.adm Desativar Horário Verão

2 de novembro de 2012 Windows Server No comments

CLASS MACHINE
CATEGORY !!category
CATEGORY !!categoryname
POLICY !!policyhorarioverao
KEYNAME “System\CurrentControlSet\Control\TimeZoneInformation”
EXPLAIN !!explaintextdst
PART !!labeltextdst DROPDOWNLIST REQUIRED
VALUENAME “DisableAutoDaylightTimeSet”
ITEMLIST
NAME !!Disabled VALUE NUMERIC 0 DEFAULT
NAME !!Enabled VALUE NUMERIC 1
END ITEMLIST
END PART
END POLICY
END CATEGORY
END CATEGORY

[strings]
category=”Custom Policy Settings”
categoryname=”Horário de Verão”
policyhorarioverao=”Disable DST”
explaintextdst=”Disable Automatically adjust clock for daylight saving changes”
labeltextdst=”Disable DST”
Enabled=”Enabled”
Disabled=”Disabled”

Fonte : http://blogdosmonges.blogspot.com.br/2009/10/desativacao-do-dst-para-o-horario-de.html

Rules Snort – TOR, RBN, DSHIELD e BOOTNET

14 de outubro de 2012 Firewall No comments

Link dos .rules : http://rules.emergingthreats.net/blockrules/

Adicionar no snort.conf

include $RULE_PATH/emerging-tor.rules
include $RULE_PATH/emerging-tor-BLOCK.rules
include $RULE_PATH/emerging-rbn.rules
include $RULE_PATH/emerging-rbn-malvertisers.rules
include $RULE_PATH/emerging-rbn-malvertisers-BLOCK.rules
include $RULE_PATH/emerging-rbn-BLOCK.rules
include $RULE_PATH/emerging-dshield.rules
include $RULE_PATH/emerging-dshield-BLOCK.rules
include $RULE_PATH/emerging-drop.rules
include $RULE_PATH/emerging-drop-BLOCK.rules
include $RULE_PATH/emerging-botcc.rules
include $RULE_PATH/emerging-ciarmy.rules
include $RULE_PATH/emerging-compromised-BLOCK.rules
include $RULE_PATH/emerging-compromised.rules

Download : scriptrulesupdate.sh

Script Bloqueio TOR via Iptables

14 de outubro de 2012 Firewall No comments

————————————————————————————————————————————————————

#!/bin/bash
#——————————————————————————
#
# File: blockproxyanon.sh
# Descricao : Bloqueio Proxy Anonymous via IPS HOSTS
# Modificado : Marlo Luiz Binsfeld
# Original : http://www.brianhare.com/wordpress/2011/03/02/block-tor-exit-nodes-using-bash-script/#codesyntax_1
#
#——————————————————————————

IPTABLES_TARGET=”DROP”
IPTABLES_CHAINNAME=”TOR”

WORKING_DIR=”/etc/blockproxyanon/”

# get IP address of eth0 network interface
IP_ADDRESS=$(curl -s checkip.dyndns.org|sed -e ‘s/.*Current IP Address: //’ -e ‘s/<.*$//’)

if ! iptables -L “$IPTABLES_CHAINNAME” -n >/dev/null 2>&1 ; then #If chain doesn’t exist
iptables -N “$IPTABLES_CHAINNAME” >/dev/null 2>&1 #Create it
fi

cd $WORKING_DIR

# Fazer manualmente
#rm -rf listed_ip_7.zip
#rm -rf ipsblocklist
#wget –progress=bar – http://www.stopforumspam.com/downloads/listed_ip_7.zip
#unzip -o listed_ip_7.zip

wget -q -O – “https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$IP_ADDRESS&port=80” -U NoSuchBrowser/1.0 > ipsblocklisttor
wget -q -O – “https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$IP_ADDRESS&port=9998” -U NoSuchBrowser/1.0 >> ipsblocklisttor
sed -i ‘s|^#.*$||g’ ipsblocklisttor
sed ‘/^$/d’ ipsblocklisttor > /tmp/ipsblocklist
cat /tmp/ipsblocklist | grep -v “#” > ipsblocklist

iptables -F “$IPTABLES_CHAINNAME”

CMD=$(cat listed_ip_7.txt ipsblocklist | uniq | sort)

for IP in $CMD; do
let COUNT=COUNT+1
iptables -A “$IPTABLES_CHAINNAME” -s $IP -j $IPTABLES_TARGET
done

iptables -A “$IPTABLES_CHAINNAME” -j RETURN
————————————————————————————————————————————————————
Créditos : http://www.brianhare.com/wordpress/2011/03/02/block-tor-exit-nodes-using-bash-script/#codesyntax_1
Download : blockproxyanon.sh

Script Bloqueio de Social IM via Iptables

14 de outubro de 2012 Firewall No comments

—————————————————————————————————————————————————————-

#!/bin/bash
#——————————————————————————
#
# File: blocksocialim.sh
# Descricao : Bloqueio HTTPS
# Social Networks : http://bgp.he.net – Facebook, Twitter, Youtube, Meebo, MySpace, Badoo
# Modificado : Marlo Luiz Binsfeld
# Original : http://www.vivaolinux.com.br/dica/Bloquear-Facebook-acessado-por-HTTPS-(iptables)
#
#——————————————————————————
SOCIALIM_ALLOW=””
SOCIALIM_IP_RANGE=”74.119.76.0/22 69.63.184.0/21 69.63.176.0/24 69.63.176.0/21 69.171.255.0/24 69.171.240.0/20 69.171.239.0/24 69.171.224.0/20 66.220.159.0/24 66.220.152.0/21 66.220.144.0/21 31.13.80.0/24 31.13.79.0/24 31.13.78.0/24 31.13.77.0/24 31.13.76.0/24 31.13.75.0/24 31.13.74.0/24 31.13.73.0/24 31.13.72.0/24 31.13.71.0/24 31.13.70.0/24 31.13.69.0/24 31.13.66.0/24 31.13.65.0/24 31.13.64.0/24 31.13.64.0/19 31.13.24.0/21 204.15.20.0/22 173.252.96.0/19 173.252.70.0/24 173.252.64.0/19 199.96.57.0/24 199.96.56.0/24 199.59.148.0/22 199.16.156.0/22 82.129.37.0/24 64.15.126.0/24 64.15.125.0/24 64.15.124.0/24 64.15.121.0/24 64.15.120.0/24 64.15.120.0/22 64.15.120.0/21 64.15.119.0/24 64.15.118.0/24 64.15.117.0/24 64.15.116.0/24 64.15.115.0/24 64.15.114.0/24 64.15.113.0/24 64.15.112.0/24 64.15.112.0/21 64.15.112.0/20 213.146.171.0/24 208.65.155.0/24 208.65.154.0/24 208.65.152.0/23 208.65.152.0/22 208.117.255.0/24 208.117.254.0/24 208.117.253.0/24 208.117.252.0/24 208.117.251.0/24 208.117.250.0/24 208.117.249.0/24 208.117.248.0/24 208.117.248.0/21 208.117.245.0/24 208.117.244.0/24 208.117.243.0/24 208.117.242.0/24 208.117.241.0/24 208.117.240.0/24 208.117.239.0/24 208.117.238.0/24 208.117.237.0/24 208.117.236.0/24 208.117.235.0/24 208.117.234.0/24 208.117.233.0/24 208.117.232.0/24 208.117.231.0/24 208.117.230.0/24 208.117.229.0/24 208.117.228.0/24 208.117.227.0/24 208.117.226.0/24 208.117.225.0/24 208.117.224.0/24 208.117.224.0/19 74.114.27.0/24 74.114.26.0/24 74.114.24.0/21 208.81.188.0/22 199.36.158.0/24 199.36.158.0/23 199.36.156.0/23 199.36.152.0/22 63.135.92.0/22 63.135.88.0/22 63.135.86.0/24 63.135.84.0/23 63.135.80.0/22 63.135.80.0/20 216.178.46.0/23 216.178.44.0/23 216.178.42.0/23 216.178.41.0/24 216.178.40.0/24 216.178.38.0/23 216.178.32.0/20 204.16.32.0/22 87.245.199.0/24 64.209.21.0/24 31.222.78.0/23 31.222.76.0/23 31.222.74.0/23 31.222.72.0/23 31.222.71.0/24 31.222.70.0/24 31.222.70.0/23 31.222.68.0/23 31.222.66.0/23 31.222.64.0/23 159.253.183.0/24 159.253.182.0/24 159.253.180.0/23 159.253.178.0/23 159.253.176.0/23 159.253.176.0/22 173.194.42.0 173.194.42.1 173.194.42.14 173.194.42.2 173.194.42.3 173.194.42.32 173.194.42.33 173.194.42.34 173.194.42.35 173.194.42.36 173.194.42.37 173.194.42.38 173.194.42.39 173.194.42.4 173.194.42.40 173.194.42.41 173.194.42.46 173.194.42.5 173.194.42.6 173.194.42.7 173.194.42.8 173.194.42.9 173.252.96.0/19 204.15.20.0/22″

iptables -N SOCIALIM

## SOCIALIM DENY
for socialim in $SOCIALIM_IP_RANGE; do
iptables -I FORWARD -m tcp -p tcp -d $socialim –dport 443 -j SOCIALIM
done
iptables -A SOCIALIM -j REJECT

## SOCIALIM ALLOW
for socialimallow in $SOCIALIM_ALLOW; do
iptables -I SOCIALIM -s $socialimallow -j ACCEPT
done

—————————————————————————————————————————————————————-

Créditos : http://www.vivaolinux.com.br/dica/Bloquear-Facebook-acessado-por-HTTPS-(iptables)
http://bgp.he.net/
Download : blocksocialim.sh

VBS Apagar Arquivos Antigos e Mover para Pasta

14 de outubro de 2012 Outros No comments

—————————————————————————————————————————————

Set FSo = CreateObject(“Scripting.FileSystemObject”)
Set folder = FSO.getFolder (“M:\millsys\millgest\magnet\comercial”)
for each file in folder.files
if (dateDiff(“d”, file.DateLastModified, now) >60) then
File.delete
end if
next

Dim SOURCE, TARGET
Dim fso, SourceObj

SOURCE = “M:\millsys\millgest\magnet\comercial”
TARGET = “D:\Publico\MagnetComercial”

Set fso = CreateObject(“Scripting.FileSystemObject”)
Set SourceObj = fso.GetFolder(SOURCE)

RecrusiveSearch SourceObj

Set SourceObj = Nothing
Set fso = Nothing

Private Sub RecrusiveSearch(sFolder)
Dim fld, fil
Dim strMonth, strDay, strYear, strDate

strMonth = “0” & Month(Date)
strMonth = Right(strMonth, 2)
strDay = “0” & Day(Date)
strDay = Right(strDay, 2)
strYear = Year(Date)

strDate = strYear & strMonth & strDay & “_”

If DateDiff(“d”, sFolder.DateLastModified, Now) > 10 Then
fso.CopyFolder sFolder.Path, Target & “\” & strDate & sFolder.Name
fso.DeleteFolder sFolder
Exit Sub
End If

For Each fld In sFolder.SubFolders
RecrusiveSearch fld
Next

For Each fil In sFolder.Files
If DateDiff(“d”, fil.DateLastModified, Now) > 10 Then
fso.CopyFile fil.Path, Target & “\” & strDate & fil.Name
fso.DeleteFile fil
End If
Next
End Sub

—————————————————————————————————————————————
Créditos : http://www.vbforums.com/showthread.php?578210-Recurse-through-sub-directories-Files-older-then-30-days

vbs–Apagando arquivos antigos

Remover Linhas Iguais Linux

14 de outubro de 2012 Outros No comments

sort arquivo | uniq >> novo arquivo

Parametros de SNR e Atenuação de ADSL

9 de outubro de 2012 Windows Server No comments

SNR Margin – Relação Sinal ruído:

– 5db ou menos = ruim, impossível sincronia, quedas freqüentes
– 8db-13db = regular – sem problemas com sincronia do modem
– 14db-22db = muito bom
– 23db-28db = excelente
– 29db-35db = raro

Atenuação:

– 0 – 19dB = excelente,cabeamento excelente, bem próximo ao DSLAN
– 20-30dB = Muito bom
– 30-40dB = bom
– 40-60dB = regular
– 60-65dB = pobre
– 65dB ou superior terão problemas

Créditos : http://www.flogao.com.br/mastergleidson/blog/2468044

Limpeza da Pasta WINSXS

26 de setembro de 2012 Windows Server No comments

The winsxs folder in c:\windows can be really big, the only way to cleanup is using the microsoft command line tools :

Windows Server 2003 : VSP1CLEAN.exe
Windows Server 2008 : COMPCLN.exe
Windows 7 and Server 2008 R2 : DISM.exe

I will explain the last one here.  Start your command prompt As Administrator.

Usage: dism /online /cleanup-image /spsuperseded

Note:
After running this command it won’t be possible to uninstall any service packs!

Before :

After:

So almost 3Gb on my Windows 7 Sp1 machine is released.

You can also run these commands :

Takeown /f %windir%\winsxs\ManifestCache\*
Icacls %windir%\winsxs\ManifestCache\* /GRANT administrators:F
Del /q %windir%\winsxs\ManifestCache\*

In my case this cleanup another 500Mb

Créditos : http://www.microsoftpro.nl/2011/07/28/how-to-cleanup-the-winsxs-folder-on-windows-7-sp1-windows-2008-windows-2008-r2-sp1/

.ADM para Ocultar menu Ferramentas Administrativas

26 de setembro de 2012 Windows Server No comments

Crie um arquivo .adm com o bloco de notas e cole esse codigo dentro!
Após isso caregue na edição da GPO.

CLASS USER
CATEGORY “Ferramentas Administrativas”
POLICY “Retirar Ferramentas Administrativas do Menu Iniciar”
EXPLAIN !!ADMHelp
KEYNAME Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
PART !!ADM_Configure DROPDOWNLIST REQUIRED
VALUENAME “Start_AdminToolsRoot”
ITEMLIST
NAME !!ADMoff VALUE NUMERIC 0 DEFAULT
NAME !!ADMon VALUE NUMERIC 1
END ITEMLIST
END PART
END POLICY
END CATEGORY

[strings]
ADM_Configure=”Qual configuração você deseja?”
ADMoff=”Oculta”
ADMon=”Visível”

; explains
ADMhelp=”Remove o item Ferramentas Administrativas do Menu Iniciar!”

Créditos : https://social.technet.microsoft.com/Forums/pt-BR/winsrv2003pt/thread/dfe2107d-69fd-4bf5-a456-8880cb30b29f/

Script Power Shell :

Neste caso, você pode também (veja qual solução é a mais simples para teu uso) usar este script abaixo;

set oShell = CreateObject(“WScript.Shell”)
oShell.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_AdminToolsRoot”, “0”, “REG_DWORD”

Créditos: http://social.technet.microsoft.com/Forums/pt-BR/winsrv2008pt/thread/d287bce7-251f-4cf9-a4c8-16e1c9640016/

Regra Iptables Acesso Especifico para um IP

26 de setembro de 2012 Firewall No comments 
# Deny all SSH connections
iptables -I INPUT -p tcp --dport 22 -j DROP
# All connections from address xyz
iptables -I INPUT -p tcp --source 1.2.3.4 --dport 22 -j ACCEPT
iptables -I INPUT -p tcp --source 5.6.7.8 --dport 22 -j ACCEPT

# Deny all webconfig connections
iptables -I INPUT -p tcp --dport 81 -j DROP
# All connections from address xyz
iptables -I INPUT -p tcp --source 1.2.3.4 --dport 81 -j ACCEPT
iptables -I INPUT -p tcp --source 5.6.7.8 --dport 81 -j ACCEPT
« Older Entries   Recent Entries »