Technical Stuff

This is a highly specialized note, but it might be helpful as a test idea for more general use cases. I have a bluecoat web proxy serving as a reverse proxy for some images on our web site.  A citrix netscaler sits in front of the bluecoats and distributes the load the bluecoats.  We use Qradar as our SEIM and this is how I test one of the bluecoats using "live" data: Start by getting a cvs text file of successful queries from Qradar (i.e. run a search, export the raw events as CSV. transform log into generic URLS: sed -e 's/^.*PROXIED //' 2010-05-26-data_export.csv| awk '{ print $7 "://" $8 ":" $9$10 } ' | grep "^http" > /tmp/1 : use the computed URLS and run against the bluecoat: for LINE in `cat /tmp/1`; do http_proxy=http: //BLUECOAT001:80 wget "$LINE" ; done : Run against comparative bluecoat: for LINE in `cat /tmp/1`; do http_proxy=http: //BLUECOAT002:80 wget "$LINE" ; done : Compare the...

 Here is a neat little debug command for Checkpoint. fw ctl zdebug drop | grep 10.1.1.1

PERL has a seemingly infinite number of libraries out there.  One that I find extremely helpful and which I just happened to stumble upon is the Data::Dumper one.  For anyone that has used Perl references and anonymous hashes, you know how tough debugging can be.   But Data::Dumper is so cool.  Just use the library and then print the main reference to see the whole tree: #!/usr/bin/perl use Data::Dumper; use warnings; use diagnostics; use strict; my ($nextline,$HOST,$COMPONENT,$RESTOFLINE,$PHASE,$INTERVAL,$FLOWS,$OVERFLOW); my ($masterHash); $masterHash = {}; while ( defined($nextline= ) ) {         chomp ($nextline);         if ( $nextline =~ m/^[A-Za-z]+\s+\d+\s+\d+:\d+:\d+\s+([A-Za-z0-9_]+)\s+\[\d+\]\s+([A-Za-z0-9_]+):(.*)$/ )         {                 $HOST = $1;   ...

Modern Firefox versions store cookies in an sqllite database which makes them hard to extract.  There is an add-on that allows you to export, but that is overkill for me, since all i wanted to do was download a file using wget. Awesomely, the man page showed a really easy wy to do this quickly.... View your cookies through Firefox's normal Preferences->Privacy->Cookies. The name listed on the right is the Name.  Click on each name, and notice the value.  Put those together to get a command line that works: wget --no-cookies --header "Cookie:  <NAME>=<VALUE> "    https://example.com/dir/file1 Voila.

I ran into problem where a vendor wanted to know all of the patches that installed via RPM to their appliance for a given day. RPM stores that info but I didn't know how to access it easily.  There is probably an easier way to do this, but I put the following command line together and it seems to work: rpm -qai | egrep -3 "Mon 20 Sep|Tue 21 Sep" | egrep "^Name|^Install Date" | sed -e 's/Relocations:.*$//' | sed -e 's/Build Host.*$//' | sed -e 's/   */ /g' | perl -e 'while (defined($line1= )) { $line2 = ; chomp ($line1); chomp ($line2); print "$line1\t\t$line2\n";}' | sort Fun times.

Stuck with winblows on the desktop.  Downloaded an ISO from a vendor and needed to copy to an appliance.  But security is tight except for stuff initiated from the appliance.  Quickest solution was to run SSHD under cygwin: ssh-keygen -t rsa -f /etc/ssh_host_rsa_key ssh-keygen -t dsa -f /etc/ssh_host_dsa_key vi /etc/defaults/etc/sshd_config --- sshd_config.orig    2010-09-02 13:30:23.690702700 -0500 +++ sshd_config 2010-09-02 13:24:02.021270400 -0500 @@ -94,6 +94,7 @@  #TCPKeepAlive yes  #UseLogin no  #UsePrivilegeSeparation yes +UsePrivilegeSeparation no  #PermitUserEnvironment no  #Compression delayed  #ClientAliveInterval 0 /usr/sbin/sshd -f /etc/defaults/etc/sshd_config -d

I've been working at a company for a little over 2 years now that is a microsoft sycophant company.  When it doesn't use microsoft, it uses the biggest, least agile vendor it can find. I didn't realize how much working with microsoft killed my computer interest.  In the past few weeks I've been working on upgrading and redesigning my home systems.  I had a fairly archaic Fedora Core 9 home server which I rarely used except to run Alpine on (to report my spam easily.)  I've decided it is time to go massively virtual. I built a new VirtualBox virtual machine on my laptop.  I migrated the FC9 box from a standalone server to the VM (not that hard really, just some dump/restore actions and voila.) The new task is to create a new FC13 box as the host OS.  Build a couple of VMs under it with different functions.  I should be able to upgrade the host OS and guest OSs on a different schedule and that should make keeping up with updates and new releases ea...