Proxy Variables

While setting up squid proxy on my pfSense home lab gateway, I had trouble getting apt-get update to work on my Ubuntu/snort box which was behind the proxy. After some quick Googling, I tried the first response (because the first response is always the best right đŸ˜‰ ), and the first response failed. After reading a few more blogs, I noticed there were many different ways to setup a proxy properly. Here’s what I found.

Setting up a proxy on the command line starts by declaring the proxy environment variable. Applicable variable options are:

http_proxy
https_proxy
ftp_proxy
socks_proxy
all_proxy

Next, check if you currently have a proxy already set.

$ env | grep -i proxy 

If you get nothing from the command above, you know you don’t have a proxy yet. If you only want http and ftp to go through your proxy, export those variables instead of some of the other options above.

$ export {http,ftp}_proxy="http://proxy_name_or_ip:port_number"

This will only export the variable for the current session. If you log out or reset the computer, you will lose the proxy setting. If you need to make it permanent, use /etc/environment which is Ubuntu’s system-wide location for environment variables. You could also put it in /etc/profile.d as a file since this directory is ultimately read by /etc/profile. It’s not best practice to set it in /etc/bash.bashrc because variables in this file are specific to shells. Finally, if you want only a specific user to receive the proxy, you should set it at ~/.bashrc

If you want to read more about proper placement of environment variables, read this Ubuntu Environment Variables.

Now add your settings to /etc/environment

 echo "http_proxy=http://proxy_name_or_ip:port_number" >> /etc/environment;\
 echo "ftp_proxy=http://proxy_name_or_ip:port_number" >> /etc/environment 

If your proxy requires a username and password, the following format is often used:

echo "http_proxy=http://username:password@proxy_name_or_ip:port_number" >> /etc/environment

Most of the time you would be done at this point. But I had an issue with APT where I had to set the proxy in the APT configuration file.

I had to edit /etc/apt/apt.conf and add

Acquire::http::proxy "http://proxy_name_or_ip:port_number";

If you are curious about how to configure YUM similar to APT, you need to edit /etc/yum.conf

Once the file is open, add these lines to the section [main]

proxy=http://proxy_name_or_ip:port_numaer
proxy_username=jamey
proxy_password=PW

While we’re talking about proxies, CNTLM is another proxy that you install locally and point your proxy variable to localhost. It is a middle-man proxy that sits between you and a proxy that requires NTLM authentication. I have found this incredibly helpful when using Linux in a Windows environment. It’s a really cool piece of software and really easy to setup.

It’s in the Ubuntu repositories.

apt-get install cntlm

Its configuration file is found at /etc/cntlm.conf

Add the following:

Username        jamey
Domain          jamey.info
Proxy           proxy_ip:proxy_port
Listen          127.0.0.1:proxy_port

Next we create password hashes.

cntlm -H

The output should look like this

PassLM          ACF337F47B2E22ED552C4BCA4AEBFB11
PassNT          2A22CC95E275BE3150326D0C1E86A58E
PassNTLMv2      F001B46C503A3A01611D2859EBEA8762    # Only for user 'jamey', domain 'jamey.info'   

Copy/paste your output to /etc/cntlm.conf

Finally configure the local proxy variable as we did above to point to localhost instead of an external proxy.

export http_proxy=http://127.0.0.1:3128

Powershell Get-Person

Where I work I do a lot of querying AD for users. I work for a large organization with many departments. When I first started, someone would say something like, “Hey Jamey, pull up Mr. Jolgue or Mr. Joluge or was it Mr. Joleguge,” and I would have no idea where to start my search. So I wanted to write something that would let me type in almost any criteria and get something besides an error back if there were no matches.

You can invoke this with no parameters if you want any result that is close to your search, or you can invoke this with the -FirstName, -LastName, or -UserName parameters if you want specific matches.

Remember to download RSAT tools to query AD remotely. They can be found here RSAT Tools.

Copy and paste this to a file and save with a .psm1 extension. Look up your module path, which can be found by typing $Env:PSModulePath into your shell. Create a folder of the same name in your module folder, then copy the file to that folder. After that you can call it as any other cmdlet.

Function Get-Person { 
.SYNOPSIS This script is used to search AD for users with more liberal filtering that I could get with Get-Aduser -Filter
.DESCRIPTION I use LDAP queries and wildcards to allow liberal search criteria and attempt to return anything close to what the user was thinking. If they want to be more specific, -FirstName -LastName or -UserName parameters can be used which require exact matches for input.
.PARAMETER LastName Accepts last name as search criteria. 
.PARAMETER FirstName Accepts first name as search criteria. 
.PARAMETER UserName Accepts SamAccountName as search criteria. 
.NOTES Author : Jamey Email : jamey@jamey.info 
.INPUTS Strings 
.OUTPUTS New custom user object with predefined attributes 
.LINK Script posted over: https://jamey.info 
.EXAMPLE Get-Person Jon Searches Active Directory for users that Last Name, First Name or Sam Account Name contain the string Jon 
.EXAMPLE Get-Person -LastName Jon Searches Active Directory for users with the last name Jon 
.EXAMPLE Get-Person -FirstName Jon Searches Active Directory for users with the first name Jon 
.EXAMPLE Get-Person -UserName Searches Active Directory for users with the SamAccountName Jon #>

#Requires –Modules ActiveDirectory
#Requires –Version 3

[CmdletBinding(DefaultParameterSetName = "All")] 
param( 

    [Parameter(Mandatory=$False,  Position=0,  ParameterSetName="All")]
    [ValidateNotNullOrEmpty()]  
    [Alias("AnyCriteria")]  
    [string]$All,
    
    [Parameter(Mandatory=$False,  ParameterSetName="LastName")]
    [ValidateNotNullOrEmpty()]  
    [Alias("Surname")]  
    [string]$LastName, 

    [Parameter(Mandatory=$False,  ParameterSetName="FirstName")]  
    [Alias("GivenName")]
    [ValidateNotNullOrEmpty()]  
    [string]$FirstName,
    
    [Parameter(Mandatory=$False,  ParameterSetName="UserName")]  
    [Alias("SamAccountName")]
    [ValidateNotNullOrEmpty()]  
    [string]$UserName
) 

If ($All) {
    $UserInfo = Get-ADUser -LDAPFilter "(|(Sn=*$All*)(givenName=*$All*)(sAMAccountName=*$All*))" -Properties *
}
ElseIf ($LastName) {
    $UserInfo = Get-ADUser -LDAPFilter "(Sn=$LastName)" -Properties *
}
ElseIf ($FirstName) {
    $UserInfo = Get-ADUser -LDAPFilter "(GivenName=$FirstName)" -Properties *
}
ElseIf ($UserName) {
    $UserInfo = Get-ADUser -LDAPFilter "(samaccountname=$UserName)" -Properties *
}
Else {
    Return "Please enter some value to search on"
}

foreach ($User in $UserInfo) {
    $EachUser = Get-ADUser $User.samaccountname -Properties *
    $Properties = [PSCustomObject]@{
        "First Name" = $EachUser.Givenname
        "Last Name" = $EachUser.Surname
        "Display Name" = $EachUser.Displayname
        "User Name" = $EachUser.samaccountname
        "Employee ID" = $EachUser.employeeid
        "Account Created Date" = $EachUser.Created
        "Department" = $EachUser.Department
        "Description" = $EachUser.Description
        "OU Info" = $EachUser.Distinguishedname
        "Email Address" = $EachUser.emailaddress
        }
    $Properties
    }
}