Category: Uncategorized

Clonezilla – VirtualBox to Physical

Before starting, make a clone of the VirtualBox machine.

Step 01 – Add Bootable Clonezilla ISO

Modify the VirtualBox settings to add the boot ISO for clonezilla.

Notice that the IDE has clonezilla.iso added

Step 02 – Start Virtual Machine

When the machine boots up, you should see the clonezilla startup menu.

clonezilla start menu

Step 03 – select language

Step 04 – Select default keyboard

Step 05 – stuck on keyboard setup?

I was not sure what to do at this point, so I researched a bit to see if others had a solution. First I tried this link.

https://sourceforge.net/p/clonezilla/discussion/Clonezilla_live/thread/ab9b8d6957/?limit=25

This wasn’t helpful, so I tried pressing Ctrl-C and it skipped to the next step.

Step 06 – Start clonezilla

I’m not sure if the next steps will work or not as a result of pressing Ctrl-C. This is the screen that came up.

Step 07 – Select device-image

It appears that pressing Ctrl-C did not cause a problem.

The instructions on this page are important. I’m interested in creating an image that I can move to a physical device. so I’m selecting the first option.

It just occurred to me that I read somewhere that the VirtualBox disk image needs to be fixed instead of dynamic. I chose dynamic, so I may have to start over. I’ll try anyway just to see what happens.

Step 08 – Select local-dev

I want to put this image on a USB thumb drive, so I’m selecting local-dev.

Step 09 – Mount point for image?

I had my USB drive inserted already, but since the message at the bottom of this screenshot said to insert *now* I removed and reinserted. I waited about 5 seconds, then pressed enter.

Step 10 – Insert USB Drive and select

I’m having trouble with this step. My host computer detects the USB drive, but my VirtualBox does not.

Step 11 – Tell VirtualBox to use USB

I just realized that there is an option within the VirtualBox menu to select a USB.

This worked! The USB drive showed up after about 5 seconds when selecting that USB drive.

Step 12 – Detect USB thumb drive

See the USB drive is /dev/sdb

Step 13 – select USB drive for image

There is an important note here to select the USB drive which was detected in the prior step as sdb1

Step 14 – select destination on USB

I do not have any folders, so I just select /

Tabbed over to Done and pressed enter.

Step 15 – Confirm /home/partimag

Confirmation of destination.

Step 16 – Select Beginner Mode

I just realized that my screenshots to not have an asterisk next to the option, but if I press tab, the option selected is blue. In this screenshot I forgot to press tab and just pressed enter, but it worked. Fortunately it was the option I wanted.

Step 17 – Save as image

Step 18 – filename for image

I changed the filename to include the machine name.

Step 19 – select source

Step 20 – Option to repair

I’m choosing not to do the repair. Not necessary probably.

Step 21 – Oops – check readable

I’m missing a screenshot here because I accidently skipped past. the option said to check if readable. sorry about the missing screenshot.

Step 22 – Encrypt the image?

I’m choosing not to encrypt the image.

Step 23 – Choose Reboot or Shutdown

I’m choosing to shutdown.

Step 24 – Confirm

There are some instructions about future command to run at the bottom of the screenshot. Pressed enter to continue.

Step 25 – Another confirmation

Pressed y to continue.

Step 26 – Let’s do it!

There are a lot of screens that automatically go by, but I was unable to capture them all. This screenshot is running and shows the progress.

Step 27 – finishing up

Apache – AD – Linux

I have recently started to experiment with getting a linux webserver to allow for Active Directory users to connect with their own username passed to the web server.

This is proving to be very difficult. It shouldn’t be that hard to get the username in the linux server for the windows intranet user that is connecting.

One of the challenges is that there are so many variables to consider. Version of OS, Version of apache.

What is my linux version?

I’m currently using Centos 8.1. I was able to determine this because I did the install, but if you did it a while ago, or did several other servers since then and you are not sure what version you are on, then use this command.

https://linuxconfig.org/how-to-check-centos-version

cat /etc/centos-release

CentOS Linux release 8.1.1911 (Core)

What is my Apache version?

httpd -v

Server version: Apache/2.4.37 (centos)
Server built: Sep 15 2020 15:41:16

What Apache modules are needed for HTTP Authentication?

This might not be correct, but all indicators seem to point to this.

I have gone down a lot of rabbit holes. I don’t know whether every avenue that I explored is necessary or not.

https://computingforgeeks.com/install-apache-with-ssl-http2-on-rhel-centos/

The mod_auth_kerb module has been replaced by the mod_auth_gssapi module.

http://www.jfcarter.net/~jimc/documents/bugfix/41-auth-kerb.html

Apache2-mod_auth_kerb Is Dead, Use Mod_auth_gssapi

https://jaosorior.dev/2018/keberos-for-keystone-with-mod_auth_gssapi/

Where can I find documentation for mod_auth_gssapi?

https://github.com/gssapi/mod_auth_gssapi

What is the difference between HTTP Auth and Web Application Login?

I do not want Web Application logon, I want HTTP Auth to populate the user variable so that the user does not need to enter their username as long as they are logged into their windows machine.

What does the Apache Documenation say about Authentication and Authorization?

http://httpd.apache.org/docs/current/howto/auth.html

Do I really need SSL in order to get the AD username on the web server?

I sure hope not! Still looking into this.

A very dark place…

http://modauthkerb.sourceforge.net/configure.html

I probably should read this page, but I’m not ready to understand that yet…

What is the difference between HOST and HTTP Service Principals?

https://sssd.io/docs/users/ldap_with_ad.html

This is still a big mystery to me… I believe that HTTP is for the web server authentication and HOST is for users on the machine. I’m concerned with HTTP authentication.

What is SetSpn for Windows Active Directory?

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc731241(v=ws.11)

What is a Active Directory SPN?

A Service Principal Name (SPN) is a name in Active Directory that a client uses to uniquely identify an instance of a service. An SPN combines a service name with a computer and user account to form a type of service ID.

How can I use VBScript to list all my SPNs?

https://github.com/nidem/kerberoast/blob/master/GetUserSPNs.vbs

Yes. This script works.

How to Display the Keylist (Principals) in a Keytab File

This may be a bit early, but I’ll move it later. The keytab file can be viewed on Linux using ktutil.

The command to start ktutil to get to the ktutil prompt.

https://docs.oracle.com/cd/E19683-01/806-4078/6jd6cjs1q/index.html

denver # /usr/bin/ktutil
ktutil: read_kt /etc/krb5/krb5.keytab 
ktutil: list
slot KVNO Principal 
---- ---- ---------------------------------------
 1 5 host/denver@EXAMPLE.COM ktutil: 
quit

Are there any good walkthroughs that come close?

https://imatviyenko.github.io/blog/2018/09/11/Apache-AD-kerberos

This one comes very close, but I’m still having trouble getting it working.

Troubleshooting

https://serverfault.com/questions/680289/kerberos-kdc-has-no-support-for-encryption-type-while-getting-credentials

https://stackoverflow.com/questions/23801169/kdc-has-no-support-for-encryption-type-14

What encryption types can windows do?

https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ktpass

Random kerberos links

https://active-directory-wp.com/docs/Networking/Single_Sign_On/Kerberos_SSO_with_Apache_on_Linux.html

https://community.spiceworks.com/how_to/91377-implementing-single-sign-on-on-windows-with-apache

https://github.com/nextcloud/user_saml/issues/250

If I cannot get SSO working, I’ll use a logon page… :/

https://httpd.apache.org/docs/2.4/mod/mod_auth_form.html

Using awk and SQLite

I have recently had the opportunity to use awk and sqlite on a project that I’m working on.

My first thought was that awk should be able to do that. I found some code that someone else did that parses quote and comma delimited.

I started off installing sqlite on cygwin.

After getting sqlite installed, I felt that I needed some test data in order to work with so I did a search and found this site:

https://www.briandunning.com/sample-data/

I grabbed the free file for testing.

wget https://www.briandunning.com/sample-data/us-500.zip

The file is comma delimited file that has these fields:

  • First Name
  • Last Name
  • Company
  • Address
  • City
  • County (where applicable)
  • State/Province (where applicable)
  • ZIP/Postal Code
  • Phone 1
  • Phone 2
  • Email
  • Web
CREATE TABLE us500 (
first_name TEXT NOT NULL,
last_name TEXT NOT NULL,
company TEXT NOT NULL,
address TEXT NOT NULL,
city TEXT NOT NULL,
county TEXT NOT NULL,
state TEXT NOT NULL,
zipcode TEXT NOT NULL,
phone1 TEXT NOT NULL,
phone2 TEXT NOT NULL,
email TEXT NOT NULL,
web TEXT NOT NULL);

Here I used the SQLite command line to issue the command to create the table.

sqlite> CREATE TABLE us500 (
   ...> first_name TEXT NOT NULL,
   ...> last_name TEXT NOT NULL,
   ...> company TEXT NOT NULL,
   ...> address TEXT NOT NULL,
   ...> city TEXT NOT NULL,
   ...> county TEXT NOT NULL,
   ...> state TEXT NOT NULL,
   ...> zipcode TEXT NOT NULL,
   ...> phone1 TEXT NOT NULL,
   ...> phone2 TEXT NOT NULL,
   ...> email TEXT NOT NULL,
   ...> web TEXT NOT NULL);
sqlite> .tables
us500
sqlite>

I attempted to import the csv file but got an error.

ssqlite> .mode csv
sqlite> .import us-500lf.csv us500
Error: us-500lf.csv line 2: expected 12 columns of data but found 13

I can tell that the records are from a Macintosh system because the file has a carriage return record delimiter.

so I wanted to view a hexdump of the file.  I used cat, tr , head and hexdump.

You can see in the HEX dump below that the file now has hex 09 line feeds.

$ cat us-500.csv | tr "\r" "\n" | head -n 3 |hexdump -C
00000000  22 66 69 72 73 74 5f 6e  61 6d 65 22 2c 22 6c 61  |"first_name","la|
00000010  73 74 5f 6e 61 6d 65 22  2c 22 63 6f 6d 70 61 6e  |st_name","compan|
00000020  79 5f 6e 61 6d 65 22 2c  22 61 64 64 72 65 73 73  |y_name","address|
00000030  22 2c 22 63 69 74 79 22  2c 22 63 6f 75 6e 74 79  |","city","county|
00000040  22 2c 22 73 74 61 74 65  22 2c 22 7a 69 70 22 2c  |","state","zip",|
00000050  22 70 68 6f 6e 65 31 22  2c 22 70 68 6f 6e 65 32  |"phone1","phone2|
00000060  22 2c 22 65 6d 61 69 6c  22 2c 22 77 65 62 22 0a  |","email","web".|
00000070  22 4a 61 6d 65 73 22 2c  22 42 75 74 74 22 2c 22  |"James","Butt","|
00000080  42 65 6e 74 6f 6e 2c 20  4a 6f 68 6e 20 42 20 4a  |Benton, John B J|
00000090  72 22 2c 22 36 36 34 39  20 4e 20 42 6c 75 65 20  |r","6649 N Blue |
000000a0  47 75 6d 20 53 74 22 2c  22 4e 65 77 20 4f 72 6c  |Gum St","New Orl|
000000b0  65 61 6e 73 22 2c 22 4f  72 6c 65 61 6e 73 22 2c  |eans","Orleans",|
000000c0  22 4c 41 22 2c 37 30 31  31 36 2c 22 35 30 34 2d  |"LA",70116,"504-|
000000d0  36 32 31 2d 38 39 32 37  22 2c 22 35 30 34 2d 38  |621-8927","504-8|
000000e0  34 35 2d 31 34 32 37 22  2c 22 6a 62 75 74 74 40  |45-1427","jbutt@|
000000f0  67 6d 61 69 6c 2e 63 6f  6d 22 2c 22 68 74 74 70  |gmail.com","http|
00000100  3a 2f 2f 77 77 77 2e 62  65 6e 74 6f 6e 6a 6f 68  |://www.bentonjoh|
00000110  6e 62 6a 72 2e 63 6f 6d  22 0a 22 4a 6f 73 65 70  |nbjr.com"."Josep|
00000120  68 69 6e 65 22 2c 22 44  61 72 61 6b 6a 79 22 2c  |hine","Darakjy",|
00000130  22 43 68 61 6e 61 79 2c  20 4a 65 66 66 72 65 79  |"Chanay, Jeffrey|
00000140  20 41 20 45 73 71 22 2c  22 34 20 42 20 42 6c 75  | A Esq","4 B Blu|
00000150  65 20 52 69 64 67 65 20  42 6c 76 64 22 2c 22 42  |e Ridge Blvd","B|
00000160  72 69 67 68 74 6f 6e 22  2c 22 4c 69 76 69 6e 67  |righton","Living|
00000170  73 74 6f 6e 22 2c 22 4d  49 22 2c 34 38 31 31 36  |ston","MI",48116|
00000180  2c 22 38 31 30 2d 32 39  32 2d 39 33 38 38 22 2c  |,"810-292-9388",|
00000190  22 38 31 30 2d 33 37 34  2d 39 38 34 30 22 2c 22  |"810-374-9840","|
000001a0  6a 6f 73 65 70 68 69 6e  65 5f 64 61 72 61 6b 6a  |josephine_darakj|
000001b0  79 40 64 61 72 61 6b 6a  79 2e 6f 72 67 22 2c 22  |y@darakjy.org","|
000001c0  68 74 74 70 3a 2f 2f 77  77 77 2e 63 68 61 6e 61  |http://www.chana|
000001d0  79 6a 65 66 66 72 65 79  61 65 73 71 2e 63 6f 6d  |yjeffreyaesq.com|
000001e0  22 0a                                             |".|
000001e2

The problem is how to handle quote comma delimited files. I did a search to see if someone already had a solution for that and found this:

AWK CSV Parser

The code contains a function called parse_csv(). You can look at the usage of the parameters on the link above. The important part is how to call this function.

{
     num_fields = parse_csv($0, csv, ",", "\"", "\"", "\n", 1);
     if (num_fields < 0) {         printf "ERROR: %s (%d) -> %s\n", csverr, num_fields, $0;
     } else {
         #printf "%s -> ", $0;
         #printf "%s", num_fields;
         for (i = 0;i < num_fields;i++) {
           fld = csv[i];
           gsub(/\"/,"",fld);
           if(i < num_fields-1)
              printf "%s\t", fld;
           else
              printf "%s\n", fld;
         }
     }
 }
cat us-500.csv |tr "\r" "\n" |awk -f  parsecsv.awk >test1.pip

I’m using AWK to convert the CSV file into a pipe delimited file.

cat test1.pip| head -n 3 |hexdump -C
00000000  66 69 72 73 74 5f 6e 61  6d 65 09 6c 61 73 74 5f  |first_name.last_|
00000010  6e 61 6d 65 09 63 6f 6d  70 61 6e 79 5f 6e 61 6d  |name.company_nam|
00000020  65 09 61 64 64 72 65 73  73 09 63 69 74 79 09 63  |e.address.city.c|
00000030  6f 75 6e 74 79 09 73 74  61 74 65 09 7a 69 70 09  |ounty.state.zip.|
00000040  70 68 6f 6e 65 31 09 70  68 6f 6e 65 32 09 65 6d  |phone1.phone2.em|
00000050  61 69 6c 09 77 65 62 0a  4a 61 6d 65 73 09 42 75  |ail.web.James.Bu|
00000060  74 74 09 42 65 6e 74 6f  6e 2c 20 4a 6f 68 6e 20  |tt.Benton, John |
00000070  42 20 4a 72 09 36 36 34  39 20 4e 20 42 6c 75 65  |B Jr.6649 N Blue|
00000080  20 47 75 6d 20 53 74 09  4e 65 77 20 4f 72 6c 65  | Gum St.New Orle|
00000090  61 6e 73 09 4f 72 6c 65  61 6e 73 09 4c 41 09 37  |ans.Orleans.LA.7|
000000a0  30 31 31 36 09 35 30 34  2d 36 32 31 2d 38 39 32  |0116.504-621-892|
000000b0  37 09 35 30 34 2d 38 34  35 2d 31 34 32 37 09 6a  |7.504-845-1427.j|
000000c0  62 75 74 74 40 67 6d 61  69 6c 2e 63 6f 6d 09 68  |butt@gmail.com.h|
000000d0  74 74 70 3a 2f 2f 77 77  77 2e 62 65 6e 74 6f 6e  |ttp://www.benton|
000000e0  6a 6f 68 6e 62 6a 72 2e  63 6f 6d 0a 4a 6f 73 65  |johnbjr.com.Jose|
000000f0  70 68 69 6e 65 09 44 61  72 61 6b 6a 79 09 43 68  |phine.Darakjy.Ch|
00000100  61 6e 61 79 2c 20 4a 65  66 66 72 65 79 20 41 20  |anay, Jeffrey A |
00000110  45 73 71 09 34 20 42 20  42 6c 75 65 20 52 69 64  |Esq.4 B Blue Rid|
00000120  67 65 20 42 6c 76 64 09  42 72 69 67 68 74 6f 6e  |ge Blvd.Brighton|
00000130  09 4c 69 76 69 6e 67 73  74 6f 6e 09 4d 49 09 34  |.Livingston.MI.4|
00000140  38 31 31 36 09 38 31 30  2d 32 39 32 2d 39 33 38  |8116.810-292-938|
00000150  38 09 38 31 30 2d 33 37  34 2d 39 38 34 30 09 6a  |8.810-374-9840.j|
00000160  6f 73 65 70 68 69 6e 65  5f 64 61 72 61 6b 6a 79  |osephine_darakjy|
00000170  40 64 61 72 61 6b 6a 79  2e 6f 72 67 09 68 74 74  |@darakjy.org.htt|
00000180  70 3a 2f 2f 77 77 77 2e  63 68 61 6e 61 79 6a 65  |p://www.chanayje|
00000190  66 66 72 65 79 61 65 73  71 2e 63 6f 6d 0a        |ffreyaesq.com.|

I then imported the data into the database.

sqlite> select first_name,last_name from us500 limit 5;
first_name|last_name
James|Butt
Josephine|Darakjy
Art|Venere
Lenna|Paprocki

I’m seeing the first row has the column titles. I’ll look into how to import without that line later.

What is Twitter shadow ban?

It is the practice of making tweets invisible to the general public in an attempt to censor a particular user. That is the truth. A more politically correct answer is that it is the technique of blocking a user that so that they don’t know that they are being blocked. It is pure deception.

Originally, the concept was intended to reduce spam or undesirable posts from a user that was considered a problem. However, there is a potential that this practice can be abused and used for nefarious purposes. Who judges whether a user is a problem or not and what motives are behind that decision?

I really became interested in this because after the topic came up on twitter. A well known cartoonist named Scott Adams wrote this blog post about shadow banning.

  • http://allnewspipeline.com/Smoking_Gun_Twitter_Shadow_Ban_List.php
  • http://www.breitbart.com/tech/2017/02/16/twitter-introduces-account-limiting-for-abusive-behavior/