jbmurphy.com

  • Azure: Failed to save configuration changes to local network gateway

    Seems you can’t remove a subnet from a local network with the Azure portal. Error: “Failed to save configuration changes to local network gateway”

    To get around this, I had to delete and recreate the local network via PowerShell. Obviously leave out the subnet you don’t want! 

    Get-AzureRmLocalNetworkGateway -Name "HomeOffice" -ResourceGroupName "WestUS"
$localNetworkGw=Get-AzureRmLocalNetworkGateway -Name "HomeOffice" -ResourceGroupName "WestUS"
$addressPrefixes ="192.168.0.0/24","192.168.1.0/24","192.168.2.0/24","192.168.4.0/24"
Set-AzureRmLocalNetworkGateway -LocalNetworkGateway $localNetworkGw -AddressPrefix $addressPrefixes -Verbose

  • PowerShell to download and install most recent Azure PowerShell cmdlets

    This script will pull down the most recent Azure PowerShell cmdlets from github. This script assumes that Microsoft has not renamed the installer file, and the most recent is at the top.

    JBM-INSTALL-AzurePowerShell{
((Invoke-WebRequest https://github.com/Azure/azure-powershell/releases).Links).href | where {$_ -like "https*azure-powershell*msi*"} | Select-Object -first 1| foreach {
Invoke-WebRequest $_ -OutFile "./$([System.IO.Path]::GetFileName($_))"
start-process "./$([System.IO.Path]::GetFileName($_))"
}
}

    hope that helps someone.

  • Grep to Remove Spaces and Comments (#)

    Sometimes I just want to look at the content of a config file and not all the descriptions.

    grep -v "\#\|^[[:space:]]*$"

  • PowerShell script to recreate Azure Network Security Groups (NSGs)

    I developed a habit when I was working with ACLs on a Cisco ASA firewall. I would keep a master list for each ACL, and when I needed to make a change, I would remove the entire ACL from the device and then recreate it each time I made a modification. For example I would run the following, and keep adding new rules when needed.

    clear configure access-list dmz_acl
access-list dmz_acl extended permit tcp host 1.1.1.1 object-group DCs eq 389
. . . .

    Add one line, look at the logs and if traffic is still being blocked then modify and try again.

    I wanted the ability to do the same thing with Azure Network Security Groups. I wrote a PowerShell script that would look at the NSGs, dump the settings, and would display the commands to recreate them. here is the script I wrote. I hope it helps some one.

    function JBM-AZURE-GetNetworkSecurityGroupRules{
 param(
    [String]$Name ,
    [Switch]$ShowCommands
    )
$Groups=$(Get-AzureNetworkSecurityGroup -Detailed)
If(!$Name){
  Write-Host
  Write-host "Select the number of the NSG"
  $NSGNumb = $(Read-Host -prompt "$($(for($i=0;$i-le $Groups.Count-1;$i++){$AllGroups=$AllGroups+"$i $($Groups[$i].Name)`n"});$AllGroups)" )
  $Name=$Groups[$NSGNumb].Name
}

$NSG=$Groups | where {$_.Name -eq $Name}
If ($NSG){
    $InboundRules=$NSG.Rules | where {$_.Type -eq "Inbound"}
    $OutBoundRules=$NSG.Rules | where {$_.Type -eq "Outbound"}
    Write-Output ""
    Write-Output "Inbound Rules"
    Write-Output $InboundRules | FT
    Write-Output "Outbound Rules"
    Write-Output $OutBoundRules | FT
    if ($ShowCommands){
    Write-Output "New-AzureNetworkSecurityGroup -Name ""$($NSG.Name)"" -Location ""$($NSG.Location)"""
    Write-Output ""
    foreach ($Rule in $($InboundRules | where {$_.Priority -lt 65000})){
        write-Output "Get-AzureNetworkSecurityGroup -Name ""$($NSG.Name)"" | Set-AzureNetworkSecurityRule -Name ""$($Rule.Name)"" -Type ""$($Rule.Type)"" -Priority ""$($Rule.Priority)"" -Action ""$($Rule.Action)"" -SourceAddressPrefix ""$($Rule.SourceAddressPrefix)"" -SourcePortRange ""$($Rule.SourcePortRange)"" -DestinationAddressPrefix ""$($Rule.DestinationAddressPrefix)"" -DestinationPortRange ""$($Rule.DestinationPortRange)"" -Protocol ""$($Rule.Protocol)"""
        Write-Output ""
    }
    foreach ($Rule in $($OutBoundRules | where {$_.Priority -lt 65000})){
        write-Output "Get-AzureNetworkSecurityGroup -Name ""$($NSG.Name)"" | Set-AzureNetworkSecurityRule -Name ""$($Rule.Name)"" -Type ""$($Rule.Type)"" -Priority ""$($Rule.Priority)"" -Action ""$($Rule.Action)"" -SourceAddressPrefix ""$($Rule.SourceAddressPrefix)"" -SourcePortRange ""$($Rule.SourcePortRange)"" -DestinationAddressPrefix ""$($Rule.DestinationAddressPrefix)"" -DestinationPortRange ""$($Rule.DestinationPortRange)"" -Protocol ""$($Rule.Protocol)"""
        Write-Output ""
    }
    }
}
Else {
Write-Host "Can't find a NSG with that name"
}
}

  • Enabling Wire Shark for non root users on Raspbian Jessie

    no need to create groups just:

    setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap

  • Raspberry Pi, Raspbian Jessie (based on Debian Jessie) disable AutoLogin GUI & Console

    I did NOT want my Raspbian Jessie install to automatically boot into the GUI, and I did Not want it to autologin.

    I know I can run raspi-config to change it, but I like to script things! I finally tracked down the code for the new raspi-config that supports systemd. It can be found here .

    Here are the commands to change what used to be the run level.

    Console

    systemctl set-default multi-user.target
ln -fs /lib/systemd/system/[email protected] /etc/systemd/system/getty.target.wants/[email protected]

    Console Autologin

    systemctl set-default multi-user.target
ln -fs /etc/systemd/system/[email protected] /etc/systemd/system/getty.target.wants/[email protected]

    Desktop

    systemctl set-default graphical.target
ln -fs /lib/systemd/system/[email protected] /etc/systemd/system/getty.target.wants/[email protected]
sed /etc/lightdm/lightdm.conf -i -e "s/^autologin-user=pi/#autologin-user=/"

    Desktop AutoLogin

    systemctl set-default graphical.target
ln -fs /etc/systemd/system/[email protected] /etc/systemd/system/getty.target.wants/[email protected]
sed /etc/lightdm/lightdm.conf -i -e "s/^#autologin-user=.*/autologin-user=pi/"

     

    Hope that helps someone.

  • Thawte: The state name can not be abbreviated. Gets me every time.

    Note to self: When generating a CSR for Thawte: The State Name in the CSR cannot be abbreviated

    Gets me every time.

  • BASH script to change the Security Keys and SALTs in a wp-config.php file

    I wanted to automatically change the Security Keys/SALTS when provisioning a new WordPress site. WordPress.com has a service that spits back random values. (https://api.wordpress.org/secret-key/1.1/salt/). The script below CURLs the values and then modifies a wp-config.php file with the new random values.

    SALTS=$(curl -s https://api.wordpress.org/secret-key/1.1/salt/)
while read -r SALT; do
SEARCH="define('$(echo "$SALT" | cut -d "'" -f 2)"
REPLACE=$(echo "$SALT" | cut -d "'" -f 4)
echo "... $SEARCH ... $SEARCH ..."
sed -i "/^$SEARCH/s/put your unique phrase here/$(echo $REPLACE | sed -e 's/\\/\\\\/g' -e 's/\//\\\//g' -e 's/&/\\\&/g')/" /Path/To/Your/wp-config.php
done <<< "$SALTS"

    Don’t remember where I got the pieces of this, but here it is, I have been using it for a while and it seems to work well.
    Hope that helps someone.