Monday, October 9, 2023

Turn off pop notifications in chrome browser from major news outlets

 On Chrome browser, go to settings

select privacy and security

select site settings

select Java Script


Select Don't allow sites to use Javascript



This change will affect other sites to send notifications, if you want notifications, you may need revert the change


Tuesday, March 14, 2023

Fix Cisco ASA ASDM Client for Windows 11 and Windows 10 H2 build error "this APP can't run on your PC"

 

When you install ASDM client on your new  laptop running Windows 10 or  Windows 11, you will get the following error

message

"this APP can't run on your PC"

To run the ASDM client on your laptop, please follow the following steps

uninstall any old versions of JRE

Download and install the 64bit version of JRE from Oracle

Install the ASDM client using DM-launcher.msi file

once the installation is completed, you will get the error message that you cannot run on this PC

from Windows start, find the file location of ASDM

Windows opens the file location, identify the target

target will be a long file name with invisible.vbs.run.bat

replace the target with

C:\Windows\System32\wscript.exe invisible.vbs run.bat

click apply 

now you will be able to launch ASDM, if the ASA is running newer code, you need to download the latest ASDM client from ASA.



Sunday, April 3, 2022

AWS CLI CHEAT SHEET

 


 aws --version

 

 aws configure


aws configure --profile "testfile"


aws configure output format jason


Specify your AWS Region


aws configure region "name"

 AWS  RUN Command

Create EC2 instance

ws ec2 run-instances \


    --image-id ami-name \


    --instance-type t2.micro \


    --key-name MyKeyPair

--security-group-ids sg-007e43f80a1958f29 \

--subnet-id subnet-name \

 

aws s3 ls --profile "name"

CloudFront

List CloudFront distributions and origins


aws cloudfront list-distributions 


CloudWatch

List information about an alarm

aws cloudwatch describe-alarms 


aws cloudwatch delete-alarms --alarm-names "name"

DynamoDB

List DynamoDB tables


aws dynamodb list-tables 

aws dynamodb scan --table-name events

aws dynamodb scan --table-name events --select 

aws ebs complete-snapshot "ID"

Start a Snapshot

aws ebs start-snapshot --volume-size 100G



List VPCs and CIDR IP Bloc

aws ec2 describe-vpcs | jq -r '.Vpcs[]|.VpcId+" "+(.Tags[]|select(.Key=="Name").Value)+" "+.CidrBlock'


List Subnets for a VPC


aws ec2 describe-subnets --filter Name=vpc-id,Values=vpc-0d1c1cf4e980ac593 | jq -r '.Subnets[]|.SubnetId+" "+.CidrBlock+" "+(.Tags[]|select(.Key=="Name").Value)'


List Security Groups

aws ec2 describe-security-groups | jq -r '.SecurityGroups[]|.GroupId+" "+.GroupName'


Edit Security Groups of an Instance


aws ec2 modify-instance-attribute --instance-id i-0dae5d4daa47fe4a2 --groups ID


Add Rule to Security Group

aws ec2 authorize-security-group-ingress --group-id "name" --protocol tcp --port 443 --cidr 10.0.0.1

Delete Rule from Security Group

aws ec2 revoke-security-group-ingress --group-id name --protocol tcp --port 443 --cidr 10.0.0.1

Edit Rules of Security Group

aws ec2 update-security-group-rule-descriptions-ingress --group-id sg-02a63c67684d8deed --ip-permissions 'ToPort=443,IpProtocol=tcp,IpRanges=[{CidrIp=102.171.186.133/32,Description=name}]'

 

Delete Security Group


aws ec2 delete-security-group --group-id name


aws ecs create-cluster --cluster-name=NAME --generate-cli-skeleton


Create an ECS service


aws ecs create-service

 

EKS

Create a cluster


aws eks create-cluster --name 


Delete a cluster

aws eks delete-cluster --name 



aws eks tag-resource --resource-arn  --tags name

 

Untag a resource


aws eks untag-resource --resource-arn (resource_ARN) --tag-keys name

 



aws iam list-groups | jq -r .Groups[ ].GroupName

 


Add/Delete groups


aws iam create-group --group-name (groupName)

 

Add policy to a group


aws iam attach-group-policy --group-name (groupname) --policy-arn arn:aws:iam::aws:policy/name

 

Add user to a group


aws iam add-user-to-group --group-name (groupname) --user-name (username)

 

Remove user from a group


aws iam remove-user-from-group --group-name (groupname) --user-name (username)

 


List users in a group


aws iam get-group --group-name (groupname)

 

List groups for a user


aws iam list-groups-for-user --user-name (username)

 


Attach/detach policy to a group


aws iam attach-group-policy --group-name (groupname) --policy-arn arn:aws:iam::aws:policy/DynamoDBFullAccess

aws iam detach-group-policy --group-name (groupname) --policy-arn arn:aws:iam::aws:policy/DynamoDBFullAccess

 

 

IAM User

List userId and UserName


aws iam list-users | jq -r ‘.Users[ ]|.UserId+” “+.UserName’

 


Get single user


aws iam get-user --user-name 

 


Add user


aws iam create-user --user-name 

 


Delete user


aws iam delete-user --user-name (username)


 

Route53

Create hosted zone


aws route53 create-hosted-zone --name xxx.com


Delete hosted zone


aws route53 delete-hosted-zone --id 

 

Get hosted zone


aws route53 get-hosted-zone --id 


List hosted zones


aws route53 list-hosted-zones

 

Create a record set


To do this you’ll first need to create a JSON file with a list of change items in the body and use the CREATE action. For example the JSON file would look like this.


{

     "Comment": "CREATE/DELETE/UPSERT a record",

     "Changes": [{

     "Action": "CREATE",

          "ResourceRecordSet":{

               "Name": "a.example.com",

               "Type": "A",

               "TTL": 300,

          "ResourceRecords":[{"Value":"1.4.4.4"}]

}}]

}


Update a record set


To do this you’ll first need to create a JSON file with a list of change items in the body and use the UPSERT action. This will either create a new record set with the specified value, or updates a record set if it already exists. For example the JSON file would look like this.


{

     "Comment": "CREATE/DELETE/UPSERT a record",

     "Changes": [{

     "Action": "UPSERT",

          "ResourceRecordSet":{

               "Name": "a.example.com",

               "Type": "A",

               "TTL": 300,

          "ResourceRecords": [{"Value":"1.1.1.1"}]

}}]

}

Once you have a JSON file with the correct information like above you will be able to enter the command


aws route53 change-resource-record-sets --hosted-zone-id (zone-id) --change-batch file://exampleabove.json

 

Delete a record set


To do this you’ll first need to create a JSON file with a list of the record set values you want to delete in the body and use the DELETE action. For example the JSON file would look like this.


{

     "Comment": "CREATE/DELETE/UPSERT a record",

     "Changes": [{

     "Action": "DELETE",

          "ResourceRecordSet": {

               "Name": "a.example.com",

               "Type": "A",

               "TTL": 300,

          "ResourceRecords": [{"Value":"1.1.1.1"}]

}}]


aws route53 change-resource-record-sets --hosted-zone-id (zone-id) --change-batch file://example.json

 

S3

List Buckets


aws s3 ls

aws s3 mb s3://bucket-name

make_bucket: bucket-name

 

Delete Bucket


aws s3 rb s3://bucket-name --force

 

Download S3 object to local


aws s3 cp s3://bucket-name

download: ./backup.tar from s3://bucket-name/backup.tar 


Upload local file as S3 object


aws s3 cp backup.tar s3://bucket-name

upload: ./backup.tar to s3://bucket-name/backup.tar


Delete S3 object


aws s3 rm s3://bucket-name/file.gz .

delete: s3://bucket-name/file.gz


Download bucket to local


aws s3 sync s3://bucket-name/ /media/pasport-ultra/backup

 

Upload local directory to bucket


aws s3 sync (directory) s3://bucket-name/

 

Share S3 object without public access


aws s3 presign s3://bucket-name/file-name --expires-in (time value)

https://bucket-name.s3.amazonaws.com/file-name.pdf?AWSAccessKeyId=(key)&Expires=(value)&Signature=(value)

 

 

Sunday, September 19, 2021

kmode exception not handled Windows 10 BSOD

 kmode exception not handled   Windows 10 BSOD

When you do a windows update, sometimes you may be hit with kmode exception blue screen error code. This error code appears mostly in windows 10 devices. Before you make any changes

1. backup the data to an external hard drive

2. type memory diagnostics on the search bar

3. You may get the following screen


4. click restart now and check for programs

The machine will reboot and start the diagnostics and follow the prompts.

Most of the time, errors will disappear.

If the error still exists, update the BIOS, drivers or if It is a Dell laptop, run the Dell utility for updates.

Once the updates are done, reboot the laptop

Wednesday, February 10, 2021

Cisco ise 2.7 Cisco switch Tacacs configuration

 Cisco switches Tacacs configuration



tacacs-server host ip.addr timeout 4 key 0 cisco123 single-connection

tacacs-server host ip.addr timeout 4 key 0 cisco123 single-connection

tacacs-server retransmit tries

!

aaa new-model

aaa authentication login default group (name) tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ local if-authenticated

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

!

ip tacacs source-interface vrf management0

Saturday, February 6, 2021

ISE 2.7 TACACS CONFIGURATION

  ISE TACACS Configuration Template:


Layer-3 and Layer-2 switches: -

Define TACACS SERVER: -

aaa group server tacacs+ ISE-GROUP(NAME)

 

 server-private <primary ISE server  NODE IP > key <plain key>

 server-private <secondary ISE Server NODE IP > key <plain key>

 

 

AAA Login Commands: -

aaa new-model

aaa authentication login ISEauth group ISE-GROUP(NAME) local

 

aaa authorization exec ISEauth group ISE-GROUP local if-authenticated

 

line vty 0 15

 login authentication ISEauth

 authorization exec ISEauth

 

 

AAA Command Authorization Config: -

you can monitor and restrict the commands that have been issued in the Switch.

aaa authorization commands 1 default group ISE-GROUP local if-authenticated

aaa authorization commands 15 default group ISE-GROUP local if-authenticated

aaa authorization config-commands

Login Accounting Logs sent to ISE server: -

"Exec accounting” will capture details about user accessing the shell prompt where you run all the commands & “command accounting” keep track of what commands users execute on a Cisco device.

aaa accounting exec default start-stop group ISE-GROUP(NAME)

aaa accounting commands 1 default start-stop group ISE-GROUP

aaa accounting commands 15 default start-stop group ISE-GROUP



 

 

 

 

ASA Firewall Configuration: -

Define TACACS SERVER: -

·        max-failed-attempts: -  The default value is three.

·        reactivation-mode: -There are two different AAA server reactivation modes in ASA:

timed mode and depletion mode. 

                                                           

aaa-server TACACS protocol tacacs+

 aaa-server TACACS+ max-failed-attempts 3

 reactivation-mode timed

aaa-server TACACS (inside) host <primary ISE server NODE IP>

 timeout 5

 key *****

aaa-server TACACS (inside) host <secondary ISE server NODE IP>

 timeout 5

 key *****

AAA Login Commands: -

aaa authentication http console TACACS LOCAL

aaa authentication ssh console TACACS LOCAL

aaa authentication enable console TACACS LOCAL

aaa authentication telnet console TACACS LOCAL

aaa authentication serial console TACACS LOCAL

aaa authorization exec authentication-server

 

 

 

 

AAA Command Authorization Config: -

 you can monitor and restrict the commands that have been issued in the ASA.

aaa authorization command TACACS LOCAL

Login Accounting Logs sent to ISE server: -

aaa accounting telnet console TACACS

aaa accounting ssh console TACACS

aaa accounting command privilege 15 TACACS

 




CISCO ISE 2.7 CHEAT SHEET

 

Cisco ISE 2.7  HANDY COMMANDS


ISE COMMANDS

sh app stat ise    >> ISE services STATUS

 

ISE PROCESS NAME                       STATE            PROCESS ID 

--------------------------------------------------------------------

Database Listener                      running          3424       

Database Server                        running          77 PROCESSES

Application Server                     running          31299      

Profiler Database                      running          4867       

ISE Indexing Engine                    running          799        

Backup database

 

 

To stop ISE services

application stop ise

application start ise

 

 

admin# application stop ise

 

Stopping ISE Monitoring & Troubleshooting Log Collector...

Stopping ISE Monitoring & Troubleshooting Log Processor...

 

Start ise

admin# application start ise

 

 

 

show run   >>> running config

 

 

Repository

repository name

  url sftp://ip address /home/directory name

 

de1-poda/admin# configure terminal

 

Enter configuration commands, one per line.  End with CNTL/Z.

 

node1-poda/admin(config)# repository name

 

node1-poda/admin(config-Repository)# url ftp://ip.addr/  or sftp

 

node1-poda/admin(config-Repository)# user name password plain password

 

node1-poda/admin(config-Repository)# exit

 

node1-poda/admin(config)# exit

 

 

backup name repository  name  ise-config encryption-key plain Password

 

show repository  name

 

 

Logs

admin# sh logging application appserver/catalina.out tail

admin# sh logging application replication.log tail

 

admin# sh logging

ADEOS Platform log:

-----------------

 

2019-11-19T00:45:01.846708-06:00 dfd-cscise01 logger: List of new hosts: 172.23.

1.30 172.21.1.85 172.22.1.30 172.16.203.30 172.16.50.50

2019-11-19T00:45:01.863927-06:00 dfd-cscise01 logger: host is 172.16.50.50

2019-11-19T00:45:01.866095-06:00 dfd-cscise01 logger: Rule exists for 172.16.50.

50 already

 

 


Turn off pop notifications in chrome browser from major news outlets

 On Chrome browser, go to settings select privacy and security select site settings select Java Script Select Don't allow sites to use J...