Joe

This is my vbs script that will allow you to query your active directory using ldap and using cscript you can pipe it to a csv file. This is particularly useful if you drop this into a txt file and call it myCoolScript.vbs you can then use the windows command line and run the following command

cscript myCoolScript.vbs > myCoolScriptOutput.csv

myCoolScript.vbs

On Error Resume Next
const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1500
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = _
    "SELECT * FROM 'LDAP://dc=exchangecore,dc=com' WHERE objectCategory='user'" 
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Wscript.StdOut.Write """Full Name"",""Created"",""PasswordChanged"",""Password Never Expires""" & vbCrlf
Do Until objRecordSet.EOF
    strPath = objRecordSet.Fields("ADsPath").Value
    Set objUser = GetObject(strPath)

IF IsEmpty(objUser.FullName) THEN
  'Do Nothing
ELSE
  Wscript.StdOut.Write """" & objUser.FullName & ""","
  IF IsEmpty(objUser.whenCreated) THEN
   Wscript.StdOut.Write """NONE"","
  ELSE
   Wscript.StdOut.Write """" & objUser.whenCreated & ""","
  END IF
  IF IsEmpty(objUser.passwordLastChanged) THEN
   Wscript.StdOut.Write """1/1/1900 12:00:00 AM"","
  Else
   Wscript.StdOut.Write """" & objUser.passwordLastChanged & ""","
  END IF
  IF objUser.GET("userAccountControl") AND ADS_UF_DONT_EXPIRE_PASSWD THEN
   Wscript.StdOut.Write """" & "TRUE" & """"
  ELSE
   Wscript.StdOut.Write """" & "FALSE" & """"
  END IF
  Wscript.StdOut.WriteLine
End If
    objRecordSet.MoveNext
Loop

Adding SSH Keys

• Log in to the source machine that you eventually want to copy your files from
  
• Run the following command from your home directory
  
  
  ssh-keygen -t rsa
  
• When prompted for a file in which to save the key, you can either specify a file name or leave it blank for it to default into the id_rsa key file. Also, here you will be prompted for a passphrase. If you want to be able to ssh/scp/rsync without using a password (as is often the case for cron jobs) you should leave the passphrase blank. After it is generated it will spit back a key fingerprint and some other information.
  
• Next we need to copy our public key to the destination server. This means you need to have an account that you know the username and password for on the destination server. We copy our key by running the following command:
  
  
  ssh-copy-id -i ./.ssh/id_rsa.pub username@destinationserver
  Note: id_rsa.pub is the name of your file you generated in step 2/3, username is the username of your account on the destination server, and destination server is the ip address or DNS A or CNAME record of your server.
  
• You will likely be prompted about the authenticity of the host and it will ask you if you want to continue connecting. Type yes
  
  
  Note: For me I was not able to get by with just typing "y" I had to type out the full word. Also, if your home directory is not secure (IE if you have the permissions set to 775 or 777), you will need to modify the /etc/ssh/sshd_config file on your destination server and set "StrictModes No" so that this will work. If your security is set up properly this shouldn't be a problem.
  
• You sould now be set up with your ssh key and now we get to show you what cool things you can do with this.

Using SCP (Secure Copy) and Shell via SSH

• To run shell commands on your remote server from your "source" server you can use the following commands
  ssh <destinationserver> "command"
  Example: ssh server.exchangecore.com "ping google.com -n 8"
  
• You can also put yourself onto the server if you want to run a series of commands by using:
  ssh <destinationserver>
  Example: ssh server.exchangecore.com
  Note: To return back to your "source" machine use the exit command
  
• SCP is a very powerful tool when you need to move files from one server to another. While not as rubust as some other tools such as rsync, it still does the job just fine in many instances. SCP can be done by running the following command:
  scp sourceFilePath destinationServer:/destinationFilePath
  
  A really useful feature to scp is it's ability to pull files from the other server as well:
  scp serverToPullFrom:/sourceFilePath/ /destinationFilePath

And there you have a quick overview on how to set up ssh (which can also be used for rsync) and on how to use ssh to access the shell cli on your newly connected server, as well as a brief introduction to using scp to move some files.

So here I am going to go over how to do some basic counting on your connections that you have to your linux machine (in my case a web server).

Lets start with the basics. The "netstat" command is quite useful for checking connections to your machine. If we wanted to see ALL of the connections (which i really recommend you don't do unless you're trying to debug something and then you should probably pipe it to a file) we could use the "netstat -a" command.

Using "netstat -a" will give you something sort of like this (this is a segment of my server):

Quote

As you can see it does name resolving for us and all that good stuff. Sometimes very hand but that's not what this is about. We want to get some solid numbers so we can take a broader perspective. To do this we can use the following command:

netstat -an | wc -l

This will show us a count of all connections that we presently have to our machine. But we can take this one step further even. Lets say you only wanted to see traffic comming across port 80 (standard http). We can grep our netstat then count it like so:

netstat -an | grep :80 | wc -l

Finally, lets take a look at the big picture in a category form. It is often extremely useful to see what those connections are doing, especially when you think you might just have tons of open connections that are idle and are trying to tweak your settings.

netstat -ant | awk '{print $6}' | sort | uniq -c | sort -n

So there you have it. A quick way to return counts on your connections in your linux environment. (Note the netstat command is standard on most operating systems, including windows, but you may need to use some other way to count your results)

Often times you want to get an accurate count of the number of files in a specific linux directory/folder. So here's come code to do just that

Note: This will give you the count of files and folders of the directory/folder you are already in.

This will not include hidden files and will be 1 more than the number of files you actually have. So if you have 3 files the output will be 4. Here it goes:

ls -l | wc -l

Now there are times when you really want to see all hidden files and folders.

ls -la | wc -l

We can even take this one step further and do searches on our file information. For example if you wanted to count all files that are read/write for owner only you could use this: (Keeping in mind to subtract 1 from the returned numbers also don't forget to escape your dashes.)

ls -la | grep "\-rw\-\-\-\-\-\-\-" | wc -l

Attached is a simple script that will find all directories n levels deep on the directory specified to search, and output the permissions associated with those directories. This is a C# Console application. You just need to build it. I make use of the args variable in the main method so that I can run this application and then send it to a file using >. This program also catches any directories it does not have access to and outputs "Could not access <Directory>". Any comments or questions welcomed.

So here we are Outputting directories with Security permissions in windows:

using System;
using System.Collections.Generic;
using System.Text;
using System.IO;
using System.Security.AccessControl;
namespace FolderPermissions
{
	class Program
	{
		static void GetDirectorySecurity(string dir, int levels)
		{
			int curLevel = 1;
			string[] dirs = Directory.GetDirectories(dir);
			foreach (string directory in dirs)
			{
				Console.WriteLine("---------------------------------------------------------");
				Console.WriteLine(directory);
				try
				{
					string tabs = "\t";
					DirectoryInfo dInfo = new DirectoryInfo(directory);
					DirectorySecurity dSecurity = dInfo.GetAccessControl();
					AuthorizationRuleCollection acl = dSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
					foreach (FileSystemAccessRule ace in acl)
					{
						Console.WriteLine("{0}Account: {1}", tabs, ace.IdentityReference.Value);
						Console.WriteLine("{0}Type: {1}", tabs, ace.AccessControlType);
						Console.WriteLine("{0}Rights: {1}", tabs, ace.FileSystemRights);
						Console.WriteLine("{0}Inherited: {1}", tabs, ace.IsInherited);
						Console.WriteLine();
					}
					if (curLevel < levels)
						GetDirectorySecurity(@directory, curLevel + 1, levels);
				}
				catch
				{
					Console.WriteLine("Could not access {0}", directory);
				}
			}
		}
		static void GetDirectorySecurity(string dir, int curLevel, int levels)
		{
			string[] dirs = Directory.GetDirectories(@dir);
			string tabs = "";
			for (int i = 0; i < curLevel; i++)
				tabs += "\t";
			foreach (string directory in dirs)
			{
				Console.WriteLine(tabs.Substring(0, tabs.Length - 1) + "---------------------------------------------------------");
				Console.WriteLine(tabs.Substring(0, tabs.Length - 1) + directory);
				try
				{
					DirectoryInfo dInfo = new DirectoryInfo(directory);
					DirectorySecurity dSecurity = dInfo.GetAccessControl();
					AuthorizationRuleCollection acl = dSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
					foreach (FileSystemAccessRule ace in acl)
					{
						Console.WriteLine("{0}Account: {1}", tabs, ace.IdentityReference.Value);
						Console.WriteLine("{0}Type: {1}", tabs, ace.AccessControlType);
						Console.WriteLine("{0}Rights: {1}", tabs, ace.FileSystemRights);
						Console.WriteLine("{0}Inherited: {1}", tabs, ace.IsInherited);
						Console.WriteLine();
					}
					if (curLevel < levels)
						GetDirectorySecurity(@directory, curLevel + 1, levels);
				}
				catch
				{
					Console.WriteLine("Could not access {0}", directory);
				}
			}
		}
		static void Main(string[] args)
		{
			try
			{
				if (args[0] != null && args[1] != null)
					GetDirectorySecurity(@args[0], int.Parse(args[1]));
				else
				{
					Console.WriteLine("This program requires the input of a starting directory path");
					Console.WriteLine("including the letter drive followed by an integer specifying");
					Console.WriteLine("how many directories deep to recursively scan");
					Console.WriteLine();
					Console.WriteLine("Example: programname C:\\shared\\ 2");
				}
			}
			catch
			{
				{
					Console.WriteLine("This program requires the input of a starting directory path");
					Console.WriteLine("including the letter drive followed by an integer specifying");
					Console.WriteLine("how many directories deep to recursively scan");
					Console.WriteLine();
					Console.WriteLine("Example: FolderPermissions C:\\shared\\ 2");
					Console.WriteLine("\tThis will scan 2 levels deep on the shared folder on C:");
				}
			}
		}
	}
}

Attached is my program solution built in visual studios 2010 for those of you who wish to use that instead of copying and pasting the code into a new project.