PowerShell 5, DSC, SABnzbd and Sonarr (Part 1)

I have been trying to do a lot more with PowerShell DSC of late, including writing my own DSC resources.

Last week, I decided to write some resources for SABnzbd and Sonarr. Why? Well firstly for practice, but also because no one else has looked at building up packages for these apps (there wasn’t even Chocolatey packages).

I am not going to go into detail on implementing classes in PowerShell, instead checkout:

SABnzbd

The module cSABnzbd contains a single resource: cSABnzbdInstall. This resource specifying:

  • Ensure: <String> { Ensure | Absent }
  • ServiceCredential: <PSCredential>

If you opt for Ensure to be “Present”, then the resource will install and update SABnzbd. That is right, as new versions are released, it will be automatically updated.

The ServiceCredential allows for us to control what account the SABnzbd services run as. If not specified, LocalHost will be used.

GetLatestVersion()

SABnzbd hosts both its source code and its binary releases in GitHub. This is great! GitHub provides a simple REST API that allows us to very easily and dynamically get the latest release for a project.

If we want to get information on the latest release for a particular repository, we simply perform a get request on https://api.github.com/repos/{owner}/{repo}/releases/latest. The response will contain things like the version name, the release date and the assets in the release. The GitHub API doesn’t need any authentication credentials or tokens; these requests can be performed anonymously.

Performing the API request for sabnzbd the URL for us would be https://api.github.com/repos/sabnzbd/sabnzbd/releases/latest, and the returned information looks like:

The function is pretty simple:

Get()

The Get() function is quite easy to implement. We simply need to call Get-Package, and sets the result against the ensure parameter. We then return the object as required. The result is:

Test()

The Test() is also pretty simple. We use Get-Package again to see if the package is installed or not.

If Ensure = ‘Present’, then we need to check:

  1. If no package was returned, then return false
  2. If it is installed, compare the installed version to the version number returned using GetLatestVersion()

If Ensure = ‘Absent’, then we simply compare $Package to $null.

Set()

Now the Set() function is more complex.

If Ensure = ‘Present’, then we need to:

  1. Find the latest .exe in the release information using GetLatestVersion()
  2. Download the file, this is listed under the assets (look for a .exe).
  3. Silently run setup using the /S switch
  4. Install and start the services (optionally running under the user account specified with ServiceCredential).

If we don’t want SABnzbd installed, then we simply call the uninstall.exe.

Using and Configuring SABnzbd

You should be able to access SABnzbd via http://localhost:8080. When you connect the first time, you will be stepped through the initial setup wizard. I haven’t included any resources for specifying any settings like servers, scheduling or custom folders, you can do this as you would normally do. For more help, try the User Manual.

Getting the module

The module can be found on:

You will need PowerShell 5 or greater installed due to the use of Classes. 

If you encounter any issues, please raise an issue on the GitHub page.

In the next post we will take a look at Sonarr.

Kieran Jacobsen

Working with Azure’s public IP addresses

If you have spent much time working with Microsoft Azure, Amazon AWS or any public cloud provider, you have probably started to wonder about how many public IPv4 addresses they have. Whilst we know there is a limit to the number of addresses, and that we have reached these limits, it still seems like there are quite a few to go around.

I recently had the need to get a listing of all the Azure subnets, and whilst I did this, I thought it would be good to make a reusable PowerShell module to assist.

Microsoft makes this process pretty easy, providing an XML file under the Microsoft Download Center title: Microsoft Azure Datacenter IP Ranges. There are a few things to note about this file:

  • It contains all compute (including SQL),
  • It is updated on Wednesday (Pacific Time), but changes are effective from the following Monday (Pacific Time), and,
  • The file will contain only production Azure DCs, for instance, at the time of writing the German and Canadian DCs are not contained in the file.

I have developed a PowerShell module that simplifies working with this file by developing CMDLets that:

  1. Allowing for automated downloads of the file, and,
  2. Allow for specific DCs to be extracted

Get-MicrosoftAzureDatacenterIPRangeFile provides us with a method to simply and easily access the XML document. If called without parameters, we will get the XML document returned, however we can opt to save the file to disk for future processing.

Then we have Get-MicrosoftAzureDatacenterIPRange. With this CMDLet, we can get a list of objects containing the subnets (in CIDR format) for a specific DC or for all of the DCs. You can specify the path to a previously downloaded file, or it can download the file for us (and keep it in memory).

The module can be found on:

I have tested this module against PowerShell 5, however there should be no issue with earlier versions (I recommend PowerShell 3 or higher). If you encounter any issues, please raise an issue on the GitHub page.

Just in case you were wondering, Azure has approximately 1700 subnets, or around 5.8 million IPv4 addresses!

Kieran Jacobsen

PushOver and PowerShell

Pushover is an exceptional method for integrating notifications into our PowerShell scripts and workflows. Pushover gives us a simple method to send notifications to devices. I discovered Pushover in 2012, and have been maintaining a PowerShell module ever since.

The purpose of my PowerShell module is to allow you to:

  • Send Pushover notifications,
  • Test API, user, group and device tokens; and,
  • Retrieve the details of a notification receipts.

I have kept the module and the CMDLets as simple as possible. Sending a notification is a simple as specifying an API token, a user token, and a message. Pushover supports a whole lot of other functionality, and the Send-Pushover CMDLet supports:

  • Users and Group tokens,
  • Device names,
  • Priority levels (including lowest, low, normal, high and emergency),
  • Message titles,
  • A URL,
  • Custom date and time stamps; and,
  • Custom sounds.

When submitting a notification, we get the following back:

  • A response code,
  • A request identifier; and,
  • A Boolean request response code. I recommend in your scripts validating against this success property.

Most of the time, Pushover notifications are pretty straight forward. It is important to note that emergency messages, are different. Pushover will continue to notify a user until they acknowledge it. If you are sending something that is this important, you want to know if someone actually cares about it.

When a user accepts the notification, Pushover records the who, when and where. We can make use of this information either through a callback URL in a request, or through the receipt ID returned.

Now we have a variety of tokens, API, user groups and devices. How do we know if they are all valid? You can verify these are all valid using the Test-Pushover CMDLet.

Right now I haven’t included any support for Pushover’s subscription, group or licensing features. This isn’t due to any difficulties, but more that I haven’t needed these. Of course, I am always happy to have a pull request submitted for this!

You can get module from GitHub or via the PowerShell Gallery.

Kieran Jacobsen

Presentation: Azure Automation invades your data centre

I recently had the pleasure to present on Azure Automation and hybrid workers to the Melbourne Azure Group. I really want to thank all of those who attended, Chris Padgett for inviting me to present and Microsoft for the use of their facilities.

My presentation, Azure Automation invades your data centre, covered off the ins and outs of Azure Automation and extending its reach to your own data centre with hybrid workers. I also spoke about using web hooks and the Azure Automation Authoring Toolkit.

If you haven’t looked at Azure Automation or hybrid workers, I thoroughly recommend that go and take a look. There are a number of excellent resources out there for you to make a start, including:

You can find the runbooks I used in my presentation up on GitHub, https://github.com/poshsecurity/PoshSecurityAzureAutomation and you can download the slides or view them with SlideShare here.

Kieran Jacobsen

Presentation: Exploiting MS15-034 In PowerShell

Last night I had the opportunity to present at the first Melbourne PowerShell Meetup. I want to thank those who attended and in particular, thank David O’Brien for his work in organising such a great event, thanks also go to Versent and Level 3 for providing the food and the event space.

My presentation, Exploiting MS15-034 and working with TCP connections in PowerShell was first up for the night and extremely well received.

As promised, you can find the PowerPoint slides here, or up on SlideShare. You can find the code from the demonstrations up here on GitHub.