@scottalanmiller said in Looking For Alternate IT roles:

@jmoore said in Looking For Alternate IT roles:

So i saw one vote for specializing in Cloud. Are there any other must learn technologies that would be good for someone with my experience?

The biggest factor will be... what do you enjoy?

I knew someone was going to ask this. Its the reason I havent specialized yet. I have about 30 books I have bought, waiting to read and study, because they were all interesting. They are on the topics of: Powershell, Linux, Advanced C++, 3 different Python books, 2 books on Git, Ansible, Voip(Asterisk cert book), Storage(have my SCSP cert book) and will probably venture to VMWare after that, SQL has been great fun when I use it, MCSA books from microsoft because I know I should and Virtualization. I read constanty from blogs to books on all these topics. I love playing with various tools in several of these categories. I know I'm all over the place lol but thats what I like and could see myself specializing in any of those if I needed too.

@shutdown_engineer said in How do you manage internal web proxy with roaming laptop users?:

We put a registry key on users laptops to toggle turning the proxy on and off when they are at home.

What do other people use so that if a user is at home and not connected to our VPN and just wants to surf and check email? Outlook seems to take IE settings so if the proxy is enabled and the user is connected to Wifi only then Outlook will not update and IE won't connect.

Firefox with no proxy set in the browser is a rough and ready workaround that we also use but far from ideal.

Users are mostly Win 10. Our DC is Win 2012 R2 and run Sophos Web Appliance Proxy as a VM.

Thanks

Why is Firefox rough workaround? Why are your users still using IE? It's almost 2020, not 2000 anymore.
2nd issue is proxy. Why would you use one? Most web traffic is encrypted, so web proxies became obsolete, as you cannot use one without doing some man in the middle workarounds. If you need web filtering, then use proper solution like Pi-hole or AdGuard Home.

@wrx7m said in RDS 2019 Setup and RDS License Role:

When using UPD, is there anyway to access various users profiles' folders and files from the RDS server file system?
Example:
C:\Users\Bob\Desktop

Edit: I found that I can path to it via UNC (\ \server\c$\users\Bob\Desktop), but get permissions error when I go locally, from C:\Users\Bob\Desktop. Also, the Bob folder is only a shortcut (LNK file) in the users directory.

That is what I HATE about roaming folders... they simply do not act the same as local folders!

I typically download things to the desktop and execute from there. But when on a system that has a desktop redirected to the server - that fails 99% of the time, I have to move the executable to something actually local, then execute it.

@black3dynamite said in Converting VMware VMs to KVM:

I haven't been keeping up with Windows Admin Center for awhile. Was that an option to manage Hyper-V?

It will be, but I'm not sure that it is yet. We've tried and not been able to get it working even internally anywhere, let alone externally. Once they figure out stability and authentication, I assume that it will be great for that. Being that this is 2016, it's going to suck hard. And if there is a Hyper-V issue, WAC would be down which is a problem in a small environment like this.

The last time I set up Graylog I had to configured SELinux.

Allow the web server to access the network:
sudo setsebool -P httpd_can_network_connect 1

Graylog REST API and web interface:
sudo semanage port -a -t http_port_t -p tcp 9000

Elasticsearch (only if the HTTP API is being used):
sudo semanage port -a -t http_port_t -p tcp 9200

Allow using MongoDB default port (27017/tcp):
sudo semanage port -a -t mongod_port_t -p tcp 27017

@DustinB3403 yes it's Oracle virtual box.kali linux is guest is.i have installed the drivers as well

@DustinB3403 said in NXLog and Windows for Graylog:

@flaxking said in NXLog and Windows for Graylog:

When I was playing with graylog, I was using Beats

Care to elaborate?

Flexible and made to work with different solutions

https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html

https://logz.io/blog/filebeat-tutorial/

PetaSAN, at least in component form, would make an excellent backup target array, for example.

because it's not uncommon to do 2+ searches in a row. Now they have to close the window between searches... which means it's broken.

The script I started with was shamelessly stolen from a Technet post.

That gave me a pretty good start. I did some light editing to more accurately match what was going on at my employer when I first used it for a large batch of users rather a while ago.

Now I'm making some more changes and additions to turn it into something a bit more broadly useful day to day.

@JaredBusch said in FreePBX 15 released:

Sangoma Vega 100 (I think) PRI gateway. PRI from phone company on one side and sip trunk on the other, hook it up to whatever PBX you want to.

https://www.voipsupply.com/sangoma-vega-100g

@DustinB3403 said in Tar gzip file compression calculation without decompressing the file:

@Pete-S So the simplest way I can think to explain this would be like this.

You have a network share which is relatively organized

You create a compressed tarball of any folder on that share and then move that tarball to offsite storage.

How would I realistically get a hash of that folder pre and post tar and compression and have it make sense? They aren't the same thing, even if they contain the same things.

@Pete-S said in Tar gzip file compression calculation without decompressing the file:

Is it safe to assume that the gzip file is correct when it is created?

This is what I'm looking to verify 🙂

I'm assuming that files are static during backup.

If you first of all run md5deep on all files in the folder, you'll create a textfile that contains md5 (or sha256 or what you want) signatures on every file in the folder. Place it into the folder so it ends up inside the backup and you'll always have the ability to verify any uncompressed individual file.

If you really want to verify your tar.gz file after it's created I think you have to decompress the files to a temporary folder, run md5deep on the files to compare them with the original file. What you really are testing is that the backup-compress-decompress-restore operation is lossless on every file. It should be by design, but if there is an unlikely bug somewhere it's technically possible that it might not be.

If you use the gzip compression with tar, gzip has a CRC-32 checksum inside that can be used to verify the integrity of the gzip file.

Or to be even more certain you can create an md5 signature of the entire gzip archive with md5sum or md5deep. Then you can always verify that the archive has not been corrupted.

If you ever need to restore the files you can verify the integrity of the restored files with the md5 you created on the original files, before you did the backup.

@scottalanmiller said in Incorporating Ransomware Protection into Backup Plan:

D2D2T

Appreciate all of the input. This is the solution I've been leaning towards over the last week. Had an infrastructure hiccup & haven't been able to spend any time on this. But I will utilize my existing backup device for the backup disk & incorporate standard LTO-8 drive library with a rotating weekly offsite storage.

@gjacobse said in (Air Gapped) Data Storage and security:

Can you (how do you) Air gap and secure data and still be able to make it available to a (end user)

Once the user can get to it, it's not air gapped any longer.

@Dashrender said in 3CX Linux Beta:

@scottalanmiller said in 3CX Linux Beta:

@Dashrender said in 3CX Linux Beta:

@JaredBusch said in 3CX Linux Beta:

@Dashrender said in 3CX Linux Beta:

@scottalanmiller said in 3CX Linux Beta:

@Pete-S said in 3CX Linux Beta:

So when you push a button and have all your phones upgraded to the latest 3CX/Yealink firmware you pretty much know that everything is going to work afterwards.

Now that is a pretty solid value that could make up for quite a bit of cost.

I was wondering how much value this provided. I've done some firmware updates via FreePBX - been a while though - and I didn't find it very easy, though not end of the world hard either.

A push button solution though would definitely be nice. Anyone know if the endpoint module for FreePBX is there yet?

Then you were doing it wrong. Assuming you have the paid EPM, it is all just built in. Always has been.

If you were going without the paid EPM, then it is still easy if you have setup auto provisioning manually during initial setup.

I've never used EPM.

That's the part of FreePBX that does that stuff.

Yes I know... JB has always suggested against it's value in the past.

Because setting up manually once does take some skill, but after that, it is simple file replication.

@Dashrender said in rfc 2821 + postmaster:

@scottalanmiller said in rfc 2821 + postmaster:

@Dashrender said in rfc 2821 + postmaster:

@scottalanmiller said in rfc 2821 + postmaster:

@Dashrender said in rfc 2821 + postmaster:

It could be an alias - so it wouldn't have to be a paid account.

That's correct, but the actual postmaster isn't normally someone at the final company, but at the email provider.

Think about some small sewing business with two old ladies. They order email from Office 365. Which one of them should get the postmaster emails? Neither of them can do anything about them. Should their nephew, the IT guy get it? He's not responsible for their email or any of their decisions. Only Microsoft has any reasonable hope of using that info. So an alias would break the postmaster and send the emails to the wrong place.

OK sure, but in those cases, there really isn't a true cost to the hosting provider - they could build the system in such a way to not show the account to the account holder yet get the emails to the hosting provider. Yes this would take coding... but it's not impossible.

Right, and maybe they do. But I think that the issue is... no one does and it is unclear who is responsible for conforming to the "rule".

yeah - is the hosting provider or the client? both will/could say it's the other, and then it's simply never done.

And I think it shows that the concept might not be valid any longer. Neither is likely capable of doing anything valuable with that email.

@Dashrender said in Scam calls/emails:

@JaredBusch said in Scam calls/emails:

@scottalanmiller said in Scam calls/emails:

@Dashrender said in Scam calls/emails:

the EHR vendor say - nope not us - unless we've had such a catastrophic hack that we can't detect it in our logs.

"Not in our logs" is a pretty weak defense of not having been hacked.

While true, I would also lean towards his network being infected and him not knowing it, over a large EHR vendor.

We also know (assume as a smaller SMB) he has no SEIM to give him information about the state of his network.

I definitely agree with this. The odd thing is we can't find a correlation between these incidents. Not the same doc, not the same staff, not the same computer.

Same network, though.