Skip to content
Technote
Search for:
Search
Home
Microsoft
EMS MDM
Windows Fundamental
Windows Server
Powershell
Group Policy
Cisco
Cisco Voice
Web
Linux
Networking
Networking
Cyber Security
Web Coding
CATEGORIES
Microsoft
Microsoft Server and Related exames
READ MORE
Networking
Networking, Cisco, Juniper, security
READ MORE
Coding
Hosting, database, Python, WordPress
READ MORE
Security
Penetration test and defend
READ MORE
Linux
Releash the power of Penguin
READ MORE
Database
There are enough fishes here~
READ MORE
Latest posts
Add a previous and next post in WordPress
August 27, 2024
Some theme post template doesn’t have previous/next post we can add below code to the single post template: <!--Previous and next Post--> <div class="man_nearby_posts row"> <h2>Other Posts</h2> </br> <?php $prevPost = get_previous_post(true); if($prevPost) {?> <div class="nav-box man_nav_previous man_image_bck col-md-6" data-image="<?php echo get_the_post_thumbnail_url( $prevPost->ID, 'medium_large'); ?>" data-color="#292929"> <div class="man_nav_over"></div> <div class="man_nav_txt"> <span><i class="ti ti-angle-left"></i><?php esc_html_e('Previous','manufacturer'); ?></span> <a href="<?php echo esc_url(get_permalink($prevPost->ID)); ?>"><h3><?php echo get_the_title($prevPost->ID); ?></h3></a> </div> </div> <?php }else{ ?> <div class="nav-box man_nav_previous man_image_bck col-md-6" data-color="#333"> <div class="man_nav_over"></div> <div class="man_nav_txt"> <h3><?php echo get_the_title($post->ID); ?></h3> </div> </div> <?php } ?> <?php $nextPost = get_next_post(true); if($nextPost) { ?> <div class="nav-box man_nav_next man_image_bck col-md-6" data-image="<?php echo get_the_post_thumbnail_url( $nextPost->ID, 'medium_large'); ?>" data-color="#292929"> <div class="man_nav_over"></div> <div class="man_nav_txt"> <span><?php esc_html_e('Next','manufacturer'); ?> <i class="ti ti-angle-right"></i></span> <a href="<?php echo esc_url(get_permalink($nextPost->ID)); ?>"><h3><?php echo get_the_title($nextPost->ID); ?></h3></a> </div> </div> <?php }else{ ?> <div class="nav-box man_nav_next man_image_bck col-md-6" data-color="#333"> <div class="man_nav_over"></div> <div class="man_nav_txt"> <h3><?php echo get_the_title($post->ID); ?></h3> </div> </div> <?php } ?> </div> <!--Previous and next Post-->...
Read more...
F5 – Inserting SSL client certificate information into the header of the HTTP session
August 23, 2024
Create iRule for this Rule: Create a new rule called Insert_CertObject_Header Definition: when HTTP_REQUEST { HTTP::header insert X-Client-Cert ] } Other area can be returned: Replace X509::subject with it. X509::cert_fields – Returns a list of X509 certificate fields to be added to HTTP headers for ModSSL behavior. X509::extensions – Returns the X509 extensions set on an X509 certificate. X509::hash – Returns the MD5 hash (fingerprint) of an X509 certificate. X509::issuer – Returns the issuer of an X509 certificate. X509::not_valid_after – Returns the not-valid-after date of an X509 certificate. X509::not_valid_before – Returns the not-valid-before date of an X509 certificate. X509::pem2der – Returns an X509 certificate in DER format X509::serial_number – Returns the serial number of an X509 certificate. X509::signature_algorithm – Returns the signature algorithm of an X509 certificate. X509::subject – Returns the subject of an X509 certificate. X509::subject_public_key – Returns the subject’s public key of an X509 certificate. X509::subject_public_key_RSA_bits – Returns the size of the subject’s public RSA key of an X509 certificate. X509::subject_public_key_type – Returns the subject’s public key type of an X509 certificate. X509::verify_cert_error_string – Returns an X509 certificate error string. X509::version – Returns the version number of an X509 certificate. X509::whole – Returns an X509 certificate in PEM format. Setting requirement: Import CA cert System >> Certificate Management > Traffic Certificate Management > SSL Certificate List Click Import, Give it a name, and browse CA cert to import. Enable SSL client profile Under Virtual Server, find the Virtual Server you created Under tab Properties: SSL Profile (client) add clientssl from Available to Selected. Profiles > SSL > Client ›› clientssl Client Authentication: Client Certificate: require Frequency: Always Trusted Certificate Authorities: Select the CA issued the client cert. Under tab Resources: After iRules, click button Manage…, select Insert_CertObject_Header from Available, click << to move it to Enabled.then click finished Test open a webbrowser, open virtual server IP on F5: On the Server side, wireshark should capture this: Ref: https://my.f5.com/manage/s/article/K95338243 ...
Read more...
Customize the WordPress login page logo
August 6, 2024
You may want to customize the logo in the wp-login page without using a plugin: Below code in the function.php will change the logo and disable redirect to wordpress.org page. /**Change login page logo**/ if( !function_exists( 'custom_login_logo' ) ){ function custom_login_logo() { echo '<style> h1 a { background-image: url("/apth/to/your/logo") !important; cursor: default; pointer-events: none; } </style>'; } add_action( 'login_head', 'custom_login_logo' ); }...
Read more...
Fortinet with Google Authenticator
July 2, 2024
The tools required is FreeRadius, Google Authenticator PAM, AD. Installing FreeRADIUS and Google Authenticator PAM While there are several RADIUS software out there, FreeRADIUS is one of the most popular RADIUS software of choice in Linux. Since it has PAM library, this is also perfect for integrating it with Google Authenticator PAM. Installing FreeRADIUS and Google Authenticator on Alma Linux/CentOS/Redhat is very easy. All we need is to issue one line command. I added NTP package here since my Google Authenticator configuration is TOTP based. If one went through the installation properly, there might not be a need for this so long as the system is syncing to the time correctly. In Alma Linux/CentOS/Redhat: $ sudo dnf install freeradius freeradius-utils google-authenticator -y $ sudo apt-get install freeradius libpam-google-authenticator -y Configuring FreeRADIUS sudo chkconfig radiusd on After the package installation, the next step is to set up FreeRADIUS by editing configuration files. There are four config files we need to edit to complete this setup. By no means, one needs to follow the order. First config file The first config file that we need to edit is the /etc/freeradius/radiusd.conf file. There are two ways in configuring this and it seems that the most popular option is the one with FreeRADIUS running as root. For some people, this is not acceptable so I included instructions below where we’ll leave it as the default configuration. OPTION 1 – RUN AS ROOT According to my limited research, the need to change the user and group to root is because of how both FreeRADIUS and Google Authenticator PAM works. My observation seems to indicate that FreeRADIUS will also need to access the secret key (.google_authenticator) in each user’s home directory – I could be totally wrong with this. My Linux boxes have encrypted home directories so only the owner and root can access these. That said, letting FreeRADIUS run as root will have access to the necessary files. $ sudo vi /etc/freeradius/radiusd.conf We’ll now need to find the lines user = and group =. The default configuration is set to freerad. Change both of them to root. user = root group = root OPTION 2 – USE DEFAULT CONFIGURATION As mentioned, we can just leave the file as default. I will explain more about this once we get to the section where we need to edit the /etc/pam.d/radiusd file. Second config file The the next config file that we need to edit is the /etc/freeradius/users file. This file will instruct FreeRADIUS to use PAM libraries to authenticate users as the default. $ sudo vi /etc/freeradius/users Add the lines found below. I usually like to add lines at the end of the file. Add the line after all the commented text of the file, just before the DEFAULT Framed Protocol == PPP line. This will ensure that this line will take precedence. I found out the hard way when I was troubleshooting an issue with L2TP over IPsec authentication. # Instruct FreeRADIUS to use PAM to authenticate users DEFAULT Auth-Type := PAM Third config file The second to the last config file on our list to be edited is the /etc/freeradius/sites-enabled/default file. This file tells FreeRADIUS to enable PAM authentication. We just need to edit one line here. $ sudo vi /etc/freeradius/sites-enabled/default Once the file is open, look for the following lines: # Pluggable Authentication Modules. # pam We now need to uncomment the pam line to enable it. It should look like this now: # Pluggable Authentication Modules. pam Fourth config file Finally, the last FreeRADIUS config file that we need to change is the /etc/freeradius/clients.conf. This is where we can set up our secret key that is used by the clients to connect to the RADIUS server. Please change the default secret key to random alphanumeric characters. Use a key generator to generate the secret to make things life a little easier. For demo purposes, I will be using the default secret. To change the secret, look for secret = testing123 line. $ sudo vi /etc/freeradius/clients.conf <-- Output omitted for brevity --> secret = my_super_awesome_strong_secret client rtr { ipaddr = 192.168.200.1 secret = my_super_awesome_strong_secret } As usual in Linux, when a configuration file has been changed, then the service needs to be restarted for the changes to take effect. To restart FreeRADIUS daemon, issue the sudo service freeradius restart command. Configuring FreeRADIUS PAM Since we instructed FreeRADIUS to use PAM to authenticate users, we need to configure the /etc/pam.d/radiusd file and instruct it to integrate Google Authenticator PAM. By default, the file will look something like this: <-- Output omitted for brevity --> @include common-auth @include common-account @include common-password @include common-session Option 1 If you picked the first option in the FreeRADIUS configuration section, then you need to comment those four lines above and add two lines. The file should look like this: #@include common-auth #@include common-account #@include common-password #@include common-session auth requisite pam_google_authenticator.so forward_pass auth required pam_unix.so use_first_pass Option 2 If you left the /etc/freeradius/radiusd.conf file alone, then it becomes a little bit more complicated setup. Also, you will notice that my instructions are what I will consider a workaround to AppArmor (I am guessing this is the real issue). You will see why later in the next section, after the generating Google Authenticator secret key. Anyway, the /etc/pam.d/radiusd file should look like this: #@include common-auth #@include common-account #@include common-password #@include common-session auth requisite pam_google_authenticator.so forward_pass secret=/etc/freeradius/${USER}/.google_authenticator user=freerad auth required pam_unix.so use_first_pass Google Authenticator Secret Key I’ve already covered the generation of the secret key in my previous post, so look for the generating Google Authenticator secret key section. Once you are done generating secret keys, come back to this page. If you picked the first option throughout this tutorial, then skip this section and go to the verification section. If you picked the second option, then we’ll need to do additional steps to make this work. Again, you do not have to follow the order in which they are listed here. We first need to create a directory equal to the user account that we’re working on. In this scenario, we’ll use user account named test. $ sudo mkdir /etc/freeradius/test Then, we need to change the owner of the directory that we just created. $ sudo chown freerad:freerad /etc/freeradius/test The second to the last step is to copy the secret key to the directory that we just created. $ sudo cp .google_authenticator /etc/freeradius/test/.google_authenticator Finally, we need to change the owner of the file. $ sudo chown freerad:freerad /etc/freeradius/test/.google_authenticator If I ever learn more about AppArmor, then I will update this blog post because I think this is the real issue why it’s failing. I did try creating an AppArmor profile, but testing shows that I was still failing. When I looked at the /var/log/auth.log file, I saw an error message that looked like this: Oct 10 21:24:53 radius radiusd(pam_google_authenticator): Failed to update secret file "/etc/freeradius/test/.google_authenticator" Verification We now need to test to make sure that we can successfully authenticate. FreeRADIUS software package includes a simple tool that we can use to directly query the daemon with requests. The command format is radtest test <password+google authenticator token> localhost 18120 <RADIUS secret key>. The password and Google Authenticator token should not have space in between. Below shows the syntax that I used to test my configuration and the test result. $ radtest test testing1234803732 localhost 18120 testing123 Sending Access-Request of id 79 to 127.0.0.1 port 1812 User-Name = "test" User-Password = "testing1234803732" NAS-IP-Address = 127.0.1.1 NAS-Port = 18120 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=79, length=20 FortiGate config On the Fortigate, we need to configure the VPN authentication using RADIUS server: User&Authentication RADIUS Servers: Create a Server with below config: Primary Server: IP: IP_of_FREERADIUS Secret: create one here same as Fourth config User Groups: Create a User Group with below config: Type: Firewall Remote Groups: +Add, select RADIUS server created above. VPN: IPSec: When you create a IPsec VPN tunnels: in the XAUTH: Type: Auto Server User Group: Choose, select the group you created above. SSL VPN: Authentication/Portal Mapping: Users/Groups click + select the User group above. Ref: https://github.com/rharmonson/richtech/wiki/CentOS-7-Minimal-&-Two-factor-Authentication-using-FreeRADIUS-3,-SSSD-1.12,-&-Google-Authenticator...
Read more...
How to fix VHDX mismatch identifiers / Property ‘MaxInternalSide’ does not exist in class on Hyper-V
June 13, 2024
This usually can be fixed by command: Set-VHD “D:\VM\maindisk.avhdx” – PartentPath “D:\VM\maindisk.vhdx” You may get back an error “There exists ID mismatch between the differencing virtual hard disk and the parent disk.” If you get that you can use -ignoreidmismatch flag Set-VHD “D:\VM\maindisk.avhdx” – PartentPath “D:\VM\maindisk.vhdx” -ignoreidmismatch...
Read more...
Add Radhat Linux to Active Directory Authentication
July 17, 2023
Packages to install For this configuration, the essential package to install is realmd. Aside from realmd, there are a host of packages that need to be installed to make this work. # yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python Realmd provides a simplified way to discover and interact with Active Directory domains. It employs sssd to do the actual lookups required for remote authentication and other heavy work of interacting with the domain. In the interest of brevity, I won’t dwell on the other packages in the list. Realmd (interacting with the domain) Now that all packages have been installed, the first thing to do is to join the CentOS system to the Active Directory domain. We use the realm application for that. The realm client is installed at the same time as realmd. It is used to join, remove, control access, and accomplish many other tasks. Here is the expected syntax for a simple domain join: realm join --user= The space between the user account and the domain account is not a typo. By inserting the corresponding details, we get the following command: # realm join --user=fkorea hope.net Supply the password when the prompt appears and wait for the process to end. Don’t let the short absence of output deceive you. There are a number of operations that go on as part of the process. You can tack on the -v switch for more verbose output. However, the best way to check if the computer is now a member of the domain is by running the realm list command. The command attempts to display the current state of the server with regard to the domain. It is a quick and dirty way to know which groups or users can access the server. It is also quite trivial to place the newly-created AD computer object in a specific Organizational Unit (OU) from the onset. I’ll leave that for further reading, but, as a tip, you can consult the man page. Using the realm client, you can grant or revoke access to domain users and groups. A deep dive on using realmd in a more fine-grained way is enough to make another article. However, I will not be out of order to pick out a few parameters for your attention, namely client-software and the server-software. By now, you should understand why we had to install so many packages. To leave the domain altogether, you need two words: realm leave Visudo (granting admin privileges) Users that are granted access have unprivileged access to the Linux server. For all intents and purposes, all Active Directory accounts are now accessible to the Linux system, in the same way natively-created local accounts are accessible to the system. You can now do the regular sysadmin tasks of adding them to groups, making them owners of resources, and configure other needed settings. If the user tries any activity that requires sudo access, the familiar error is presented. As can be seen in the inset, our user is not in the sudoers file. In that light, we can edit the sudoers file directly to grant them superuser privileges. This is not an article on granting superuser privileges, but we can use the visudo tool to interact safely with the sudoers file. sudo visudo add below groups to the end of the file: %frankfu\group1 ALL=(ALL) ALL %frankfu\group2 ALL=(ALL) ALL Alternatively, we could have just added the user to the wheel group. The point is the user account is now available to be used by the system. Allow SSH login: In the /etc/ssh/sshd_config , add below line AllowGroups root wheel frankfu\group1 frankfu\group2 Ref: https://www.redhat.com/sysadmin/linux-active-directory...
Read more...
APP installation – Registry Detection
July 10, 2023
Registry This detection rule verify the application existense based on windows registry key, value existance, string, Integer or version comparison. Key path: The full path of the registry key that contains the value to detect. Value name: The name of the registry value to detect. If this value is empty, the detection will happen on the key. The (default) value of a key will be used as detection value if the detection method is other than file or folder existence. Detection method: Select the type of detection method that’s used to validate the presence of the app. The following detection methods are available in registry based detection rules. Key exists Key does not exist String comparision Version comparision Integer comparision Example of Registry based detection: Check for registry value existance: Let’s take app installation for example: Key path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++ Value name: DisplayName Detection method: Value Exists Check for string comparison: Key path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++ Value name: DisplayName Detection method: String comparison Operator: Equals Value: Notepad++ (64-bit x64) Check for version Key path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++ Value name: DisplayVersion Detection method: String comparison Operator: Equals Value: 8.5.4 Version comparison can be used with file check to confirm the app installation. Client side activities: Similar to MSI & File based detection rule, you will the details of registry based detection rule in the policy downladed at client. The DetectionType 0 represent registry based detection rule Get policies = ,"DetectionRule":"","InstallCommandLine":"visioviewer_4339-1001_x64_en-us.exe /quiet","UninstallCommandLine":"visioviewer_4339-1001_x64_en-us /uninstall /quiet","RequirementRules":" Client start processing the deployment once it’s receive the policy. You can see all activities related with app detection in below log snippest from Intune extension manager log. <! Start detectionManager SideCarRegistryDetectionManager]LOG]!><time="19:36:29.8759872" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> <!LOG]!><time="19:36:30.0071701" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> <!LOG]!><time="19:36:30.0121586" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> <!LOG]!><time="19:36:30.0121586" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> <!LOG]!><time="19:36:30.0121586" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> <! Got reg value path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95160000-0052-0409-1000-0000000FF1CE}, name: DisplayName, value: Microsoft Visio Viewer 2016]LOG]!><time="19:36:30.0121586" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> <! Equal: actualValue: Microsoft Visio Viewer 2016, DetectionValue: Microsoft Visio Viewer 2016, applicationDetected: True]LOG]!><time="19:36:30.0121586" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> <! Checked reg path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95160000-0052-0409-1000-0000000FF1CE}, name: DisplayName, operator: 1, type: 3, value: Microsoft Visio Viewer 2016 , result of applicationDetected: True]LOG]!><time="19:36:30.0131559" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> <! detectionManager SideCarRegistryDetectionManager got applicationDetectedByCurrentRule: True as system]LOG]!><time="19:36:30.0131559" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> <! Completed detectionManager SideCarRegistryDetectionManager, applicationDetectedByCurrentRule: True]LOG]!><time="19:36:30.0131559" date="2-22-2022" component="IntuneManagementExtension" context="" type="1" thread="21" file=""> Use custom detection script The custom detection script method use PowerShell script to detect the app presence. The following details are required for this detection method. Script file: Select a PowerShell script that will detect the presence of the app on the client. The app will be detected when the script both returns a 0 value exit code and writes a string value to STDOUT. Run script as 32-bit process on 64-bit clients: Select Yes to run the script in a 32-bit process on 64-bit clients. Select No (default) to run the script in a 64-bit process on 64-bit clients. 32-bit clients run the script in a 32-bit process. Enforce script signature check: Select Yes to verify that a trusted publisher has signed the script, which will allow the script to run with no warnings or prompts displayed. The script will run unblocked. Select No (default) to run the script with user confirmation without signature verification. The Intune agent checks the results from the script. It reads the values written by the script to the STDOUT stream, the standard error (STDERR) stream, and the exit code. If the script exits with a nonzero value, the script fails and the application detection status is not installed. If the exit code is zero and STDOUT has data, the application detection status is installed. Exit Code and STDOUT stream Exit Code STDOUT Stream Detection State 0 Not Empty Detected, Application installed 0 Empty Not detected, Application not installed Non zero Empty Not detected, Application not installed Non zero Not Empty Not detected, Application not installed Source: https://www.petervanderwoude.nl/post/working-with-custom-detection-rules-for-win32-apps/ Sample detection script: Here is a sample script to use with Custom detection script rule with Win32 App. The script will check for file existance and it’s version. It will return Exit code 0 and write string value in STDOUT if condition mathced. Else, it will return Exit code 0. The intune extension manager will capture the output written to STDOUT ( using Write-host ) and show that in the log file. $AppName = "Winzip ver 26.0" $File = "D:\Program Files\WinZip26\winzip64.exe" $FileVersion = "50.260.14610 (64-bit)" Write-Host "Custom script based detection : $AppName" if (Test-path $File) { $ActualVersion = (Get-ItemProperty -Path $File).VersionInfo.FileVersion If ($ActualVersion -eq $FileVersion) { Write-host "Actual version: $Actualversion, Compared version: $FileVersion" Write-host "Same version of application installed" Exit 0} else { Write-host "Actual version: $Actualversion, Compared version: $FileVersion" Write-host "Different Version of application installed" Exit 0} } else { Write-Host "File $file not found. Application not installed" Exit 1 }...
Read more...
Generate VM resource report with powershell
July 6, 2023
This script will report on the RAM, cores, total disk space. #parameters $output_path = "c:\Users\frank\Documents\" $vmhost = "my-hyp1" $vms=get-vm -ComputerName $vmhost; # Loop through each VM found #path to save the result $outputfile = $output_path + "vms_report_" + $vmhost + ".csv" #"VMname,VMRAM(MB),VMcores,Total VMdisksize(GB)"> $outputfile echo "VMname, VMRAM(MB), VMcores, Total VMdisksize(GB)"; #new way to create csv part 1 - generate header ##this bit creates the CSV if it does not already exist $headers = "VMname", "VMRAM(MB)", "VMcores", "Total VMdisksize(GB)" $psObject = New-Object psobject foreach($header in $headers) { Add-Member -InputObject $psobject -MemberType noteproperty -Name $header -Value "" } $outputfile_tmp = $output_path + "vms_report_" + $vmhost + "temp.csv" $psObject | Export-Csv $outputfile_tmp -NoTypeInformation #remove the empty row Get-Content $outputfile_tmp | Select-Object -SkipLast 1 | Set-Content $outputfile -Encoding UTF8 Remove-item $outputfile_tmp #end of new way to create csv part 1 foreach ($vm in $vms) { # Get VM details $vmname = $vm.name; $vmram = ::round((($VM | get-vmmemory).Startup/1024/1024)) ; $totalcores = ($vm | Get-VMProcessor).Count; #get disk size $vmDisks = Get-VHD -ComputerName $vmhost -VMId $vm.VMId -ErrorAction SilentlyContinue -ErrorVariable getVhdErr $vmDisktotalsize = 0 foreach($vmDisk in $vmDisks) { $vmDiskMaxSize = ::round($vmDisk.Size/1024/1024/1024) $vmDisktotalsize=+$vmDiskMaxSize } # Build CSV output #$out = $vmname + "," + $vmram + "," + $totalcores + "," +$vmDisktotalsize; #echo $out # Output to file #$out >> $outputfile; ##new way to create csv part2 - append data #this bit appends a new row to the CSV file $hash = @{ "VMname" = $vmname "VMRAM(MB)" = $vmram "VMcores" = $totalcores "Total VMdisksize(GB)" = $vmDisktotalsize } $newRow = New-Object PsObject -Property $hash Export-Csv $outputfile -inputobject $newrow -append -Force ##end of new way part2 }...
Read more...
PRTG application API monitoring with powershell
April 12, 2023
PRTG provides versatile monitoring, from Server health to application API. today we will use powershell to monitor the API health. Below are the configurations in the PRTG sensor: Host IP: 10.34.50.56 URL: https:///stationery.webapi/Account/LogOn’ Postdata: {‘username’: ‘xxxx‘,’password’:’xxxx‘,’merchantNumber’:xxxx} Content Type: Custom Custom content type: application/json insert the Host IP after the second slash in the URL , you find the complet url: https://10.34.50.56/stationery.webapi/Account/LogOn To find out the “Response Must Include” area, run bellow powershell command (Postdata is used in the body area): ##below ignore the ssl cert trust isue: add-type @" using System.Net; using System.Security.Cryptography.X509Certificates; public class TrustAllCertsPolicy : ICertificatePolicy { public bool CheckValidationResult( ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) { return true; } } "@ ::CertificatePolicy = New-Object TrustAllCertsPolicy ## below pass the JSON data to the url, and get the response. invoke-webrequest -Uri 'https://10.34.50.56/stationery.webapi/Account/LogOn' -Method Post -ContentType "application/json" -Body "{'username': 'xxxx','password':'xxxx','merchantID':xxxx}" I found some code like: Content: {"data":{"user":{"countrycode":0, "Reload":31, "rolename":"Stationery Shop","username":xxxx,........ AllElements: .... RawContent : HTTP/1.1 200 OK Pragma: no-cache,no-cache Content-Length:1195 {"data":{"user":{"countrycode":0, "Reload":31, "rolename":"Stationery Shop","username":xxxx,........ "merchantID":"1234567890123" now I change the password to a wrong one on purpose,which is 12345, and try to get some other response just for comparison purpose: invoke-webrequest -Uri 'https://10.34.50.56/stationery.webapi/Account/LogOn' -Method Post -ContentType "application/json" -Body "{'username': 'xxxx','password':'12345','merchantID':xxxx}" now the response become: Server Error We're sorry, but an unexpected error occurred on the server. ..... So I will just pick a piece of data, such as merchantID from the first response and use it as the evidence of working API. Response Must Include: 1234567890123...
Read more...
MS IIS server (Web server)
March 15, 2023
Updated on 2023-03-15 IIS 10.0 version 1809 is the latest version of Internet Information Services (IIS) which shipped with the Windows 10 October 2018 Update and Windows Server 2019. Configuration file ApplicationHost.config This file is the root file of the configuration system when you are using IIS 7 and above. It includes definitions of all sites, applications, virtual directories and application pools, as well as global defaults for the web server settings, which means it controls the server itself. The location of the file is currently in the %windir%\system32\inetsrv\config directory. web.config Web.config file control configurations at the site and application levels....
Read more...