    Check Your Time Zone

    In the United States, there are three primary time zones.

    • UTC (Universal Time Coordinated)
    • EDT (Eastern Daylight Time) = 2nd Sunday March to 1st Sunday in Nov. = 4 hr behind UTC
    • EST (Eastern Standard Time) = 1st Sunday Nov to 2nd Sunday March. = 5 hr behind UTC
    date

    Get a list of available time zones

    timedatectl list-timezones

    Change the Time Zone

    sudo timedatectl set-timezone America/New_York

    Check the Sync & NTP Services

    Note: Typically, the Real Time Clock or ‘RTC in local TZ’ should always be set to ‘no’. This is due to that most of the US uses spring/fall time changes and the RTC does not know anything about that.

    Turn on the ‘System clock synchronized’

    Check that there is a name server or two listed in the configuration file. The entries should be space separated.

    sudo vim /etc/systemd/timesyncd.conf

    Add the following lines under [Time]:
    NTP=ntp.myserver.com time.nist.gov

    Next, run the below command.

    sudo systemctl start systemd-timesyncd

    Turn on the ‘NTP Service’ 

    sudo timedatectl set-ntp on

    Verify the Clock is Synced

    systemctl status systemd-timesyncd

    Ref: https://www.linuxfordevices.com/tutorials/ubuntu/set-up-time-synchronization-ubuntu

    Ref: https://opensource.com/article/20/6/time-date-systemd

    Ref: https://ubuntu.com/server/docs/about-time-synchronisation

  • Analyze Network Traffic using TCPDump

    Analyze Network Traffic using TCPDump

    The Basic

    TcpDump is a command line network monitoring tool for viewing packets, in real time, as they pass through the server network interface. Specifically, it can be used to view and record packets going into and out of a network interface and can be used to conduct all sort of analysis.

    I use this tool to see if logs are actually coming into a server, typically over syslog, and what port are they being received on or are going to.

    Inbound traffic from IP 10.16.28.143

    tcpdump -i ens160 -nn 'src 10.16.28.143'

    -i = listen on network card ens160
    -n = do not translate IP address to DNS names
    -nn = do not translate IP to DNS names or ports to service names
    -v = verbose

    Inbound traffic to a specific port

    tcpdump -i eth0 -nn 'dst port 12017'

    Either inbound or outbound traffic to/from port 12011

    tcpdump -i any port 12011

    Outbound traffic to IP 10.16.1.121

    tcpdump -nn -i eth0 'dst 10.16.1.121'

    Outbound traffic on port 443

    Only capture TCP outbound traffic going to IP 10.10.192.30 on port 443. 

    tcpdump -i ens160 'tcp and port 443 and dst 10.10.192.30'

    See if you are getting syslog data

    Only capture data coming from subnets 10.10.149.0/24 or 10.10.153.0/24 and arriving on port 514.

    tcpdump -i ens160 'dst port 514 and (src net 10.10.149.0/24 or src net 10.10.153.0/24)'

    Outbound traffic going to port 443

    tcpdump -i eth0 'src port 443'