Zabbix SSL certificate discovery and monitoring script

Recently i had a problem with ssl certificates monitoring in the environment.

Quick googling didn’t help, i was unable to find the template to discover all ssl-enabled ports in the environment, and monitor certificate on them.

So i have taken a few related templates and modified them.

The below template will use nmap ssl-cert script (ssl-discovery.sh) to discover open ports with ssl certificates, and openssl to get certificate data (ssl-cert-info.sh) on discovered ports.

Continue reading

Exchange – Convert shared mailbox to distribution group

Quite annoying task, especially taking into account that each of the members wants a copy of information from shared mailbox.
So, the following script will do the following
– Save Shared Mailbox into a variable 🙂
– Hide Shared Mailbox form GAL
– Remove all Shared Mailbox addresses and change it to GUID
– Change Shared Mailbox Name to GUID
– Create new DG with all the addresses of the orignal
– Add all who had access to Shared Mailbox as members of the DG
– Add all who had access to Shared Mailbox permission to Send As DG
– Copy All Content of Shared Mailbox to folder in the each of the personal mailboxes of the users who had access to the Shared Mailbox

Continue reading

VMWare PowerCLI – inventory report

This simple one-liner will give you main hardware and infrastructure information about vCenter vms.

Fields included:
Name – VM Name
PowerState – Powered On / Off
OS – OS Set on the VM profile
HWVersion – VM Hardware version
IPAddresses – all ip addresses (reported by VM Tools)
AdapterTypes – all network adapter types
DnsName – DNS Name from OS (reported by VM Tools)
ToolsVersion – VM Tools
ToolsStatus – VM Tools status

get-vm | select name, Powerstate,@{N="OS"; E={$_.Guest.OSFullName}},@{N="HWVersion"; E={$_.Version}},@{N="IPAddresses"; E={$_.Guest.IPAddress}},@{N="AdapterTypes"; Expression={(Get-NetworkAdapter $_).type}},@{N="DnsName"; E={$_.ExtensionData.Guest.Hostname}},@{N="ToolsVersion"; E={$_.Guest.ToolsVersion}},@{N="ToolsStatus"; E={$_.ExtensionData.Guest.ToolsVersionStatus}} | FT name, Powerstate, OS, HWVersion, IPAddresses, AdapterTypes, DnsName, ToolsVersion, ToolsStatus
get-vm | select name, Powerstate,@{N="OS"; E={$_.Guest.OSFullName}},@{N="HWVersion"; E={$_.Version}},@{N="IPAddresses"; E={$_.Guest.IPAddress}},@{N="AdapterTypes"; Expression={(Get-NetworkAdapter $_).type}},@{N="DnsName"; E={$_.ExtensionData.Guest.Hostname}},@{N="ToolsVersion"; E={$_.Guest.ToolsVersion}},@{N="ToolsStatus"; E={$_.ExtensionData.Guest.ToolsVersionStatus}} | Export-Csv -Path E:\tmp\vcenter.hosts.csv -NoTypeInformation -UseCulture

Zimbra + Z-Push Part 3 : user restriction

Recently, i was evaluating open source ActiveSync solutions, and came up with this installation and configuration guide.

Zimbra + Z-Push Part 1 : installation

Zimbra + Z-Push Part 2: configuration

Problem description

I was unable to find any solutions for Z-Push and Zimbra to restrict users form accessing the mailboxes.

Once the server is exposed to the internet, every user on the Zimbra server is exposed to brute force attacks.

This is happening because Z-Push backend uses Zimbra soap connection, which is accessible to every Zimbra server account, and can’t be disabled per account.

To circumvent this scenario, I used main function GetUserDevicePermission () from this old post, modified it to handle subnet restriction, and instead of adding check to every request type, added check to the ZimbraBackend Logon() function.

I will describe changes I made in this article.

Continue reading

Zimbra + Z-Push Part 2: configuration

Recently, i was evaluating open source ActiveSync solutions, and came up with this installation and configuration guide.

Zimbra + Z-Push Part 1 : installation
Zimbra + Z-Push Part 3 : user restriction

Zimbra side

Modify the default zimbra nginx template

http(s)://%mailserver%/Microsoft-Server-ActiveSync

Zimbra out of the box has the ability to forward requests to this URL to Exchange / ActiveSync Server, so we just need to configure the upstream proxy to forward requests to z-push server.

Continue reading