All posts by Don Matteo

Block suspicious IP with Linux firewall daemon

7. 05. 2021 Don Matteo Leave a comment

Block Brute-Force requests with Firewall Daemon from Bash Script

Firewall Daemon can help to protect against ongoing brute force attacks by detecting attempted attacks on the Linux host. To permanently protect the host from suspicious sources they can be blocked. The following bash script prevent from suspicious requests by append the IP address as argument and set it to reject using firewall-cmd.


#!/bin/bash
# use in a script to reject a source ip given as an argument
if [[ $# -eq 0 ]] ; then
   echo "No argument supplied"
   echo "use: reject [source ip address]"
   exit 0
fi
echo "$1 to reject"
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="'$1'" reject'
firewall-cmd --reload
sleep 1
systemctl restart fail2ban
sleep 3
firewall-cmd --list-all
iptables -vnL

#!/bin/bash

# use in a script to reject a source ip given as an argument

if [[ $# -eq 0 ]] ; then

echo "No argument supplied"

echo "use: reject [source ip address]"

exit 0

echo "$1 to reject"

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="'$1'" reject'

firewall-cmd --reload

sleep 1

systemctl restart fail2ban

sleep 3

firewall-cmd --list-all

iptables -vnL

The script was written on Debian 10 (buster), on Debian firewalld has to be installed first, as well as on Ubuntu 20. On CentOS Linux 7/8 (Core) and Fedora 30 or higher firewalld is standard and the script can be used.

Fail2ban (failure leads to ban) is an IPS framework developed in Python to prevent attacks. It runs on all Unixoid OS that is based on a managable packet filter system or a firewall such as iptables or firewalld on Linux.

line 13, if available and executed, the addresses banned by fail2ban are restored to their previously active state after firewalld has been processed. If fail2ban is not applied, lines 12-14 can be deleted.


./reject.sh 12.34.56.78

1 2	./reject.sh 12.34.56.78

Run the script with append die source IP to reject suspicious requests through the firewall.

The locked IP address can be removed with the following command line in the bash shell.


firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="12.34.56.78" reject'
firewall-cmd --reload

firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="12.34.56.78" reject'

firewall-cmd --reload

Two commands to display the current state of firewall rules.


firewall-cmd --list-all
iptables -vnL

firewall-cmd --list-all

iptables -vnL

Howto Tutorials (EN)

Network Printer Management from Command Prompt

5. 05. 2021 Don Matteo Leave a comment

rundll32 printui.dll,PrintUIEntry

printui.dll is an executable for automated printer configuration tasks with features used by the printer configuration dialog boxes. These functions can also be called from a script or command-line batch file, or run interactively through the command prompt.

printui.dll runs with rundll32.exe to provide tools for demanding tasks, add printers, manage, delete, and add network printer connection.

Open printer server properties

Printer server properties open rundll32 printui.dll,PrintUIEntry /s — Open properties of printer server

Properties of Printer Server Section Drivers

Connect to the network printer:


rundll32.exe printui.dll,PrintUIEntry /in /n \\server\LaserJet

1 2	rundll32.exe printui.dll,PrintUIEntry /in /n \\server\LaserJet

The LaserJet network printer which is shared on the SERVER, is installed on the client computer and connected to the server.

Setup printer using driver INF-file:


rundll32 printui.dll,PrintUIEntry /if /b "AddressLabel" /f C:\Driver\Zebra\ZBRN\ZBRN.inf /r "10.10.10.89" /m "ZDesigner GK420t" /Z

1 2	rundll32 printui.dll,PrintUIEntry /if /b "AddressLabel" /f C:\Driver\Zebra\ZBRN\ZBRN.inf /r "10.10.10.89" /m "ZDesigner GK420t" /Z

/if Installs printer using the specified INF-file
/b Basic printer name AddressLabel
/f Path to the printer driver INF-file
/r Portname or IP address
/m Model name of the printer driver from the INF-file
/Z Share this printer, use only with option “/if”

Delete local printer driver:


rundll32 printui.dll,PrintUIEntry /dd /m "LaserJet" /q

1 2	rundll32 printui.dll,PrintUIEntry /dd /m "LaserJet" /q

/dd Deletes the local printer driver
/m Model name of the printer driver
/q Do not display possible error messages

Delete network printer connection:


rundll32 printui.dll,PrintUIEntry /dn /n "LaserJet" /q

1 2	rundll32 printui.dll,PrintUIEntry /dn /n "LaserJet" /q

/dn Deletes the network printer connection.
/n The name of the printer.

Help on printui.dll is get with the following command in the command prompt.


rundll32 printui.dll,PrintUIEntry /?

1 2	rundll32 printui.dll,PrintUIEntry /?

Batch example:

Example add network printer connection use from Loginscript.


@echo off
@REM Batch Network printer connection
if /i %computername:~0,2%==BE goto Bern 
if /i %computername:~0,2%==BS goto Basel
if /i %computername:~0,7%==SPECTRE goto LAPTOP
goto END
:Bern
@REM Network printer connection Bern
rundll32 printui.dll,PrintUIEntry /in /n \\SERVER\LaserJet_BE
goto END
:Basel
@REM Network printer connection Basel
rundll32 printui.dll,PrintUIEntry /in /n \\SERVER\LaserJet_BS
goto END
:LAPTOP
@REM Network printer connection SPECTRE
rundll32 printui.dll,PrintUIEntry /in /n \\SERVER\OfficeJet_HO
goto END
:END

@echo off

@REM Batch Network printer connection

if /i %computername:~0,2%==BE goto Bern

if /i %computername:~0,2%==BS goto Basel

if /i %computername:~0,7%==SPECTRE goto LAPTOP

goto END

:Bern

@REM Network printer connection Bern

rundll32 printui.dll,PrintUIEntry /in /n \\SERVER\LaserJet_BE

goto END

:Basel

@REM Network printer connection Basel

rundll32 printui.dll,PrintUIEntry /in /n \\SERVER\LaserJet_BS

goto END

:LAPTOP

@REM Network printer connection SPECTRE

rundll32 printui.dll,PrintUIEntry /in /n \\SERVER\OfficeJet_HO

goto END

:END

Howto Tutorials (EN)

Create Shortcut using VBScript

9. 04. 2021 Don Matteo Leave a comment

Create shortcuts on desktop with Visual Basic Script

VBScripts can help wherever automated tasks need to be used. Batch files may not always be appropriate, and the use of Group Policy may not always be available, where a Visual Basic Script can do this, for example, to provide shortcuts to applications.

The following VBScript creates a shortcut on the desktop, here for example to open the Windows Calculator.

Insert VBScript lines by Copy Paste into Notepad and save them as create-shortcut.vbs, then douple-click to execute the VBScript will create the shortcut on desktop.


' VBScript to created shortcut
Const strProgramTitle = "Shortcut to Calculator"
Const strProgram = "%SystemRoot%\System32\calc.exe"
Const strWorkDir = "%USERPROFILE%"
Dim objShortcut, objShell
Set objShell = WScript.CreateObject ("Wscript.Shell")
strLPath = objShell.SpecialFolders ("Desktop")
Set objShortcut = objShell.CreateShortcut (strLPath & "\" & strProgramTitle & ".lnk")
objShortcut.TargetPath = strProgram
objShortcut.WorkingDirectory = strWorkDir
objShortcut.Description = strProgramTitle
objShortcut.Save
WScript.Quit

' VBScript to created shortcut

Const strProgramTitle = "Shortcut to Calculator"

Const strProgram = "%SystemRoot%\System32\calc.exe"

Const strWorkDir = "%USERPROFILE%"

Dim objShortcut, objShell

Set objShell = WScript.CreateObject ("Wscript.Shell")

strLPath = objShell.SpecialFolders ("Desktop")

Set objShortcut = objShell.CreateShortcut (strLPath & "\" & strProgramTitle & ".lnk")

objShortcut.TargetPath = strProgram

objShortcut.WorkingDirectory = strWorkDir

objShortcut.Description = strProgramTitle

objShortcut.Save

WScript.Quit

Last but not least, enjoy to edit the Const lines in the script to use any other applications.

Now double-clicking the shortcut on the desktop opens the Windows Calculator.


C:\> cscript //Nologo //B create-shortcut.vbs

1 2	C:\> cscript //Nologo //B create-shortcut.vbs

This VBScript can be started with cscript from the command prompt or from a batch.