21 Jul 2011 Migrate Zimbra mail filter rules between servers
This is a short HOWTO migrate Zimbra mail filter rules from one server to another or even copy the rules from one user and import them to another. These commands are useful to use when you migrate user accounts between servers since mail filters are not migrated using the Zimbra to Zimbra migration script, zmztozmig . I might write a short post about migrating users between Zimbra servers later.
Export the rules to a file named filter_rules.sieve as the zimbra user
# zmprov ga user@example.com zimbraMailSieveScript > filter_rules.sieve
The content of the file could look something like this
# name user@example.com
zimbraMailSieveScript require ["fileinto", "reject", "tag", "flag"];
# Filtername
if anyof (header :contains ["to"] "root@localhost") {
fileinto "foldername";
stop;
}
Copy the filter_rules.sieve file to the other server and import the filter rules by enclosing the filter rules with a single qoutes around the rules
# zmprov ma user@example.com zimbraMailSieveScript 'require ["fileinto", "reject", "tag", "flag"];
# Filtername
if anyof (header :contains ["to"] "root@localhost") {
fileinto "foldername";
stop;
}'
This has been tested on a Zimbra 7.1.1 OSE server after migrating some users mailboxes from a 32-bit Zimbra server to a new 64-bit server.
Tags: howto, migrate, sieve, Zimbra, zimbramailsievescript, zmprov, zmztozmig
Posted by Hans-Henry Jakobsen
19 Jun 2011 List installed Windows Updates using WMIC
I have recently been trying to find a way to export a list of some, but not all installed Windows Updates and patches on a Windows 2008 server. WMIC is a Windows command that has been available in Windows for a long time and has become a tool that can perform many kinds of actions and queries.
Microsoft has created a tool called Microsoft Baseline Security Analyzer that helps you determine the security state in accordance with Microsoft security recommendations and offers specific remediation guidance, but I have not tried it to see if all patches and updates are exported.
Open a Windows Command Prompt (cmd.exe) and type the following command
wmic qfe get
The result presented in plain text
Caption CSName Description FixComments HotFixID InstallDate InstalledBy InstalledOn Name ServicePackInEffect Status http://go.microsoft.com/fwlink/?LinkId=133041 PC-NAME Update 982861 pc-name\username 3/20/2011 http://go.microsoft.com/fwlink/?LinkId=161784 PC-NAME Update KB971033 NT AUTHORITY\SYSTEM 8/9/2010 http://support.microsoft.com/?kbid=2305420 PC-NAME Security Update KB2305420 NT AUTHORITY\SYSTEM 12/17/2010 http://support.microsoft.com/?kbid=2393802 PC-NAME Security Update KB2393802 NT AUTHORITY\SYSTEM 2/10/2011 ...
WMIC can also be used to gather other Windows related information and this is a list with many wmic commands I have copied from Tech-Wreck InfoSec Blog: WMIC Command Line Kung-Fu in case the site becomes unavailable.
This site has produced many interesting articles and is well worth a visit.
| Description | - Command |
|---|---|
| Spot Odd Executables | – wmic PROCESS WHERE “NOT ExecutablePath LIKE ‘%Windows%’” GET ExecutablePath |
| Look at services that are set to start automatically | – wmic SERVICE WHERE StartMode=”Auto” GET Name, State |
| Find user-created shares (usually not hidden) | – wmic SHARE WHERE “NOT Name LIKE ‘%$’” GET Name, Path |
| Find stuff that starts on boot | – wmic STARTUP GET Caption, Command, User |
| Identify any local system accounts that are enabled (guest, etc.) | – wmic USERACCOUNT WHERE “Disabled=0 AND LocalAccount=1″ GET Name” |
| Change Start Mode of Service | – wmic service where (name like “Fax” OR name like “Alerter”) CALL ChangeStartMode Disabled |
| Number of Logons Per USERID | – wmic netlogin where (name like “%skodo”) get numberoflogons |
| Obtain a Certain Kind of Event from Eventlog | – wmic ntevent where (message like “%logon%”) list brief |
| Clear the Eventlog (Security example) | – wmic nteventlog where (description like “%secevent%”) call cleareventlog |
| Get Mac Address | – wmic nic get macaddress |
| Reboot or Shutdown | – wmic os where buildnumber=”2600″ call reboot |
| Update static IP address | – wmic nicconfig where index=9 call enablestatic(“192.168.16.4″), (“255.255.255.0″) |
| Change network gateway | – wmic nicconfig where index=9 call setgateways(“192.168.16.4″, “192.168.16.5″),(1,2) |
| Enable DHCP | – wmic nicconfig where index=9 call enabledhcp |
| Service Management | – wmic service where caption=”DHCP Client” call changestartmode “Disabled” |
| Start an Application | – wmic process call create “calc.exe” |
| Terminate an Application | – wmic process where name=”calc.exe” call terminate |
| Change Process Priority | – wmic process where name=”explorer.exe” call setpriority 64 |
| Get List of Process Identifiers | – wmic process where (Name=’svchost.exe’) get name,processid |
| Information About Harddrives | – wmic logicaldisk where drivetype=3 get name, freespace, systemname, filesystem, size, volumeserialnumber |
| Information about os | – wmic os get bootdevice, buildnumber, caption, freespaceinpagingfiles, installdate, name, systemdrive, windowsdirectory /format:htable > c:\osinfo.htm |
| Information about files | – wmic path cim_datafile where “Path=’\\windows\\system32\\wbem\\’ and FileSize>1784088″ > c:\wbemfiles.txt |
| Process list | – wmic process get /format:htable > c:\process.htm |
| Retrieve list of warning and error events not from system or security logs | – WMIC NTEVENT WHERE “EventType<3 AND LogFile != ‘System’ AND LogFile != ‘Security’” GET LogFile, SourceName, EventType, Message, TimeGenerated /FORMAT:”htable.xsl”:” datatype = number”:” sortby = EventType” > c:\appevent.htm |
| Total Hard Drive Space Check | – wmic LOGICALDISK LIST BRIEF |
| Get Running Services Information | – Wmic service where (state=”running”) get caption, name, startmode, state |
| Get Startmode of Services | – Wmic service get caption, name, startmode, state |
| Get Domain Names And When Account PWD set to Expire | – WMIC UserAccount GET name,PasswordExpires /Value |
| Get Hotfix and Security Patch Information | – WMIC QFE GET /format:CSV >QFE.CSV |
| Get Startup List | – wmic startup list full |
| Find a specific Process | – wmic process list brief find “cmd.exe” |
| Get List of IP Interfaces | – wmic nicconfig where IPEnabled=’true’ |
| Change IP Address | – wmic nicconfig where Index=1 call EnableStatic (“10.10.10.10″), (“255.255.255.0″) |
| OS/System Report HTML Formatted | – wmic /output:c:\os.html os get /format:hform |
| Products/Programs Installed Report HTML Formatted | – wmic /output:c:\product.html product get /format:hform |
| Services Report on a Remote Machine HTML Formatted | - wmic /output:c:\services.htm /node:server1 service list full / format:htable |
| Turn on Remoted Desktop Remotely! | – Wmic /node:”servername” /user:”user@domain” /password: “password” RDToggle where ServerName=”server name” call SetAllowTSConnections 1 |
| Get Server Drive Space Usage Remotely | – WMIC /Node:%%A LogicalDisk Where DriveType=”3″ Get DeviceID,FileSystem,FreeSpace,Size /Format:csv MORE /E +2 >> SRVSPACE.CSV |
| Get PC Serial Number | - wmic /node:”HOST” bios get serialnumber |
| Get PC Product Number | – wmic /node:”HOST” baseboard get product |
| Get Services for Remote Machine in HTML Format | – wmic /output:c:\services.htm /node:server1 service list full / format:htable |
Tags: MBSA, Windows 2008, Windows 7, wmic
Posted by Hans-Henry Jakobsen
24 Jan 2011 Easy way to decode or decrypt eval gzinflate str_rot13 base64_decode variables
If you download and install many WordPress themes you will sometimes find themes that have encrypted lines or variables in the footer part of the theme, in the functions.php file or other included theme files.
I do not trust these lines of code and would not use a theme without knowing what code is being run. Therefore I decode these lines to determine if this is a theme I would like to use of just delete the theme because it contains dangerous code. Most of the time these encrypted lines just contain copyright information the authors of the theme don’t want you to change.
This is an example of how a encrypted variable might look like
echo(str_rot13('shapgvba purpx_urnqre(){vs(!(shapgvba_rkvfgf("purpx_shapgvbaf")&&shapgvba_rkvfgf("purpx_s_sbbgre"))){rpub (\'Guvf gurzr vf eryrnfrq haqre perngvir pbzzbaf yvprapr, nyy yvaxf va gur sbbgre fubhyq erznva vagnpg< /sbag>< /o>\');}}'));
The easy way to show the contents of this variable is copy the entire line into a new PHP file and replace the eval command with echo and save the file into file decode.php
Then you run the PHP file like this
# php decode.php
The result in this example should be
function check_header(){if(!(function_exists("check_functions")&&function_exists("check_f_footer"))){echo (' < b>< font color=white size=4>This theme is released under creative commons licence, all links in the footer should remain intact< /font>');}}
I have included an image of the code in case it is not shown correctly in WordPress.
I have written about this topic before, WordPress themes with eval and base64_decode lines but this is a much simpler way of showing the content of the unreadable variables.
Tags: base64_decode, eval, gzinflate, PHP, str_rot13, Wordpress, Wordpress theme
Posted by Hans-Henry Jakobsen
08 Jan 2011 Copy EXIF information from one file to another
This is a short post about how to duplicate or copy the EXIF information from one file to another using exiftool.
The command comes handy when you have one image with EXIF information and you would like another image to have the exact EXIF information.
exiftool -TagsFromFile CopyFromFile.NEF ToFile.JPG
This works in both Windows and Linux.
Posted by Hans-Henry Jakobsen
15 Nov 2010 PHP script to recreate empty WordPress post slugs
This post describes how I managed to recreate empty WordPress 3.0 permalink post slugs with the post title of the blog posts using a slightly modified version of the script found on another blog post named Bulk update post slugs in a wordpress blog. This script became handy since some of my post slugs was missing permalink content because the content in my WordPress blog was migrated from an old PostNuke blog and was not SEO friendly.
The only change I did to the script was to use the PHP function rawurlencode() to encode the Norwegian letters æøå into a URL friendly URLs and change the formatting of how the changes was presented to the web browser. It is very important that you remember to make a backup of your WordPress database before you run this script. Just in case you need to revert your post slugs changes.
The script
// change this this to strip old slugs if needed:
//update wp_posts set post_name = '' where guid like '%.asp'
set_time_limit(20000);
/** Loads the WordPress Environment and Template, allowing wp functions like the_title() */
define('WP_USE_THEMES', false);
require('./wp-blog-header.php');
function bleach($which)
{
$result = sanitize_title(get_the_title($which));
return $result;
}
$dbhost = 'localhost';
$dbuser = 'username';
$dbpass = 'password';
$dbname = 'wordpress';
$sql = 'SELECT ID, post_title' . ' FROM `wp_posts`' . ' WHERE post_status = "publish"' . " and post_name = '' " . ' order by ID asc';
$db = mysql_connect($dbhost, $dbuser, $dbpass) or die('Could not connect: ' . mysql_error());
mysql_select_db($dbname);
$result = mysql_query($sql) or die('Query failed: ' . mysql_error());
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
$id = $row['ID'];
$title = $row['post_title'];
$clean_slug = rawurlencode(bleach($id));
echo "ID:{$row['ID']} " . "post_title : {$title} " . "sanitized : {$clean_slug}
";
$sql_u = "UPDATE `wp_posts` SET post_name = '" . $clean_slug . "' " . 'WHERE ID = ' . $id;
echo 'QUERY:' . $sql_u . '
';
mysql_query($sql_u) or die('ERROR: ' . mysql_error());
flush();
}
echo "";
mysql_close($db);
Save this PHP script in the root path of your WordPress installation. In my case I named it “regenerate_post_slugs.php” and ran it from my web browser by visiting the web address http://example.com/regenerate_post_slugs.php Remeber to add the <?php and ?> PHP tags in the beginning and end of the script.
The changes the script does to your WordPress database will be printed on your web browsers window. If the changes does not meet your post slug wishes, just revert to the backup you made before running this script.
This is an excerp from the result after running the script on my WordPress database
... ID:1273 post_title : Presentasjon av spillere og kampoversikt klart! sanitized : presentasjon-av-spillere-og-kampoversikt-klart QUERY:UPDATE `wp_posts` SET post_name = 'presentasjon-av-spillere-og-kampoversikt-klart' WHERE ID = 1273 ID:1274 post_title : Problemer på hjemmesiden! sanitized : problemer-pa-hjemmesiden QUERY:UPDATE `wp_posts` SET post_name = 'problemer-pa-hjemmesiden' WHERE ID = 1274 ...
You can download the script regenerate_post_slugs.php if you experience that some of the content is missing. Remember to rename it to .php
Tags: permalink, PHP, post slugs, Wordpress
Posted by Hans-Henry Jakobsen
