Català
English
command-line
Winexe packed for Ubuntu/Kubuntu and Debian
Thu, 06/11/2008 - 18:41 — TomàsI just found out, since debian lenny, and in Ubuntu/KUbuntu (I don't know if it was in 8.04, but it do is in 8.10), winexe application, of which we talked about and used, for instance, in our process killing scripts or remote shell scripts, comes with wmi-client package. That is, if you want to install it, you just should do:
apt-get install wmi-clientAnd done! I guess RedHat and Suse have this package too... can anyone confirm this?
More windows remote administration tools: winkill, winshell, wininfo
Thu, 06/11/2008 - 04:31 — TomàsFollowing the path we were on former posts , if we have seed with psexec, noe it's very easy to make new tools. Three examples:
winshell.sh
With this tool we get a shell in windows servers. It doesn't use psexec because it haven't, cmd.exe is in system path.
#!/bin/bash
[ $# -ne 1 ] && echo "Error, I need one argument" && echo "Use: $0 server" && exit 1
PROGPATH=`echo $0 | /bin/sed -e 's,[\\/][^\\/][^\\/]*$,,'`
. $PROGPATH/winvars.sh
winexe //$1 "cmd" $PSCREDENTIALSwininfo.sh
With this tool we can get some server information. Physical RAM, SO version, uptime, number of processos, frequency of them, and video card driver. This last detail doesn't seems important at all, but it's very useful, because it can tell you wether if a server is physical or virtual. If video driver is something like "ATI Technologies Inc. 3D RAGE IIC PCI", then it's a physical machine. If video driver is something like"VMware SVGA II", then it's a virtual machine.
#!/bin/bash
[ $# -ne 1 ] && echo "Error, I need one and only one argument" && exit 1
PROGPATH=`echo $0 | /bin/sed -e 's,[\\/][^\\/][^\\/]*$,,'`
$PROGPATH/winpsexec.sh $1 pstools\\psinfowinkill.sh
As its name clearly stands, it's a process killing tool (we can previously know the PID useing winps.sh).
#!/bin/bash
[ $# -ne 2 ] && echo "Error, I need two arguments" && echo "Use: $0 server pid" && exit 1
PROGPATH=`echo $0 | /bin/sed -e 's,[\\/][^\\/][^\\/]*$,,'`
$PROGPATH/winpsexec.sh $1 "pstools\\pskill $2"Remotely watching windows event log: winloglist
Thu, 06/11/2008 - 04:20 — TomàsIf we want to check the event log of a windows server from our linux console (without having to connect through terminal server, allowing us to grep the results, etc, etc, etc), here we have the tool!
We use psloglist with this parameters:
-d 1 so it shows just last day of logs (we don't want to be flooded with logs)
-f we so just warning and errors will be shown (usually, only those are interesting)
$2 this is the second parameter. If we wnat to see just "application" or "system" logs (usually the only interesting) you just type it there.
#!/bin/bash
[ $# -lt 1 ] && echo "Error, I need at least one argument" && echo "Use: $0 server [system|security|application]" && exit 1
PROGPATH=`echo $0 | /bin/sed -e 's,[\\/][^\\/][^\\/]*$,,'`
$PROGPATH/winpsexec.sh $1 "pstools\\psloglist -d 1 -f we $2"First example of remote pstools execution: winps.sh
Wed, 01/10/2008 - 21:41 — TomàsNext mission was making scripts to execute pstools remotely. I started make one for each tool, but I found out there was a lot of shared code, so I decided to create an generic script, psexec.sh (honoring pstools), receiving the server and the tool, with its parameters. After that, we should only create a wrapper for every command to make our life easier.
The script must check if file credentials are valid, and asking for others if they aren't. Once authenticated, it must check if there's pstools installed or not, and copy them if not.
In the full story you can see the code of psexec.sh and an example wrapper, winps.sh. Keep in mind that they need some files, winvars.sh and cp_pstools.sh in order to work properly, as we saw in the previous post.
Automatically copying pstools to the windows server from your linux
Wed, 01/10/2008 - 20:11 — TomàsFollowing the path we were... What if we want to use pstools in 50 servers? As an idea, we can creat a shared unit, and make all servers to execute pstools there. But if we have some in some networks, some in some other networks (including DMZ), in a domain or not... Couln't be an easy way to copy them?
With this purpose I've made this little script, doing exactly that: copying pstools to the server we want. First of all it mounts a cifs unit (with smbmount), then copy the files and then umount it.
I've made it to be called from other scripts. For instance, if we make a "winps", we can make it to check if pstools are installed first, and to copy them if they aren't.
In the full article you can see the code an download the file.
Disconnecting windows remote desktop (terminal server) users
Fri, 26/09/2008 - 20:32 — TomàsYou are trying to connect via remote desktop (terminal server) to the server, but you find out there's too much people already connected. You get the damn message:
What can I do? Is easy. As we already have our brand new tool winexe, we can make a little script to make our lives easier:
#!/bin/bash
[ $# -lt 1 ] && echo "Error: Missing argument" && echo "Use: $0 server [disc #session]" && exit
[ ! -z "$2" ] && [ $2 != disc ] && echo "Error: Can't understand second argument" && echo "Use: $0 server [disc #session]" && exit
[ "$2" == "disc" ] && echo "Disconnecting session $3 from server $1..." && winexe //$1 "logoff $3" -A secretfile && exit
echo "Listing server $1 sessions:"
winexe //$1 "query session" -A secretfileFile "secretfile" is optional, just in case you don't want to type user and pass. Contents are:
domain=YOURDOMAIN
username=user
password=passThat's an poorly error-controlled script, but it allows you to watch who is connected:
user@server:~/$ ts.sh server2
Listing server server2 sessions:
SESSIONNAME USERNAME ID STATE TYPE DEVICE
> user1 0 Disc rdpwd
rdp-tcp 65536 Listen rdpwd
Administrator 3 Disc rdpwd
user2 1 Disc rdpwd
console 5 Conn wdcon
user@server:~/$In this server you can't login, there are too much users. We can see everybody is "disconnected", so there is no one working. We choose the user we like the least, and we kick him out:
user@server:~/$ ts.sh server2 disc 1
Disconnecting session 1 from server server2...
user@server:~/$ ts.sh server2
Listing server server2 sessions:
SESSIONNAME USERNAME ID STATE TYPE DEVICE
> user1 0 Disc rdpwd
rdp-tcp 65536 Listen rdpwd
Administrator 3 Disc rdpwd
console 5 Conn wdconEt voilà, we just get a free session to connect to admin this server.
Obviously, is way better if everybody logs off when they end working. But if you have to share your servers with absentminded admins, you must take care of yourself...
Executing windows commands from your linux box: winexe
Thu, 25/09/2008 - 16:59 — TomàsWhen you see a windows stopped server in your nagios console, sometimes you would like to add an event_handler who tries to start the service automatically.
With samba , it´s been a long term feature, some way to control services ( net stop or net start ), but I haven't found that this ever worked.
There's a useful tool: winexe . With this tool, you can, not only stop and start windows services, but execute any shell comand, even having a windows shell inside your linux box, as simply as:
winexe -U HOME/Administrator%Pass123 //host cmdGetting system info from command line: pstools
Thu, 25/09/2008 - 16:49 — TomàsIn the previous post, where we talked about winexe, we showed how to execute shell commands from our linux console. Our first idea was to start and stop services ( net start; net stop), but once we have a windows shell, we can go beyond a do a lot more. to achieve that, we can use pstools .
Problem using pstools for the first time: /accepteula
Thu, 25/09/2008 - 16:13 — Tomàs
