Clonezilla – VirtualBox to Physical

Before starting, make a clone of the VirtualBox machine.

Step 01 – Add Bootable Clonezilla ISO

Modify the VirtualBox settings to add the boot ISO for clonezilla.

Notice that the IDE has clonezilla.iso added

Step 02 – Start Virtual Machine

When the machine boots up, you should see the clonezilla startup menu.

clonezilla start menu

Step 03 – select language

Step 04 – Select default keyboard

Step 05 – stuck on keyboard setup?

I was not sure what to do at this point, so I researched a bit to see if others had a solution. First I tried this link.

https://sourceforge.net/p/clonezilla/discussion/Clonezilla_live/thread/ab9b8d6957/?limit=25

This wasn’t helpful, so I tried pressing Ctrl-C and it skipped to the next step.

Step 06 – Start clonezilla

I’m not sure if the next steps will work or not as a result of pressing Ctrl-C. This is the screen that came up.

Step 07 – Select device-image

It appears that pressing Ctrl-C did not cause a problem.

The instructions on this page are important. I’m interested in creating an image that I can move to a physical device. so I’m selecting the first option.

It just occurred to me that I read somewhere that the VirtualBox disk image needs to be fixed instead of dynamic. I chose dynamic, so I may have to start over. I’ll try anyway just to see what happens.

Step 08 – Select local-dev

I want to put this image on a USB thumb drive, so I’m selecting local-dev.

Step 09 – Mount point for image?

I had my USB drive inserted already, but since the message at the bottom of this screenshot said to insert *now* I removed and reinserted. I waited about 5 seconds, then pressed enter.

Step 10 – Insert USB Drive and select

I’m having trouble with this step. My host computer detects the USB drive, but my VirtualBox does not.

Step 11 – Tell VirtualBox to use USB

I just realized that there is an option within the VirtualBox menu to select a USB.

This worked! The USB drive showed up after about 5 seconds when selecting that USB drive.

Step 12 – Detect USB thumb drive

See the USB drive is /dev/sdb

Step 13 – select USB drive for image

There is an important note here to select the USB drive which was detected in the prior step as sdb1

Step 14 – select destination on USB

I do not have any folders, so I just select /

Tabbed over to Done and pressed enter.

Step 15 – Confirm /home/partimag

Confirmation of destination.

Step 16 – Select Beginner Mode

I just realized that my screenshots to not have an asterisk next to the option, but if I press tab, the option selected is blue. In this screenshot I forgot to press tab and just pressed enter, but it worked. Fortunately it was the option I wanted.

Step 17 – Save as image

Step 18 – filename for image

I changed the filename to include the machine name.

Step 19 – select source

Step 20 – Option to repair

I’m choosing not to do the repair. Not necessary probably.

Step 21 – Oops – check readable

I’m missing a screenshot here because I accidently skipped past. the option said to check if readable. sorry about the missing screenshot.

Step 22 – Encrypt the image?

I’m choosing not to encrypt the image.

Step 23 – Choose Reboot or Shutdown

I’m choosing to shutdown.

Step 24 – Confirm

There are some instructions about future command to run at the bottom of the screenshot. Pressed enter to continue.

Step 25 – Another confirmation

Pressed y to continue.

Step 26 – Let’s do it!

There are a lot of screens that automatically go by, but I was unable to capture them all. This screenshot is running and shows the progress.

Step 27 – finishing up

Apache – AD – Linux

I have recently started to experiment with getting a linux webserver to allow for Active Directory users to connect with their own username passed to the web server.

This is proving to be very difficult. It shouldn’t be that hard to get the username in the linux server for the windows intranet user that is connecting.

One of the challenges is that there are so many variables to consider. Version of OS, Version of apache.

What is my linux version?

I’m currently using Centos 8.1. I was able to determine this because I did the install, but if you did it a while ago, or did several other servers since then and you are not sure what version you are on, then use this command.

https://linuxconfig.org/how-to-check-centos-version

cat /etc/centos-release

CentOS Linux release 8.1.1911 (Core)

What is my Apache version?

httpd -v

Server version: Apache/2.4.37 (centos)
Server built: Sep 15 2020 15:41:16

What Apache modules are needed for HTTP Authentication?

This might not be correct, but all indicators seem to point to this.

I have gone down a lot of rabbit holes. I don’t know whether every avenue that I explored is necessary or not.

https://computingforgeeks.com/install-apache-with-ssl-http2-on-rhel-centos/

The mod_auth_kerb module has been replaced by the mod_auth_gssapi module.

http://www.jfcarter.net/~jimc/documents/bugfix/41-auth-kerb.html

Apache2-mod_auth_kerb Is Dead, Use Mod_auth_gssapi

https://jaosorior.dev/2018/keberos-for-keystone-with-mod_auth_gssapi/

Where can I find documentation for mod_auth_gssapi?

https://github.com/gssapi/mod_auth_gssapi

What is the difference between HTTP Auth and Web Application Login?

I do not want Web Application logon, I want HTTP Auth to populate the user variable so that the user does not need to enter their username as long as they are logged into their windows machine.

What does the Apache Documenation say about Authentication and Authorization?

http://httpd.apache.org/docs/current/howto/auth.html

Do I really need SSL in order to get the AD username on the web server?

I sure hope not! Still looking into this.

A very dark place…

http://modauthkerb.sourceforge.net/configure.html

I probably should read this page, but I’m not ready to understand that yet…

What is the difference between HOST and HTTP Service Principals?

https://sssd.io/docs/users/ldap_with_ad.html

This is still a big mystery to me… I believe that HTTP is for the web server authentication and HOST is for users on the machine. I’m concerned with HTTP authentication.

What is SetSpn for Windows Active Directory?

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc731241(v=ws.11)

What is a Active Directory SPN?

A Service Principal Name (SPN) is a name in Active Directory that a client uses to uniquely identify an instance of a service. An SPN combines a service name with a computer and user account to form a type of service ID.

How can I use VBScript to list all my SPNs?

https://github.com/nidem/kerberoast/blob/master/GetUserSPNs.vbs

Yes. This script works.

How to Display the Keylist (Principals) in a Keytab File

This may be a bit early, but I’ll move it later. The keytab file can be viewed on Linux using ktutil.

The command to start ktutil to get to the ktutil prompt.

https://docs.oracle.com/cd/E19683-01/806-4078/6jd6cjs1q/index.html

Are there any good walkthroughs that come close?

https://imatviyenko.github.io/blog/2018/09/11/Apache-AD-kerberos

This one comes very close, but I’m still having trouble getting it working.

Troubleshooting

https://serverfault.com/questions/680289/kerberos-kdc-has-no-support-for-encryption-type-while-getting-credentials

https://stackoverflow.com/questions/23801169/kdc-has-no-support-for-encryption-type-14

What encryption types can windows do?

https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ktpass

Random kerberos links

https://active-directory-wp.com/docs/Networking/Single_Sign_On/Kerberos_SSO_with_Apache_on_Linux.html

https://community.spiceworks.com/how_to/91377-implementing-single-sign-on-on-windows-with-apache

https://github.com/nextcloud/user_saml/issues/250

If I cannot get SSO working, I’ll use a logon page… :/

https://httpd.apache.org/docs/2.4/mod/mod_auth_form.html

Using awk and SQLite

I have recently had the opportunity to use awk and sqlite on a project that I’m working on.

My first thought was that awk should be able to do that. I found some code that someone else did that parses quote and comma delimited.

I started off installing sqlite on cygwin.

After getting sqlite installed, I felt that I needed some test data in order to work with so I did a search and found this site:

https://www.briandunning.com/sample-data/

I grabbed the free file for testing.

The file is comma delimited file that has these fields:

  • First Name
  • Last Name
  • Company
  • Address
  • City
  • County (where applicable)
  • State/Province (where applicable)
  • ZIP/Postal Code
  • Phone 1
  • Phone 2
  • Email
  • Web

Here I used the SQLite command line to issue the command to create the table.

I attempted to import the csv file but got an error.

I can tell that the records are from a Macintosh system because the file has a carriage return record delimiter.

so I wanted to view a hexdump of the file.  I used cat, tr , head and hexdump.

You can see in the HEX dump below that the file now has hex 09 line feeds.

The problem is how to handle quote comma delimited files. I did a search to see if someone already had a solution for that and found this:

AWK CSV Parser

The code contains a function called parse_csv(). You can look at the usage of the parameters on the link above. The important part is how to call this function.

I’m using AWK to convert the CSV file into a pipe delimited file.

I then imported the data into the database.

I’m seeing the first row has the column titles. I’ll look into how to import without that line later.

What is Twitter shadow ban?

It is the practice of making tweets invisible to the general public in an attempt to censor a particular user. That is the truth. A more politically correct answer is that it is the technique of blocking a user that so that they don’t know that they are being blocked. It is pure deception.

Originally, the concept was intended to reduce spam or undesirable posts from a user that was considered a problem. However, there is a potential that this practice can be abused and used for nefarious purposes. Who judges whether a user is a problem or not and what motives are behind that decision?

I really became interested in this because after the topic came up on twitter. A well known cartoonist named Scott Adams wrote this blog post about shadow banning.

  • http://allnewspipeline.com/Smoking_Gun_Twitter_Shadow_Ban_List.php
  • http://www.breitbart.com/tech/2017/02/16/twitter-introduces-account-limiting-for-abusive-behavior/