Quick Tip: Easily Set SELinux Enforcement Levels in CentOS 6

Posted on May 17, 2012 by Josh

This post, like any other dealing with altering a security mechanism, should (and will) begin with a warning to NOT do this in a production environment. Obligatory bold warning text:

SELinux is a major security component in any RHEL-based Linux distribution and should never be disabled in a production environment without extensive consideration and forethought as it can seriously compromise system security. It’s best practice to work with an application vendor to ensure the application works with SELinux if it’s going to be placed in production. Now we return to the regularly scheduled Blog post.

Continue reading

Posted in Linux, Quick Tip | Leave a comment

Quick Tip: Pass a Command to an SSH Session as an Argument

Posted on May 6, 2012 by Jbolling

Today’s Quick Tip isn’t necessarily an easier way of accomplishing a task, it’s simply a time saver I find myself using often. SSH is a fabulous tool for administrating remote systems via a remote shell, but you may not always need a fully interactive environment to accomplish a given task. Let’s take for example restarting a service. In order to restart a service via a traditional SSH session you must connect to the machine, restart the service with either the service command or /etc/init.d/, and disconnect. Using today’s Quick Tip, that entire process can be wrapped up into a single command. First, we’ll look at the basic method of passing the command then show how a service can be restarted in this way.

Continue reading

Posted in Linux, Quick Tip | Leave a comment

Force CentOS 6 to Re-Detect Network Devices

Posted on April 29, 2012 by Jbolling

Recently, I began transitioning from VMware ESXi to Proxmox VE and ran into an unexpected issue. After imaging the VM’s running on top of ESXi and redeploying them into blank KVM VM’s, I noticed that even though the new VM’s had network interfaces they had no connectivity. After some investigation, I discovered that CentOS 6 uses udev to deal with all hardware devices; so restoring connectivity was as a quick, two-step process. Before we discuss the solution, though, let’s examine the root cause of the issue.

Continue reading

Posted in Linux, Tutorial | Leave a comment

Car Computing with an Android phone, Part 1 – The in-car install

Posted on July 13, 2011 by Jbolling

In-car connectivity or “Driver Connect” systems, like Ford’s SYNC, are huge in today’s automotive industry; allowing you to make hands-free calls, reply to text messages and Emails using on your voice, get voice guided, turn-by-turn directions and much more. These features are wonderful if you happen to own a vehicle that includes them, but what if you don’t? If you have an Android based phone you can not only replicate most every feature of Ford’s SYNC system, but do a lot more.

Continue reading

Posted in Android | Leave a comment

My Top 5 Android Apps (June 2011)

Posted on June 24, 2011 by Jbolling

Android has thousands of great apps, but these five have been my favorites this month. They’re all free, too!

DoubleTwist Player

One of the biggest selling points of the iPhone and other “iDevices” is the integrated music, movie and podcast ecosystem delivered by iTunes. DoubleTwist is something of a “middle-man” between iTunes on your Mac or PC and your Android phone. It allows you to sync your iTunes Library, playlists and play counts to your phone via a USB cable or wirelessly via doubleTwist AirSync (a separate $4.99 download from the Android Market.). DoubleTwist includes all the typical features of a media player (quick links to various media types, playlist support, etc) plus the ability to listen to internet radio from various sources. Even though DoubleTwist in intended to be used with iTunes it can be used on its own with media from non-DRM’d sources that you may already have on your SD Card. If you’re looking foran app to manage both media on your SD Card and your iTunes library DoubleTwist is it!

Pulse News

A port of the iOS version, Pulse News is the RSS reader for Android. Its gorgeous UI aside, it’s a fully featured app that allows you to easily add sources from either a curated set of sources offered by the app or from any source you like by importing an RSS feed. Offline Sync and integration with popular social media sites like Facebook and Twitter make Pulse News a winner.

Dropbox

Dropbox is a popular service that allows users to store up to 2GB of data in the cloud then sync it between different computers and devices for free. The free Android app allows you to take all the files, pictures, videos and other data you’ve uploaded to Dropbox with you. In addition to data synchronization the app has some very cool features like creating text files, images and videos directory from your device and auto-upload of images as you take them that make it a must-have for a user of both Android and Dropbox.

Netflix

Netflix is everywhere these days (this is a great thing by the way!), but until recently it was absent for one portion of the mobile population, Android users. On may 12th 2011 Netflix finally released its app for Android for select devices (It is, however, available for devices that aren’t listed as being officially supported). The Netflix app has all the features of its iOS counterpart like the ability to watch Instant Streaming movies and TV shows on your device and  add titles to your Instant Queue for future viewing. If you’re a Netflix subscriber you’ll almost certainly want to take your movies and TV shows with you on the go.

Evernote

I use Evernote heavily for my college studies so having anywhere access to my notebooks is very important. Evernote on Android provides anywhere access to your Evernote notebooks, allows you to edit existing notes, add new notes, search all your notebooks and more from within the app. Evernote for Android even uses OCR technology to index any text within a photo taken with an Android phone and uploaded to Evernote. This is super useful for things like whiteboards and business cards. Much like the Dropbox app, Evernote for Android is a must-have for users of both Android and Evernote.

And a bonus…

TweetDeck

TweetDeck is your all-in-one social media dashboard. It integrates with sites life Facebook, Twitter, Buzz and Foursquare and allows you to stay in touch with what’s happening around your personal networks. In addition to viewing status updates you can compose status updates of your own, track “likes”, comments and retweets and view photos uploaded by those you follow on Twitter or Facebook Friends. If you want to use a single app to stay connected while on the go TweetDeck is for you.

//J

Posted in Android | Leave a comment

Use the Test-Connection cmdlet to determine when a DNS record has propagated

Posted on June 3, 2011 by Jbolling

For some time now I’ve wanted some sort of service that would simply alert me via Email once a specific DNS record had propagated and was reachable by at least on host on the public internet. To my knowledge, such a service doesn’t exist. I was faced with a situation this morning where such a solution would have been extremely helpful. So, I decided to sit down and break out PowerGUI Script Editor to make my dream a reality! What emerged from 20 minutes of hackery was a 13 line script that works like this:

1. a user inputs a few variables so the script knows what to ping, where to send an Email notification, etc.

2. The script executes a simple function that uses the Test-Connection cmdlet to attempt to resolve a hostname. If successful, you get an Email informing you of the success. If not, the script will simply exit.

A couple bits of housekeeping:

1. You need an SMTP server that you have permission to either send or relay through. On-premises or otherwise.

2. Please provide fully qualified Email addresses such as alias@domain.com

Simply schedule this script to run at a specified interval using Task Scheduler then go on about your day and let PowerShell look for your DNS record.

Finally, here’s an example of the Email you will receive when the specified DNS record has propagated.

 

 

 

 

notify-ondnsprop.ps1

# Author: Josh Bolling
# Date: 6/3/2011
# http://www.joshbolling.com
$dest = Read-Host "Enter the name of the DNS record you would like to query for"
$smtpserver = Read-Host "Enter the FQDN or IP address of your SMTP server"
$from = Read-Host "Email addrress to send notification from"
$to = Read-Host "Email address to send notification to"
function notify-onprop{if ((Test-Connection $dest -Quiet) -eq $true)
{Send-MailMessage -SMTPServer $smtpserver -from $from -To $to -Subject "DNS record is now reachable" -Body "Hello,

The DNS record you were querying for is now reachable." -BodyAsHTML | Out-Null}
else {}
}
notify-onprop

Download
Download notfiy-ondnsprop.ps1

Note: I’m sure much more elegant ways of querying for a DNS records with PowerShell exist. This method was hacked up in around 20 minutes to satisfy a rather immediate need.

Posted in PowerShell | Leave a comment

Retrieve information about Mailboxes and Mailbox Databases with PowerShell

Posted on May 3, 2011 by Jbolling
Recently, I was faced with a situation in which I wanted to remove a Mailbox Database that was running in production. The problem was that I wasn’t sure which mailboxes resided on the database. Moreover, a quick and efficient way of finding this information wasn’t apparent in the Exchange Management Console and I wasn’t about to sort through my entire Exchange organization to find this subset of users. The answer? The Exchange Management Shell.
 Get-Mailbox -Identity * | Get-MailboxStatistics | Where {$_.Database -Match ""} | Format-Table DisplayName,Database,ServerName

 

Dissecting the code

 

Get-Mailbox –Identity *: The Get-Mailbox Cmdlet retrevies mailboxes within the Exchange environment, –Identity *
instructs the Cmdlet to retrieve information for every mailbox in the Exchange environment.

(A note about result throttling:
By default, the Get-Mailbox Cmdlet will return up to 1,000 results. This is due to the fact that if it were to return every mailbox in your environment the potential for extremely large amounts of data being returned comes into play. If you know more than 1,000 users will be in your result set simply include –resultsize <desired number of results> or –resultsize unlimited. For example, Get-Mailbox –Identity * -resultsize 2000.)

 

 

Get-Mailboxstatistics : Get-Mailboxstatistics provides a wealth of information about mailboxes in the Exchange environment.

 

Where {$_.Database -Match “<Name of Mailbox Database to query goes here>”}: This Where Clause is really heart and soul of the script. In a nutshell, it allows us to filter the objects that are returned from the Get-Mailboxstatistics Cmdlet. In this case we’re filtering on the Database property, but we can filter on
quite a few different properties (please see the table below for a complete list of these properties).

 

Name
Type
AssociatedItemCount
Property
DatabaseName
Property
DisconnectDate
Property
DisplayName
Property
IsArchiveMailbox
Property
IsValid
Property
LastLoggedOnUserAccount
Property
LastLogonTime
Property
MailboxGuid
Property
MapiIdentity
Property
ObjectClass
Property
ServerName
Property
Database
Property
DeletedItemCount
Property
DisconnectReason
Property
Identity
Property
IsQuarantined
Property
ItemCount
Property
LastLogoffTime
Property
LegacyDN
Property
MailboxTableIdentifier
Property
MoveHistory
Property
OriginatingServer
Property
StorageLimitStatus
Property
TotalItemSize
Property

 

Format-Table DisplayName,Database,ServerName: Here we’re simply asking PowerShell to format the output of objects in the pipeline into a table for easier viewing. Lastly we’re performing an implicit Select-Object and requesting just the DisplayName, Database and ServerName be displayed as part of the final output.

The Script in action

 

Now that we’ve dissected the code, let’s look at what the output of the script looks like:

 


Interactive Script Output

 

From Script to Tool

 

Our script is returning the information we want, but it’s not exactly user friendly. By this I mean that you must open the script in an editor and manually change the Database you’re querying for any time you want to look for users residing on another Mailbox Database. To fix this we simply define a variable that accepts user input.
 $Database = Read-Host "Please Enter the name of a Mailbox Database to query"

Get-Mailbox -Identity * | Get-MailboxStatistics | Where {$_.Database -Match $Database} | Format-Table DisplayName,Database,ServerName

 

In the next iteration of the script I’ll allow a user to define what which property they would like to query for in the same way they specify the Mailbox Database.

User prompt for input

 

That’s it! You can use this script as a flexible inventory tool to determine which mailboxes are on a target Mailbox Database (or most anything else) without having to rely onthe Exchange Management Console. In a future article we’ll look at extending this code into an end-to-end Mailbox Database Move solution.
//J

 

(Note 1: You may be wondering why I’ve included the Get-MailboxStatistics Cmdlet since the Get-Mailbox Cmdlet contains the Database and DisplayName properties. I’ve included it because it contains some properties Get-Mailbox doesn’t and allows the script to be used as more of an inventory tool.)

(Note 2: The beauty of PowerShell is that you can accomplish the same goal multiple ways sometimes. This is one of those situations. You could simply execute 

Get-Mailbox –Database <"Database Name">

If you wanted nothing more than the mailboxes on that Mailbox Database. While I started out wanting only this information, I later wanted some additional information and wanted to provide my readers with something a little more interesting.) 

Posted in Exchange 2010, PowerShell | Leave a comment

Basics: Getting Started with Server Core

Posted on April 26, 2011 by Jbolling

While working on the second part of the Systems Administration Tenets series, I realized that OS Deployment with Microsoft technologies is much deeper and nuanced than I remembered and I’ll require a little additional time to provide the levels of detail and i I feel necessary. So, the second part of the Systems Administration Tenets series will be bumped to next Monday (perhaps earlier if my schedule allows). To fill the gap, and make good on my promise of weekly posting, I’ll be posting a couple screencasts I recently stumbled upon while organizing my Windows Live Skydrive. In the Screencasts I discuss the Server Core installation option of Windows Server 2008, specifically:

  • Basic Server Core Configuration Tasks
  • Installation of Server Roles (both manual and scripted)
  • Very light Server Role configuration

It is important to note that these screencasts were both recorded over two years ago, but the principles outlined are still quite valid on the R2 product. Also, the screencasts were originally posted to Microsoft’s Channel8 and targeted toward students. However, they contain enough depth to be beneficial to anyone looking to quickly ramp-up on Server Core.

Getting Started with Server Core (Right-Click and choose Save Target As or Save Link As to download)

Role Management on Server Core (Right-Click and choose Save Target As or Save Link As to download)

Posted in Basics | Leave a comment

Systems Administration Tenet 1: Automate, Automate, Automate!

Posted on April 18, 2011 by Jbolling

Automation is defined as the technique, method, or system of operating or controlling a process by highly automatic means. Processes IT Professionals might seek to automate include: User Provisioning, Windows Update Installation (on client machines, of course), Backup Jobs and OS Deployments. Why would you want to automate your systems and processes?

1. You can lessen human error.

2. An administrator can become more agile and administer many machines much more quickly.

3. Studies indicate IT Administrators spend up to 70% of their time with the care and feeding of existing platforms and technologies. Developing and adopting a strong automation strategy will free up more of your time to function on driving business value.

Components of an effective automation strategy

Some components of an effective automation strategy include:

  • Scripting: Scripting of some kind is the corner stone of any good systems automation strategy. Every shipping Microsoft server product (Exchange, SQL, SharePoint, etc) use PowerShell for management. What’s that mean? That means that every single action that can be completed using the graphical MMC has a PowerShell Cmdlet analogue. When you combine this with the fact that PowerShell can work with .NET and WMI Classes plus other PowerShell-ready data sources, an administrator can really unlock the ”power” of PowerShell and translate what was previously a large amount of manual work into a consistent, repeatable process with a PowerShell Script. Check out the TechNet Script Center to see all the great things scripting can help you accomplish in your environment.
  • Desktop and Server Deployment Automation: Tools such as Acronis True Image exist that allow for easy, one-off deployments but you need to plan how you’ll handle large scale deployments for scenarios like building a private cloud environment within your company or deploying a server cluster. Microsoft offers a few great tools that can help with this. Namely, Windows Deployment Services, the Windows Automated Installation Kit and the Microsoft Deployment Toolkit. Let’s talk briefly about how these pieces fit together to form a complete deployment solution.

Windows Automated Installation Kit: While, itself, a standalone product the Windows Automated Installation Kit is a pre-requisite for the Microsoft Deployment Toolkit and includes many of the tools MDT uses when creating WIM Images, creating Answer Files, etc.

Windows Deployment Services: Windows Deployment Services builds on the foundation established by the Windows Automated Installation Kit and Microsoft Deployment Toolkit, extending the network-based OS Deployment capabilities of the platform by enabling PXE booting. One great scenario enabled by WDS is bare metal imaging since an existing OS isn’t required to inaite deployment as with vanilla MDT and the Distribution Share.

Microsoft Deployment Toolkit: The Microsoft Deployment Toolkit provides all the necessary documentation and tools required to create and deploy a custom Windows installation image. This image can contain any out of box drivers typically not included on Windows installation media as well as custom software packages like the Microsoft Office Suite. MDT completes the deployment lifecycle by allowing for the deployment of your custom Windows instllation images via removable midea (such as a CD/DVD or USB Stick) or using the network via a Distibution Share found on the MDT machine.

  • Use tools built for the job: Now that you’ve scripted many of the redundant tasks in your environment and automated your desktop and server deployment it’s time to start looking at tools to monitor and manage your infrastructure and further automate operations. While a deep dive into the capabilities and features of all, or even some, of these tools is outside the scope of this article I will point you to a couple of the System Center products I use in my own environment.

1. System Center Virtual Machine Manager 2008 R2 SP1

2. System Center Operations Manager 2007 R2

Automating your infrastructure operations will result in not only decreased costs and increased agility in your organization, but it will also drive up the most important metric of all, user satisfaction. After all, we’re first and foremost responsible for delivering an available, reliable and performant service to our users. Next week we’ll open part two of this discussion and dive deep into Microsoft OS Deployment technology and how we can use it to deliver on Systems Administration Tenet 2: Make OS Deployment a Science.

A word of Warning: Automating your operations is a wonderful, wonderful thing (as evidenced by this Blog post), but some things do exist that require a human touch. For example, Microsoft Exchange won’t failback a database to the mailbox server it was previously on after a node failure. This is by design and for good reason. Imagine an Exchange Server that was stuck in a reboot cycle after 5 minutes of uptime. Not only would this cause unneeded traffic on the DAG Network, but it would result in a terrible user experience. So, put careful thought into deciding what to automate and when.

//J

Posted in Administration, Automation, PowerShell | Leave a comment

Controlling System Power State with Windows PowerShell

Posted on April 11, 2011 by Jbolling

What would you do in the event of a complete utility power failure? Would you remote desktop to each key workoad running in your environment and shut it down gracefully? This approach works very well when your infrastructure is relatively small, but eventually the number of servers in your environment will grow to the point that it’s simply no longer practical. This is where PowerShell’s capability of managing the power state of your machines either via WMI calls or through native Cmdlets really becomes valuable. Let’s take a look at how we would shut down or restart machines, both singly and in batch.

First thing’s first, Prepare your infrastructure for controlling system power state with PowerShell

If you’re adhering to best practices of running as a standard user and running a local firewall (Windows Firewall or otherwise) on your machines you will see the following message when attempting to execute a remote shutdown or restart operation.

 

To correct this issue either temporarily disable the local firewall as part of your script or open ports 135 and 445 on each target server.

Restarting one or multiple machines with Windows PowerShell

Restart the local machine with Windows PowerShell

Restart-Computer

The WMI (PowerShell 1.0) Method:

(Get-WmiObject -Class Win32_OperatingSystem -Computername .).InvokeMethod("Win32Shutdown",2)

Restart a single remote machine

Restart-Computer –Computername machine

The WMI (PowerShell 1.0) Method:

(Get-WmiObject -Class Win32_OperatingSystem -Computername MyMachine).InvokeMethod("Win32Shutdown",2)

Restart multiple remote machines using Windows PowerShell (Method 1) – Providing server names in line

Restart-Computer –Computername Machine1, Machine2, Machine3

Restart multiple remote machines using Windows PowerShell (Method 2) – Defining a variable to hold server names

$Computers = Get-Content c:\ServerList.txt
Restart-Computer –Computername $Computers

The WMI (PowerShell 1.0) Method:

(Get-WmiObject -Class Win32_OperatingSystem -Computername Machine 1, Machine 2, Machine 3).InvokeMethod("Win32Shutdown",2)

Run with alternate credentials when performing a remote restart from PowerShell

$Cred = Get-Credential
$Computers = C:\ServerList.txt
Stop-Computer –Computername $Computers –Credential $Cred

Shutting down one or multiple machines with Windows PowerShell

While one would imagine the cmdlet to shut down a machine using PowerShell would be Shutdown-Computer it is, in fact, Stop-Computer.

Shut down the local machine using Windows PowerShell

Stop-Computer

The WMI (PowerShell 1.0) Method:

(Get-WmiObject -Class Win32_OperatingSystem -ComputerName .).InvokeMethod("Win32Shutdown",8)

Shut down a single remote machine

Stop-Computer –Computername machine

The WMI (PowerShell 1.0) Method:

(Get-WmiObject -Class Win32_OperatingSystem -ComputerName MyMachine).InvokeMethod("Win32Shutdown",8)

Shut down multiple remote machines using Windows PowerShell (Method 1) – Providing machine names in line

Stop-Computer –Computername Machine1, Machine2, Machine3

The WMI (PowerShell 1.0) Method:

(Get-WmiObject -Class Win32_OperatingSystem -ComputerName Machine 1, Machine 2, Machine 3).InvokeMethod("Win32Shutdown",8)

Shut down multiple remote machines using Windows PowerShell (Method 2) – Defining a variable to hold server names

$Computers = Get-Content C:\ServerList.txt
Stop-Computer – Computername $Computers

The WMI (PowerShell 1.0) Method:

$Computers = ServerList.txt
(Get-WmiObject -Class Win32_OperatingSystem -ComputerName $computers).InvokeMethod("Win32Shutdown",8)

Run with alternate credentials when performing a remote shut down from PowerShell

$Cred = Get-Credential
$Computers = C:\ServerList.txt
Restart-Computer –ComputerName $Computers –Credential $Cred

A couple real world examples

Example 1

A simple script to write a warning message to the console, play a warning sound effect then shutdown a list of servers as defined in a variable

Write-Host -ForegroundColor Green -BackgroundColor Black "Warning
Emergency Shutdown Sequence in progress. Please be advised this will
shutdown critical infrastructure workloads rendering all hosted
services unavailable. Process will begin in 20 seconds."

Start-Sleep -Seconds 10

$sound = new-Object System.Media.SoundPlayer;

$sound.SoundLocation="c:\pstest\shutdown.wav";

$sound.Play();

Start-Sleep -Seconds 20

Clear-Host

$Computers = Get-Content Servers.txt

foreach ($Computer in $Computers

{try {Stop-Computer -ComputerName $Computers

Write-Host "Shutting down $Computer"

}

catch {

Write-Error "Unable to restart $computer!. `n$error[0]"

}

}

Example 2

A script to send an automated Email to an administrator notifying them that the Emergency Shutdown Process has been triggered then proceed shut down a group of machines as defined in a variable. Please note that [System.Net.NetworkCredential] requires the username (in the form of DOMAIN\username) and password of a mail enabled user account.

Write-Host -ForegroundColor Green -BackgroundColor Black "Warning....Emergency Shutdown Sequence in progress. Please be advised this will shutdown critical infrastructure workloads rendering all hosted services unavailable. Process will begin in 20 seconds.

$ClientCredentials = [System.Net.NetworkCredential]::("Domain\Username goes here" , "Password goes here")

$ClientCredentials = [System.Net.CredentialCache]::DefaultNetworkCredentials

$emailFrom = "From address goes here"

$emailTo = "To address goes here"

$subject = "Email subject goes here"

$body = "Email body goes here"

$smtpServer = "Email server hostname or IP address goes here"

$smtp = new-object Net.Mail.SmtpClient($SmtpServer)

$smtp.Send($emailFrom, $emailTo, $Subject, $Body)

Clear-Host

$Computers = Get-Content Servers.txt

foreach ($Computer in $Computers)

{try {Stop-Computer -ComputerName $Computers

Write-Host "Shutting down $Computer"

}

catch {

Write-Error "Unable to restart $computer!. `n$error[0]"

}

}

Note:

If you are attempting to shut down or restart a machine with an active console session (i.e. a user is logged in) you will need to include the -Force paramater. For example,

Restart-Computer -Computername machine -Force

 The WMI (PowerShell 1.0) Method:

(Get-WmiObject -Class Win32_OperatingSystem -Computername machine).InvokeMethod("Win32Shutdown",6)

or

Stop-Computer -Computername machine -Force

The WMI (PowerShell 1.0) Method:

(Get-WmiObject -Class Win32_OperatingSystem -Computername Mymachine).InvokeMethod("Win32Shutdown",5)

Using a combination of the Cmdlets detailed above you can create a remarkably simple yet powerful power management solution that’s great both for emergency situations (such as  power failures) or simply restarting multiple servers at the end of a Windows Update cycle.

//J

Posted in Automation, PowerShell, Tutorial | Leave a comment