POWERSHELL   Powershell – Could not create SSL/TLS secure channel



I use Powershell to send monitoring results to the Icinga API (passive checks). For example, to check if the Exchange backups were processed correctly, I run a Exchange powershell and then the results are sent using “Invoke-WebRequest” command.

Since I disabled obsolete and insecure TLSv1 and TLSv1.1 protocols in the Exchange server, the script was not working anymore returning error:… Read more

   Exchange – Bulk import of distribution group members from csv



A short but useful post:

Suppose you need to import hundreds of members to a distribution group.
The list is in a CSV file:

Name,Email
user1,user1@domain1.com
user2,user2@domain2.com
user3,user3@domain3.com
user4,user4@domain4.com
user5,user5@domain5.com
user6,user6@domain6.com
user7,user7@domain7.com
user8,user8@domain8.com
user9,user9@domain9.com
user10,user10@domain10.com
user11,user11@domain11.com
user12,user12@domain12.com
user13,user13@domain13.com
user14,user14@domain14.com
user15,user15@domain15.com
user16,user16@domain16.com
user17,user17@domain17.com
user18,user18@domain18.com
...

To bulk import all the users, a simple command like this is enough:… Read more

   Nextcloud – Error modifying files or folders: locked error



Yesterday I came across a problem in which I tried to modify (rename, delete, …) a folder and it returned an error.

Nextcloud logs (/var/www/nextcloud/data/nextcloud.log) showed the following:

"reqId":"Pf4KW9q1WDVe1YdmG0Mt","level":3,"time":"2019-09-10T16:36:53+00:00","remoteAddr":"63.223.129.127","user":"user1","app":"no app in context","method":"DELETE","url":"\/remote.php\/dav\/files\/user1\/ALBUMS\/New%20folder","message":{"Exception":"OCP\\Lock\\LockedException","Message":"\"files\/8010dab5adf49336ecdaf75a2008d5ab\" is locked","Code":0,"Trace":[{"file":"\/var\/www\/html\/nextcloud\/lib\/private\/Files\/Storage\/Common.php","line":779,"function":"changeLock","class":"OC\\Lock\\DBLockingProvider","type":"->","args":["files\/8010dab5adf49336ecdaf75a2008d5ab",2]},{"file":"\/var\/www\/html\/nextcloud\/lib\/private\/Files\/Storage\/Wrapper\/Wrapper.php","line":615,"function":"changeLock","class":"OC\\Files\\Storage\\Common","type":"->","args":["Nueva carpeta",2,{"__class__":"OC\\Lock\\DBLockingProvider"}

Solution

Enter maintenance mode

sudo -u www-data php occ maintenance:mode --on

Then, all entries of the table oc_file_locks … Read more

Home Server icon   Home Server (9) – Upgrade HP Microserver Gen8 CPU



Im using my Microserver Gen8 a lot and, sometimes the poor performance of the CPU is noted (when showing galleries with many images for example). So I decided to replace it by another better one.

CPU model to choose

I chose the cpu model based on this resource

Those are compatible CPU with different performances prices and all of them … Read more

Checkpoint   Checkpoint – Custom application signature ACST



This time I show you the Checkpoint “Application Control Signature Tool”. This tool allows you to create your own Apps and URL filtering signatures.
For example, I’m using it to block Torrent clients based on the User-Agent, but it is very versatile and you can use it in many ways.

Downloading the tool

Visit the following SK103051 and download it. … Read more

Checkpoint   Checkpoint – Useful SNMP OIDs to monitor (VSX)



It is very important to keep your Checkpoint environment monitored. Given that it offers a wide variety of SNMP data, I have collected some of the (in my opinion) most useful OIDs MIBs. Altough I use Icinga and Grafana (as you can see the related outputs in this post), almost any monitoring system can be used to get … Read more

Security   Security – List available cipher suite using nmap



If you are in process of securing your web server or site, there are some tools and online resources that can help us a lot (in one of the following posts will show you some of them).

But simply using the command the fantastic nmap tool, another interesting feature is listing the available cipher suite certain site offers using the … Read more

Checkpoint   Checkpoint – Unexpected high cpu usage and SecureXL



Last monday I realized that the cpu was very high on one of my Checkpoint VSX nodes.
Looking at my Icinga graphs it seemed it started on friday at 3 o’clock:

Running a top directly on the VSX, I delimited the high to one of the virtual systems that runs on that VSX. In this image the fwk2 threads that … Read more

Security   Security – View HTTP headers using tcpdump



If you need to trace the HTTP request and response headers by capturing the related packets, you can use tcpdump in this way:

 tcpdump -i ens192 -A -s 10240 'tcp port 80' | grep -v IP | egrep --line-buffered "..(GET |\.HTTP\/|POST |HEAD )|^[A-Za-z0-9-]+: " |sed -r 's/..(GET |HTTP\/|POST |HEAD )/\n\n\1/g'

For example, filtering tcp port 80 and 192.168.10.100 IP address:… Read more