Author: mark_user

  • Export a KeePass Master Key File

    Export a KeePass Master Key File

    To in increase security, you can require a KeePass to use both a key file and a password to open the database. This makes it technically, two factor authentication (2FA).

    Go to file > change Master password. Check the ‘Show expert options’

    Enter a new master password. Check the key file box. Select Create. When completed, save the key file to a secure location. Such as a USB stick with Drive letter G:

    Plug in the USB stick. Launch KeePass, enter the password, and make sure the “key file/provider:” is pointed at your USB stick. The database will now open.

    Finally, be sure to backup the key file to your backup location. External hard drive, cloud, etc. If the key file is ever lost. There is no way to ever open the database.

  • How to Command Respect from Others

    I saw a YouTube video on a Russian Mafia Don and he stated how to command respect from others. You have to follow a few simple rules. I liked the advice so much I am reproducing it here.

    Do not divide your attention, focus, look the person in the eye.

    Make decisions and stick to them.

    Listen first, speak second.

    Speak slowly.

  • Generic Outline for Writing a Policy or Procedure

    Generic Outline for Writing a Policy or Procedure

    Initial Thoughts

    Polices are global in nature. All company employee’s are expect to follow the guidelines. Examples of polices include: the Acceptable Use Policy (AUP), Memorandum of Understanding (MOU), or Bring Your Own Device (BYOD) to work. These a often generic guidelines that all employees must adhere to. On the other hand, procedures are typically at the department or team level. They are a step-by-step guide book. Many departments will have multiple Standard Operating Procedure (SOP) for a wide variety of topics.

    When writing either, they follow a general outline. Here is some generic language to get you started.

    General Outline

    1. Purpose – Define the purpose of the policy.

    “The purpose of this procedure is to set forth the process for investigating, evaluating, and recovery from a security Breach to comp[any information assets, data, or other resources.”

    2. Requirements – Why is this required? What standards are to be followed? PCI data security standard (PCI DSS)? What other Legal or regulatory rules apply?

    “Payment Card Industry Data Security Standards (PCI DSS) were developed specifically to provide a baseline of technical and operational requirements designed to protect account data, to protect against threats, and secure elements in the payment ecosystem. The company adheres to all PCI DSS standards.”

    “Standards & Organizational Controls (SOC 2) was developed to audit internal controls. Compliance helps provide information and assurances to customers of how you process users’ data and keep it private. The company will conduct a SOC2 audit bi-annually based on the published schedule.

    “The company adheres to all PCI DSS standards. HIPPA standards, CISA hardening requirements, and SOC2 audit requirements. Specifically, this procedure is mandated by PCI Standard 12.10.1, 10.10.3, 12.10.5, 12.10.06. See the PCI standards listed in the Appendix.”

    3. Definitions – Define any terms or definitions used in the document.

    4. Process & Procedure – Typically a flow chart. Also, what data is to be evaluated (input), what results are expected (output). Are any records created ? Any reports generated?

    5. Role Responsibilities – Who is to do what? Who is to use this procedure?

    • Computer end user will notify security in the event of a suspected event.
    • Security analyst will gather the PC and any data necessary for an analyst.
    • Forensic analysts will analyze the collected data and conduct the investigation.
    • Any communication to the executive committee will be conducted by the CISO.
    • A member of the executive committee will be responsible for speaking on the company’s behalf to law enforcement, legal, and the public.

    7. Communication, Exceptions, & Sanctions – Who is this procedure to be communicated to? All employees? Who is exempt from following the policy? Who should they contact to get an exemption? What is the penalty if it is not followed?

    “Any training about this procedure will be provided by the security team. Any modifications to this procedure is the responsibility of the oversight committee.  If a user needs to request an exemption to this policy, or the policy needs to be updated, please contact the HR department.”

    “Any employee, contractor, or user who willfully violates this procedure is subject to disciplinary action up to and including termination. Company reserves the right to pursue legally permissible action it deems necessary to protect its interest and the interests of its customers. Further information, see Employee Handbook”.

    8. Document Control – Who is the owner of the document, how often is it reviewed (annually?), Revision history chart is needed.

    “This document is maintained by the Human Resources Department.  Content owner is responsibly for identifying circumstances that might warrant out-of-cycle reviews (such as process changes, regulatory changes, etc.). A review should be initiated no more than 12 months after the last review.

    “This document is maintained by the Human Resources Department.  This document is available online in the SharePoint Library and it published for viewing by all employees. Version 1.6 is the current approved version of this document.”

    Create a Bordered Table with the following columns: Revision date, description, approved by, version #

    9. Appendix – A written copy of the PCI standards that the document references. A URL or other notes or documents.

  • Test your DNS Proxy using a PowerShell Script

    Test your DNS Proxy using a PowerShell Script

    Introduction

    Most company’s have a policy to block dangerous websites for employees. Pornography, hate, gambling, social media are all categories that should be blocked. Either, they are big time wasters, or may be required by law to be blocked.

    Although you may have your proxy turned on correctly, that does not mean the bill got paid. Usually, a proxy will default to open for all users. You may be asked by outside 3rd party auditor’s or a senior manager to provide proof that the DNS proxy is actually working and blocking non-approved content.

    The script

    This PowerShell script will run as the current logged on user and send an email with the results. It will print the email in HTML format and each URL that it tests will be color coded. Red means site was blocked, green for site was successfully accessed, and gray for error.

    You will need to provide a list of websites in text document with one URL per line. I have included one below, as an example.

    # test-web-proxy.ps1
# Set location of the URL text file
$URLListFile = "C:\users\user1\Desktop\websitelist.txt"
$URLList = Get-Content $URLListFile -ErrorAction SilentlyContinue
$Result = @()
$LocalProxy = "Web Proxy: WebSense"
$date = Get-Date -Format "yyyy-MM-dd"
$user = $env:USERNAME

# Loop through each URL and gather needed info
foreach ($Uri in $URLList) {
    try {
        # Setting TLS version for compatibility
        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls
        $request = Invoke-WebRequest -Uri $Uri -UseDefaultCredentials
        $time = (Measure-Command { $request }).TotalMilliseconds
    }
    catch {
        $request = $_.Exception.Response
        $time = -1
    }

    # Create Results
    $Result += [PSCustomObject] @{
        Time = Get-Date
        Uri = $Uri
        StatusCode = [int]$request.StatusCode
        StatusDescription = $request.StatusDescription
        TimeTakenMilliseconds = $time
    }
}
# Create Report
if ($null -ne $Result) {
    $Outputreport = @"
    <HTML>
    <TITLE>Web Access Audit</TITLE>
    <BODY style="background-color:peachpuff;">
    <font color ="#0000ff" face="Microsoft Tai le">
    <H2>Web Access DNS Policy Audit</H2></font>
    <ul>
    <li><font color = black><B>Date: $date</B></li>
    <li><font color = black><B>$LocalProxy</B></li>
    <li><font color = black><B>Access Policy: General user.  Access to the identified sites is restricted.</B></li>
	<li><font color = black><B>Account Tested: <font color="red">$user</font></B></li>
    </ul>
    <ul>
    <li><font color = green><B>Green = Blocked!</B></li>
    <li><font color = red><B>Red = NOT Blocked!</B></li>
    <li><font color = gray><B>Gray = Header or NOT Found!</B></li>
    </ul>
    <Table border=1 cellpadding=0 cellspacing=0>
    <TR bgcolor="#787878" align=center><TD><B>URL</B></TD><TD><B>StatusCode</B></TD><TD><B>StatusDescription</B></TD></TR>
"@
    foreach ($Entry in $Result) {
        $bgColor = switch ($Entry.StatusCode) {
            200 { "#F68B8B" }
            403 { "#93F072" }
            default { "#787878" }
        }
        $Outputreport += "<TR bgcolor='$bgColor'><TD>$($Entry.Uri)</TD><TD align=center>$($Entry.StatusCode)</TD><TD align=center>$($Entry.StatusDescription)</TD></TR>"
    }
    $Outputreport += "</Table>"
    $Outputreport += "</BODY>"
    $Outputreport += "</HTML>"
}

# send email with results
$smtpServer = "exchange.company.com"
$smtpFrom = "hostname@company.com"
$smtpTo = "user@company.com"
$subject = "Web-Access-Audit - $date"
$body = $Outputreport

Send-MailMessage -SmtpServer $smtpServer -From $smtpFrom -To $smtpTo -Subject $subject -Body $body -BodyAsHtml

    Save this file as a ‘websitelist.txt’ file.

    *Chat & Instant Messaging*
https://messenger.yahoo.com/
https://www.aim.com/
https://web.whatsapp.com
*Web-Based Email*
https://gmail.com/
https://hotmail.com/
https://mail.yahoo.com/
*Gambling*
https://onlinegambling.com/
https://www.draftkings.com/
https://www.fanduel.com/
*Photo Search & Images*
https://www.shutterfly.com/
https://photoshack.com/
https://www.smugmug.com/
*Peer File Transfer (P2P)*
https://utorrent.com/
https://www.vuze.com/
*Online Storage and Backup*
https://carbonite.com/
https://drive.google.com/
https://www.dropbox.com/login
*Filter Avoidance (Proxy Avoidance)*
https://torproject.org/
https://xroxy.com/
https://ultrasurf.us/
*Personal VPN*
https://surfshark.com/
https://www.hotspotshield.com/
https://expressvpn.com
*Social Networking*
https://www.facebook.com/
https://tiktok.com/
https://www.instagram.com/
*Illegal Activities*
http://www.ekran.no
http://pyrobin.com
*Illegal Downloads*
http://www.keygenninja.com
http://www.rootscrack.com
*On-Line Document Sharing*
https://pastebin.com 
https://docs.google.com
*DNS over HTTPS* 
https://cloudflare-dns.com
https://dns.google.com
*File Transfer Services*
https://filetransfer.io
https://www.sharefile.com
http://www.wetransfer.com
  • Ping Multiple Hosts using PowerShell

    Ping Multiple Hosts using PowerShell

    Are you are working in a windows environment and need to check if a large number of hosts are online? The below ps1 script may be what you are looking for. Place all hostnames to be checked in a text file called computer.txt and on one per line. Modify the script as necessary, then ‘run’ .

    # ping-report.ps1
# Limited to < 100 assets in the computerlist.txt file or this will not run!

clear-host
$list = get-content C:\Users\user1\Desktop\computerlist.txt
$UpList = @()
$DownList = @()
$count=0


Foreach($computer in $list) {
    $testhost = Test-Connection -ComputerName $computer -count 1 -ErrorAction SilentlyContinue
    If ($testhost) {
        $UpList += $computer
        #Write-Host $computer $testhost.IPV4Address -Foregroundcolor Cyan 
        $count ++
        }
    Else {
        #Write-Host $computer $testhost.IPV4Address -Foregroundcolor Red
        $DownList += $computer
        $count ++
        }
Write-Progress -Activity "Progess" -Status "$computer Complete:" -percentcomplete $count
};""


#computers that are up
foreach ($computer in $UpList){

    Write-Host $computer $list.IPV4Adress -ForegroundColor Cyan 
};""

#computers that are down
foreach ($computer in $DownList){
   Write-Host $computer -ForegroundColor Red 
}
  • Backup Files to S3 using Bash

    Backup Files to S3 using Bash

    Description

    A bash script will be used to copy a file from a Linux server to an S3 bucket. Next, it will run a checksum on the results to verify the upload. Finally, it will output the local file size, the local etag , the aws file size, and the aws etag value for easy comparison. This should give the end user enough confidence that the uploaded file has maintained it’s integrity.

    The script assumes you have an account in AWS with a login credentials. You have the cli AWS tools and credentials downloaded to /home/user/.aws/config and /home/user/.aws/credentials. These two files are needed to successfully authenticate to the s3 bucket.

    Amazon Web Service S3 Bucket

    AWS is a flat file system. There are no folders or directories. The “full” name of a file includes all the subdirectories as well. i.e. “/file1/file2/file3.txt” is the file name and not “file3.txt”. AWS will show all subdirectories as folders in the console, for ease of human navigate.

    Begin

    Start the script by defining that it will run as bash and add any notes to the head.

    #!/bin/bash
# 04/18/23, backup.sh
# created by mbb

    Send any log output to a custom log file and code to exit the script if any commands in a pipeline fails. 

    exec 2>> /var/log/backups/aws.log
set -euo pipefail

    Get the number of processing units available and add it to a variable.

    NUM_PARALLEL=$(nproc)

    Define the remaining local variables.

    HOSTNAME=`hostname`
DATE=`date "+%F %T"`

DAY=$(date -d "1 day ago" +%d)
MONTH=$(date -d "1 day ago" +%b)
YEAR=$(date -d "1 day ago" +%Y)

LOG="/var/log/backups/aws.log"

src_dir="/mnt/logs/$YEAR/$MONTH"
src_file="log-$DAY.log.gz"

    Define the AWS variables. 

    aws_dir="s3://bucket01/folder1/$YEAR/$MONTH" 

s3_bucket="bucket01"
s3_dir="folder1/$YEAR/$MONTH"
s3_key="$s3_dir/$src_file"     # name of the file in s3 
s3_body="$src_dir/$src_file"   # the location of the data to be uploaded

    When a file is uploaded to AWS, it will calculate what is called an ETAG value. This is the checksum value of the upload file. To verify file integrity, we will compare the uploaded aws calculated ETAG against the local file’s calculated ETAG.

    The ETAG will match a true md5 hash value if the file size is < 5 GB. If the file is > 5 GB, the aws ‘cp’ command will automatically break the file into 8 MB chunks and upload 4 threads of data simultaneously, until the upload is complete. Each uploaded thread will have an md5 calculated. The resulting ETAG will be a sum of all the uploaded data chunks, rather than a true md5 hash against the completed file.

    In order to compare the ETAG’s and verify they match, we must calculate the local file’s ETAG value. Then compare that value to the value calculated by AWS. The script contains two methods to calculate the ETAG value, you will need to review and consider what is needed. In my case, I always know the value I will upload will be > 5 GB.

    To calculate the local files ETAG value, for files < 5GB. use:

    # calculate ETAG value of local file, if < 5GB.
md5_hash="$(md5sum "$src_dir/$src_file" | awk '{ print $1 }')"

    For files > 5 GB, we can use the code from https://gist.github.com/rajivnarayan/1a8e5f2b6783701e0b3717dbcfd324ba. 

    # ---------- Begin Code ---------------
MULTIPART_MINSIZE=$((8*1024*1024))

file="$src_dir/$src_file"
partSizeInMb=8

if [[ ! -f "$file" ]]; then
   echo "$DATE Error: $file not found to compute hash." >> $LOG
   exit 1;
fi

# Calculate checksum for a specified file chunk
# inputs: file, partSizeInMb, chunk
# output: chunk md5sum
hash_chunk(){
   file="$1"
   partSizeInMb="$2"
   chunk="$3"
   skip=$((partSizeInMb * chunk))
   # output chunk + md5 (to allow sorting later)
   dd bs=1M count="$partSizeInMb" skip="$skip" if="$file" 2> /dev/null | echo -e "$chunk $(md5sum)"
}

# Integer quotient a/b after rounding up 
div_round_up(){
   echo $((($1 + $2 - 1)/$2))
}

partSizeInB=$((partSizeInMb * 1024 * 1024))
fileSizeInB=$(du -b "$file" | cut -f1 )
parts=$(div_round_up fileSizeInB partSizeInB)

if [[ $fileSizeInB -gt $MULTIPART_MINSIZE ]]; then
   export -f hash_chunk
   etag=$(seq 0 $((parts-1)) | \
       xargs -P ${NUM_PARALLEL} -I{} bash -c 'hash_chunk "$@"' -- "$file" "$partSizeInMb" {} | \
       sort -n -k1,1 |tr -s ' '|cut -f2,3 -d' '|xxd -r -p|md5sum|cut -f1 -d' ')"-$parts"
else
   etag=$(md5sum $file|cut -f1 -d' ')
fi
# ---------------- end of code ----------------------
# Calculate ETAG Value of local file, if > 5GB
md5_hash=$etag

    Next, we will copy the files to the s3 bucket using the ‘cp’ command. We will be using the CLI copy command, rather than the s3api command, as the api can not handle file’s large then 5 GB. Copy the content to S3 and tell AWS that the data is just a plain text file. 

    aws s3 cp $src_dir/$src_file s3://$s3_bucket/$s3_dir/$src_file --content-type=text/plain

    Get the ETAG value that AWS calculated during the upload. 

    s3_md5_hash=$(aws s3api head-object --bucket "$s3_bucket" --key "$s3_key" --query ETag --output text | sed 's/"//'g)

    Next, we will get both the local file size and the uploaded file sizes.

    aws_list=`aws s3 ls "$aws_dst_dir/$src_file" --human-readable --output text`
local_list=`ls -alhF "$src_dir/$src_file"`

    Finally, display the file sizes and the ETAG values of both the uploaded file and the local file side by side for comparison. 

    echo "File size check:"
echo "$HOSTNAME: $local_list"
echo "s3.amazon: $aws_list"
echo ""
echo "ETAG check (md5 sum):"
echo "$HOSTNAME: $src_file  ETAG: $md5_hash"
echo "s3.amazon: $src_file  ETAG: $s3_md5_hash"