Sorry about the comment spam on here, I didn't realize moderation was off. I'll fix that right now.
-e
Wednesday, January 27, 2010
Backticks for windows. (almost)
In Linux, or more specifically in the sh and bash shells, backticks " ` " execute a command and insert the results into a command. I found a great trick to do almost the same thing over at PcReview
This snippet will save the hostname of a PC to an environment variable.
It loops over the output and keeps setting the variable. Cool.
This snippet will save the hostname of a PC to an environment variable.
for /f "delims=" %%A in ('hostname') do set hostname=%%A
echo %hostname%
It loops over the output and keeps setting the variable. Cool.
Thursday, January 14, 2010
Setting IP addresses from the command line
netsh interface ip set address name="Local Area Connection" static 192.168.0.100 255.255.255.0 192.168.0.1 1
Monday, October 19, 2009
That's the brakes.
Yesterday I put brakes on the Hyundai. One of the Caliper slider pins was rusted solid. :( I heated it up with a torch, applied PB blaster, and beat the crap out of it. The replacement pin and boot was $50. Conveniently I just bought a new hammer that has a longer handle. The extra leverage helped a lot. It was supposed to be for teaching Derek blacksmithing, but now I might keep it.
The garage is pissing me off. It's time to get that shit cleaned up.
arg.
-ellie
The garage is pissing me off. It's time to get that shit cleaned up.
arg.
-ellie
Wednesday, September 16, 2009
SQL Network (Transport) Level Encryption. (TDS)
By default, Microsoft SQL connections only encrypt the login credentials. Everything else can be sniffed right off the wire. Sql 2008 (and some earlier versions) allow you to do encrypted SQL connections pretty easily. Here is how.
You will need:
Sql server (well duh!)
A certificate server or "MakeCert".
On Windows server 2008, "WinHttpCertCfg".
MakeCert is a tool to "easily" make a self-signed certificates without installing a full Certification Authority. It is part of the Windows SDK available from here. I am on XP, but downloaded the Windows Vista version, Ran Setup and DE-selected all of the items except for the SDK. Total download size was about 18mb.
Since my SQL Server is Windows 2008, I also needed WinHttpCertCfg. This tool is needed on Server 2008 to set permissions for the Private Key. More on that in a second. That is available here.
So, lets get to work.
First, you need your database server's FQDN. This is the windows FQDN, not your internet FQDN. Right-Click "Computer" or "My Computer" and write down the "Full computer name:" On Server 2008 this is on the "System" pane. On prior versions of windows this is on the Computer Name tab.
Next you get to make your certificate. If you have a domain CA, go request a computer certificate, install it, and skip down to the "Assigning permissions to the service account" step. If you don't have a CA, we can use MakeCert.
The command for makecert is:
C:\Program Files (x86)\Windows Resource Kits\Tools\makecert -r -pe -n "CN=yourhost.yourdomain.com" -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 c:\MyCertificate.cer
The certificate will be saved to c:\MyCertificate.cer.
Now we import the certificate to the Local Machine's Personal store.
Start -> Run -> MMC.
File -> Add/Remove Snap-in -> Certificates -> Add -> Local Computer -> Next -> Finish -> Ok.
Expand Certificates and Right-Click the "Personal" Store. Select "Import".
Browse to c:\MyCertificate.cer -> Next. There is no password -> Next -> finish.
Almost Done. Now we need to give the SQL service account permissions to the private key of the Cert.
Pop open your command prompt and run this command. You need to substitute the appropriate Server FQDN (yourhost.yourdomain.com) and the SQL Service account. (SqlServiceAccount).
C:\Program Files (x86)\Windows Resource Kits\Tools\winhttpcertcfg.exe -g -c LOCAL_MACHINE\My -s yourhost.yourdomain.com -a SqlServiceAccount
Next, Enable the Sql Encryption.
Start -> All Programs -> Microsoft SQL Server 2008 -> Configuration Tools -> Sql Server Configuration Manager.
Expand "Sql Server network Configuration" and Right-click Protocols for MSSQLSERVER. Select Properties.
On the Certificate tab, Select the yourhost.yourdomain.com certificate.
On the flags tab, Select "Force Encryption=Yes"
Click ok.
Click ok to close the warning message.
Finally you need to restart the SQL Server service.
Viola! Network Encryption is done.
MS KB316898 is the reference for this topic.
For the record, this is a "weak" security measure. It only does encryption. It still can be defeated with a man-in-the-middle attack, because SQL doesn't verify the certificates.
Hth,
Elizabeth Greene
You will need:
Sql server (well duh!)
A certificate server or "MakeCert".
On Windows server 2008, "WinHttpCertCfg".
MakeCert is a tool to "easily" make a self-signed certificates without installing a full Certification Authority. It is part of the Windows SDK available from here. I am on XP, but downloaded the Windows Vista version, Ran Setup and DE-selected all of the items except for the SDK. Total download size was about 18mb.
Since my SQL Server is Windows 2008, I also needed WinHttpCertCfg. This tool is needed on Server 2008 to set permissions for the Private Key. More on that in a second. That is available here.
So, lets get to work.
First, you need your database server's FQDN. This is the windows FQDN, not your internet FQDN. Right-Click "Computer" or "My Computer" and write down the "Full computer name:" On Server 2008 this is on the "System" pane. On prior versions of windows this is on the Computer Name tab.
Next you get to make your certificate. If you have a domain CA, go request a computer certificate, install it, and skip down to the "Assigning permissions to the service account" step. If you don't have a CA, we can use MakeCert.
The command for makecert is:
C:\Program Files (x86)\Windows Resource Kits\Tools\makecert -r -pe -n "CN=yourhost.yourdomain.com" -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 c:\MyCertificate.cer
The certificate will be saved to c:\MyCertificate.cer.
Now we import the certificate to the Local Machine's Personal store.
Start -> Run -> MMC.
File -> Add/Remove Snap-in -> Certificates -> Add -> Local Computer -> Next -> Finish -> Ok.
Expand Certificates and Right-Click the "Personal" Store. Select "Import".
Browse to c:\MyCertificate.cer -> Next. There is no password -> Next -> finish.
Almost Done. Now we need to give the SQL service account permissions to the private key of the Cert.
Pop open your command prompt and run this command. You need to substitute the appropriate Server FQDN (yourhost.yourdomain.com) and the SQL Service account. (SqlServiceAccount).
C:\Program Files (x86)\Windows Resource Kits\Tools\winhttpcertcfg.exe -g -c LOCAL_MACHINE\My -s yourhost.yourdomain.com -a SqlServiceAccount
Next, Enable the Sql Encryption.
Start -> All Programs -> Microsoft SQL Server 2008 -> Configuration Tools -> Sql Server Configuration Manager.
Expand "Sql Server network Configuration" and Right-click Protocols for MSSQLSERVER. Select Properties.
On the Certificate tab, Select the yourhost.yourdomain.com certificate.
On the flags tab, Select "Force Encryption=Yes"
Click ok.
Click ok to close the warning message.
Finally you need to restart the SQL Server service.
Viola! Network Encryption is done.
MS KB316898 is the reference for this topic.
For the record, this is a "weak" security measure. It only does encryption. It still can be defeated with a man-in-the-middle attack, because SQL doesn't verify the certificates.
Hth,
Elizabeth Greene
Tuesday, June 16, 2009
Datestamps in batch files. (Unix and Dos)
In Linux, naming a file after todays date is pretty easy.
To get the possible formatting options, run the man date command.
In Dos it is pretty easy too, once you know the trick.
An Explanation:
The %date% environment variable contains the current date. Go ahead, test it. Pop open a command prompt and run echo %date%. The ":~-4,4" part does the cool thing. ":~" says "we want a substring". The "-" says "work from the end of the string backwards. The "4," says start at the fourth character, and the final "4" says give me four characters.
Cheat sheet!
HTH,
-Ellie
# Note: These are backticks, not quotes.
# They are on the same key as your tilde ~.
ls > `date %Y-%m-%d.`txt
To get the possible formatting options, run the man date command.
In Dos it is pretty easy too, once you know the trick.
dir > %date:~-4,4%-%date:~-7,2%-%date:~-10,2%.txt
An Explanation:
The %date% environment variable contains the current date. Go ahead, test it. Pop open a command prompt and run echo %date%. The ":~-4,4" part does the cool thing. ":~" says "we want a substring". The "-" says "work from the end of the string backwards. The "4," says start at the fourth character, and the final "4" says give me four characters.
Cheat sheet!
| Date Part | Code |
|---|---|
| Day of week (3 letter abbr.) | %date:~0,3% |
| Day | %date:~-10,2% |
| Month | %date:~-7,2% |
| Year (2 digits) | %date:~-2,2% |
| Year (4 digits) | %date:~-4,4% |
HTH,
-Ellie
Tuesday, June 2, 2009
Goodbye, Adios, Au revoir, Ciao, Sayanora..
The company I work for is centralizing all IT operations. From a business perspective, it makes sense. The data center and development staff are all in one location, etc.
Unfortunately I really wasn't up for relocation with the kids being in school, et al.
So, today I was downsized as part of the IT centralization. :(
They gave me a nice severance package, and I wish all them the best. Now I have to find a new gig. If anyone needs an adept Jane-of-all-trades network engineer, please email me at Elizabeth.a.greene@gmail.com
Thanks,
Ellie
Unfortunately I really wasn't up for relocation with the kids being in school, et al.
So, today I was downsized as part of the IT centralization. :(
They gave me a nice severance package, and I wish all them the best. Now I have to find a new gig. If anyone needs an adept Jane-of-all-trades network engineer, please email me at Elizabeth.a.greene@gmail.com
Thanks,
Ellie
Subscribe to:
Posts (Atom)