Categories
Random

Writing ‘modern’ PowerShell Modules [2024]

Context

PowerShell was… initially a Windows component only, known as Windows PowerShell, it was made open-source and cross-platform on August 18, 2016, with the introduction of PowerShell Core. The former is built on the .NET Framework, the latter on .NET (previously .NET Core). PowerShell – Wikipedia

As Microsoft is no longer updating Windows PowerShell with new features it makes sense to use the procedure for ‘Developing modern modules‘ which are (hopefully) portable to any OS running PowerShell.

If creating a new module, the recommendation is to use the .NET CLI.

Create module from ‘Standard Template’

# Install .NET SDK > winget install Microsoft.DotNet.SDK.8 Found Microsoft .NET SDK 8.0 [Microsoft.DotNet.SDK.8] Version 8.0.204 … Successfully installed # Install a ‘template library to generate a simple PowerShell module’ > # Install .NET SDK > winget install Microsoft.DotNet.SDK.8 Found Microsoft .NET SDK 8.0 [Microsoft.DotNet.SDK.8] Version 8.0.204 … Successfully installed # Install a ‘template library to generate a simple PowerShell module’ ## Requires NuGet source enabled > dotnet nuget add source https://api.nuget.org/v3/index.json -n nuget.org > dotnet new install Microsoft.PowerShell.Standard.Module.Template # Create a new module project > mkdir myPSModule; cd .\myPSModule > dotnet new ps5module

Categories
Random

Azure Virtual Secure Administration Workstation – Part 4 – Configuring Entra SSO

Azure Secure Admin Workstation posts:


Context and References

Troubleshooting and Errors

  • After not being able to sign in with an Entra user, took a look at:

Error: Unable to connect right now

  • Likely related to the AVD VM’s ability to talk to required Entra endpoints
    • An easy way to validate this is to add a temporary allow all outbound TLS
Categories
ITOps Random

Mounting CloudShell Persistence Storage locally

Context

  • CloudShell is very handy for working with Azure and M365, it removes the issues of PowerShell versioning/modules/authentication and is hosted within you Azure infrastructure boundary, providing some mitigation to privileged access and administrator device risks.
  • When implementing an Azure Virtual Secure Administration Workstation solution I ended up wasting a bunch of time editing files via the Azure CloudShell instead of locally, this resulted in silly typos (due to lack of syntax highlights, error correction and all the other goodness of an IDE like Visual Studio Code.
  • To solve this issue I want to mount my CloudShell persistent storage locally, enabling me to edit files locally and immediately test in CloudShell, without pushing/pulling and inevitable conflicts between local and remote.
  • Turns out that this is much easier than expected using

References

Procedure

  1. Install the Azure Account and Azure Storage extensions for VSCode:
  2. Sign in with the extension in VScode:
    • CTRL+SHIFT+P > Azure: Sign in
      • Opens browser AuthFlow
  3. Open Azure Cloud Shell (PowerShell) in VSCode Terminal:
    • CTRL+SHIFT+P > Terminal: Create New Terminal (With Profile)
      • If you don’t have NodeJS installed the extension will ask you to install (providing button to click..) the link the extension provided was to an older version of NodeJS and not latest… suggest just using: Node.js (nodejs.org)
  1. Mount your CloudDrive share locally
    • I had some issues doing this with VScode following: How to Use Cloud Shell in Visual Studio Code
    • Instead I am just using the Azure Extensions Resource Explorer (SHIFT+ALT+A), navigating to the fileshare and selecting files (which opens them in VScode local window)
    • NOTE: The CloudDrive is not your enitire CloudShell homedir, its ~/clouddrive
Categories
Random

Excel report with all ECR vulnerabilities

  • Testing and gaining familiarity with PowerShell!
Categories
ITOps Random

Unable to delete Azure Firewall?

TLDR: Fix it

  • If you have removed/deleted a Firewall policy or attachment to the Azure Firewall – re-attach it, or create the policy/attachment with the same name (you will see the name in the CLI output as detailed below).
  • Once you have re-attached, re-created (just empty policy with same name) you can then delete the Firewall (recommended using Azure Cloud PowerShell) with command:
    • Obviously updating -Name and -ResourceGroup parameters.
Remove-AzFirewall -Name "ZOAK-SecureGateway-Firewall" -ResourceGroupName "ZOAK-SecureAccessGateway-ResourceGroup" -Force

Remove-AzFirewall: Long running operation failed with status ‘Failed’

The Azure UI does not give must detail regarding error messaged
$ Remove-AzFirewall -Name "ZOAK-SecureGateway-Firewall" -ResourceGroupName "ZOAK-SecureAccessGateway-ResourceGroup"
...
Remove-AzFirewall: Long running operation failed with status 'Failed'. Additional Info:'The Resource 'Microsoft.Network/firewallPolicies/ZOAK-SecureGateway-Firewall-BasicPolicy' under resource group 'ZOAK-SecureAccessGateway-ResourceGroup' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix'
StatusCode: 200
ReasonPhrase: OK
Status: Failed
ErrorCode: ResourceNotFound
ErrorMessage: The Resource 'Microsoft.Network/firewallPolicies/ZOAK-SecureGateway-Firewall-BasicPolicy' under resource group 'ZOAK-SecureAccessGateway-ResourceGroup' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix

Once attempting to delete via CLI I actually got a meaningful error message:

Additional Info:'The Resource 'Microsoft.Network/firewallPolicies/ZOAK-SecureGateway-Firewall-BasicPolicy' under resource group 'ZOAK-SecureAccessGateway-ResourceGroup' was not found.

That resource had already been deleted… so, re-recreate (just and empty policy) with same name… attached it, then I could delete.

Categories
Random

Eramba bulk reviews with SQL queries

We utilise the open GRC source tool, Eramba; some instances of which are the community edition which does not have an API interface. In some scenarios it is desirable make bulk updates/completions of reviews (and potentially update status of audits).

Doing this is slightly less trivial than expected… steps are:

  • Generate a list of review ids and foreign keys (maps review objects to model object [Asset, SecurityPolicy, ThirdPartyRisk, Risk]
  • Update the relevant review objects with completion date, comments, completed status
  • Create new reviews entries for next cycle
  • Update the model object [Asset, SecurityPolicy, ThirdPartyRisk, Risk] to reference the new, next review date
  • Update the object status mapping for the updated reviews (expired and current statuses in this case)
  • Validate your updated via the web interface
    • No clearing of cache of waiting for jobs is required
-- Generate a list of review ids and foreign keys (in this case the foreign keys are for the associated Assets being reviewed):

SELECT CONCAT_WS(',',Model,id,foreign_key) from reviews where planned_date = '2022-04-19' and model = 'Asset';

-- Update the relevant review objects as desired:

update reviews set actual_date = '2022-04-20',user_id = 2, description = 'No changes to store [components, customer, deployment etc, all same] added to ISMF Agenda ', completed = 1, modified = now(), edited = now()  where id in (select id from reviews where planned_date = '2022-04-19' and model = 'Asset');

-- Create new reviews (this is usually done by the app when completing the review via the web interface, review objects need a Model [Asset, SecurityPolicy, ThirdPartyRisk, Risk] (other models have audits):

INSERT INTO 
	reviews(model, foreign_key, planned_date, completed, created, modified, deleted)
VALUES
('Asset',115,'2023-04-19',0,now(),now(),0),
('Asset',116,'2023-04-19',0,now(),now(),0),
...;

-- Update the Asset object to reference the new, next review date (get asset ID from query used to get review id + foreign_key)
update asset set review = '2023-04-19', expired_reviews = 0 where id in (select foreign_key from reviews where planned_date = '2022-04-19' and model =  'Asset');

-- Eramba has object statuses, the list of available statuses is defined in the object_status_statuses table; the mapping of objects to statuses is in the table: object_status_object_statuses
-- Note there will be better, safer queries to do this..:

-- Check the results select query so we know what we are updating
select * from object_status_object_statuses where foreign_key in (select id from reviews where planned_date = '2022-04-19' and model =  'Asset') and model = 'AssetReview' and name = 'expired';

-- Update the object status mappings for relevant items, in this case there are two statuses that need to be updated, the expired status (now should be 0_ and the current status (now should be 1)

update object_status_object_statuses set status = 0 where id in (select id from object_status_object_statuses 
where foreign_key in (select id from reviews where planned_date = '2022-04-19' and model =  'Asset') and model = 'AssetReview' and name = 'expired');

update object_status_object_statuses set status = 1 where id in (select id from object_status_object_statuses 
where foreign_key in (select id from reviews where planned_date = '2022-04-19' and model =  'Asset') and model = 'AssetReview' and name = 'current_review');

Categories
Random

Getting Started with Concepts App

I regularly like to make rough diagrams/plans by drawing on paper. As I have an iPad Pro with a stylus sitting next to me I have often thought there would be some benefits to being able to use a sketching diagram to:

  • Stop losing/damaging paper sketches
  • Easily undo mistakes
  • Leverage things like copy and paste
  • Infinite canvas
  • Ability to zoom in and out

To this end I am trying: Concepts App • Infinite, Flexible Sketching

Starting with a SkillShare course Draw with Concepts app: Basic Digital Illustration for Beginners

SkillShare – Course

  • Vector based app (infinite canvas + no pixilation)
  • User interface
    • Supports pressure sensitive stylus + palm rejection
    • Projects -> Files
    • Top right tools, customizable change tools
      • Line thickness, Opacity, Smoothness (0 for pen tip)
      • Color palette (make your own palette)
      • Layers pallet (automatic will separate layers by tool, recommended)
        1. Coloring with pencil, drawing with pen easy with auto layers
        2. Duplicate layers, transparency, visibility etc.
      • Tools + Brushes
        • Can buy new via pro
      • Precision palette
        • Grid, Snap, Measure, Guide
      • Gestures
        • 2 finger tap – undo
  • Workflow
    • Ran through a demo, drawing an images from a picture
      • Changing tools/brushes
      • Hold push + item select/select all layers

Other resources

Categories
ITOps Random

Eramba Community 2019 in Docker (docker-compose)

Eramba is an excellent open source Governance Risk and Compliance tool. Recently (10-SEP-2019), a new major release of the community version came out. Previously I used https://github.com/digitorus/eramba which was based on https://hub.docker.com/r/k0st/alpine-eramba/ to start eramba instances quickly with docker and docker-compose.

As I could not find an updated version of these for the new release I have made one. The repo for this, 2019 community version (specifically c2.4.1) can be found here: https://github.com/markz0r/eramba-community-docker

Follow the steps in README.md and you should be testing the new eramba in no time.

Mar, 2020: Updated for community edition 2.8.1

Thanks to the team at Eramba for making the tool available for all!

Categories
Random

Performance Benchmarks on CentOS 7 Linux

In a scenario where a VM is moved to different underlying hardware, it is generally a good idea to validate CPU, memory, disk IO and network.

CPU Benchmark

sysbench cpu --cpu-max-prime=20000 run

sysbench threads --num-threads=10 --thread-yields=0 --max-requests=100000000 --thread-locks=1 run

Memory Benchmark

sysbench memory --memory-block-size=1M --memory-total-size=100G run
sysbench memory --memory-total-size=10G run

File IO

sysbench fileio --file-total-size=5G prepare; sysbench fileio --file-total-size=5G --file-test-mode=rndrw --time=300 --max-requests=0 run
# Clean up
sysbench fileio --file-total-size=5G cleanup

Network latency, upload and download

wget https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py; ./speedtest.py; rm -f ./speedtest.py
Categories
Random

Office 365 Send As an Alias

If you want to have a single mailbox on Office 365 and be able to send as aliases of that mailbox, you will need to do some work around as it is not really support by Microsoft, see:

1 – Create Distribution List

  1. Create distribution group for the desired email address (ensuring is does not exist as an alias or otherwise in the tenant)
  2. Add desired destination mailbox as a member
  3. Open the Exchange Admin center
  4. Select “recipients” (side navbar) -> Select “groups” (top) -> Select the distribution group you just created, click the pencil icon to edit
  5. Select “group delegation” add your main mailbox user to the ‘Send As’ list
  6. Wait for approx 30 mins for Office 365 to provision the distribution list and update contact lists
  7. Optionally set up message rules in your mailbox to ensure emails to the distribution list email address are put into a specific folder

2 – Send As the distribution list via Outlook (Windows)

  1. In your Outlook client, create a new message
  2. If you cant see the From box, click ‘Options’, Click ‘From’
  3. Click on the now display ‘From’ dropbox and select ‘Other email address’
  4. Click on the ‘From…’ in the popup box
  5. Click on the ‘Offline Global Address List’, select ‘All Distribution Lists’, select your desired From address.

3 – Exchange Online

  1. Create new message
  2. Click the ellipsis to the right of the send button
  3. Right click on the from address, click remove
  4. Start typing the address you want to send from, select it from the drop down autocompleter