On Chrome browser, go to settings
select privacy and security
select site settings
select Java Script
Select Don't allow sites to use Javascript
This change will affect other sites to send notifications, if you want notifications, you may need revert the change
When you install ASDM client on your new laptop running Windows 10 or Windows 11, you will get the following error
message
"this APP can't run on your PC"
To run the ASDM client on your laptop, please follow the following steps
uninstall any old versions of JRE
Download and install the 64bit version of JRE from Oracle
Install the ASDM client using DM-launcher.msi file
once the installation is completed, you will get the error message that you cannot run on this PC
from Windows start, find the file location of ASDM
Windows opens the file location, identify the target
target will be a long file name with invisible.vbs.run.bat
replace the target with
C:\Windows\System32\wscript.exe invisible.vbs run.bat
click apply
now you will be able to launch ASDM, if the ASA is running newer code, you need to download the latest ASDM client from ASA.
aws --version
aws configure
aws configure --profile "testfile"
aws configure output format jason
Specify your AWS Region
aws configure region "name"
AWS RUN Command
Create EC2 instance
ws ec2 run-instances \
--image-id ami-name \
--instance-type t2.micro \
--key-name MyKeyPair
--security-group-ids sg-007e43f80a1958f29 \
--subnet-id subnet-name \
aws s3 ls --profile "name"
CloudFront
List CloudFront distributions and origins
aws cloudfront list-distributions
CloudWatch
List information about an alarm
aws cloudwatch describe-alarms
aws cloudwatch delete-alarms --alarm-names "name"
DynamoDB
List DynamoDB tables
aws dynamodb list-tables
aws dynamodb scan --table-name events
aws dynamodb scan --table-name events --select
aws ebs complete-snapshot "ID"
Start a Snapshot
aws ebs start-snapshot --volume-size 100G
List VPCs and CIDR IP Bloc
aws ec2 describe-vpcs | jq -r '.Vpcs[]|.VpcId+" "+(.Tags[]|select(.Key=="Name").Value)+" "+.CidrBlock'
List Subnets for a VPC
aws ec2 describe-subnets --filter Name=vpc-id,Values=vpc-0d1c1cf4e980ac593 | jq -r '.Subnets[]|.SubnetId+" "+.CidrBlock+" "+(.Tags[]|select(.Key=="Name").Value)'
List Security Groups
aws ec2 describe-security-groups | jq -r '.SecurityGroups[]|.GroupId+" "+.GroupName'
Edit Security Groups of an Instance
aws ec2 modify-instance-attribute --instance-id i-0dae5d4daa47fe4a2 --groups ID
Add Rule to Security Group
aws ec2 authorize-security-group-ingress --group-id "name" --protocol tcp --port 443 --cidr 10.0.0.1
Delete Rule from Security Group
aws ec2 revoke-security-group-ingress --group-id name --protocol tcp --port 443 --cidr 10.0.0.1
Edit Rules of Security Group
aws ec2 update-security-group-rule-descriptions-ingress --group-id sg-02a63c67684d8deed --ip-permissions 'ToPort=443,IpProtocol=tcp,IpRanges=[{CidrIp=102.171.186.133/32,Description=name}]'
Delete Security Group
aws ec2 delete-security-group --group-id name
aws ecs create-cluster --cluster-name=NAME --generate-cli-skeleton
Create an ECS service
aws ecs create-service
EKS
Create a cluster
aws eks create-cluster --name
Delete a cluster
aws eks delete-cluster --name
aws eks tag-resource --resource-arn --tags name
Untag a resource
aws eks untag-resource --resource-arn (resource_ARN) --tag-keys name
aws iam list-groups | jq -r .Groups[ ].GroupName
Add/Delete groups
aws iam create-group --group-name (groupName)
Add policy to a group
aws iam attach-group-policy --group-name (groupname) --policy-arn arn:aws:iam::aws:policy/name
Add user to a group
aws iam add-user-to-group --group-name (groupname) --user-name (username)
Remove user from a group
aws iam remove-user-from-group --group-name (groupname) --user-name (username)
List users in a group
aws iam get-group --group-name (groupname)
List groups for a user
aws iam list-groups-for-user --user-name (username)
Attach/detach policy to a group
aws iam attach-group-policy --group-name (groupname) --policy-arn arn:aws:iam::aws:policy/DynamoDBFullAccess
aws iam detach-group-policy --group-name (groupname) --policy-arn arn:aws:iam::aws:policy/DynamoDBFullAccess
IAM User
List userId and UserName
aws iam list-users | jq -r ‘.Users[ ]|.UserId+” “+.UserName’
Get single user
aws iam get-user --user-name
Add user
aws iam create-user --user-name
Delete user
aws iam delete-user --user-name (username)
Route53
Create hosted zone
aws route53 create-hosted-zone --name xxx.com
Delete hosted zone
aws route53 delete-hosted-zone --id
Get hosted zone
aws route53 get-hosted-zone --id
List hosted zones
aws route53 list-hosted-zones
Create a record set
To do this you’ll first need to create a JSON file with a list of change items in the body and use the CREATE action. For example the JSON file would look like this.
{
"Comment": "CREATE/DELETE/UPSERT a record",
"Changes": [{
"Action": "CREATE",
"ResourceRecordSet":{
"Name": "a.example.com",
"Type": "A",
"TTL": 300,
"ResourceRecords":[{"Value":"1.4.4.4"}]
}}]
}
Update a record set
To do this you’ll first need to create a JSON file with a list of change items in the body and use the UPSERT action. This will either create a new record set with the specified value, or updates a record set if it already exists. For example the JSON file would look like this.
{
"Comment": "CREATE/DELETE/UPSERT a record",
"Changes": [{
"Action": "UPSERT",
"ResourceRecordSet":{
"Name": "a.example.com",
"Type": "A",
"TTL": 300,
"ResourceRecords": [{"Value":"1.1.1.1"}]
}}]
}
Once you have a JSON file with the correct information like above you will be able to enter the command
aws route53 change-resource-record-sets --hosted-zone-id (zone-id) --change-batch file://exampleabove.json
Delete a record set
To do this you’ll first need to create a JSON file with a list of the record set values you want to delete in the body and use the DELETE action. For example the JSON file would look like this.
{
"Comment": "CREATE/DELETE/UPSERT a record",
"Changes": [{
"Action": "DELETE",
"ResourceRecordSet": {
"Name": "a.example.com",
"Type": "A",
"TTL": 300,
"ResourceRecords": [{"Value":"1.1.1.1"}]
}}]
aws route53 change-resource-record-sets --hosted-zone-id (zone-id) --change-batch file://example.json
S3
List Buckets
aws s3 ls
aws s3 mb s3://bucket-name
make_bucket: bucket-name
Delete Bucket
aws s3 rb s3://bucket-name --force
Download S3 object to local
aws s3 cp s3://bucket-name
download: ./backup.tar from s3://bucket-name/backup.tar
Upload local file as S3 object
aws s3 cp backup.tar s3://bucket-name
upload: ./backup.tar to s3://bucket-name/backup.tar
Delete S3 object
aws s3 rm s3://bucket-name/file.gz .
delete: s3://bucket-name/file.gz
Download bucket to local
aws s3 sync s3://bucket-name/ /media/pasport-ultra/backup
Upload local directory to bucket
aws s3 sync (directory) s3://bucket-name/
Share S3 object without public access
aws s3 presign s3://bucket-name/file-name --expires-in (time value)
https://bucket-name.s3.amazonaws.com/file-name.pdf?AWSAccessKeyId=(key)&Expires=(value)&Signature=(value)
kmode exception not handled Windows 10 BSOD
When you do a windows update, sometimes you may be hit with kmode exception blue screen error code. This error code appears mostly in windows 10 devices. Before you make any changes
1. backup the data to an external hard drive
2. type memory diagnostics on the search bar
3. You may get the following screen
The machine will reboot and start the diagnostics and follow the prompts.
Most of the time, errors will disappear.
If the error still exists, update the BIOS, drivers or if It is a Dell laptop, run the Dell utility for updates.
Once the updates are done, reboot the laptop
Cisco switches Tacacs configuration
tacacs-server host ip.addr timeout 4 key 0 cisco123 single-connection
tacacs-server host ip.addr timeout 4 key 0 cisco123 single-connection
tacacs-server retransmit tries
!
aaa new-model
aaa authentication login default group (name) tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
ip tacacs source-interface vrf management0
ISE TACACS Configuration Template:
Layer-3 and Layer-2 switches: -
Define TACACS SERVER: -
aaa group server tacacs+ ISE-GROUP(NAME)
server-private <primary ISE server NODE IP > key <plain
key>
server-private <secondary ISE Server NODE IP > key <plain
key>
AAA Login Commands: -
aaa new-model
aaa authentication login ISEauth group ISE-GROUP(NAME) local
aaa authorization exec ISEauth group ISE-GROUP local
if-authenticated
line vty 0 15
login authentication ISEauth
authorization exec ISEauth
AAA Command Authorization Config: -
you can monitor and restrict the commands that
have been issued in the Switch.
aaa authorization commands 1 default group ISE-GROUP local if-authenticated
aaa authorization commands 15 default group ISE-GROUP local if-authenticated
aaa authorization config-commands
Login Accounting Logs sent to ISE server: -
"Exec accounting” will capture details
about user accessing the shell prompt where you run all the commands &
“command accounting” keep track of what commands users execute on a Cisco
device.
aaa accounting exec default start-stop group ISE-GROUP(NAME)
aaa accounting commands 1 default start-stop group ISE-GROUP
aaa accounting commands 15 default start-stop group ISE-GROUP
ASA Firewall Configuration: -
Define TACACS SERVER: -
· max-failed-attempts: - The
default value is three.
· reactivation-mode: -There are two different AAA server reactivation modes in ASA:
timed mode and depletion mode.
aaa-server TACACS protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
reactivation-mode timed
aaa-server TACACS (inside) host <primary ISE server NODE IP>
timeout 5
key *****
aaa-server TACACS (inside) host <secondary ISE server NODE IP>
timeout 5
key *****
AAA Login Commands: -
aaa authentication http console TACACS LOCAL
aaa authentication ssh console TACACS LOCAL
aaa authentication enable console TACACS LOCAL
aaa authentication telnet console TACACS LOCAL
aaa authentication serial console TACACS LOCAL
aaa authorization exec authentication-server
AAA Command Authorization Config: -
you can monitor and restrict the commands that
have been issued in the ASA.
aaa authorization command TACACS LOCAL
Login Accounting Logs sent to ISE server: -
aaa accounting telnet console TACACS
aaa accounting ssh console TACACS
aaa accounting command privilege 15 TACACS
Cisco ISE 2.7 HANDY COMMANDS
ISE COMMANDS
sh app stat ise
>> ISE services STATUS
ISE PROCESS NAME STATE PROCESS ID
--------------------------------------------------------------------
Database Listener running 3424
Database Server running 77 PROCESSES
Application Server running 31299
Profiler Database running 4867
ISE Indexing Engine running 799
Backup database
To stop ISE services
application stop ise
application start ise
admin# application stop ise
Stopping ISE Monitoring & Troubleshooting Log
Collector...
Stopping ISE Monitoring & Troubleshooting Log
Processor...
Start ise
admin# application start ise
show run
>>> running config
Repository
repository name
url sftp://ip
address /home/directory name
de1-poda/admin# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
node1-poda/admin(config)# repository name
node1-poda/admin(config-Repository)# url ftp://ip.addr/
or sftp
node1-poda/admin(config-Repository)# user name password plain
password
node1-poda/admin(config-Repository)# exit
node1-poda/admin(config)# exit
backup name repository
name ise-config encryption-key
plain Password
show repository name
Logs
admin# sh logging application appserver/catalina.out tail
admin# sh logging application replication.log tail
admin# sh logging
ADEOS Platform log:
-----------------
2019-11-19T00:45:01.846708-06:00 dfd-cscise01 logger: List
of new hosts: 172.23.
1.30 172.21.1.85 172.22.1.30 172.16.203.30 172.16.50.50
2019-11-19T00:45:01.863927-06:00 dfd-cscise01 logger: host
is 172.16.50.50
2019-11-19T00:45:01.866095-06:00 dfd-cscise01 logger: Rule
exists for 172.16.50.
50 already
On Chrome browser, go to settings select privacy and security select site settings select Java Script Select Don't allow sites to use J...
