[Oorexx-devel] Question on invoking powershell commands from REXX.

Sun, 07 Jan 2018 06:07:02 -0800 

I have a REXX program that runs on a timer, scanning my web server logs and
looking for evidences of people trying to 'brute force' guess passwords.  It
happens a lot.  Without getting too far into the details, when something is
detected the program runs a windows powershell command to add a block for
the offending IP range into the windows group policy object that controls my
windows firewall.  The line of code that runs the command looks like this:

 

/* Update the applicable GPO */

_CMD = "powershell.exe",

               "New-NetFirewallRule",

               "-DisplayName "_NEWIP,

               "-Direction Inbound",

               "-Profile Any",

               "-Action Block",

               "-InterfaceType Any",

               "-RemoteAddress "WORD(PARMS.IP,1)"-"WORD(PARMS.IP,2),

               "-PolicyStore ...mydomain...\...firewall policy GPO name...";

 

_CMD;

 

When the code runs, it gets this response:

 

New-NetFirewallRule : A directory service error has occurred. 

At line:1 char:1

+ New-NetFirewallRule -DisplayName 043.241.140.000 -Direction Inbound - ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified:
(MSFT_NetFirewallRule:root/standar 

   dcimv2/MSFT_NetFirewallRule) [New-NetFirewallRule], CimException

    + FullyQualifiedErrorId : Windows System Error 8341,New-NetFirewallRule

powershell.exe New-NetFirewallRule -DisplayName ...new rule name...
-Direction Inbound -Profile Any -Action Block -InterfaceType Any
-RemoteAddress ...IP address range... -PolicyStore
...mydomain...\...firewall policy GP name...

New-NetFirewallRule : The requested object could not be found.

 

 

What I don't understand about the situation, is that I can cut the command
from the code, paste it into a command window with no changes, and it works
perfectly.

So I must be missing something here - I just don't yet know what.  I'm
hoping someone here can shed some light.

 

Thanks,

Robert

 

 

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Oorexx-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/oorexx-devel

Reply via email to