OMOTECH Tips & Tricks

Create, delete, edit, list, start or stop a scheduled task.
Works on local or remote computers.
Syntax:

SCHTASKS /Create [Connect_Options] create_options

SCHTASKS /Delete [Connect_Options] /TN taskname [/F]

SCHTASKS /Query [Connect_Options] [/FO format] [/NH] [/V]

SCHTASKS /Run [Connect_Options] /TN taskname
SCHTASKS /End [Connect_Options] /TN taskname

SCHTASKS /Change [Connect_Options] {[/RU username] [/RP password] [/TR taskrun]} /TN taskname

Connect_Options:
/S system #remote system (default is local)
[/U username [/P password]] #submit job under this name

create_options:
[/RU username [/RP password]] #run job under this name
/SC schedule [/MO modifier] #When to run, see below
[/D day] #day = MON,TUE,WED,THU,FRI,SAT,SUN
[/M months] #month=JAN,FEB,MAR,APR,MAY,JUN,JUL,AUG,SEP,OCT,NOV,DEC.
[/I idletime] #1 – 999 minutes (ONIDLE task only)
/TN taskname /TR taskrun #Name and pathname for task
/ST starttime #HH:MM:SS (24 hour)
[/SD startdate] [/ED enddate] #start and end date “dd/mm/yyyy”

options:
/F Force delete, ignore warnings even if the task is currently runnning.
/FO format Output format: TABLE, LIST, CSV
/NH No header
/V Verbose output
Notes:
For MONTHLY schedules give the DAY as a number 1 – 31 (default=1)

To prompt for the password, specify /RP * or /RP none
The User Account under which the Schedule service runs may require specific file access permissions, user permissions and drive mappings.
If the /RU username and /RP Password parameters match the currently logged-in user, the task will run interactively (visible in the foreground).

For the system account, /RU username can be written as “”, “NT AUTHORITY\SYSTEM” or “SYSTEM”, a Password is not required. The system account has full access to the local machine but has no permissions on any other machines (or mapped drives) across the Network.
/SC schedule The schedule frequency.
Valid schedules: MINUTE,HOURLY,DAILY,WEEKLY,MONTHLY, ONCE,ONSTART,ONLOGON,ONIDLE.

/MO modifiers allow finer control:

MINUTE: 1 – 1439 minutes.
HOURLY: 1 – 23 hours.
DAILY: 1 – 365 days.
WEEKLY: 1 – 52 weeks.
ONCE: No modifiers.
ONSTART: No modifiers.
ONLOGON: No modifiers.
ONIDLE: No modifiers.
MONTHLY: 1 – 12, or FIRST, SECOND, THIRD, FOURTH, LAST, LASTDAY.
Power Saving
The property for “Wake up the machine to run this task” cannot be set using schtasks, but this property is essential if you need the task to run on a machine that has PowerSaving enabled.
To work around this, create a task on one computer using the control panel GUI. This will create a .job file in C:\%windir%\Tasks\
To replicate the scheduled task onto other machines copy the .JOB file to C:\%windir%\Tasks on each machine.

This techique will not retain any system account credentials, so if you need to run the tasks under System, run the following after copying the .JOB file:
SCHTASKS /CHANGE /RU “NT Authority\System” /TN “Yourtaskname”
Examples:
Create a task to run at 11 pm every weekday
SCHTASKS /Create /SC weekly /D MON,TUE,WED,THU,FRI /TN MyDailyBackup /ST 23:00:00 /TR c:\backup.cmd /RU MyDomain\MyLogin /RP MyPassword
Now delete the task:
SCHTASKS /Delete /TN “MyDailyBackup” /f
Create a daily task to run a script at 5 pm:
SCHTASKS /create /tn “My Script” /tr “\”c:\my folder\script.cmd\” arguments” /sc daily /sd 12/29/2008 /st 17:00
Task Scheduler options are stored in the registry
HKLM\SOFTWARE\Microsoft\SchedulingAgent\

Download the network installation iso file and burn to CD.

Place the CD in the CD-Rom and reboot the system.

When ask to select the network install method, choose “HTTP” and enter the following:

1) for 32 Bit
Host: mirror.centos.org
Directory: centos/5.4/os/i386/

2) for 64 Bit
Host: mirror.centos.org
Directory: centos/5.4/os/x86_64/

Type this command to determine your kernel version:

[root@lnx ~]# uname -r
2.6.18-128.el5

Download the NTFS kernel modules from:
http://www.linux-ntfs.org/doku.php?id=redhat:rhel5

The current kernel module version of my system at the time of this writing was:
kernel-module-ntfs-2.6.18-128.el5-2.1.27-0.rr.10.11.i686.rpm

Install the RPM :

rpm -ihv kernel-module-ntfs-2.6.18-128.el5-2.1.27-0.rr.10.11.i686.rpm

Load the kernel module :

modprobe ntfs

Find the disk info : fdisk -l

One partition should be mentionned as HPFS/NTFS

Mount the partition :

mkdir /g_drive

mount -t ntfs /dev/hdb2 /g_drive

That’s it!

We will be using the commandd line to start the activation program.

Windows (XP/Vista/7/2003/2008) will normally remind users to activate their product soon after installation. To activate Windows manually, you can use the Start menu shortcut in the System Tools Accessories folder. At the command prompt, type

oobe/msoobe /a

In case you’re wondering, msoobe stands for “Microsoft Out of Box Experience.”

It becomes very frustrating when copying large files with “cp” because of the lack of progressbar. With “rsync” in contrast, you can toggle verbose mode with ‘-v’ to enable feedback through the progressbar. So when copying several files, you will be able to know which files are done. Unfortunately, there’s no single-file progress to be seen.

Using rsync, you can. And it’s available on nearly every linux release, too.

Here’s the syntax difference:

cp <oldfile> <newfile>

rsync --progress <oldfile> <newfile>

rsync would then look like this:

It gives you an estimated time remaining, as well as a speed indication. And it shouldn’t affect your total copy time by that much, either.

For more details on parameters and syntax, click here

You are hired to take charge of a Linux or Unix production system and no password has been provided for whatever reason (maybe the administrator has just been fired). There are two basic methods to reset the root password:

 
    Method 1:
    —————
 
        1. Place the first installation CD/DVD in the CD/DVD-Rom
 
        2. Reboot the system
 
        3. enter “rescue” as boot option + ENTER
 
        4. click continue to mount the system
 
        5. cd /mnt/sysimage/
 
        6. type “ls”
 
        7. type “pwd” to know the “present working directory”
 
        8. chroot . bash -i (in order to get the root environment with “bash shell”)
 
        9. type “pwd” to know the “present working directory”
 
        10. type “ls”
 
        11. type “passwd”    –> to reset the root password
 
        12. type “exit”  —> until the system reboots
 
    Method 2:
    —————
 
        1. Reboot
 
        2. at the menu of the boot manager (e.g. grub), type ‘e’ for editing
 
        3. navigate to the kernel you want to boot
 
        4. at the right of the line, enter “init 1″ or “single” and press enter
 
        5. type ‘b’ to boot the system into the single user mode
 
        6. type “passwd” to reset the root password

I ran into some problems trying to login my FTP-Server after installing and configuring VsFTP on CentOS 5.4. I got the following errors:
“500 OOPS: cannot change directory”

The problem occured because SELinux was preventing the FTP daemon (ftpd) from reading user’s home directories.

This setting can be overwritten by issuing the following command on the shell prompt.

# setsebool -P ftp_home_dir=1

This will allow FTP access to a user home directory through SELinux.

This tutorials shows how the router Linksys WRT54G Version 1.1 (serial number starts with reflashing CL7B) with DD-WRT. Through this process, the capabilities of the router to be expanded. Flashing takes place in two stages: the first section needs to be flashed with the mini version of DD-WRT. The second section is then flashed with the standard version of DD-WRT. Warning: By flashing one can possibly lose warranty claims. Everything at your own risk. Details:

The Network cable to port 1 (1) The WRT54GLv1.1 is connected to the power supply, which in turn depends on the socket.

A blue network cable is connected to Port 1. (2) Ports 2, 3, or 4 may be used as well.  However, port 1 has been chosen for this example and worked successfully. The other ports remain free. Better safe than sorry. The flash process should not be disturbed.

The network cable (3) is connected to the central unit. The computer is currently not connected to the internet, but only to the WRT54GLv1.1

DD-WRT Download-Section(4) Now, connect to the internet with a second computer and click on the link: DD-WRT Download-Section.
(5) Note that there are several versions of DD-WRT.
(6) The current version is 23 SP1. Click on the version dd-wrt.v23 SP1.

DD-WRT version 23 SP1(7) This takes you to where other categories of version SP1 is been offered.
(8) This is a micro-version. This is for example made for the lousy WRT54G version 5. The WRT54G version 5 has only  2 MB flash memory. In the previous versions, there were more memory.
(9) Fortunately, WRT54GLv1.1 has 4 MB flash memory. For this reason, we can choose for the router modell the mini-version.
(10) The standard version is suitable for professional use.
(11) There is also a version for VoIP. It would be very interesting to know whether this version adds significant value to the standard version, if you want to use Internet telephony.
(12) And then there’s a version with OpenVPN.

DD-WRT version 23 SP1 (mini) (13): We have to decide in this case for the mini version.
(14) A dialog box opens to download the mini-version of DD-WRT version 23 SP1.
(15) It doesn’t matter whether you “choose Open with CompressedFolder” or “on floppy / hard disk space”.
(16) Click OK.

Files are downloaded (17) For a brief moment will later be shown that all files have been downloaded

dd-wrt.v23_sp1_mini.zip extract (18) on your own computer is now the packed file “dd-wrt.v23_sp1_mini.zip.” By clicking the right mouse button on the file.
(19) Select 7-Zip.
(20) Select »Extract here«

dd-wrt.v23_mini_generic.bin(21): Take a look at the extracted files. There are several router models for special specifications of the mini-version. If you want to flash a different router than the model discussed here, then you should better look on the Internet for other instructions. In the present case (WRT54GLv1.1), will be flashed with dd “-wrt.v23_mini_generic.bin”.

eset the router by pressing with a pen (22) the reset button for 30 Seconds.

Type the password »admin« (23) and start the internet browser.
(24) In the address bar you type the IP address of the router. This is 192.168.1.1.
(25) Now you will be prompted to enter username and password.
(26) The field with the username can be left empty.
(27) The Password is »admin«.
(28) Click OK.

WRT54GLv1.1(29) Administration: You’ll be taken to WRT54GLv1.1 administration portal. You can see the standard software from Linksys / Cisco.

Click on Firmware Upgrade. One can see that the firmware version is 4.30.7. This is wiil soon be replaced with DD-WRT.
(30) Click on the “Administration” tab.
(31) Click on Firmware Upgrade.

dd-wrt.v23_mini_generic.bin auswählen(32) Auf »Durchsuchen…« klicken.
(33) Das Dialogfenster »Datei uploaden« wird geöffnet.
(34) Man möchte die Mini-Version von DD-WRT Version 23 SP 1 uploaden.
(35) Im vorliegenden Fall muss man die generic-Version auswählen.

Upgrade mit dem Internet Explorer(36) In diesem Feld befindet sich jetzt der Pfad zur generic-Version, mit der der WRT54GLv1.1 gleich geflasht werden soll.
(37) Fast hätte man jetzt auf Upgrade geklickt. Doch halt! Stop! Noch nicht klicken! Man hat im Internet die Information gelesen, dass man zum Flashen besser den Internet Explorer verwendet und nicht den Firefox. Der Firefox geht zwar auch, ist aber nicht optimal. Besser den Internet Explorer verwenden. Deswegen führt man die Schritte (23 bis 36) nochmal erneut aus. Diesmal nicht mit dem Firefox, sondern mit den Internet Explorer. Dann klickt man im Internet Explorer auf Upgrade.

Upgrade is successful(38) Im vorliegenden Fall musste etwa 1 Minute gewartet werden. Danach erscheint die Angabe »Upgrade is successful.«.
(39) Auf »Continue« klicken.

Benutzername ist jetzt »root«(39) Nachdem man soeben auf »Continue« geklickt hat, (40) öffnet sich das Dialogfenster, in das man Benutzername und Kennwort eingeben soll, um auf die IP-Adresse 192.168.1.1 zugreifen zu können.
(41) Hier befindet sich die Angabe, dass es sich um den WRT54GL handelt.
(42) Als Benutzername muss man jetzt »root« eingeben. Das ist anders als vorhin unter (26), als noch die originale Linksys-Firmware installiert war. Damals war die Angabe eines Benutzernamens nicht notwendig, jetzt ist das erforderlich.
(43) Das Kennwort ist immer noch »admin«.
(44) Auf OK klicken.

DD-WRT v23 SP1 mini(45) Im Browser wird jetzt angezeigt, dass man DD-WRT v23 SP1 Final (05/16/06) mini installiert hat. Also momentan ist lediglich die Mini-Version installiert. In einem weiteren Schritt wird auf die Standard-Version geflasht. Warum eigentlich so umständlich ? Warum erst die Mini-Version installieren und danach erst die Standard-Version? Die Ursache liegt darin, dass die originale Linksys-Firmware ein Firmware-Upgrade auf maximal 3 MB limitiert. Die Mini-Version hat weniger als drei MB. Die Standard-Version hat mehr als drei MB. Wenn man die Mini-Version installiert hat, dann gibt es die Limitierung auf drei MB nicht mehr. Dann gibt es nur noch das Limit des verfügbaren Flash-Speichers. Im vorliegenden Fall beim WRT54GLv1.1 beträgt dieser Flash-Speicher (wie gesagt) 4 MB. Der Flash-Speicher ist ausreichend groß für die Standard-Version.

dd-wrt.v23_sp1_standard.zip(46) Man begibt sich jetzt wieder – wie in Schritt (4) – in die DD-WRT Download-Sektion.
(47) Man erinnert sich daran, dass man sich in Schritt (13) für die Mini-Version entschieden hatte. Was war nochmal die Begründung dafür? Ach ja richtig, die Mini-Version hat weniger als 3 MB. Deswegen hatte man diese ausgewählt.
(48) Jetzt kann man sich für die Standard-Version entscheiden.

DD-WRT Version 23 SP1 Standard(48) Nachdem man sich für die Standard-Version entschieden hat, (49) wird ein Dialogfenster geöffnet, in dem man gefragt wird, ob man die Standard-Version von DD-WRT Version 23 SP1 herunterladen möchte.
(50) Auf OK klicken.

dd-wrt.v23_generic.bin(51) Man wirft einen Blick auf die Dateien, die man soeben heruntergeladen hat. Im vorliegenden Fall muss später die generic-Version hochgeladen werden. Man nimmt zur Kenntnis, dass im Dateinamen der Hinweis darauf fehlt, dass es sich eigentlich nicht um die Version 23 handelt, sondern um die Version 23 SP1. Das ist ein bisschen mißverständlich, aber es handelt sich bei »dd-wrt.v23_generic.bin« trotz ungenauer Kennzeichnung um die Version 23 SP1.
(52) Auf dem Bildschirmfoto ist angedeutet, dass die Paketgröße etwa 3,41 MB beträgt. Also die Standard-Version hat mehr als drei MB. Sie kann gleich installiert werden, weil sich auf dem Router bereits die Mini-Version von DD-WRT befindet. Die Standard-Version darf nicht installiert werden, wenn sich auf dem Router die originale Linksys-Firmware befindet.

Auf »Administration« – »Firmware Upgrade« klicken(53) Im Internet Explorer gibt man in die Adresszeile die IP-Adresse des Routers 192.168.1.1 ein.
(54) Auf »Administration« – »Firmware Upgrade« klicken.
(55) Auf »Durchsuchen…« klicken.

Reset-Knopf drücken(56) Jetzt macht man zur Sicherheit – genauso wie in Schritt (22) – einen Reset. 30 Sekunden lang mit einem Kugelschreiber auf den Reset-Knopf drücken.

dd-wrt.v23_generic.bin auswählen(55) Man hatte gerade eben auf »Durchsuchen…« geklickt.
(57) Ein Dialogfenster zur Auswahl der hochzuladenden Datei wird geöffnet.
(58) Man möchte die Standard-Version von DD-WRT Version 23 SP1 uploaden.
(59) Für den WRT54GLv1.1 ist die Datei »dd-wrt.v23_generic.bin« die zutreffende Version.

Upgrade mit dd-wrt.v23_generic.bin(60) Der Pfad zu der Datei »dd-wrt.v23_generic.bin« ist jetzt in diesem Feld angegeben.
(61) Man nimmt die Warnmitteilung zur Kenntnis. Ein Update der Firmware kann mehrere Minuten dauern. Vorhin hatte das Update etwa 1 Minute gedauert. Mal schauen, wie lange es jetzt dauern wird.
(62) Auf Upgrade klicken.

Fortschrittsbalken bewegt sich(63) Es dauert jetzt etwa 1 Minute, in der sich der Fortschrittsbalken hin und her bewegt.

Upgrade war erfolgreich(64) Das Upgrade war erfolgreich. Es erscheint die Meldung »Upgrade successful. Unit is rebooting now. Please wait a moment…«. Man muss jetzt viele Sekunden warten.

Standard-Version ist installiert(65) Man befindet sich jetzt im Browser. Dort wird durch das Kürzel »std« angezeigt, dass jetzt die Standard-Version installiert ist. Vorhin unter (45) war die Mini-Version durch die Angabe »mini« angezeigt worden.

Zusammenfassung: Das Flashen des WRT54GLv1.1 erfolgt in zwei Schritten: Zunächst mit der Mini-Version flashen. Danach mit der Standard-Version flashen. Das Flashen sollte mit dem Internet Explorer durchgeführt werden.

Artikel mit ähnlichem Inhalt: WRT54G v4 Installation Tutorial

Sometimes there are occasions when none of the above methods deal with a given situation and we need to extend the SELinux policy by creating a custom policy module to allow for a certain set of conditions. For example, consider the smb service add-on for a file server. Our file server needs to communicate with samba over a Unix socket and that is something the default SELinux policy for our samba server does not allow. Consequently the service is blocked by SELinux. This is an issue that can not be fixed by changing or restoring file type security contexts and isn’t something that has a boolean value we can toggle to allow. We could disable SELinux protection of the samba server through a boolean, which would be better than disabling SELinux completely, but that is still far from ideal.

If we switch SELinux into Permissive mode and run our file server for a set period of time, we can log SELinux issues whilst still permitting access. Checking our logs, we see the following SELinux AVC messages:

type=SYSCALL msg=audit(1264381313.497:1327): arch=40000003 syscall=196
type=AVC msg=audit(1264381314.363:1328): avc:  denied  { search } for
type=SYSCALL msg=audit(1264381314.363:1328): arch=40000003 syscall=195
type=AVC msg=audit(1264381315.686:1329): avc:  denied  { getattr } for

*) The above output is trimed to fit in the box.

Then we can use ‘audit2allow’ to generate a set of policy rules that would allow the required actions. We can generate a local samba Type Enforcement policy file (sambalocal.te):

# mkdir selinux_samba
# cd selinux_samba
# grep smbd_t /var/log/audit/audit.log | audit2allow -m sambalocal > smblocal.te
# cat sambalocal.te
module sambalocal 1.0;
require {
 type home_root_t;
 type default_t;
 type smbd_t;
 class file getattr;
 class dir { read getattr search };
}
#============= smbd_t ==============
allow smbd_t default_t:dir { read search };
 smbd_t default_t:file getattr;
allow smbd_t home_root_t:dir { getattr search };
 

Above we see that we can grep the audit.log file for issues relating to our samba server and pipe those issues to audit2allow which generates a set of rules that it thinks would permit the actions currently denied by the SELinux policy. Reviewing these rules we see our samba server wants to connect and write to a Unix socket which we see from out logs is the Unix socket that the smb service is listening on. As this seems perfectly reasonable, we can go ahead and use audit2allow to make a custom policy module to allow these actions:

# grep smbd_t /var/log/audit/audit.log | audit2allow -M sambalocal 

We then load our samba policy module using the ’semodule’ command into the current SELinux policy:

semodule -i sambalocal 

which will add our samba policy module to /etc/selinux/targeted/modules/active/modules/sambalocal.pp. We can check the policy module loaded correctly by listing loaded modules with ’semodule -l’.

We can then continue to monitor our SELinux log files to check that our custom policy module works and once we are satisfied we can re-enable SELinux Enforcing mode and again benefit from SELinux protection of our now fully functional samba server.

Windows Vista  and Windows 7 contains a master administrator account but it is not normally visible on the log-in screen. To enable it, open a command window with administrator privileges and use the command

             net user administrator /active:yes

(Make sure that you assign a password to the account.)

To remove the account from the log-in screen, use the command

            net user administrator /active:no