14 Sep 2011 Windows grep command alternative
grep is a linux console command to print lines matching a line, but Windows does not have the grep command.
In Windows you have to use the findstr command in a console window.
Example
C:\>dir |findstr Windows 13.09.2011 10:41Windows
The findstr command is default case sensitive just like in linux.
findstr options
C:\>findstr -?
Searches for strings in files.
FINDSTR [/B] [/E] [/L] [/R] [/S] [/I] [/X] [/V] [/N] [/M] [/O] [/P] [/F:file]
[/C:string] [/G:file] [/D:dir list] [/A:color attributes] [/OFF[LINE]]
strings [[drive:][path]filename[ ...]]
/B Matches pattern if at the beginning of a line.
/E Matches pattern if at the end of a line.
/L Uses search strings literally.
/R Uses search strings as regular expressions.
/S Searches for matching files in the current directory and all
subdirectories.
/I Specifies that the search is not to be case-sensitive.
/X Prints lines that match exactly.
/V Prints only lines that do not contain a match.
/N Prints the line number before each line that matches.
/M Prints only the filename if a file contains a match.
/O Prints character offset before each matching line.
/P Skip files with non-printable characters.
/OFF[LINE] Do not skip files with offline attribute set.
/A:attr Specifies color attribute with two hex digits. See "color /?"
/F:file Reads file list from the specified file(/ stands for console).
/C:string Uses specified string as a literal search string.
/G:file Gets search strings from the specified file(/ stands for console).
/D:dir Search a semicolon delimited list of directories
strings Text to be searched for.
[drive:][path]filename
Specifies a file or files to search.
Use spaces to separate multiple search strings unless the argument is prefixed
with /C. For example, 'FINDSTR "hello there" x.y' searches for "hello" or
"there" in file x.y. 'FINDSTR /C:"hello there" x.y' searches for
"hello there" in file x.y.
Regular expression quick reference:
. Wildcard: any character
* Repeat: zero or more occurrences of previous character or class
^ Line position: beginning of line
$ Line position: end of line
[class] Character class: any one character in set
[^class] Inverse class: any one character not in set
[x-y] Range: any characters within the specified range
\x Escape: literal use of metacharacter x
\ Word position: end of word
For full information on FINDSTR regular expressions refer to the online Command
Reference.
Posted by Hans-Henry Jakobsen
29 Aug 2011 Configure miniDLNA on Ubuntu 11.04
This is a short HOWTO on installing and configuring miniDLNA on Ubuntu 11.04 Natty to work with my Sony Bravidia KDL-40EX711 LED TV.
First we need to install the minidlna software.
# sudo aptitude install minidlna
The content of my /etc/minidlna.conf file
port=8200 network_interface=eth0 media_dir=P,/export/pictures friendly_name=My DLNA Server album_art_names=Cover.jpg/cover.jpg/AlbumArtSmall.jpg/albumartsmall.jpg/AlbumArt.jpg/albumart.jpg/Album.jpg/album.jpg/Folder.jpg/folder.jpg/Thumb.jpg/thumb.jpg inotify=yes enable_tivo=no strict_dlna=no notify_interval=900 serial=12345678 model_number=1
Comments in the config file has been removed to reduce the listing.
The media_dir variable can be configured four ways:
A – Audio
V – Video
P – Pictures
No value – You have to browse the folders to determine the type of content
I used the P value in the example above to indicate that the folder contains pictures.
You can add several media_dir variables to point to different folders.
Start the miniDLNA daemon
# sudo /etc/init.d/minidlna start
The media database will be built the first time you start the miniDLNA daemon and can take some time depending on the folder size.
You should now have access to your newly configured DLNA server on your TV by pressing the Home button.
Choose Photo and scroll down to the penguin icon named “My DLNA Server”, ref variable friendly_name in the config file.
The default location for the logfile is /var/log/minidlna.log and it can be useful for debugging if you have problems with miniDLNA.
If you think you have problems with the minidlna database, you can rebuild the mediadatabase by issuing this command
# sudo /usr/sbin/minidlna -f /etc/minidlna.conf -R -d
Tags: KDL-40EX711, minidlna, Sony Bravidia
Posted by Hans-Henry Jakobsen
21 Jul 2011 Migrate Zimbra mail filter rules between servers
This is a short HOWTO migrate Zimbra mail filter rules from one server to another or even copy the rules from one user and import them to another. These commands are useful to use when you migrate user accounts between servers since mail filters are not migrated using the Zimbra to Zimbra migration script, zmztozmig . I might write a short post about migrating users between Zimbra servers later.
Export the rules to a file named filter_rules.sieve as the zimbra user
# zmprov ga user@example.com zimbraMailSieveScript > filter_rules.sieve
The content of the file could look something like this
# name user@example.com
zimbraMailSieveScript require ["fileinto", "reject", "tag", "flag"];
# Filtername
if anyof (header :contains ["to"] "root@localhost") {
fileinto "foldername";
stop;
}
Copy the filter_rules.sieve file to the other server and import the filter rules by enclosing the filter rules with a single qoutes around the rules
# zmprov ma user@example.com zimbraMailSieveScript 'require ["fileinto", "reject", "tag", "flag"];
# Filtername
if anyof (header :contains ["to"] "root@localhost") {
fileinto "foldername";
stop;
}'
This has been tested on a Zimbra 7.1.1 OSE server after migrating some users mailboxes from a 32-bit Zimbra server to a new 64-bit server.
Tags: howto, migrate, sieve, Zimbra, zimbramailsievescript, zmprov, zmztozmig
Posted by Hans-Henry Jakobsen
19 Jun 2011 List installed Windows Updates using WMIC
I have recently been trying to find a way to export a list of some, but not all installed Windows Updates and patches on a Windows 2008 server. WMIC is a Windows command that has been available in Windows for a long time and has become a tool that can perform many kinds of actions and queries.
Microsoft has created a tool called Microsoft Baseline Security Analyzer that helps you determine the security state in accordance with Microsoft security recommendations and offers specific remediation guidance, but I have not tried it to see if all patches and updates are exported.
Open a Windows Command Prompt (cmd.exe) and type the following command
wmic qfe get
The result presented in plain text
Caption CSName Description FixComments HotFixID InstallDate InstalledBy InstalledOn Name ServicePackInEffect Status http://go.microsoft.com/fwlink/?LinkId=133041 PC-NAME Update 982861 pc-name\username 3/20/2011 http://go.microsoft.com/fwlink/?LinkId=161784 PC-NAME Update KB971033 NT AUTHORITY\SYSTEM 8/9/2010 http://support.microsoft.com/?kbid=2305420 PC-NAME Security Update KB2305420 NT AUTHORITY\SYSTEM 12/17/2010 http://support.microsoft.com/?kbid=2393802 PC-NAME Security Update KB2393802 NT AUTHORITY\SYSTEM 2/10/2011 ...
WMIC can also be used to gather other Windows related information and this is a list with many wmic commands I have copied from Tech-Wreck InfoSec Blog: WMIC Command Line Kung-Fu in case the site becomes unavailable.
This site has produced many interesting articles and is well worth a visit.
| Description | - Command |
|---|---|
| Spot Odd Executables | – wmic PROCESS WHERE “NOT ExecutablePath LIKE ‘%Windows%’” GET ExecutablePath |
| Look at services that are set to start automatically | – wmic SERVICE WHERE StartMode=”Auto” GET Name, State |
| Find user-created shares (usually not hidden) | – wmic SHARE WHERE “NOT Name LIKE ‘%$’” GET Name, Path |
| Find stuff that starts on boot | – wmic STARTUP GET Caption, Command, User |
| Identify any local system accounts that are enabled (guest, etc.) | – wmic USERACCOUNT WHERE “Disabled=0 AND LocalAccount=1″ GET Name” |
| Change Start Mode of Service | – wmic service where (name like “Fax” OR name like “Alerter”) CALL ChangeStartMode Disabled |
| Number of Logons Per USERID | – wmic netlogin where (name like “%skodo”) get numberoflogons |
| Obtain a Certain Kind of Event from Eventlog | – wmic ntevent where (message like “%logon%”) list brief |
| Clear the Eventlog (Security example) | – wmic nteventlog where (description like “%secevent%”) call cleareventlog |
| Get Mac Address | – wmic nic get macaddress |
| Reboot or Shutdown | – wmic os where buildnumber=”2600″ call reboot |
| Update static IP address | – wmic nicconfig where index=9 call enablestatic(“192.168.16.4″), (“255.255.255.0″) |
| Change network gateway | – wmic nicconfig where index=9 call setgateways(“192.168.16.4″, “192.168.16.5″),(1,2) |
| Enable DHCP | – wmic nicconfig where index=9 call enabledhcp |
| Service Management | – wmic service where caption=”DHCP Client” call changestartmode “Disabled” |
| Start an Application | – wmic process call create “calc.exe” |
| Terminate an Application | – wmic process where name=”calc.exe” call terminate |
| Change Process Priority | – wmic process where name=”explorer.exe” call setpriority 64 |
| Get List of Process Identifiers | – wmic process where (Name=’svchost.exe’) get name,processid |
| Information About Harddrives | – wmic logicaldisk where drivetype=3 get name, freespace, systemname, filesystem, size, volumeserialnumber |
| Information about os | – wmic os get bootdevice, buildnumber, caption, freespaceinpagingfiles, installdate, name, systemdrive, windowsdirectory /format:htable > c:\osinfo.htm |
| Information about files | – wmic path cim_datafile where “Path=’\\windows\\system32\\wbem\\’ and FileSize>1784088″ > c:\wbemfiles.txt |
| Process list | – wmic process get /format:htable > c:\process.htm |
| Retrieve list of warning and error events not from system or security logs | – WMIC NTEVENT WHERE “EventType<3 AND LogFile != ‘System’ AND LogFile != ‘Security’” GET LogFile, SourceName, EventType, Message, TimeGenerated /FORMAT:”htable.xsl”:” datatype = number”:” sortby = EventType” > c:\appevent.htm |
| Total Hard Drive Space Check | – wmic LOGICALDISK LIST BRIEF |
| Get Running Services Information | – Wmic service where (state=”running”) get caption, name, startmode, state |
| Get Startmode of Services | – Wmic service get caption, name, startmode, state |
| Get Domain Names And When Account PWD set to Expire | – WMIC UserAccount GET name,PasswordExpires /Value |
| Get Hotfix and Security Patch Information | – WMIC QFE GET /format:CSV >QFE.CSV |
| Get Startup List | – wmic startup list full |
| Find a specific Process | – wmic process list brief find “cmd.exe” |
| Get List of IP Interfaces | – wmic nicconfig where IPEnabled=’true’ |
| Change IP Address | – wmic nicconfig where Index=1 call EnableStatic (“10.10.10.10″), (“255.255.255.0″) |
| OS/System Report HTML Formatted | – wmic /output:c:\os.html os get /format:hform |
| Products/Programs Installed Report HTML Formatted | – wmic /output:c:\product.html product get /format:hform |
| Services Report on a Remote Machine HTML Formatted | - wmic /output:c:\services.htm /node:server1 service list full / format:htable |
| Turn on Remoted Desktop Remotely! | – Wmic /node:”servername” /user:”user@domain” /password: “password” RDToggle where ServerName=”server name” call SetAllowTSConnections 1 |
| Get Server Drive Space Usage Remotely | – WMIC /Node:%%A LogicalDisk Where DriveType=”3″ Get DeviceID,FileSystem,FreeSpace,Size /Format:csv MORE /E +2 >> SRVSPACE.CSV |
| Get PC Serial Number | - wmic /node:”HOST” bios get serialnumber |
| Get PC Product Number | – wmic /node:”HOST” baseboard get product |
| Get Services for Remote Machine in HTML Format | – wmic /output:c:\services.htm /node:server1 service list full / format:htable |
Tags: MBSA, Windows 2008, Windows 7, wmic
Posted by Hans-Henry Jakobsen
01 Jun 2011 NetBackup 7.x port usage
If you are unsure what ports Symantec NetBackup 7.x master or media Windows server uses, just open the following file
%SYSTEMROOT%\system32\drivers\etc\services
The content in this file could be like this if you have not made any changes to the default configuration
bpcd 13782/tcp bprd 13720/tcp vnetd 13724/tcp vopied 13783/tcp bpdbm 13721/tcp bpjobd 13723/tcp bpjava-msvc 13722/tcp NB_dbsrv 13785/tcp vmd 13701/tcp tldcd 13711/tcp tl8cd 13705/tcp tl4d 13713/tcp tlmd 13716/tcp tlhcd 13717/tcp acsd 13702/tcp
Tags: nbu7, netbackup, symantec
Posted by Hans-Henry Jakobsen
