This is what happens when you rely on data scraped from the output.


I am testing out the latest version of Google Apps Manager 3.42 for my personal Google Apps domain. Currently the version I have been running is 3.04. Which was working just fine for what I was doing with it. But since Google changed a lot of what the admin panel can report I figured I would check it out. I built some tools in the past to do some basic google admining from the command line.  Read about them HERE. Every one of the tools that I put together works just fine. However, the remove user from groups script always changes. This is what happens when you rely on data scraped from the output.

I would run a script to get the following data. Below is the differences of the output:

Output from version 3.04:

Output from version 3.42:

Previously I would have used something like this to print out the group addresses that the user belonged to.

Using GAM Version 3.04 I would have done the following; The first sed command would remove everything up until the word “Groups” Then the grep –v would have actually omitted “Groups:” from being shown. Then the final sed section would have removed the first word and angle brackets around the groups email address. Here is an example of what I was hoping would come back.

Instead, I tried running that same thing on the latest version of GAM but found much different results.

The actual output from running the script little different than the older one. So that is why this current script doesn’t work. With this script it only left us with the 4 coms and the last two lines (Which were new.) So a little googling for syntax and playing around on my command line I was able to come up with this.

Again the first sed would work just like the last part. It would remove all data up until the word “Groups:”. Since the number next to Groups would always be different I just used “sed 1d” to remove the first line. From there I did a grep for extended regex and invert match. Then removed the licenses and Google-Apps from the bottom of the list. Then removed the <> from the group email addresses. Then finally printed only the second column using awk. It’s a little hacky for sure, but should always work unless they update the output 😉

Here is the latest full script that I am using to remove groups from a user account. This will also log to the current directory that the script is being ran from in the gamlog file.


Thanks for checking this out. I will be posting some more about Google Apps Manager 3.42 soon!


How About a Little Honey?


I was listening to Security Weekly episode 395 where they had Elliot Brink @ebrinkster on the show talking about  Kippo Honey Pot.  It seemed like an interesting way to gather information on post exploitation data. I am investigating this further and will post a follow up to this post in a month or so, after I have obtained more data from the Honey Pot. For now, I will go over the steps to install Kippo on your own system.

For more information on a Honey Pot click here.

I am running this on a Iniz VPS that I purchased for $29 for the year. The specs are as follows:

OS              = CentOS 6 32bit
Bandwidth = 500 GB
Memory     = 256 MB
HDD           = 50 GB

With the Kippo Honey Pot running, I am only using the following:

Bandwidth = 13.9 MB of 500 GB Used / 500 GB free
Memory     = 43.8 MB of 256 MB Used / 212.2 MB free
HDD           = 731.2 Mb of 50 GB Used / 49.3 GB free

As far as installation, its not that big of a process. The steps I have taken are listed below. All of the commands are going to assume you are running as root.

Since this is a freshly installed CentOS 32 bit setup,  you do the following to get prepped:

Run all system updates.

Enable EPEL.

Install Git.

Install PIP and Twisted.

Since Kippo can not run as root, create a kippo user. Then login as the kippo user. Create a git directory to sync the kippo git repo. And finally clone the git repo.

After the repo has been cloned, enter the kippo directory. Create the kippo config file by copying the kippo.cfg.dist file to kippo.cfg.

Then, edit the kippo.cfg file. There are a lot of basic settings that you can set in the config file; I only edited the hostname on line 21. I usually pick db01, but you can choose anything that seems fitting.

Start the Kippo process.

After the process has successfully started, I normally just do a quick ps to confirm it is running. You should see something like this if it is running properly:

Test out the port 2222 to make sure the ssh server is running.  The Default password 123456, is the most popular password on the adobe list.

After all that is tested and working, Its time to setup iptables to forward the ports. Change IN_IFACE to match the ethernet interface. I also like to restart the ssh service.

This will allow people/potential attackers ssh to the Honey Pot using port 22.  I use the console login option in the VPS management page. This way I can login at the same time on another port while Kippo is running. Your setup may be a bit different in that area.

After that is all setup, go in and tail some logs.


I will post some of my findings in the next couple of weeks. Thanks for reading, and a big shout out to Elliot Brink @ebrinkster for all the help getting this thing setup.



Where I have been….

Screen Shot 2014-04-12 at 2.23.50 PM

I just wanted to get updated over here, I have been gone a bit. I have been spending most of my free time trying to learn python. I have found a few cool sites that I have been using to learn. Here they are ;

A Byte of Python
Code Academy

And to me the most valuable one (in my opinion)
Learn Python The Hardway by Zed A. Shaw

I opted to pay the $29.59. It was probably one of the best 30 dollars I have ever spent in my career. With tons of tutorials and videos Zed makes sure that you understand what you are doing. There are plenty of extra credit, and common student questions. I highly recommend this to anyone looking to learn python. This for me has been the easiest to follow. I am about halfway through the class. I am on the part where I am to go read other peoples code. I am learning a ton doing so. I attached a sample of what I learned in using Zeds page.

Anyway, expect some more python themed posts in the near future.

Graphing the CPU Temps from Apple Servers


I was asked to figure out how to graph the CPU temperature of our Apple servers. First I started checking around for whatever I can find, maybe any pre built templates or anything. I couldn’t really find much. I then refined my searching a bit. I was trying to get the info using the command line. I found there was this software called Temperature Monitor by Bresink. You can download this app HERE.

So here are the steps I took to monitor the processor temps.

1. Download Temp Monitor

2 Copy the to the /Applications directory on the server.

3. SSH to the server, and modify the snmpd.conf file. This is found in the /etc/snmp/ directory. (This is similar to mine.) The Extendfix option allows me to execute the script on the machine using an unused OID.  This is how I will run the script from a remote host.

4. Restart SNMP. (On a MacMini or Xserve or anything running 10.8 use the method I am enclosing)

5. You may have noticed that in step 3. I have am refering to a script. This file should also live in the /etc/snmp directory. Also chmod +x the file after you create it to make it executable.

6. Test it out on the machine.

7. Test it out remotely using another script i wrote. (I am clearly poor at naming things)

8. Enter the data into Cacti.  (I may post another tutorial on how I did that.)

9. Watch the graphs!


There wasn’t much involved to do this. Just a little bit of shell scripting and working out how to use the on the command line. I am almost certain there is a better way to do this. But in the time frame I was given to complete the job, this seemed to be the best fit for what we needed to get done.


Thanks for reading this, comment if you have any questions or comments.

Google 2 Factor Authentication Detection Script for Google Apps Manager


Welcome back! Well if you are running Google Apps for Business then you should be using Google Apps Manager to admin it.  Google offers a .CSV file in the admin panel to give you all the info about your users. In this .CSV you can get info on if the user(s) on your domain are rolled into 2 factor authentication.  In the latest release of Google Apps Manager  3.0 they allow you to open that .CSV. Assuming you want to know if your users have enrolled in 2fa for on their mail account. You can run the following script in your gam directory.

When you run this, it will generate a report with the following fields.
Email Address, 2fa Enforced, 2fa Enrolled. With this you can tell if you have 2fa enforced over the network, as well as if the user has it enabled. This can be real useful if you are trying to lock down your Google Apps for Business domain.

Thanks for stopping by!

Google Apps Manager – And How I Use It.


Google Apps Manager (GAM) is a nice tool that hooks into Google Apps for Business. It can do a ton of useful things. Google Apps Manager

Google Apps Manager (GAM) is a command line tool that allows administrators to manage many aspects of their Google Apps Account. This page provides simple instructions for downloading, installing and starting to use GAM. GAM requires Google Apps Business, Education, Partner or Government Edition. Google Apps Free Edition has limited API support and not all GAM commands work. Read more about it here. Getting Started With GAM

The main thing I use GAM for is exiting users when their position is terminated. I use commands like:  (from the gam directory)
Get user info

Get group info 

Remove user from groups (difficult manually if in a lot of groups)

Suspend user 

This app does a lot of other features. The commands listed above are great if you only want to run them once. 

I had help from some friends with writing these wrappers, but I was able to write one for each of the commands listed.

These wrappers make it really simple to run the GAM commands.

I will post some of the wrappers I have done. They are pretty easy and should start making sense once you see one or two of them.

These were written for GAM 2.55 The Will NOT work on version 3.0x. I am working to fix this for the latest version.


UPDATED Functionality for Google Apps Manager 3.0 09/03/2013





Here is my GAM Github Repo

Stay Classy!

Raspberry Pi Vitals Check

Vitals is a small shell script I wrote that prints out some basic stats of your Raspberry Pi. This is intended for The Rasbian distribution, and has not been tested on other systems. (yet)
The majority of the command runs using the vcgencmd command. This will receive some system stats when ran. Here are a list of the commands;
$ vcgencmd commands="vcos, ap_output_control, ap_output_post_processing, vchi_test_init, vchi_test_exit, pm_set_policy, pm_get_status, pm_show_stats, pm_start_logging, pm_stop_logging, version, commands, set_vll_dir, led_control, set_backlight, set_logging, get_lcd_info, set_bus_arbiter_mode, cache_flush, otp_dump, codec_enabled, get_camera, get_mem, measure_clock, measure_volts, measure_temp, get_config, hdmi_ntsc_freqs, hdmi_status_show, render_bar, disk_notify, inuse_notify, sus_suspend, sus_status, sus_is_enabled, sus_stop_test_thread, egl_platform_switch, mem_validate, mem_oom, mem_reloc_stats, file, vctest_memmap, vctest_start, vctest_stop, vctest_set, vctest_get" 

This is a cool little shell script that i wrote to keep an eye on system stats at any time. I plan on eventually adding some more, and cleaning it up a bit.

Screen Shot 2013-07-31 at 4.02.26 PM
Here is a screen shot of the output.
Check back for more updates and other things.
Thanks for checking it out!
%d bloggers like this: