Remote Desktop Session Auditor – Find out who’s been on your server!

UPDATE *Fixed download link 11/14/17*

In v0.2 you can now filter based on IP version by using the “-v” switch. I will add links to both version as this still requires a little bit of testing.


 

Finally a cool breeze and some alone time, here is a tool I wrote up because I had a need to track down and audit multiple remote servers to determine who has been logging in and from where. The tool output’s to the command prompt, you can use a “>” operator and output to file if necessary…see below for example.

The usage is fairly simple and it can be used both in interactive mode and can be ran using command line arguments.

Interactive Mode:

Double click the exe and it will ask you for the target hostname or if you do not provide a hostname, tool will check the local host.

CLI Mode:

 

Output to file:

 

Switches:

 

The tool has been tested against Server 2008/2008r2/SBS2011/Server2012/Server2012r2/Windows 7/8/8.1

RDPAuditv0.2.zip (332 downloads)

Advertising on the site

I wanted to inform my visitors that I have accepted a new advertiser and it is Private Internet Access (PIA). Before recommending a product I do my best to test and actively use it for a lengthy period of time and PIA has been through its fare share of use.

Buy VPN
PIA is a VPN service provider, using there servers (which are located globally) you can stay anonymous while still browsing the web at full speeds. The only time I have had issues was when I was playing online multiplayer games and I forgot that PIA was still connected, this was the reason I lost so bad (and I swear, I am not a bad player! :p)

Anyways, PIA delivers on there promise, they do not store any logs nor history of usage. They simply put a layer between you and the rest of the world, keeping you nice and safe.

If you want your product advertised on this blog, please reach out to me (by comment) and I will work closely with you to determine if your product is appropriate for my audience.

Broadcom Network Adapters Causing Slow Network Performance

I wanted to give everyone a heads up on a major issue related to Broadcom NICs, these can be found primarily in top shelf HP/Dell servers that are used in production across the globe. The issue is related to poor network performance for virtual machines and this is due to a advance NIC setting which is referred to as “Virtual Machine Queue”.

VMQ is when network traffic is handled by the physical network adapter, it creates a queue of traffic which waits for everything to arrive and then routes it to where it should go. In my experience, this has killed file transfer speeds and what normally would take 30 seconds to complete will now take over 30min!

To disable this evil monster you can do it via Powershell like below:

another way of disabling this is locating your network card properties in Device Manager and going to the Advanced tab, the Virtual Machine Queue property will be in the list.

I originally faced this issue over a year ago and had posted a question over at ServerFault but seemed like no one had a clue on what might be the problem. Hopefully this saves someone the heads, cheers!

HyperVTools v1.5 is out in the wild

Hello friends, I wanted to give you a heads up that v1.5 is now available for use. Although the change log is very minimal, in reality there was a lot of refactoring code that took place and with it comes even better compatibility with Windows Server 2008/2008r2.

As I get further into development of this utility, I am a starting to realize how unprofessional it might look and feel. As a solution I am working on a better interface and although I do not have a prototype that I can share at this moment, let me tell you that it is coming along very well and surprisingly it is looking pretty slick….at least to me 🙂

As always, thank you for visiting and see you next time!

Hyper-V Tool version 1.0 is out!

Quick update on, I’ve been out of town for a while and finally had some time to work on some personal projects. I just finished uploading v1.0 to the cloud so start up your existing tool and grab the update or look below for direct download.

Here is some info from the change log

v1.0

* fixed bug when manually exporting csv
* added logging to a similarly named .log file in same path as tool
+ command line options added, usage is as such
HyperVTools.exe -u username -p password -d domain -h hostname -o C:\output.csv

Introducing Hyper-V Tools – The Ultimate Hyper-V Reporting Tool

HyperVTools is a read only software which aims to provide a quick method of obtaining virtual machine information from a Microsoft Hyper-V host. Information includes name/uptime/OS Version/DNS name/much more! The tool gives you a quick way of creating a report of your machine status and spits out a nicely formatted CSV with details. If you don’t want to use any disk space, you can highlight items in the list and copy to clipboard even!

I originally started working on this when I saw a posting on reddit requesting something that would work like RVTools but for Hyper-V. RVTools is a pretty slick piece of software but unfortunately (or fortunately?) it is geared towards VMWare virtualization products only and thus came the inception of HyperVTools!

This software is still a work in progress and features will be added as I go. As of right now, it is in a usable state and is ready for future updates and eventually it will live up to the claim of being the Ultimate Hyper-V Reporting tool.

Features

  • Connect to a Hyper-V server from Windows 7/8/8.1 x64 or Windows Server 2008/2008r2/2012/2012r2 (including local host – Run as Administrator)
  • Output CSV with details
  • Auto updating logic included (that doesn’t work when you need it)
  • Minor switch details (this is still WIP)
  • Command line mode:
    • HyperVTools.exe -u username -p password -d domain -h hostname -o C:\output.csv
  • much more!

Compatibility

  • .NET 4.0
  • This software has been tested on Windows Server 2012r2
  • Windows Server 2008/2008r2/2012/2012r2 Hyper-V support **WIP**

HOW TO INSTALL OWNCLOUD ON UBUNTU 14.10 USING HYPER-V PART 3 OF 3

Hello, hello!

We are indeed making some progress, today I will be going over the install process for ownCloud 8.0.2 and walking you through the best practices.

Configure static IP address

Do not leave your machine to grab an IP from DHCP, I suggest you have a spreadsheet that lists all IP addresses within your subnet and there status (free/used/reserved). Doing this has helped me keep my network organized and no more dang IP conflicts!

Using your favorite text editor, open the interface file which is located in /etc/network/interfaces

I have already reserved a IP address in my list so that is won’t get used anywhere else, I suggest you do that same. Under the primary network interface comment is where you want to put your static address.

Once you have entered this information, save your changes (in nano it is CTRL + X) and exit the text editor. At this point it would be a good idea to reboot the machine to insure it does come back up with the correctly set static IP address.

Installing ownCloud 8.0.2

First thing to do is add ownCloud’s repo to apt-get by doing the following command:

If you intend on using apt-get for future updates for ownCloud then I suggest saving the key by doing the following:

Once you have created your repo file and optionally downloaded/saved the key, do the following:

You should see something similar to below…

You will be asked for confirmation, enter Y and let’s get this ball rolling!

NOTE if you did not save the key above then you will get a second prompt warning that the ownCloud packages cannot be authenticated, go ahead and press Y to confirm

During the install process, you will be asked to set a password for the root user for MySQL, I suggest a strong password here and be sure that you keep record of it because we will need it when we configure ownCloud.

Once apt-get is finished downloading all of the bits bring up your favorite

Web browser and go to http://YOURSERVERNAME/owncloud and you will be greeted with the setup page.

At this time, fill in the blanks including the password that you had setup during the install process for mysql and hit Finish Setup.

The setup process will take a few minutes so do not navigate away from the page and let it process. Once the setup finishes you will enter the main dashboard for your user account.

On the top right, click your username and go to the Admin section, from here lets clear up some of the warnings that ownCloud might be complaining about.

 

Resolving the “PHP charset is not set to UTF-8” warning

Let’s jump back into our SSH session and edit the relevant php.ini file that this warning is referring to. Open up /etc/php5/apache2/php.ini in your favorite editor again and search for the phrase “default_charset”. (CTRL + W in nano)

 

Once you find it, remove the colon in front of it to uncomment and after that is done, restart apache2 and refresh the admin page to get rid of the warning.

Here are the commands that I used to achieve this:

Resolving the security warning

You are accessing ownCloud via HTTP. We strongly suggest you configure your server to require using HTTPS instead.

In order to enable HTTPS, we must first enable SSL and assign a certificate to use. To create a self-signed certificate, do the following:

Enable SSL in Apache2

Create Certificate

At this time you will be prompted to enter a bunch of information regarding the certificate, if this is going to be a private server that only you use then feel free to make up and/or leave some fields blank. Here is what I filled out:

Next step is to configure the SSL site for apache2, to do this open the site configuration file and lets edit a few details:

These are the settings that you need to add/change:

Once your certificate is created, restart apache2 and HTTPS/SSL should be working on your ownCloud and you should no longer see the warning in the admin dashboard.

While we are at it, let’s enforce HTTPS by enabling the following options

What these options do is if you go to the HTTP version (plaintext) of your ownCloud, it will automatically redirect you to the HTTPS version.

Recommended ownCloud Apps

Server-side Encryption

To enable this, login as a admin user and go to the Apps section. From there, go to the Not Enabled section.

At this point your ownCloud installation should be fully functional via the web interface or client. What I did on my machines is instead of installing the ownCloud client, I opted to map the drive. To do this in Windows, bring up command prompt as administrator and enter in the following command:

I did something similar on my Macbook Air as well by connecting to the server and mounting the weddav folder associated with my account.

Additional Steps

Port forwarding – If your ownCloud instance is sitting behind a firewall and you need to access it externally, you will need to create a policy on your firewall/router to allow traffic to/from your ownCloud server using TCP 443.

DNS records – I currently use Namecheap as my domain name provider and made a new A record to point owncloud.uglyvpn.com to my external IP address. This process took close to 10hrs to complete but can take up to 48hrs for all DNS changes to propagate around the world.

How to install ownCloud on Ubuntu 14.10 using Hyper-V Part 2 of 3

Welcome back everyone to part 2 in this series of How to Install ownCloud on Ubuntu using Hyper-V, today we will be going through on getting the OS installed and configuring network settings.

Let’s start off by getting our VM started and walk through the initial install steps

Installing Ubuntu 14.10 on Hyper-V

Once you start up the VM it should boot off of the .iso that we attached earlier and ask for your language of choice

Select your preferred language and hit enter key, at the next screen select the top option to “Install Ubuntu Server”

NOTE During this time you may receive an error related to Fast TSC (TimeStamp Counter), this error can be safely ignored. The OS will attempt to retry at a later time on it is own. For more information, visit here

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The next few screens of the installation will ask you about keyboard layout and what your hostname should be, I opted for applinux 

During the install process, you will be asked if you want to encrypt your home directory, this is a personal preference and for my scenario, I opted not to encrypt only the home folder but instead do a entire disk encryption.

NOTE You will be asked for this password when this VM starts up, otherwise it will not boot into the OS. Keep this in mind whenever remotely rebooting as it will not be possible to SSH during that time.

Since this VM will be holding sensitive information outside of the home directory, lets setup partitioning to also encrypt the entire drive. Now why would I want to do this? Well, let’s say someone is able to get onto my Hyper-V host and has the ability to copy/clone/VSS my VM and now they have a version of my Linux App Server….well it won’t be of any use unless they are able to provide the correct key to decrypt!

NOTE Encrypting the disk is entirely optional and may provide performance gains if not used at the cost of security

Be sure that you remember what the encryption key is that you are setting, I would hate for you to lock yourself out of your own server 🙁

Install OpenSSH when you’re given the option, apache2 and mysql will be installed at a later time.

The reason we want to install OpenSSH now is so we can remotely SSH into this server using Putty when the OS finishes installing. From there, we can quickly copy/paste commands into the window because Hyper-V can be finicky when it comes to that. In the meantime, I suggest you go grab your favorite SSH client (mine is Putty) and have it ready for the next portion of this guide.

Once the VM finishes installing and restarts, it will prompt you to login. Once logged in, you should have a similar logon information as below.

Alright folks, this looks like a good spot for me to stop for this iteration in the guide. This should give you a chance to mess around with the install process and allow you to fine tune it to your needs before we start installing ownCloud.

Good luck and see you next time!

See Part 1

coding, troubleshooting and some explainin, all in a days work for this engineer