Category Archives: Quick Scripts

Reducing the number of replicas in Elasticsearch

Sometimes you just want to run a single Elasticsearch node and not have it constantly alert that it has no were to write its replicas. Since Elasticsearch and more templates default to at least 1 replica we have to make changes to Elasticsearch and to the templates. First change the default:

curl -XPUT 'localhost:9200/_settings' -d '
{
    "index" : {
        "number_of_replicas" : 0
    }
}
'

Then we can list all the templates and figure out which ones need updates as well

curl -XGET -H 'Content-Type: application/json' 'localhost:9200/_template/*?pretty'

Then for each of the templates you want to update. For instance to update a Logstash template use the following:

curl -XPUT -H 'Content-Type: application/json' 'localhost:9200/logstash-*/_settings' -d '{ "number_of_replicas" : 0 } }'

Python OAuth2 auth and bearer token caching

To access many APIs you need to use OAuth2, sending a client id and secret to an endpoint to get a token back. Then send that token with future calls as authentication.

The particular API I was calling would also return a number of seconds the bearer token would be good for.

Hopefully this code will help jumpstart someone else along the way to using python and APIs.

#!/usr/bin/env python3

import requests
import json
import datetime

import os.path
from os import path

cache_file = "/var/tmp/oauth.json"
client_id = '**your client_id here**'
client_secret = '**your secret here**'

def getToken():
    url = "https://api.wherever.com/oauth2/token"

    data = {
      'client_id': client_id,
      'client_secret': client_secret,
      'grant_type': 'client_credentials'
    }

    response = requests.post(url, data=data)

    data = json.loads(response.text)
    expiration_time =  datetime.datetime.now() +  datetime.timedelta(seconds=data['expires_in'])
    data['expiration_date'] =   int(expiration_time.utcnow().timestamp())

    with open(cache_file, "w") as outfile:
        json.dump(data, outfile)
    return data



if path.exists(cache_file):
    #Reading cache
    with open(cache_file, "r") as infile:
        access_token = json.load(infile)
    if int(datetime.datetime.now().timestamp()) > access_token['expiration_date']:
        #Token expired, get new
        acces_token = getToken()
else:
    #No cached value, get and cache
    access_token = getToken()


bearer_token = access_token["access_token"]
headers = {
        'Authorization': f'bearer {bearer_token}'
}

#The rest of the requests go here and pass that header

Use PowerShell to find what process is using a port

Sometimes you just need to know what ports a process is listening on, or what process is listening on a port…so here you go, just replace the process or port and have at it.

$process = "svcHost"
Get-NetTCPConnection | Where OwningProcess -in (Get-Process | Where ProcessName -eq $process | Select -ExpandProperty Id)
$port = 135
Get-Process -Id (Get-NetTCPConnection -LocalPort $port).OwningProcess

Finding who is using a Windows Share in PowerShell

You can find the users and computers connected to a share pretty easily in powershell.

$share_name = "*"
$shares = Get-WmiObject Win32_ServerConnection 
$shares = $shares | Where-Object {$_.ShareName -like $share_name} | `
                    Select-Object ShareName, UserName, `
                                  @{n="Computer";e={[System.Net.Dns]::GetHostEntry($_.ComputerName).HostName}}
$shares | Group-Object -Property ShareName | ` 
          Select Name, `
                 @{n="Computers";e={$_.Group | Select -ExpandProperty Computer | Get-Unique}},`
                 @{n="Users";e={$_.Group | Select -ExpandProperty UserName | Get-Unique}},`
                 Group

$share_name is a filter to narrow down the shares you are checking. Other than that it gets all the share connections then groups them by share. It shows unique users and computers connected to each share.

Find GPOs with LoopBack Enabled

You can get a list of all Group Policy Objects (GPOs) with loopback very easily:


Get-GPO -All | Where { $($_ | Get-GPRegistryValue -Key "HKLM\Software\Policies\Microsoft\Windows\System" -Value UserPolicyMode -ErrorAction SilentlyContinue -WarningAction SilentlyContinue | Select -ExpandProperty Value) -eq 1}

This will query all GPOs and then conditionally return them if they have the value for UserPolicyMode set.

You could replace the “Get-GPO -all” with a filtered version if you were only interested in certain GPOs

A little longer version if you want to abstract it or modify it earlier:

Function GetLoopBack {
    param($gpo)
    $gpo | Get-GPRegistryValue -Key "HKLM\Software\Policies\Microsoft\Windows\System" -Value UserPolicyMode `
                               -WarningAction SilentlyContinue | Select -ExpandProperty Value
}

$GPOs = $GPOs | SELECT -Property *, @{Name='LoopBack';Expression={GetLoopBack2 $_}}

 

Querying the BitLocker SQL Database

Just a quick snippet to get all the Recovery Key’s for a specific user in the BitLocker database.

With MBAMRecoveryandHardware selected:

SELECT DomainName, u.Name Username, m.Name MachineName, k.LastUpdateTime KeyUpdate, VolumeGuid, RecoveryKey,RecoveryKeyId, Disclosed
  FROM [RecoveryAndHardwareCore].[Users] u 
  JOIN [RecoveryAndHardwareCore].[Domains] d ON (u.DomainId = d.Id)
  JOIN [RecoveryAndHardwareCore].[Volumes_Users] v_u ON (u.Id = v_u.UserId)
  JOIN [RecoveryAndHardwareCore].[Volumes] v ON (v_u.VolumeId = v.Id)
  JOIN [RecoveryAndHardwareCore].[Keys] k ON (v.Id = k.VolumeId)
  JOIN [RecoveryAndHardwareCore].[Machines_Volumes] m_v ON (m_v.VolumeId = v.Id)
  JOIN [RecoveryAndHardwareCore].[Machines] m ON (m.Id = m_v.MachineId)
  WHERE u.Name = '**username here**'

 

Running anything as a Service

You can use NSSM to run anything you want as a service very quickly.  In my case, I was looking to run AcuRite even when not logged in or while locked so that my weather station is always updating the cloud.

  1. Download NSSM and extract somewhere on your C Drive (i just put it in c:\nssm\
  2. Open a command prompt and change directories to where NSSM was extracted and run the following command (replace AcuRite with the name of the service you want to create)
  3. nssm.exe install AcuRite
  4. In the path field select the exe you would normally be running
  5. On the details tab set a description so you remember in the future why you created this.
  6. Click “Install Service”
  7. Start the service from the Services control panel

Easy and quick you now have AcuRite (or whatever you want) running as a service.

Finding Recently Updated Files

So I needed to find what log files were getting updated.  The files where inC:\ProgramData\VMware\vCenterServer\logs and that folder has many many folders and I wasn’t sure which one would have the files I needed. I was sure that they would have been updated recently.  So a quick little PowerShell to the rescue

Get-ChildItem -Recurse | Where {$_.LastWriteTime -gt (Get-Date).AddMinutes(-15)}

This returns all the files in the current folder and below that have been modified in the last 15 minutes.  It is easy enough to change up to look for other criteria, like *.log files int he last 5 minutes

Get-ChildItem -Recurse -Filter *.log | Where {$_.LastWriteTime -gt (Get-Date).AddMinutes(-5)}

Or all files with pid in their name

Get-ChildItem -Recurse -Filter *pid*

Powershell can be very very handy in a pinch! Hope this helps

 

Query Microsoft DHCP Scopes

Sometimes you just have a ton of DHCP scopes and you just need to make sure they all have some specific options set the way you want. Scanning through them by hand can be a pain, so here is a quick script to scan over them rapidly.

Param(
 [Parameter(Mandatory=$True)]
 [string]$dnsServer,
 [string]$match,
 [string]$option
)
 $scopes = Get-DhcpServerv4Scope -ComputerName $dnsServer -ErrorAction:SilentlyContinue | Where {$_.Name -like "*$match*"}
 $Report = @()

ForEach ($scope In $scopes) {
 $row = "" | Select ScopeID, Name, Option
 $OptionData = (Get-DhcpServerv4OptionValue -OptionID $option -ScopeID $scope.ScopeID -ComputerName $dnsServer -ErrorAction:SilentlyContinue).Value
 $OptionData = (Get-DhcpServerv4OptionValue -OptionID $option -ScopeID $scope.ScopeID -ComputerName $dnsServer -ErrorAction:SilentlyContinue).Value
 $row.ScopeID = $scope.ScopeID
 $row.Name = $scope.Name
 $row.Option = $OptionData -Join ","
 $Report += $row
 }
$Report

 

This script takes a couple of parameters.  Match lets you specify the name of the scope so that you can filter it down by the specific scopes, and option lets you specify the attribute number you would like to report on and dnsServer lets you specify the server.  Some usage examples:

#report on each scopes gateway where the scope name has "vlan110"
.\dhcp_query.ps1 -dnsServer dhcpServer1 -match vlan110 -option 3

#report on each scopes DNS where the scope name has "vlan110"
.\dhcp_query.ps1 -dnsServer dhcpServer1 -match vlan110 -option 6

#report and then export into a CSV
.\dhcp_query.ps1 -dnsServer dhcpServer1 -match vlan110 -option 6 | Export-CSV -Path dns_voip_options.csv -NoTypeInformation

Export Excel file to PDF

If you want to automate the conversion from XLS to PDF, then PowerShell provides a very straight forward way to do it.  Create an Excel object, load the XLS file, write to PDF.

param(
    [Parameter(Mandatory=$true)]
    [string]$InputFileName,
    [Parameter(Mandatory=$true)]
    [string]$OutputFileName
    )

$xlFixedFormat = “Microsoft.Office.Interop.Excel.xlFixedFormatType” -as [type] 

$excel = New-Object -ComObject excel.application
$workbook = $excel.workbooks.open($InputFileName, 3)
$workbook.Saved = $true
$workbook.ExportAsFixedFormat($xlFixedFormat::xlTypePDF, $OutputFileName)
$excel.Workbooks.close()
$excel.Quit()

You then run the code with two parameters, source file, and destination file.

Source: https://blogs.technet.microsoft.com/heyscriptingguy/2010/09/06/save-a-microsoft-excel-workbook-as-a-pdf-file-by-using-powershell/