Watch video on YouTube here: https://youtu.be/jPLphzIKzyE by Johnny Netsec
There are lots of considerations during designing your CyberArk PAS (Privileged Access Security) solutions. I summarized those thoughts in my mind into this video. And for sure, it is not a full list. I do have a post updating for those considerations: https://ift.tt/2OYqBRm Those are just for a small / medium deployment, not even thinking about more complicated environment, such as DR, HA, Load Balancing, Test/Dev/Prod separations, etc. Please send me some of your thoughts which you think I am missing. I will put them into my post. For other CyberArk PAS related videos, here are two playlists: 1. CyberArk (Version before 12.0) - https://www.youtube.com/watch?v=40Mi_wZr2fk&list=PLg7bL1bMpwPWNr2LzAnoK995sbWUbcotS 2. CberArk version 12: https://www.youtube.com/watch?v=jPLphzIKzyE&list=PLg7bL1bMpwPWNTJdY4-NOQItypI0tfwH3 ==================================================================== If you found this video has some useful information, please give me a thumb up and subscribe this channel to get more updates: https://www.youtube.com/c/Netsec?sub_confirmation=1 Learning and Sharing - 海内存知己,天涯若比邻 - http://51sec.org
Watch video on YouTube here: https://youtu.be/jPLphzIKzyE by Johnny Netsec
0 Comments
Using Docker+Portainer to Install Open Source Password Manager - BitWarden
Bitwarden is a free and open-source password management service that can store sensitive information such as website credentials in an encrypted vault. The Bitwarden platform offers a variety of client applications including a web interface, desktop applications, browser extensions, mobile apps, and a CLI. In this post, I am going to show all steps that using Docker and Portainer to install BitWarden on your self hosted server. Pre-requisitesThere are a couple of requirements you will need to meet:
Launch BitWarden Docker
Here is running steps:
Docker image: bitwardenrs/server:latest
Docker Hub url: https://ift.tt/35G7Ok6 Commands to run in self hosted server:
[root@centos7-docker-portainer /]# docker pull bitwardenrs/server:latest
latest: Pulling from bitwardenrs/server
a076a628af6f: Pull complete
59dc56021c8b: Pull complete
3ff63ec7cf6a: Pull complete
e3df552e5bc3: Pull complete
b1cb9364e73d: Pull complete
b46d9f70e046: Pull complete
8c3e54e3c958: Pull complete
62f84183e518: Pull complete
Digest: sha256:1cc26a5754dff74dd9df95bbbb79af168cd21dfbd83f627ea72c85fa5852ef15
Status: Downloaded newer image for bitwardenrs/server:latest
docker.io/bitwardenrs/server:latest
[root@centos7-docker-portainer /]# mkdir /bw-data
mkdir: cannot create directory ‘/bw-data’: File exists
[root@centos7-docker-portainer /]# docker run -d --name bitwarden -v /bw-data/:/data/ -p 8000:80 bitwardenrs/server:latest
5e2d4b2085905db66cf663ec32604785a6718e6b917f09382f7984ea962d8f08
[root@centos7-docker-portainer /]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5e2d4b208590 bitwardenrs/server:latest "/usr/bin/dumb-init …" 54 seconds ago Up 52 seconds (health: starting) 3012/tcp, 0.0.0.0:8000->80/tcp bitwarden
3a4767f0c009 johnyan2/nginx1netsec:latest "nginx -g 'daemon of…" 7 days ago Up 7 days 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp nginx
90212707d5a6 portainer/portainer-ce "/portainer" 7 days ago Up 7 days 8000/tcp, 0.0.0.0:9000->9000/tcp portainer
[root@centos7-docker-portainer /]#
Verify BitWarden Docker ServiceChecking Docker Status from Portainer Web Gui: Accessing http port 8000 to confirm connectivity and service status. Using CertBox to Configure Nginx to Get BitWarden Using HTTPSBitWarden URL has to be https, else you will get the following error message. Create bw.conf file under /etc/nginx/conf.d folder. It can be copied from portainer.conf.
root@3a4767f0c009:/# cd /etc/nginx/conf.d/
root@3a4767f0c009:/etc/nginx/conf.d# cp portainer.conf bw.conf
root@3a4767f0c009:/etc/nginx/conf.d# ls
bw.conf default.conf portainer.conf
root@3a4767f0c009:/etc/nginx/conf.d# cat bw.conf
server {
listen 80;
server_name bw.51sec.org;
location / {
proxy_pass http://140.238.153.62:8000;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
root@3a4767f0c009:/etc/nginx/conf.d#
Run certbot to get certificate for bw.51sec.org and modify bw.conf configuration to use certificate. The output from command "certbot --nginx" can be found from post: https://ift.tt/3ctumGx
root@3a4767f0c009:/# cd /etc/nginx/conf.d
root@3a4767f0c009:/etc/nginx/conf.d#
root@3a4767f0c009:/etc/nginx/conf.d# certbot --nginx
root@3a4767f0c009:/etc/nginx/conf.d#
root@3a4767f0c009:/etc/nginx/conf.d# cat bw.conf
server {
listen 80;
server_name bw.51sec.org;
location / {
proxy_pass http://140.238.153.62:8000;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/bw.51sec.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/bw.51sec.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
root@3a4767f0c009:/etc/nginx/conf.d# service nginx restart
Verify https://bw.51sec.org is working. Now we can create account and mast password for this account: Disable Create AccountAfter you created the accounts you needed, you might want to disable Create Account function to reduce the usage from other unknown persons. We can use Portainer's Duplicate/Edit button to add one environment variable into the settings.
Set environment variable "SIGNUPS_ALLOWED" to false.
command line to add this environment variable into docker run :
root@3a4767f0c009:/# docker run -d --name Bitwarden \
-e SIGNUPS_ALLOWED=false \
-v /bw-data/:/data/ \
-p 8000:80 \
bitwardenrs/server:latest
via Blogger https://ift.tt/3cuiCU1 March 14, 2021 at 09:47PM Docker
==================================================================== If you found this video has some useful information, please give me a thumb up and subscribe this channel to get more updates: https://www.youtube.com/c/Netsec?sub_confirmation=1 Learning and Sharing - 海内存知己,天涯若比邻 - http://51sec.org
Watch video on YouTube here: https://youtu.be/id4_lGAWAsg by Johnny Netsec
This video is to show the PSM installation process. Total installation will take at least 1 hour to get all done including .net framework 4.8 installation. I have expedited some parts' the video speed and omitted lots of waiting time if the screen is not changing. The total installation experience is ok, which is same as before. Only thing I want to mention, there was a hardening process which took more than 30 minutes and screen was not even changing. I thought the screen is freezing and pressed enter key a couple of times, which caused my registration process failed. I specially mentioned this in the video. Luckily, I can manual register PSM into vault. It is a boring video. That is why I added some music tracks inside. Hope you enjoy that. Next video will show you on-boarding account workflow process. ==================================================================== If you found this video has some useful information, please give me a thumb up and subscribe this channel to get more updates: https://www.youtube.com/c/Netsec?sub_confirmation=1 Learning and Sharing - 海内存知己,天涯若比邻 - http://51sec.org Music in this video Song: Fade Artist: Alan Walker
Watch video on YouTube here: https://youtu.be/XE2FIDoHIRA by Johnny Netsec
This video is a basic video to show the process and commands how to upgrade to Portainer CE 2.1.1. Old portainer/portainer repository is the home of v1.24.x, which has been deprecated. All new releases for Portainer 2.0+ will be published in portainer/portainer-ce. Three commands after ssh-ed into your Portainer system: 1. docker stop portainer 2. docker rm portainer 3. docker run -d -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce After completed upgrade, you will need to manual remove old image through either Portainer UI or command line. ==================================================================== If you found this video has some useful information, please give me a thumb up and subscribe this channel to get more updates: https://www.youtube.com/c/Netsec?sub_confirmation=1 Learning and Sharing - 海内存知己,天涯若比邻 - http://51sec.org
Watch video on YouTube here: https://youtu.be/BSpAj37CjOs by Johnny Netsec
Install Certbot on Debian Nginx Docker to Secure Portainer with LetsEncryt Certificate
This post records the steps how to install Certbot into a Debian Docker to secure Nginx and Portainer docker using LetsEncrypt certificate. Related posts:
Install Docker & Docker Compose on Linux OS
#For Ubuntu 20.04 version
#Ubuntu 20.04
sudo apt install docker.io
sudo apt install docker-compose
Or Other Linux Versions:
#CentOS 7, Debian, Ubuntu 18.04/16.04
curl -sSL https://get.docker.com/ | sh
systemctl start docker
systemctl enable docker
Install Portainer
root@Linux:/# docker volume create portainer_data
root@Linux:/# docker run -d -p 9000:9000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
Deploy Nginx Docker Using Portainer
Note: Both port 80 and 443 will need to map from Docker to Host.
Use Nginx As Reverse Proxy Server for Portainer
In this lab, Nginx will be configured as reverse proxy to redirect all traffic for opc2portainer.51sec.org on port 80 and 443 to proxied docker website Portainer.
apt update && apt install nano
nano /etc/nginx/conf.d/portainer.conf
nano /etc/nginx/conf.d/novnc.conf
server {
listen 80;
server_name opc2portainer.51sec.org;
location / {
proxy_pass http://172.31.23.170:6080;
proxy_http_version 1.1;
proxy_read_timeout 300;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-PORT $remote_port;
}
}
Do not forget to restart nginx serviec to take the changes into effect using following command:
service nginx restart
Once nginx service restarted, the configuration will take effect. We will able to access portainer site using sub domain name on port 80 , http//opc2portainer.51sec.org
Install CertBot
Based on your Nginx docker version, you might use different installation commands. In my this lab, I am using Debian 10 as OS.
root@3a4767f0c009:/# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
root@3a4767f0c009:/# uname -a
Linux 3a4767f0c009 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64 GNU/Linux
root@3a4767f0c009:/#
Log into Nginx docker's command line using either Portainer or VPS command line command : docker exec -it nginx bin/bash
Following three commands can get you install CertBot and configure nginx to use certificate.
apt update
apt install certbot python-certbot-nginx
certbot --nginx
root@3a4767f0c009:/# certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: opc2portainer.51sec.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for opc2portainer.51sec.org
2021/03/07 01:57:27 [notice] 3765#3765: signal process started
Waiting for verification...
Cleaning up challenges
2021/03/07 01:57:31 [notice] 3767#3767: signal process started
Deploying Certificate to VirtualHost /etc/nginx/conf.d/portainer.conf
2021/03/07 01:57:34 [notice] 3769#3769: signal process started
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://opc2portainer.51sec.org
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=opc2portainer.51sec.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/opc2portainer.51sec.org/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/opc2portainer.51sec.org/privkey.pem
Your cert will expire on 2021-06-05. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
- We were unable to subscribe you the EFF mailing list because your
e-mail address appears to be invalid. You can try again later by
visiting https://act.eff.org.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Now the Nginx portainer.conf configuration file changed to :
root@3a4767f0c009:/etc/nginx/conf.d# cat portainer.conf
server {
listen 80;
server_name opc2portainer.51sec.org;
location / {
proxy_pass http://172.31.23.170:9000;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/opc2portainer.51sec.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/opc2portainer.51sec.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
At this moment, your Portainer url can be accessed from https port 443. Please make sure your VPS firewall opened this https / 443 port to Internet.
via Blogger https://ift.tt/3bjQOm2 March 06, 2021 at 09:25PM Docker
Portainer Usage Tips and Tricks
Portainer is my favorite docker management tool, actually only one I used. If you have better one, please let me know. This post is to summarize some usage during playing with application.
Some related posts:
Install Docker and Portainer
By default, Portainer store its data inside the container in the
/data folder on Linux (C:\\data on Windows).You’ll need to persist Portainer data to keep your changes after restart/upgrade of the Portainer container. Docker Deploy document: https://portainer.readthedocs.io/en/latest/deployment.html . You can use a bind mount on Linux to persist the data on the Docker host folder:
#For Ubuntu 20.04 version
#Ubuntu 20.04
sudo apt install docker.io
sudo apt install docker-compose
Or Other Linux Versions:
#CentOS 7, Debian, Ubuntu 18.04/16.04
curl -sSL https://get.docker.com/ | sh
systemctl start docker
systemctl enable docker
2 Install Portainer
root@Ubuntu18:/# docker volume create portainer_data
root@Ubuntu18:/# docker run -d -p 9000:9000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
root@Ubuntu18:/# which docker
root@Ubuntu18:/# find . -type d -name "portainer_data"
./var/lib/docker/volumes/portainer_data
or in CentOS: [root@centos-nextcloud-aria2 ~]# find / -type d -name "portainer_data" /var/lib/docker/volumes/portainer_data You can try out the public demo instance: http://demo.portainer.io/ (login with the username admin and the password tryportainer). Update Portainer1. Update image
Old portainer/portainer repository is the home of v1.24.x, which has been deprecated. All new releases for Portainer 2.0 will be published in portainer/portainer-ce.
root@Ubuntu18:/# docker stop portainer
portainer
root@Ubuntu18:/# docker rm portainer
If you only do start portainer, it won't use the latest image to start. You will have to remove old version container, then create a new portainer with downloaded new image.
root@Ubuntu18:/# docker start portainer
portainer
some os, you might need to use command "docker pull docker.io/portainer/portainer-ce" If you could not find image, just use command "docker search portainer-ce"
[root@centos7-docker-portainer ~]# docker search portainer-ce
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
portainer/portainer This Repo is now deprecated, use portainer/p… 2033
portainer/portainer-ce Portainer CE - Making Docker and Kubernetes … 398
thibaudlabat/portainer_32 Portainer built for 32bit Linux [ OUTDATED ]… 1
thibaudlabat/portainer-ce-32 32-bit / x86 portainer-ce 0
terryromeu3sr/portainer-ce 0
luomoxu/portainer-ce-cn 0
nativeit/portainer-ce 0
6053537/portainer-ce 0
hanlahanla/portainer-ce 0
docker service update --image portainer/portainer-ce:latest portainer2. Start Container with new image
[root@centos7-docker-portainer ~]# docker run -d -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce
Unable to find image 'portainer/portainer-ce:latest' locally
latest: Pulling from portainer/portainer-ce
94cfa856b2b1: Pull complete
49d59ee0881a: Pull complete
527b866940d5: Pull complete
Digest: sha256:5064d8414091c175c55ef6f8744da1210819388c2136273b4607a629b7d93358
Status: Downloaded newer image for portainer/portainer-ce:latest
90212707d5a674ef3ba23588f25b014cea60b25e0f1826ed06e09ec568930b0a
3. Delete old image Docker image ls docker image rm <Repository name>
root@opc-ubuntu-docker:~# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
portainer/portainer-ce latest 96a1c6cc3d15 4 weeks ago 209MB
portainer/portainer latest 62771b0b9b09 7 months ago 79.1MB
nginx latest e791337790a6 10 months ago 127MB
root@opc-ubuntu-docker:~# docker image rm portainer/portainer
Untagged: portainer/portainer:latest
Untagged: portainer/portainer@sha256:f8c2b0a9ca640edf508a8a0830cf1963a1e0d2fd9936a64104b3f658e120b868
Deleted: sha256:62771b0b9b0973a3e8e95595534a1240d8cfd968d30ec82dc0393ce0a256c5f3
Deleted: sha256:c291f08e07bbfde10ee7ae7a9c618ebedc5e5c4b3ab494b0636fb260e2a20717
Deleted: sha256:dd4969f97241b9aefe2a70f560ce399ee9fa0354301c9aef841082ad52161ec5
root@opc-ubuntu-docker:~# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
portainer/portainer-ce latest 96a1c6cc3d15 4 weeks ago 209MB
nginx latest e791337790a6 10 months ago 127MB
YouTube Video:
A useful command to get rid of the stopped containers:
docker rm `docker ps -a -q` Check Containersroot@Ubuntu18:/# docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a9ea9891aa03 nginx:latest "nginx -g 'daemon of…" 4 weeks ago Up 4 weeks 0.0.0.0:80->80/tcp nginx1 4cf95554b471 4cda95efb0e4 "/portainer" 4 weeks ago Up 11 minutes 0.0.0.0:9000->9000/tcp portainer root@Ubuntu18:/# docker stats CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS a9ea9891aa03 nginx1 0.00% 3.172MiB / 982.2MiB 0.32% 64.1MB / 132MB 14.6MB / 0B 3 4cf95554b471 portainer 0.01% 11.3MiB / 982.2MiB 1.15% 4.55MB / 50.2MB 90.7MB / 238MB 10 Log into Container[root@centos1docker ~]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 26a4cc3a312a nginx:latest "nginx -g 'daemon of…" 24 hours ago Up 16 minutes 0.0.0.0:80->80/tcp portainer-nginx1 d5c3f33bd8ee portainer/portainer "/portainer" 25 hours ago Up 25 hours 0.0.0.0:9000->9000/tcp portainer [root@centos1docker ~]# [root@centos1docker ~]# docker exec -it portainer-nginx1 /bin/bash root@26a4cc3a312a:/# root@26a4cc3a312a:/# cat /etc/os-release PRETTY_NAME="Debian GNU/Linux 10 (buster)" NAME="Debian GNU/Linux" VERSION_ID="10" VERSION="10 (buster)" VERSION_CODENAME=buster ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://ift.tt/1RFz0Q5" BUG_REPORT_URL="https://ift.tt/1RL0g2w"
root@26a4cc3a312a:/# uname -a
Linux 26a4cc3a312a 3.10.0-1062.9.1.el7.x86_64 #1 SMP Fri Dec 6 15:49:49 UTC 2019 x86_64 GNU/Linux
Install Network Utilities in Container
Most of times, the docker image is not including following network utilities which can help you troubleshooting your network connectivity, such as ping, ifconfig, tracert, telnet etc. You might want to install them for yourself.
root@26a4cc3a312a:/# apt-get update
root@26a4cc3a312a:/# apt-get install iputils-ping
root@26a4cc3a312a:/# apt-get install telnet
root@26a4cc3a312a:/# apt-get install traceroute
root@26a4cc3a312a:/# apt-get install net-tools
Note: net-tools will include ifconfig / netstat commands via Blogger https://ift.tt/2Os6Pxp March 06, 2021 at 04:58PM Docker
Visible Route Tracing Tools
TraceRoute / tracert commands can give you each hop from your machine to remote machine by ip/dns name. It will be more interesting if it can put on a graphical map to see how your packets travelled through each place and eventually reached the destination. There are quite a few tools can show you this information. I collected some of them in case I will need it later. Some can be used to trace the route for outbound, some are for inbound. BesttraceThis tool is not online version. You will have to download it and install on your computer to use. It does provides Windows, Mac OS, Linux, iOS, and Andriod version. Basically it initiate a traceroute request from your machine with a link visualization to the destination.
Download link: https://en.ipip.net/product/client.html
Geo Traceroute
The best part to Geo TraceRoute is you can choose where you start TraceRoute from. It is giving you a return route to the destination you want to trace.
G Suite. Tools - Visual TraceRouteThe objective of this graphical traceroute is to discover each server relaying your IP packet from point to another, and to measure the return-trip delay between the probing host (here G Suite.Tools) and each relay on the packet path. Online Link: https://gsuite.tools/traceroute Others
via Blogger https://ift.tt/2Oxg1jK March 06, 2021 at 11:24AM Network
Continue working on my CyberArk PAS 12.0 Installation lab. In this lab, I started to integration LDAP using PVWA new domain wizard. To use LDAPS integration, you will need to have CA certificate to be ready and installed on your vault first. CyberArk PAS 12.0 Installation and Configuration: -1. Vault : https://youtu.be/iAunmeDWOI0 -2. PVWA: https://youtu.be/tgumW6M7QJE -2.1 LDAP Domain Integration: https://youtu.be/T7WLL34MmV8 If you are new to CyberArk world, this will be a good point to start. If you would like to know more about previous version, please check my playlist CyberArk: https://www.youtube.com/playlist?list=PLg7bL1bMpwPWNr2LzAnoK995sbWUbcotS ==================================================================== If you found this video has some useful information, please give me a thumb up and subscribe this channel to get more updates: https://www.youtube.com/c/Netsec?sub_confirmation=1 Learning and Sharing - 海内存知己,天涯若比邻 - http://51sec.org
Watch video on YouTube here: https://youtu.be/T7WLL34MmV8 by Johnny Netsec
Microsoft Excel Tips and Tricks
Sometimes, Excel seems too good to be true. All I have to do is enter a formula, and pretty much anything I'd ever need to do manually can be done automatically. Need to merge two sheets with similar data? Excel can do it. Need to do simple math? Excel can do it. Need to combine information in multiple cells? Excel can do it. In the spirit of working more efficiently and avoiding tedious, manual work, here are a few Excel tricks to get you started with how to use Excel. Copy Web Page Data into ExcelFor example, copying following page into excel is a mess. Here is what I did:
a. Copy selected data into notepad
b. use replace feature to remove no-need data, such as 'add' this kind of texts.
c. copy left data into Excel. It might still have lots of empty lines with spaces in your data which you want to remove.
d. use =trim function to remove spaces in the empty cell
e. copy the trim function line.
f. choose the first cell of your copied data, press f10, which give you option to only copy text to overwrite existing data
g. Using find&Select button , select Go To Special...h. select blanks, which will select all blank cells. If there is a space in, that cell will not be selected.
i. Select Delete button, then choose Delete sheet Row, this will delete those Empty rows does not have data. Open Excel files in New Window
Formula- Convert a text to NumberSearch a Column of Strings Based on Datas in another Column=MATCH("*"&(O6)&"*",B:B,0)Matching and Return value crossing different columns=IF( COUNTIF('Servers'!A:A, A3)=0, "No", "Yes") Check if A3 value is in worksheet "Servers" column A. If found , show Yes, else, show No
=VLOOKUP(A3,'Z:\0 Operation\1 Scan\[Scan_Report_Server.xlsx]APP IP'!A:H,8,)
Check if A3 value found in the file "Z:\0 Operation\1 Scan\[Scan_Report_Server.xlsx" - worksheet "APP IP' - Column A to H. If found, return same row's , eighth column's value. Pivot Table Tips1 Put Multiple Columns into Pivot Table
Right Click your pivot table - > PivotTable Options
2 Do not show subtotal from Pivot Table After you enabled Classic Pivot Table layout, by default, subtotal will show . Here is how to turn it off: Step 1. Select a cell in the pivot table Step 2. On the Ribbon, click the Design tab Step 3. In the Layout group, click Subtotals, and click Do Not Show Subtotals. 3 Change PivotTable Column Name
click to select the column name, press F2
4 Group Multiple Rows to one
Hold ctrl key to select the rows you want to group, then right click to select group. You also can use F2 to change grouped name.
Excel GIFsAutomatically Add Column Titles on Each Print Page: |
|