Perhaps you've already seen this?

https://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk

@eddiejennings I should have added that my post wouldn't be very helpful.

It sounds like what you need is a way to perform something like Fail2Ban on SIP authentication.

The only external presence our FreePBX deployment has is to our SIP trunk provider. So we do the obvious and set up the firewall policy so that only our trunk provider is allowed inbound to the PBX and only over the necessary ports.

I have been considering opening up SIP/RTP to the public as there have been instances where setting up remote phones would be beneficial, but not knowing how to mitigate potential attacks has stopped me. However, we did purchase some Yealink! phones that seem to support OpenVPN...I've been considering building an OpenVPN server for us to use in the event we need to set up a remote phone.

@momurda From what I understand, vgextend is for adding additional volumes to the group. I simply grew the size of the existing volume. When doing this, I haven't ever had to touch anything related to the VG. Besides, if that was the case, wouldn't the LV not grow at all? It most certainly grew from it's original ~18 GiB (don't know what it was in GiB exactly, but it was 18 GB for sure) to the current 67.51 GiB

Sounds like a pretty awesome project! I would love to be involved in a project like that.

In my effort to keep the size of my VMs at bay, I typically size the virtual disks to a reasonable size I feel will serve the role the VM will play. There are times where my estimate is off and I need to grow the disk. Not a big deal, I've done it many times without issue.

This came up with a CentOS 7 VM last night. No biggie, I've done this many times. The process I use is exactly as follows:

• Shut down the VM.
• Extend the disk. In this case I grew the disk from 20 GB to 100 GB
• Start the VM.
• Run "fdisk /dev/xvda"
• In my case there are only two partitions. /dev/xvda1 which is /boot and /dev/xvda2 which is /. So I delete /dev/xvda2
• Recreate /dev/xvda2 making sure to utilize all available space on the disk.
• Reboot the VM.
• Run "pvresize /dev/xvda2".
• Run "lvextend -l 100%FREE -r /dev/mapper/centos-root".

When I've done this in the past, it has gone flawlessly. The physical volume expands to the added space and the logical volume then expands to the added space.

However, this time around, it didn't exactly do that.

The physical volume expanded completely, but the logical volume did not. I'm not sure why.

Output of pvdisplay:

Output of lvdisplay:

If my math is correct, 2 GiB plus 67.51 GiB does not come close to the size of the physical volume (99.51 GiB).

What am I missing?

@dafyre said in Linux RAID Question - Software or "Hardware" ?:

@anthonyh said in Linux RAID Question - Software or "Hardware" ?:

@anthonyh said in Linux RAID Question - Software or "Hardware" ?:

@dafyre said in Linux RAID Question - Software or "Hardware" ?:

@marcinozga said in Linux RAID Question - Software or "Hardware" ?:

My money is on fake RAID you got there. So use md.

@marcinozga said in Linux RAID Question - Software or "Hardware" ?:

My money is on fake RAID you got there. So use md.

Also because you already use MD.

You know what, I can even move the two disks to my new workstation and not have to transfer any data.

I think the answer may have been found...

Actually even better, I can break the RAID 1 on my current box and convert it to non-RAID, then move one of the disks to my new workstation and convert it back to RAID 1. If done right, I think I can do it all without any data loss too.

I'd prefer to just move the two disks and not have to transfer any data... but that's just me.

Yeah. I'll need to copy my home directory to the SSD in my current box before doing that though. That might be easier than breaking/re-creating the RAID. I'm not quite ready to "switch" yet. Hmm...

@anthonyh said in Linux RAID Question - Software or "Hardware" ?:

@dafyre said in Linux RAID Question - Software or "Hardware" ?:

@marcinozga said in Linux RAID Question - Software or "Hardware" ?:

My money is on fake RAID you got there. So use md.

@marcinozga said in Linux RAID Question - Software or "Hardware" ?:

My money is on fake RAID you got there. So use md.

Also because you already use MD.

You know what, I can even move the two disks to my new workstation and not have to transfer any data.

I think the answer may have been found...

Actually even better, I can break the RAID 1 on my current box and convert it to non-RAID, then move one of the disks to my new workstation and convert it back to RAID 1. If done right, I think I can do it all without any data loss too. I have a spare 3 TB disk...

@dafyre said in Linux RAID Question - Software or "Hardware" ?:

@marcinozga said in Linux RAID Question - Software or "Hardware" ?:

My money is on fake RAID you got there. So use md.

@marcinozga said in Linux RAID Question - Software or "Hardware" ?:

My money is on fake RAID you got there. So use md.

Also because you already use MD.

You know what, I can even move the two disks to my new workstation and not have to transfer any data.

I think the answer may have been found...

@marcinozga Yeah, after doing some research that is what it is. I stumbled across this and I'm thinking sticking with MD is the way to go.

https://superuser.com/questions/461506/intel-matrix-storage-manager-vs-linux-software-raid

I've been given a nice and shiny Dell Precision Tower 5810 as a new workstation at work. It's a really nice box. I was not involved in configuring the build, so it came with one SSD and one HDD. I'd like to add a second HDD and mirror the two. It looks like the onboard Intel RSTe SATA controller supports RAID.

This box will be running Fedora 25.

I've been using MD RAID on my current desktop to mirror two 3 TB HDDs and it's worked fine. This was my only choice since this box (Optiplex 3020) doesn't have any hardware RAID support.

Now that I have a "hardware" RAID option, which should I use? Should I create a RAID 1 volume via the Intel RSTe SATA controller or should I do a software RAID via MD?

Thoughts?

P.S. - I put "hardware" in quotes because I don't know how much the RAID functionality of the SATA controller is really in hardware.

@JaredBusch said in Fitness and Weightloss:

Changed my walk yesterday to have a 30 second run/jog then walk, then run again..

I hurt this morning.

Yes, but when you find that your walk turns into a jog...you will be very glad you did this!

I started doing small jogging sprints in my regular walks, then moved up to intervals where it was like 1 minute jog 2 minutes walk. Now when I do my walk it's the first minute I walk to warm up, then from minute 2 to minute 17 I jog (trust me I'm beat by minute 17), then from minute 17 to 19 I walk to cool off. This was all over time of course.

I NEVER thought in a MILLION years I'd be able to sustain a jog for 16 minutes in my life!

@EddieJennings said in You guys may get a kick out of this...:

I've grown to hate E-mail signatures that include images.

I've gone back and forth over the years. For a while I had our organization's logo in my signature. I no longer do. I seem to flip flop between sending emails as plain text and then going nuts with HTML formatting. I think I just get bored and need a change-up every now and then, lol.

The reason why I removed the logo from my signature was because to our mail server (Zimbra) every email I sent appeared like it had an attachment. So doing a search for "all emails I sent with an attachment" was not very helpful...

@scottalanmiller said in You guys may get a kick out of this...:

@DustinB3403 said in You guys may get a kick out of this...:

@scottalanmiller While I understand the sentiment it still looks pretty cool.

I'd have to see it, but it sounds really dorky.

I don't think it looks bad. It just makes it extremely easy to capture the guy's signature.

@scottalanmiller said in You guys may get a kick out of this...:

@DustinB3403 said in You guys may get a kick out of this...:

@scottalanmiller While I understand the sentiment it still looks pretty cool.

I'd have to see it, but it sounds really dorky.

If there was a way I could provide a sample, I would. lol

I received an email from one of the outside agencies we work with. The email itself was completely fine. However, the dude has his actual SIGNATURE in his signature. I can literally copy and paste his signature into a document and forge anything I want.

Tell me why putting your actual signature in your email signature would ever be a good idea...

@scottalanmiller said in Firewalls & Restricting Outbound Traffic:

@anthonyh said in Firewalls & Restricting Outbound Traffic:

@JaredBusch said in Firewalls & Restricting Outbound Traffic:

@scottalanmiller said in Firewalls & Restricting Outbound Traffic:

Maybe do some role play... what is the use case where you end up with misconfigured DNS and then want to the person or system with that issue to really go offline completely? Like not just losing some things, but losing patching and monitoring too.

I have been down this road before, and yes. If someone was over at Art's Motel and had to set specific DNS setting in order to work right, and then comes back on my network and gets DHCP, but not a DHCP assigned DNS, then I want then to get no where.. Broken.

Yes!

insert appropriate meme here

So you are letting the users manage their own DNS settings? Lots of times you need to, so that's a valid case, I just want to be clear that that is what we are talking about.

Well, not the users directly. But there may be a case where DNS settings are altered undesirably (by IT, by malicious software, or simply an issue with the OS not flushing stale DNS settings from going off network).

@JaredBusch Got it.

@JaredBusch said in Firewalls & Restricting Outbound Traffic:

@scottalanmiller said in Firewalls & Restricting Outbound Traffic:

Maybe do some role play... what is the use case where you end up with misconfigured DNS and then want to the person or system with that issue to really go offline completely? Like not just losing some things, but losing patching and monitoring too.

I have been down this road before, and yes. If someone was over at Art's Motel and had to set specific DNS setting in order to work right, and then comes back on my network and gets DHCP, but not a DHCP assigned DNS, then I want then to get no where.. Broken.

Yes!

insert appropriate meme here