Win-Kex with Windows Terminal

 As WSL2 release a while back, many people has excited about it and some linux distribution does support GUI mode . So i will be writing a bit of my preference that i just solve while using WSL2  with windows terminal. 

Requirement 

1. WSL2 is enable - click here to enable and read about it  

2. Windows Terminal  - click here to get it 

3. Install GUI on your Linux Distro - click here 

So here is my case, i have kali linux distro downloaded and run. Apart from that , i also install win-kex to experience the GUI. however, it goes to full screen and take all my screen as the result of launching that . 

while searching on the solution, i found a paramater needed to be add to make it work like RDP. 

resulting this 

 

 so it does reach my preference to use it but how do i make it work if i try to launch this via windows terminal and my answer to that is add a specific profile with command to it. 

Here is my version 

{

                "commandline": "wsl -d kali-linux kex --wtstart esm",

                //wsl -d kali-linux kex --wtstart -s

                "guid": "{55ca431a-3a87-5fb3-83cd-11ececc031d2}",

                "hidden": false,

                "name": "Win-KeX"

            }

Then, another profile will be listed for you to use 

that all for my sharing this time. and here are some reading material before i can come out with this 

1. Win-KeX ESM | Kali Linux Documentation  *ps i found this right after setting my profile in terminal

2. How to install Win-Kex (Kali Linux on Windows 10) with WSL - Hack Forums

3. Kali in WSL + WiN KeX 

4. Setup Kali Linux in Windows 10 WSL2 Setup Kali Linux in WSL2 (techtutsonline.com) 

check out my previous writing on windows terminal here until then , thanks for reading and stay safe 

Windows VM Stuck after Restart

Hello all, 

for this time round, i would like to share some fix i have done due to windows VM is not accessible after applying July update . So when the restart was performed, the VM is not responding to RDP and CPU usage is 0.02% from the Azure Portal for few hours. Turn out some error happen on booting up  the vm and you can see if VM screen like screenshot below if the boot diagnostic is enable

The method of solving this kind of behavior is either restoring from backup of continue work on the affected VM . I will explain more on the solution provided by microsoft support. 

As usual, the solution will need a temporary VM as fixer and the step as follow 

1. Create a Disk Snapshot of affected VM ; name it VM01-snapshot or ss

2. Create a manage disk using VM01-snapshot ; name it VM01-OSdisk-01

3. Create a temporary VM with Hyper V enable ; i name it as HyperV

4. Attach VM01-OSdisk-01 as a data disk to HyperV VM 

5. Do a RDP to HyperV vm and open Command Prompt 

6. Run "dism /image:G:\ /cleanup-image /revertpendingactions" ; change letter G according to  os disk of VM01

7. Once the process completed, go to disk management and "offline" the VM01 Os disk 

8. Create a VM in Hyper V; name TestVM, choose Gen1 because most azure vm is Gen1 and during the disk selection, choose attach the disk later.

9. After the TestVM created, right click and go to setting, On IDE click add hard disk and choose physical drive. This will work as Hyper V support pass through disk in normal hyper v deployment which means it will use physical disk instead of virtual hard disk

    

10. Set a good number for cpu and memory and try to boot the VM. 

11. As the vm is boot successfully and the TestVm can be power off, remove from TestVM setting and remove from HyperV vm data disk in azure portal.

12. Perform  "Swap OS disk" operation with source vm in Azure portal. 

Hope this will help somebody out there , leave a feedback in the comment and  stay safe

Say Hello to Windows Terminal

Hello reader, this blog post will be bringing you to explore more on Windows Terminal

One good thing about this terminal is you can add custom profile . By default you gonna have 3 predefined profile that are
  1. Windows Powershell
  2. Command Promt or CMD
  3. Azure Cloud Shell

but we may want to add additional custom to make our  life easier as for my case, i want to help my friend who manage 0365 and Microsoft Team and most of the things done via powershell, so let get started

Pre Step -
 1. Of cause download and install windows terminal
 2. locate this path "%LOCALAPPDATA%\Packages\Microsoft.WindowsTerminal_8wekyb3d8bbwe\RoamingState"- mainly for customization

*i downloaded and put this image on that location 

 3.  visit this website - https://www.guidgen.com/ to create a GUID - unique for each profile


Adding a custom Profile
1. open windows terminal and go to the setting

2. Since im gonna use powershell , so i just copy item number 1 and paste as item number 2. Please replace the GUID that you generated from the website given earlier

*always take note of -noExit parameter as this connect-microsoftteams will prompt for user name and password. 

 Here is my latest windows terminal that i have build 

Some sample or guide you may refer to few link below 

 1. https://www.howtogeek.com/426346/how-to-customize-the-new-windows-terminal-app/

 2. https://kpatnayakuni.com/2019/08/30/windows-terminal-and-my-customization-its-awesome/

 3. https://dev.to/expertsinside/how-to-customize-the-new-windows-terminal-with-visual-studio-code-56b1

A lot more customization can be done so please try and enjoy.

Deployment of Arcsight Connector on Azure Part 2

Continue from the previous post on this link . Now we are gonna strengthen the security posture of this connection via private connection .

Lets Begins.

For this purposes, there are some few thing need to be done.

 1. Upgrade the App Service Plan to  Standard or Premium
 2.  Connection to Arcsight Syslog NG ; vNet peering- Within Azure , S2S VPN - Outside Azure
 3. Congfigure the vNet Integration

  

  3.1 Choose your desired and vNet and Subnet as you want this Function App "sit" into.

 4. Change the connection to Arcsight Syslog NG  from its Public IP to Private IP. 

  * Even thought it gone through Public IP , its was on TLS . 

Navigate to both function Application Setting and change the IP Address Accordingly.

Do not Forget to restart both Function after this setting has been applied and walla you are done.

Deployment of Arcsight Connector on Azure

Hello all, welcome again to my blog and this time, the topic will be a bit out of norm..

SIEM tool is widely use in most of organization to manage their security and event management. Microsoft has their SIEM solution but for this round we gonna go  with ArcSight due to my latest testing and deployment.

without talking further, lets start

1)      Pre Deployment

           a)       Windows Server or Windows 10

i)        Set-execution policy to unrestricted or bypass

ii)       Running PowerShell atleast version 5

iii)     Loaded with Azure RM modules (Install-Module -Name AzureRM -AllowClobber -Scope AllUsers)

            b)      Azure Active Directory

i)        Roles assignment (either one)

(1)    Global administrator

(2)    Security administrator

(3)    Security reader

(4)    Reports reader

            c)       Azure Subscription

i)        Either Owner or Contributor

            d)      Download all preloaded file and script (refer here )

            e)      Copy app.properties , arcsight-cloud-functions-7.14.0 .zip and arcsight-monitor-functions-7.14.0 .zip to user directory

2)      Deployment

            a)       Edit app.properties file

    *for smoother deployment, please make sure the function app name use all small letter

            b)      Run the script

           c) Result

3)      Post deployment

             a)       Configure always on for azure function

b          b) Setup the diagnostic log

    C)Update the certificate use

*delete the existing one and upload the new remote_management.p12 that can get from syslog NG

    d) Restart both azure function and your arcsight syslog NG will start receiving the log from Azure platform and Azure AD.

Happy deployment. Till we meet again.

Adding and Publish Custom image to Azure Stack 180513 **

Hello everyone, since there are a lot of changes happen on the way of uploading the Custom Image to Azure Stack, please note that this is tested on Azure Stack Development Kit Version 180513. There a few blog post that mainly focus on this but I will also share my method on Upload and Publish A custom Image to Azure Stack,

One of the concern in Azure Stack either is in Online mode of Offline mode, Red Hat Enterprise Linux (RHEL)will not able to be downloaded from Azure Marketplace. So, the only way to do have RHEL to be available in your Azure Stack is by uploading your own RHEL image on it. There a couple of prerequisites that need to be follow to make your RHEL running on Azure Stack. You may refer here to get a step to prepare your RHEL for Azure Stack. – Click Here

In my case, I don’t have RHEL running in my Environment, and I also don’t have any RHEL subscription registered so I can call the necessary repository for Preparation process.  So what I have done is i Deploy a RHEL 7.2 in my Azure environment.  I run the following command to provision the RHEL after the machine is running.

1. Sudo waagent -force -deprovision

2.  export HISTSIZE=0

3. logout .

After that I shutdown the machine and I export out the VHD and download it.

This method is only applicable if your RHEL image do not have any special config it. 

Once the VHD completely downloaded, you may rename it and upload the image to your Azure Stack. Uploading image can be done using GUI. Upload it as Page blob .

After the VHD successfully uploaded into storage account, a vm image need to be created using that VHD. The way to do this, by login in Operator Portal @ Admin Portal.  Click on dashboard > Compute > VM image .

 Fill in the details. The disk URL can be copied by going to blob properties of the VHD that we uploaded.

  

The VM image will appear after the process is done

Ok, we have gone through almost all the part.

Moving on, I download the azpkg using syndication; package file needed to publish the VM image in Azure Stack marketplace.

One the file has been downloaded. Change the extension from “.azpkg” to “.zip” for your to extract all the file inside.

This is the content of the file after being extracted.

Ok, we need to do some editing to make it able to choose the correct VM image and Display a desired display name,

1.  Manifest.JSON.

“
{"$schema": "https://gallery.azure.com/schemas/2015-10-01/manifest.json#",

                "name": "RHEL",

                "publisher": "Contoso",

                "version": "1.0.2",

        "displayName": "ms-resource:displayName",

“

Please match back the parameter for publisher and Version. Name can be varies because this is mainly for the record.

2. go to createuidefinition,json under DevelopmentTemplate  Folder.

Edit this parameter to mach back with VM image

“
"imageReference": {

      "publisher": "Contoso",

      "offer": "rhelserver",

      "sku": "rhel"

“

3. Go to String Folder and edit the resources.resjson using notepad.

Find these two lines and replace it accordingly

3.1 "displayName":"Red Hat Enterprise Linux","publisherDisplayName":"Constoso"

3.2 productDisplayName0":"Red Hat Enterprise Linux","productPublisherDisplayName0":"Contoso"

4. You can put your desired display icon by replacing all the icon that is in the Icons folder.

After Complete editing all the file and parameter.

You need create back the “.azpkg ” file by using Azurepackagegallery.exe through powershell not Powershell ISE.  I will advise using method here to do that instead of zip the folder and change the extension as during the Azurepackagegallery.exe process, it will check for syntax error.

Upload the “.azpkg” file and copy the link . run the following command to make your VM Image appear in  Marketplace.

 --> Add-AzsGalleryItem -GalleryItemUri https://addvmimagestorageaccount.blob.local.azurestack.external/addvmimagecontainer/Contoso.RHEL-Contoso.1.0.2.azpkg -Verbose

There will a ubuntu info as the “.azpkg” main file is for ubuntu 17.10 downloaded using syndication. I only change the necessary parameter for to work with RHEL VHD.

Thanks for reading,  sample “.azpkg” file with RHEL icon can be downloaded from Here.