The cost of doing email wrong

So, true story (from about a year ago)… it was a normal day in the office I grabbed coffee at the Keurig to return to my desk, signed into my notebook and looked at the Helpdesk que, nothing super new my boss walked in I said hi like normal.  About an hour later I get a weird message from our CTO saying that he received a message from a Law Office with a bill attached in a zip file he wanted me to take a look at it.

Now would be a good time to point out everything wrong with this message. First of all it has an attached .zip file,
– nobody should put a bill in an attached zip file unless they are trying to encrypted what they are sending and even if that were the case my boss should have gotten an out of band message with the decryption key (out of band meaning the law office should have contacted him and told him what the password was).
– mentioned above, our CTO was not expecting the message… if they had contacted him it would have been less fishy, he would have expected the bill and known what caused it.
– misspelled or unprofessional looking email, dead give away that whoever wrote it was probably not the law firm in question.

I opened up a CentOS based VM with a desktop user interface from a snapshot, opened my my mail, download the zipped attachment, cut the virtual network the vm was on and unzipped the message. Sure enough in libreoffice the document said in big red letters “in order to display this document you need to enable macros” yep, its malware… surprise?

So lets recap, CTO gets a email from a law firm that looks fishy, sends it to me, i grab the attachment, loaded with malware….

Heres the disturbing part at the beginning, it was sent from that law firms email server. The origin of the message was made blatantly obvious by the original message header. so I proceeded to the next step call the law firm.

(paraphrasing ahead)

“ring ring ring”
me – “hi this is austin janey from company I worked for previously I just received an email from you thats got a nasty malware attachment”
law firm – “were sorry we think our servers been compromised we have an IT contractor looking into it”

took their domain name went to mxtoolbox found out that they didn’t have SPF or DMARC setup at all. This is something I see fairly often, if you don’t have SPF setup then anybody can basically send email as you thats not what was happening here but might have been a contributing factor, and not having any reporting enabled also means when you are being spoofed theres no way for you to know about it.

Heres what is happening here, one way or another the firms exchange server was compromised and the attacker/bot/malware infection was using their server to send mail to all their clients, mail that had malware called ransomware. This is the cost of doing email wrong, a lot of companies think that because they don’t harbor sensitive data they don’t need to take basic security measures this is negligence. The most valuable thing you or your company owns is your name, the second most valuable thing you have are your customers and friends, the third most valuable thing you have to a hacker is your ability to exploit the first 2 things for their own personal gain.

I doubt this law firm is still conducting business, and it sounds like they might have quite a legal battle ahead of them if any of their clients were to receive said email and become subsequently infected.

So how would someone prevent this from happening.
1. make sure you have correctly configured SPF and DMARC records.
2. make sure your exchange server has a strong password set (and 2fa if its supported) and outgoing spam rules so that if you do get compromised the impact is minimized.
3. if possible enable mail attachment scanning and prohibit certain types of files from being emailed all together.
4. user training, teaching users of your mail system to identify what bad email looks like can go a long way, if nothing else teach them to question anything that they receive that calls them to do something they didn’t expect to receive or do.


Network level advertisement blocking

Its been a while thought I would throw this out there.  You hate ads, I hate ads, we don’t trust advertisers with our privacy or increasingly our security because of advertising campaigns.  So lets take a moment and block that network  wide.

So there’s this great project for the raspberry pi called PI-hole,  it lets you run a DNS server on your raspberry pi and block ads on your network, its pretty great whats even better is that you can install it on CentOS7 and use it as a DNS server with a web UI for a small business network,  Lets hammer this out

Your going to need a centos7 vm

Log in and run the below command as root (look at the code first on their website to make sure your comfy with this)

curl -L | bash

Congratz you now have Pi-hole installed.

Now lets lock down those adlists, the Pi-holes defaults I have found are not so great but you can edit those, once again as root run this command to copy the defaults to the adlists.list file

cp /etc/pihole/adlists.default /etc/pihole/adlists.list

Now using your text editor of choice edit the adlists.list file (I used nano)

nano /etc/pihole/adlists.list

Uncomment any lists that you might want and save.

One final note on security….  Pi-hole was not really designed for a business network case and point of this is that you can go to the ip address of the Pi-hole server and add items to the blacklist or whitelist with no username or password required,  That said the web frontend seems to be the only vulnerable part of the Pi-hole install and since were on CentOS7 I don’t have any other reservations on security here.  So lets fix that one hole shall we.

Go setup ZeroTier one if you havent already and create a network.

Install zerotier on your centos vm and join your network making note of your new zerotier IP address.

Open /etc/lighttpd/lighttpd.conf with your favorite text editor and add a line right above server.document-root that reads…

server.bind  = “” (use your zerotier ip)

But with your VMs ZeroTier ip address.

Then restart lighttpd.conf

service lighttpd restart

And you should be good to go, go to your original network IP to confirm the webui is no longer being broadcast over your lan and then go to the zerotier ip (make sure you have zerotier installed on your workstation and are on the same network as the Pi-hole) you can still use the LAN ip of your VM for DNS but the webui  should no longer be displayed or available to the local network.  This means only ZeroTier connected clients that are on your zerotier network can manage the Pi-hole server.  Now just point your router at your Pi-hole if you haven’t already and you should be good to go.

The Awesome Firefox Plugins list

Every once in a while I end up installing/reinstalling Firefox and I forget the awesome plugins I use, I made this post because I forget them, worth noting that some of these plugins will adversely affect your browsing experience, you have been warned.

Sending Email with Powershell

Sending email from powershell, With nothing installed on a windows 7-10 system you can send yourself email, and attachments using nothing but powershell.  This is useful if you have a dummy email account you want to be able to send system information from.

$ReportEmail.Subject = This will go in the subject line, in this case we are telling the system to put its hostname in the subject line.

$ReportEmail.Body = this content will go into the body of the email, in this case we are piping the content of a text file we made into the email body.

$SMTPServer = ‘‘ ; $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) ; $SMTPInfo.EnableSsl = $true ; $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential(‘‘, ‘passwordforthataccount’); ; $ReportEmail = New-Object System.Net.Mail.MailMessage ; $ReportEmail.From = ‘‘ ; $ReportEmail.To.Add(‘’) ; $ReportEmail.Subject = Get-WMIObject Win32_ComputerSystem | Select-Object -ExpandProperty name ; $ReportEmail.Body = Get-Content -Path C:\fileyouwanttoattach.txt -Raw ; $ReportEmail.Attachments.Add(‘c:\fileyouwanttoattach.txt‘) ; $SMTPInfo.Send($ReportEmail)

So this is pretty great you fill in the blanks and if all goes well you should be able to send yourself some email, some things that I should note, if your using this is some automated fashion you should probably make the email thats sending disposable.   You can attach almost any file as long as its 20MBs or smaller (this is subject to change depending on mail provider) make sure to stay within your email providers terms of service.

One of the really cool things you can do with this script is to use it in conjunction with other scripts to do things like pipe ipconfig into a text file on C: then attach that to an email to yourself to get the IP of that system.

#note that this script is more of a template for your ideas and is in no way free of bugs/typos, but it does work!

script as a preformated string
$SMTPServer = '' ; $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, portnumber) ; $SMTPInfo.EnableSsl = $true ; $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('', 'passwordforthataccount'); ; $ReportEmail = New-Object System.Net.Mail.MailMessage ; $ReportEmail.From = '' ; $ReportEmail.To.Add(‘’) ; $ReportEmail.Subject = Get-WMIObject Win32_ComputerSystem | Select-Object -ExpandProperty name ; $ReportEmail.Body = Get-Content -Path C:\fileyouwanttoattach.txt -Raw ; $ReportEmail.Attachments.Add(‘c:\fileyouwanttoattach.txt') ; $SMTPInfo.Send($ReportEmail)

Samba on FreeBSD 11.0

Starting with a freebsd 11.0 install from zero-samba with file shares once setup freebsd should operate like a NAS, editing the samba config file will allow you to create file shares to different folders or drives.

update the system freebsd-update fetch / install

root@bsdtest:/usr/home/sysadmin # pkg search samba
 p5-Samba-LDAP-0.05_2           Manage a Samba PDC with an LDAP Backend
 p5-Samba-SIDhelper-0.0.0_3     Create SIDs based on G/UIDs
 samba-nsupdate-9.8.6_1         nsupdate utility with GSS-TSIG support
 samba-virusfilter-0.1.3_1      On-access anti-virus filter for Samba
 samba36-3.6.25_3               Free SMB and CIFS client and server for Unix
 samba36-libsmbclient-3.6.25_2  Shared lib from the samba package
 samba36-nmblookup-3.6.25       NetBIOS Name lookup tool
 samba36-smbclient-3.6.25       Samba "ftp-like" client
 samba42-4.2.14                 Free SMB/CIFS and AD/DC server and client for Unix
 samba43-4.3.11_1               Free SMB/CIFS and AD/DC server and client for Unix
 samba44-4.4.5_1                Free SMB/CIFS and AD/DC server and client for Unix

install Samba44

root@bsdtest:/usr/home/austinjaney # pkg install samba44
 Updating FreeBSD repository catalogue...
 FreeBSD repository is up-to-date.
 All repositories are up-to-date.
 The following 36 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
 samba44: 4.4.5_1
 python27: 2.7.12
 libffi: 3.2.1
 indexinfo: 0.2.5
 readline: 6.3.8
 talloc: 2.1.6
 python2: 2_3
 libsunacl: 1.0
 popt: 1.16_1
 py27-iso8601: 0.1.11
 py27-setuptools27: 23.1.0
 py27-dnspython: 1.14.0
 openldap-client: 2.4.44
 tevent: 0.9.28
 ldb: 1.1.26
 tdb: 1.3.9,1
 gnutls: 3.4.15
 nettle: 3.2
 gmp: 5.1.3_3
 ca_root_nss: 3.27.1
 libtasn1: 4.9
 trousers: 0.3.13_1
 tpm-emulator: 0.7.4_1
 p11-kit: 0.23.2
 libidn: 1.33_1
 libinotify: 20160505
 gamin: 0.1.10_8
 glib: 2.46.2_3
 libiconv: 1.14_9
 perl5: 5.20.3_15
 pcre: 8.39
 libarchive: 3.2.1,1
 expat: 2.2.0
 lzo2: 2.09
 liblz4: 131

Number of packages to be installed: 36

The process will require 302 MiB more space.
 24 MiB to be downloaded.

Proceed with this action? [y/N]: y
 Fetching ldb-1.1.26.txz: 100% 196 KiB 201.1kB/s 00:01
 Fetching tdb-1.3.9,1.txz: 100% 82 KiB 83.9kB/s 00:01
 Fetching gnutls-3.4.15.txz: 100% 2 MiB 2.1MB/s 00:01
 Fetching nettle-3.2.txz: 100% 1 MiB 1.1MB/s 00:01
 Fetching gmp-5.1.3_3.txz: 100% 476 KiB 487.1kB/s 00:01
 Fetching ca_root_nss-3.27.1.txz: 100% 324 KiB 332.0kB/s 00:01
 Fetching libtasn1-4.9.txz: 100% 594 KiB 608.6kB/s 00:01
 Fetching trousers-0.3.13_1.txz: 100% 463 KiB 474.0kB/s 00:01
 Fetching tpm-emulator-0.7.4_1.txz: 100% 112 KiB 114.6kB/s 00:01
 Fetching p11-kit-0.23.2.txz: 100% 226 KiB 231.3kB/s 00:01
 Fetching libidn-1.33_1.txz: 100% 202 KiB 207.2kB/s 00:01
 Fetching libinotify-20160505.txz: 100% 18 KiB 18.7kB/s 00:01
 Fetching gamin-0.1.10_8.txz: 100% 49 KiB 50.5kB/s 00:01
 Fetching glib-2.46.2_3.txz: 100% 3 MiB 1.4MB/s 00:02
 Fetching libiconv-1.14_9.txz: 100% 591 KiB 605.1kB/s 00:01
 Fetching perl5-5.20.3_15.txz: 100% 13 MiB 6.9MB/s 00:02
 Fetching pcre-8.39.txz: 100% 1 MiB 36.1kB/s 00:31
 pkg: Operation timed out
 root@bsdtest:/usr/home/austinjaney # reboot
 Connection to closed by remote host.
 Connection to closed.
 Austins-MacBook-Pro:~ austinjaney$ ssh austinjaney@
 Password for austinjaney@bsdtest:
 Last login: Fri Nov 18 00:34:33 2016 from
 FreeBSD 11.0-RELEASE-p2 (GENERIC) #0: Mon Oct 24 06:55:27 UTC 2016

Welcome to FreeBSD!

Release Notes, Errata:
 Security Advisories:
 FreeBSD Handbook:
 Questions List:
 FreeBSD Forums:

Documents installed with the system are in the /usr/local/share/doc/freebsd/
 directory, or can be installed later with: pkg install en-freebsd-doc
 For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed: freebsd-version ; uname -a
 Please include that output and any error messages when posting questions.
 Introduction to manual pages: man man
 FreeBSD directory layout: man hier

Edit /etc/motd to change this login announcement.
 You can `set autologout = 30' to have tcsh log you off automatically
 if you leave the shell idle for more than 30 minutes.
 $ su
 root@bsdtest:/usr/home/austinjaney # ls
 .cshrc .login_conf .mailrc .rhosts
 .login .mail_aliases .profile .shrc
 root@bsdtest:/usr/home/austinjaney # pkg install samba44
 Updating FreeBSD repository catalogue...
 FreeBSD repository is up-to-date.
 All repositories are up-to-date.
 The following 36 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
 samba44: 4.4.5_1
 python27: 2.7.12
 libffi: 3.2.1
 indexinfo: 0.2.5
 readline: 6.3.8
 talloc: 2.1.6
 python2: 2_3
 libsunacl: 1.0
 popt: 1.16_1
 py27-iso8601: 0.1.11
 py27-setuptools27: 23.1.0
 py27-dnspython: 1.14.0
 openldap-client: 2.4.44
 tevent: 0.9.28
 ldb: 1.1.26
 tdb: 1.3.9,1
 gnutls: 3.4.15
 nettle: 3.2
 gmp: 5.1.3_3
 ca_root_nss: 3.27.1
 libtasn1: 4.9
 trousers: 0.3.13_1
 tpm-emulator: 0.7.4_1
 p11-kit: 0.23.2
 libidn: 1.33_1
 libinotify: 20160505
 gamin: 0.1.10_8
 glib: 2.46.2_3
 libiconv: 1.14_9
 perl5: 5.20.3_15
 pcre: 8.39
 libarchive: 3.2.1,1
 expat: 2.2.0
 lzo2: 2.09
 liblz4: 131

Number of packages to be installed: 36

The process will require 302 MiB more space.
 2 MiB to be downloaded.

Proceed with this action? [y/N]: y
 Fetching pcre-8.39.txz: 100% 1 MiB 1.1MB/s 00:01
 Fetching libarchive-3.2.1,1.txz: 100% 678 KiB 694.7kB/s 00:01
 Fetching expat-2.2.0.txz: 100% 101 KiB 103.7kB/s 00:01
 Fetching lzo2-2.09.txz: 100% 112 KiB 114.6kB/s 00:01
 Fetching liblz4-131.txz: 100% 76 KiB 78.2kB/s 00:01
 Checking integrity... done (0 conflicting)
 [1/36] Installing indexinfo-0.2.5...
 [1/36] Extracting indexinfo-0.2.5: 100%
 [2/36] Installing libffi-3.2.1...
 [2/36] Extracting libffi-3.2.1: 100%
 [3/36] Installing readline-6.3.8...
 [3/36] Extracting readline-6.3.8: 100%
 [4/36] Installing gettext-runtime-
 [4/36] Extracting gettext-runtime- 100%
 [5/36] Installing python27-2.7.12...
 [5/36] Extracting python27-2.7.12: 100%
 [6/36] Installing python2-2_3...
 [6/36] Extracting python2-2_3: 100%
 [7/36] Installing gmp-5.1.3_3...
 [7/36] Extracting gmp-5.1.3_3: 100%
 [8/36] Installing talloc-2.1.6...
 [8/36] Extracting talloc-2.1.6: 100%
 [9/36] Installing ca_root_nss-3.27.1...
 [9/36] Extracting ca_root_nss-3.27.1: 100%
 [10/36] Installing libtasn1-4.9...
 [10/36] Extracting libtasn1-4.9: 100%
 [11/36] Installing tpm-emulator-0.7.4_1...
 ===> Creating groups.
 Creating group '_tss' with gid '601'.
 ===> Creating users
 Creating user '_tss' with uid '601'.
 [11/36] Extracting tpm-emulator-0.7.4_1: 100%
 [12/36] Installing libiconv-1.14_9...
 [12/36] Extracting libiconv-1.14_9: 100%
 [13/36] Installing perl5-5.20.3_15...
 [13/36] Extracting perl5-5.20.3_15: 100%
 [14/36] Installing pcre-8.39...
 [14/36] Extracting pcre-8.39: 100%
 [15/36] Installing popt-1.16_1...
 [15/36] Extracting popt-1.16_1: 100%
 [16/36] Installing py27-setuptools27-23.1.0...
 [16/36] Extracting py27-setuptools27-23.1.0: 100%
 [17/36] Installing openldap-client-2.4.44...
 [17/36] Extracting openldap-client-2.4.44: 100%
 [18/36] Installing tevent-0.9.28...
 [18/36] Extracting tevent-0.9.28: 100%
 [19/36] Installing tdb-1.3.9,1...
 [19/36] Extracting tdb-1.3.9,1: 100%
 [20/36] Installing nettle-3.2...
 [20/36] Extracting nettle-3.2: 100%
 [21/36] Installing trousers-0.3.13_1...
 ===> Creating groups.
 Using existing group '_tss'.
 ===> Creating users
 Using existing user '_tss'.
 [21/36] Extracting trousers-0.3.13_1: 100%
 [22/36] Installing p11-kit-0.23.2...
 [22/36] Extracting p11-kit-0.23.2: 100%
 [23/36] Installing libidn-1.33_1...
 [23/36] Extracting libidn-1.33_1: 100%
 [24/36] Installing glib-2.46.2_3...
 [24/36] Extracting glib-2.46.2_3: 100%
 No schema files found: doing nothing.
 [25/36] Installing expat-2.2.0...
 [25/36] Extracting expat-2.2.0: 100%
 [26/36] Installing lzo2-2.09...
 [26/36] Extracting lzo2-2.09: 100%
 [27/36] Installing liblz4-131...
 [27/36] Extracting liblz4-131: 100%
 [28/36] Installing libsunacl-1.0...
 [28/36] Extracting libsunacl-1.0: 100%
 [29/36] Installing py27-iso8601-0.1.11...
 [29/36] Extracting py27-iso8601-0.1.11: 100%
 [30/36] Installing py27-dnspython-1.14.0...
 [30/36] Extracting py27-dnspython-1.14.0: 100%
 [31/36] Installing ldb-1.1.26...
 [31/36] Extracting ldb-1.1.26: 100%
 [32/36] Installing gnutls-3.4.15...
 [32/36] Extracting gnutls-3.4.15: 100%
 [33/36] Installing libinotify-20160505...
 [33/36] Extracting libinotify-20160505: 100%
 [34/36] Installing gamin-0.1.10_8...
 [34/36] Extracting gamin-0.1.10_8: 100%
 [35/36] Installing libarchive-3.2.1,1...
 [35/36] Extracting libarchive-3.2.1,1: 100%
 [36/36] Installing samba44-4.4.5_1...
 [36/36] Extracting samba44-4.4.5_1: 100%
 Message from python27-2.7.12:

Note that some standard Python modules are provided as separate ports
 as they require additional dependencies. They are available as:

bsddb databases/py-bsddb
 gdbm databases/py-gdbm
 sqlite3 databases/py-sqlite3
 tkinter x11-toolkits/py-tkinter

 Message from ca_root_nss-3.27.1:
 ********************************* WARNING *********************************

FreeBSD does not, and can not warrant that the certification authorities
 whose certificates are included in this package have in any way been
 audited for trustworthiness or RFC 3647 compliance.

Assessment and verification of trust is the complete responsibility of the
 system administrator.

*********************************** NOTE **********************************

This package installs symlinks to support root certificates discovery by
 default for software that uses OpenSSL.

This enables SSL Certificate Verification by client software without manual

If you prefer to do this manually, replace the following symlinks with
 either an empty file or your site-local certificate bundle.

* /etc/ssl/cert.pem
 * /usr/local/etc/ssl/cert.pem
 * /usr/local/openssl/cert.pem

 Message from perl5-5.20.3_15:
 The /usr/bin/perl symlink has been removed starting with Perl 5.20.
 For shebangs, you should either use:



#!/usr/bin/env perl

The first one will only work if you have a /usr/local/bin/perl,
 the second will work as long as perl is in PATH.
 Message from openldap-client-2.4.44:

The OpenLDAP client package has been successfully installed.

 to change the system-wide client defaults.

Try `man ldap.conf' and visit the OpenLDAP FAQ-O-Matic at
 for more information.

 Message from trousers-0.3.13_1:
 To run tcsd automatically, add the following line to /etc/rc.conf:


You might want to edit /usr/local/etc/tcsd.conf to reflect your setup.

If you want to use tcsd with software TPM emulator, use the following
 configuration in /etc/rc.conf:


To use TPM, add your_account to '_tss' group like following:

# pw groupmod _tss -m your_account
 Message from libinotify-20160505:

Libinotify functionality on FreeBSD is missing support for

- detecting a file being moved into or out of a directory within the
 same filesystem
 - certain modifications to a symbolic link (rather than the
 file it points to.)

in addition to the known limitations on all platforms using kqueue(2)
 where various open and close notifications are unimplemented.

This means the following regression tests will fail:

Directory notifications:

Open/close notifications:

Symbolic Link notifications:

Kernel patches to address the missing directory and symbolic link
 notifications are available from:

 You might want to consider increasing the kern.maxfiles tunable if you plan
 to use this library for applications that need to monitor activity of a lot
 of files.

If the default on your system is too low, add the following line to
 /boot/loader.conf, then reboot the system:

 Message from gamin-0.1.10_8:

Gamin will only provide realtime notification of changes for at most n files,
 where n is the minimum value between (kern.maxfiles * 0.7) and
 (kern.maxfilesperproc - 200). Beyond that limit, files will be polled.

If you often open several large folders with Nautilus, you might want to
 increase the kern.maxfiles tunable (you do not need to set
 kern.maxfilesperproc, since it is computed at boot time from kern.maxfiles).

For a typical desktop, add the following line to /boot/loader.conf, then
 reboot the system:


The behavior of gamin can be controlled via the various gaminrc files.
 See on how to create
 these files. In particular, if you find gam_server is taking up too much
 CPU time polling for changes, something like the following may help
 in one of the gaminrc files:

# reduce polling frequency to once per 10 seconds
 # for UFS file systems in order to lower CPU load
 fsset ufs poll 10


===> NOTICE:

The gamin port currently does not have a maintainer. As a result, it is
 more likely to have unresolved issues, not be up-to-date, or even be removed in
 the future. To volunteer to maintain this port, please create an issue at:

More information about port maintainership is available at:
 Message from samba44-4.4.5_1:

How to start:

* Your configuration is: /usr/local/etc/smb4.conf

* All the relevant databases are under: /var/db/samba4

* All the logs are under: /var/log/samba4

* Provisioning script is: /usr/local/bin/samba-tool

For additional documentation check:

Bug reports should go to the:


Done. now its config time, yes I use nano (pkg install nano) first lets use these Kernel options

root@bsdtest:/usr/home/sysadmin # nano /etc/sysctl.conf

# $FreeBSD: releng/11.0/etc/sysctl.conf 112200 2003-03-13 18:43:50Z mux $
 # This file is read when going to multi-user and its contents piped thru
 # ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details.

# Uncomment this to prevent users from seeing information about processes that
 # are being run under another UID.


now lets edit our Samba config

root@bsdtest:/usr/home/austinjaney # nano /usr/local/etc/smb4.conf

 workgroup = MYGROUP
 realm = mygroup.local
 netbios name = NAS

[your share name]
  path = /home/username
  public = no
  writable = yes
  printable = no
  guest ok = no
  valid users = username

now enable samba and start it!

root@bsdtest:/usr/home/sysadmin # sysrc samba_server_enable=YES
root@bsdtest:/usr/home/austinjaney # service samba_server start

Creating Users

root@bsdtest:/usr/home/austinjaney # adduser username
root@bsdtest:/usr/home/austinjaney # pdbedit -a -u username

Removing Users

root@bsdtest:/usr/home/austinjaney # rmuser username

SNMP Printer Billing

So this is something iv been playing with recently, SNMP or the “Simple Network Management Protocol” is a Protocol that was created in 1988 and seems to have really taken off since then being included in most printers, switches, routers and other network devices.  Depending on the device it seems to offer a wide range of information using the command snmpwalk on a mac or other linux / unix system will let you look at what information that device offers over the protocal

snmpwalk -c public ip on your network

You can get some other IP’s on your network by running arp -a

Anyways,  so that’s pretty cool but what good is it if it doesn’t do anything?  So here’s my use case for it,  at the company I work at we have printers, like 14 printers and they are all leased because of the way we lease them we need to supply the company with how many “impressions” are printed (I’m not sure what an impression is but it seems like its either 1 page or more likely one inch of printing.)  The printers we have are xerox printers and its in the spec that they (and most printers it sounds like) record the impressions they make in the MIB or the management information base,  which from the look at it looks to be a hierarchical tree that happens to store the printers information about just random stuff.  Its all arranged by OIDs or object identifiers which happen to be quarry able threw SNMP FTW!

Fun scripting time,  So this is what I came up with

touch meterreads.txt

Echo Printer billing meters report >> meterreads.txt

date >> meterreads.txt

echo  ________________________________________________________________ >> meterreads.txt

Echo MX4357765 Xerox WorkCentre 7845 >> meterreads.txt

Echo black impressions >> meterreads.txt

snmpwalk -c public . >> meterreads.txt

Echo Color impressions >> meterreads.txt

sleep 10

snmpwalk -c public . >> meterreads.txt


This gets me a txt file named meterreads.txt that’s first line contains the name of the report the date a line to break up the confusion then the name of the printer and then finally a query that will spit out the black and color impressions data from the printers MIB.

The output looks something like this…

printer billing meters report

Mon Aug  8 08:47:00 PDT 2016


MX4357765 Xerox WorkCentre 7845

black impressions

SNMPv2-SMI::enterprises. = INTEGER: 29466

Color impressions

SNMPv2-SMI::enterprises. = INTEGER: 50722