Thursday, March 10, 2016

OpenSSL create certificate request

Execute this command from a terminal/command window to generate a new private key and a new certificate signing request (csr).
openssl req -new -newkey rsa:4096 -nodes -keyout yourdomain.key -out yourdomain.csr -sha256
It will ask you some questions
Country Name (2 letter code) [AU]:BE
State or Province Name (full name) [Some-State]: Antwerpen
Locality Name (eg, city) []: Antwerpen
Organization Name (eg, company) [Internet Widgits Pty Ltd]: My Company Name
Organizational Unit Name (eg, section) []: Department X 
Common Name (e.g. server FQDN or YOUR name) []: mydomain

Thursday, March 03, 2016

Access older SMB shares on windows 10 and windows 8

Open a new power-shell window as administrator and execute the following commands:
Set-SmbClientConfiguration -RequireSecuritySignature 1
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" RequireSecureNegotiate -Value 0 -Force
You'll now be able to connect to older SMB shares.

Tuesday, March 01, 2016

Protecting GRUB

I stumbled across this neat "little" security tool that runs a bunch of checks on your system and warns if any potentials problems are detected. It is called Lynis and on arch you can install it by executing:
pacman -S lynis
lynis audit system
To start an audit of your system.
It told me a number of things, but one caught my attention: "GRUB password protection".

Now why is this important? Well you could restrict users from booting certain OS's or recovery's you might have set up, but for me the important thing was to protect the editing of grub entries. Just by adding an "S" or a "1" to the grub line, you can boot into single user mode and become root. Something you might want to avoid.

So how to do all this, the arch wiki explains it quite well (as most things).
# Generate a grub password hash

# Edit the grub cfg generator files
vim /etc/grub.d/40_custom

# Add
set superusers="username"
password_pbkdf2 username <password>
# Where <password> is the generated string 

# Then regenerate grub.cfg
grub-mkconfig -o /boot/grub/grub.cfg
With these setting, booting any OS should now be protected.

Now how to only restrict editing? Adding --unrestricted to a menu entry will allow any user to boot the OS while preventing the user from editing the entry and preventing access to the grub command console. Only a superuser or users specified with the --user switch will be able to edit the menu entry.

So lets try this:
# I added --unrestricted to 
vim /etc/grub.d/10_linux

# Look for the first CLASS=
# Add --unrestricted to the string

# generate grub.cfg
grub-mkconfig -o /boot/grub/grub.cfg

# then make sure you check the generated file
vim /boot/grub/grub.cfg
You can fine tune this by adding it to the grub.cfg file (look for each "menuentry") but I wanted to make it survive a grub-mkconfig and I don't have any other linux menu entries to worry about, but if you do, this might not be the solution for you.

I tried to add it to /etc/default/grub, but didn't find anything that could be used for this in there.

NOTE: My keyboard layout was "querty" instead of "azerty", bare that in mind when typing your password.

Tuesday, February 23, 2016

Execute large SQL script on MS SQL server

Having trouble executing a large SQL script using the SQL server management studio?
Use the command line tool sqlcmd
sqlcmd -S server\instance -i script_file.sql
This should work, unless you have errors in your script of course ;-)
Don't forget to start your script with a correct use statement.
use databaseNameHere;

Tuesday, February 23, 2016

.NET Web API OData and Entity Framework Database First: No Key defined

When using EF database first, I came across an error:
No Key defined...
Turns out the generated classes are not decorated with the [Key] attribute. You can manually add them but once you generate your model(s) again, it's all gone.
There are workarounds floating across the internet to edit the T4 template(s) that generate these models, but every developer has to do that, plus I didn't want to fiddle around with those files.

Another way is to map your key(s) in the WebApiConfig class using the ODataModelBuilder.
config.MapHttpAttributeRoutes(); //Needs to happen first
ODataModelBuilder builder = new ODataConventionModelBuilder();

var _dbobj = builder.EntitySet("DBObjects");
_dbobj.EntityType.HasKey(k => k.Id);  

// Multiple key fields: 

var _dbobj = builder.EntitySet("DBObjects");
_dbobj.EntityType.HasKey(k => k.Id1);  
_dbobj.EntityType.HasKey(k => k.Id1);

    routeName: "ODataRoute",
    routePrefix: "api",
    model: builder.GetEdmModel());

You can also add relationships, although I found that mapping those isn't needed. OData seems to find those relations correctly.
_dbobj.HasManyBinding(m => m.prop1, _dbobj2);
_dbobj.HasManyBinding(m => m.prop3, _dbobj3);

// Or a one to many
_lineItems.HasRequiredBinding(b => b.Order, orders);

Tuesday, February 23, 2016

.NET Web API and OData: Cannot serialize a null 'feed'

Recently I came across an error when working with oData and web API.
Cannot serialize a null 'feed'.
I couldn't really find a solution online, but it turns out i just forgot to decorate my method parameter with [FromODataUri].
public IQueryable Get([FromODataUri] ODataQueryOptions queryOptions)
Now you can use $expand and $select in your URL without issues.

Wednesday, January 13, 2016

Arch Linux: Sending a Wake-On-Lan magic packet

How to send a Wake-On-Lan packet using Arch Linux (or any Linux distro).

Install etherwake:
yaourt -S etherwake

Sending the packet using the wireless interface:
etherwake -D <mac address> -i wlp3s0

That's it :-)