windows

How to setup a GNU/Linux-like environment in Windows (using cygwin, mingw, gow or msys2)

cygwin/cygwin@wiki is a Unix-like environment and command-line interface for Windows. Cygwin consists of two parts: a dynamic-link library (DLL) as an API compatibility layer providing a substantial part of the POSIX API functionality, and an extensive collection of software tools and applications that provide a Unix-like look and feel.

%comspec% cinst cygwin -y (or https://cygwin.com/install.html)

# open bash terminal
%comspec% %CYGWINPATH%/bin bash.exe --login -i
# open a terminal emulator
%comspec% %CYGWINPATH%/bin mintty.exe

from MinTTY Gives Cygwin a Native Windows Interface

mingw@fedora/mingw-w64 brings free software toolchains to Windows. It hosts a vibrant community which builds and debugs software for Windows while providing development environment for everyone to use.

$ vi hello.c
#include <stdio.h>
int main () { printf ("Hello world!n"); return 0; }

## build using 'gcc', dependent on 'cygwin1.dll' 3.2Mb
# open cygwinsetup.exe and install 'gcc' 
$ gcc hello.c -o hello-gcc.exe

## builds using 'mingw64', dependent on 'msvcrt.dll' / native
# open cygwinsetup.exe and install 'mingw64-x86_64' or 'mingw64-i686'
# note: http://www.delorie.com/howto/cygwin/mno-cygwin-howto.html
$ x86_64-w64-mingw32-gcc hello.c -o hello-mingw64.exe
# or ./configure --host=x86_64-w64-mingw32 ...

gow@github (Gnu On Windows) is the lightweight alternative to cygwin. It uses a convenient Windows installer that installs about 130 extremely useful open source UNIX applications compiled as native win32 binaries.

%comspec% cinst gow -y (or https://github.com/bmatzelle/gow/releases)
# note: it adds gowbin to PATH

# list available commands
%comspec% gow.bat -l

# execute bash shell script
%comspec% bash.exe script.sh [script options]

from gow@tuxdiary

msys2 (Minimal SYStem 2) is a fork of cygwin focus on Windows interop dropping the Posix, using MinGW-w64 toolchains. Also ported Arch’s Pacman for easy package management.

# see http://sourceforge.net/p/msys2/wiki/MSYS2%20installation/

# open a shell
%comspec% %MSYS64PATH%/msys2_shell.bat

# install new package
$ pacman -Suy PACKAGE
# search package
$ pacman -Ss PATTERN
# list packages installed
$ pacman -Q

# build using 'mingw64' or 'gcc', both depend in 'msys-2.0.dll' 3.2Mb
$ x86_64-pc-msys-gcc hello.c -o hello-mingw64.exe
$ pacman -Syu gcc
$ gcc hello.c -o hello-msys2.exe

from msys2@tuxdiary

How to provision a Windows environment (using Boxstarter and Chocolatey)

Boxstarter leverages Chocolatey packages to automate the installation of software and create repeatable, scripted Windows environments. Chocolatey makes installing software very easy with no user intervention. Boxstarter enhances Chocolatey’s functionality and provides an environment that is optimized for installing a complete environment on a fresh OS install, as well as some other specific scenarios.

Write a script

Set-ExplorerOptions -showHidenFilesFoldersDrives -showProtectedOSFiles -showFileExtensions
Enable-RemoteDesktop
Install-WindowsUpdate -AcceptEula

cinst git.install putty.install -y
cinst conemu notepadplusplus.install vim xplorer2 -y

See WinConfig for more commands. Other examples, see Provisioning a New Development Machine With BoxStarter and Automating Windows environments’ setup with Boxstarter and Chocolatey packages.

Note that recent versions of chocolatery require autoconfirm switch. See Rename config confirmation setting.

Save the script into your dotfiles repo.

Install the script

  • Either from URL. Copy-paste script to gist, get the raw URL and:
iexplore http://boxstarter.org/package/nr/url?URLtoScript
# open admin console
powershell -Command "Start-Process %comspec% -Verb runAs"

# either unzip from http://boxstarter.org/ + Setup.bat or
cinst boxstarter

# then install package by script or package name (after compiling the script)
Install-BoxstarterPackage -PackageName PackageNameOrScriptPath

# use `-DisableReboots` to disable any possible pending reboots (due to package installation)

Optionally you can install remotelly:

# as admin on the remote/target machine
Enable-PSRemoting -Force

# on the machine where boxstarter is installed
$cred=Get-Credential
Install-BoxstarterPackage -ComputerName MyTargetMachine -PackageName PackageNameOrScriptPath -Credential $cred
  • Or from network share. Need to setup network share with boxstarter. Install boxstarter locally (see above), then:
# on boxstarter shell (to create network share of $Boxstarter.BaseDir)
Set-BoxstarterShare BoxShare

# optionally, if you want to make share portable (eg: linux share)
Copy-Item $Boxstarter.BaseDir \\Linuxhost\BoxShare -Recurse

# finally on the remote/target machine
\\mycomputer\BoxShare\Boxstarter.bat PackageNameOrScriptPath

Optionally you can also compile the script into a package, available in $Boxstarter.LocalRepo which you can use as a private package server/repo:

New-PackageFromScript -Source MyScript.ps1 -PackageName MyPackage

How to detect and disable weak ciphers and SSL 2.0/3.0 in Apache and IIS (PCI Compliance, poodlebleed)

SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
# test for sslv2
$ openssl s_client -connect localhost:443 -ssl3

# disable sslv2 in apache
SSLProtocol -ALL +SSLv3 +TLSv1

# and in iis
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols{PCT 1.0,SSL 2.0}Server]
"Enabled"=dword:00000000

# test for weak ssl ciphers
$ openssl s_client -connect SERVERNAME:443 -cipher LOW:EXP

# disable weak ssl ciphers in apache
$ SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

# and in iis
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers{DES 56/56,NULL,RC2 40/128,RC2 56/128,RC4 40/128,RC4 56/128,RC4 64/128}]
"Enabled"=dword:00000000
# either enable all except sslv2/3
SSLProtocol All -SSLv2 -SSLv3

# or disable everything except tlsv1.x
(el6) SSLProtocol -All +TLSv1
(el7) SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

# and for ngix
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

# and in iis
[HKey_Local_MachineSystemCurrentControlSetControlSecurityProviders SCHANNELProtocolsSSL 3.0Server]
"Enabled"=dword:00000000
$ sudo yum install sslscan (epel) | sudo apt-get install sslscan
$ sslscan <host>