Soluții

PowerShell script to retrieve security-related events

PowerShell script to retrieve security-related events from the Windows Event Log, specifically from the Security log.

# Define the log name and security-related event IDs (adjust as needed)
$logName = “Security”
$securityEventIDs = @(4624, 4625, 4672, 4688, 4634, 4648, 4768, 4776) # Common security event IDs

# Get security events from the Windows Event Log
$securityEvents = Get-WinEvent -LogName $logName -MaxEvents 50 | Where-Object { $_.Id -in $securityEventIDs }

# Display the results
if ($securityEvents) {
foreach ($event in $securityEvents) {
Write-Output “———————————-”
Write-Output “Time: $($event.TimeCreated)”
Write-Output “Event ID: $($event.Id)”
Write-Output “Message: $($event.Message)”
}
} else {
Write-Output “No security events found.”
}

Event ID Description
4624 Successful login
4625 Failed login
4672 Special privileges assigned (admin logins)
4688 A new process was created
4634 Logoff event
4648 Explicit credential logon (RunAs)
4768 Kerberos authentication (TGT request)
4776 NTLM authentication attempt
[mai mult...]

PowerShell script to retrieve VPN events

PowerShell script to retrieve VPN events from the Windows Event Log. It focuses on events related to VPN connections (RAS and IKEv2).

# Define the log name and event IDs for VPN connections
$logName = “Application”
$vpnEventIDs = @(20225, 20226, 20227, 20255) # Example VPN event IDs

# Retrieve VPN connection events from the Event Log
$vpnEvents = Get-WinEvent -LogName $logName | Where-Object { $_.Id -in $vpnEventIDs }

# Display the results
if ($vpnEvents) {
foreach ($event in $vpnEvents) {
Write-Output “———————————-”
Write-Output “Time: $($event.TimeCreated)”
Write-Output “ID: $($event.Id)”
Write-Output “Message: $($event.Message)”
}
} else {
Write-Output “No VPN events found.”
}

  • Queries the Windows Event Log for VPN-related events
  • Filters based on event IDs typically associated with VPN connections
  • Displays relevant event details.
[mai mult...]

Configurate Bypass Rspamd step by step

Bypassing Rspamd for specific emails, domains, or users requires configuring whitelisting rules and scoring adjustments in Rspamd’s configuration files. Here’s a step-by-step guide to configuring a bypass in Rspamd:

Step 1: Access the Rspamd Configuration Directory

  1. Connect to your server via SSH:

sh

CopyEdit

ssh user@yourserver

2. Navigate to the Rspamd configuration directory:

sh

CopyEdit

cd /etc/rspamd/

Step 2: Whitelist an Email or Domain

To bypass Rspamd filtering for specific senders or domains:

  1. Open the whitelist configuration file (create if it doesn’t exist):

sh

CopyEdit

sudo nano /etc/rspamd/local.d/whitelist_sender.map

2. Add the emails or domains you want to bypass (one per line):

pgsql

CopyEdit

user@example.com

@trusted-domain.com

3. Save and exit (CTRL + X, then Y, then Enter).

4. Now, link this whitelist to Rspamd filtering:

sh

CopyEdit

sudo nano /etc/rspamd/local.d/settings.conf

5. Add the following configuration:

yaml

CopyEdit

whitelist {

priority = “high”;

from = “/etc/rspamd/local.d/whitelist_sender.map”;

apply {

symbols_disabled = [“ALL”];

groups_disabled = [“antivirus”, “antiphishing”, “antispam”];

}

}

 6. Save and exit.

Step 3: Disable Scoring for Whitelisted Senders

If you want to ensure that whitelisted senders have zero spam score:

  1. Edit the scores configuration file:

sh

CopyEdit

sudo nano /etc/rspamd/local.d/metrics.conf

 2. Add:

yaml

CopyEdit

whitelist {

id = “whitelist”;

score = -100;

description = “Whitelisted sender, bypass Rspamd checks”;

}

3. Save and exit.

Step 4: Restart Rspamd

After making changes, restart Rspamd to apply them:

sh

CopyEdit

sudo systemctl restart rspamd

Step 5: Verify the Configuration

To check if the bypass is working:

sh

CopyEdit

rspamc symbols test-email@example.com

  • If the whitelisted sender is working, the spam score should be low or zero.
[mai mult...]

How to install Windows 3.1 in DOSBox, set up Drivers and Play 16-bit Games

Install Windows 3.1 in DOSBox to run old 16-bit Windows games on 64-bit versions of Windows, Mac OS X, Linux, and anywhere else DOSBox runs. This is particularly useful as only 32-bit versions of Windows can run those 16-bit applications.

Windows 3.1 was actually just an application that ran on DOS, and DOSBox is an emulator designed to run DOS and DOS applications. Windows 3.1 in DOSBox is an ideal combination for running old Windows 3.1-era applications.

[mai mult...]