Best posts made by dbeato

There is a new vulnerability for Xen
http://www.pcworld.com/article/3187782/security/critical-xen-hypervisor-flaw-endangers-virtualized-environments.html
There is a patch as noted below:
https://xenbits.xen.org/xsa/advisory-212.html

@momurda said in I can't even:

@dbeato Yea, but have you tried the logins?

I am not getting involved on that

@ccwtech said in Turning off patching:

he Meltdown and Spectre patching issues, have you turned off patching for now? Why or why not?

I have not, I have actually installed the updates on Servers and Workstations and have not noticed any issue so far. Better be safe than sorry.

At the new job today Going well so far!

If you are trying to upgrade your Unifi to the latest version and you get the following error:

Get:3 http://dl.ubnt.com/unifi/debian stable InRelease [3,023 B]
Reading package lists... Done
E: Repository 'http://dl.ubnt.com/unifi/debian stable InRelease' changed its 'Codename' value from 'unifi-5.6' to 'unifi-5.7'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.

To fix this issue, just run the following command

apt-get update --allow-releaseinfo-change

Then you will be able to upgrade your Unifi

At the zoo today with the kids and wife

I have used ActivTrak
https://activtrak.com/

@eddiejennings said in What Are You Doing Right Now:

Reassigning tickets back to our help desk so they can do some basic troubleshooting.

That's called delegation very good indeed.

@scottalanmiller said in Halting Windows 10 1803 Updates:

What are people doing to halt the roll out of 1803? You can do things from the GUI, you can stop the update service, etc.

Ideally from the command line, is there a good way to switch things to being off the early release channel or outright stopping 1803 until "manually" allowed?

We setup Defer updates in the GPO with Current Branch for Business instead of Current Branch Under:

Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business
Then Open the Select when Preview Builds and Feature Updates are received policy policy, enable it and then Change it to Semi-Annual Channel

@flaxking said in What is your perspective on the overall tone of interactions here on ML?:

@irj said in What is your perspective on the overall tone of interactions here on ML?:

I like the tone, once you get used to it. It keeps you on your toes and makes you a better IT professional.

I do agree it can be harsh for new people, but honestly I dont give a fuck. I like the challenging attitude.

I feel the same. This is a discussion forum, not a QA site. Everything is open to be challenged, even if it wasn't the main topic of the post. Sometimes people's assumptions need to be identified and challenged before a question can really be answered.

Imagine what kind of power trip @scottalanmiller is no one challenged some of his posts head on

We have @JaredBusch for that

So I updated my Unifi Sources as the below:
https://help.ubnt.com/hc/en-us/articles/220066768-UniFi-How-to-Install-Update-via-APT-on-Debian-or-Ubuntu based on this

1.  Use the following command to add a new source list:  
echo 'deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list
	
NOTE: Using http://www.ubnt.com/downloads/unifi/debian on a browser will result in a 403 Forbidden page. This is because we do not allow direct listing/access to this link. The URL is only meant to be used when using the CLI commands as in the one shown above.
2. Add the GPG Keys. To add the GPG Keys use one of the two methods described below, Method A is recommended. When using the commands below, it is assumed you have sudo and wget installed, more information about sudo can be found here, and wget here.

	
User Tip: For Ubuntu 18.04, run the following commands before installing UniFi in step 4.
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6
echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list
sudo apt update.
Click to copy
See an example of what scripts the Community is using to install the UniFi Controller on Ubuntu 16.04 and 18.04 in this Community post.
(Method A) Download and install the following trusted key into /etc/apt/trusted.gpg.d

sudo wget -O /etc/apt/trusted.gpg.d/unifi-repo.gpg https://dl.ubnt.com/unifi/unifi-repo.gpg 
(Method B) Using apt-key.

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 06E85760C0A52C50 
3. Update. Retrieve the latest package information. Note: If this results in an error, please check the User Tip below.

sudo apt update 
4. Install and upgrade the UniFi controller.

sudo apt install unifi

But I got this error

I fixed that error as below... since I needed it

sudo dpkg -i --force-all /var/cache/apt/archives/mongodb-org-server_3.4.16_amd64.deb
sudo apt-get install -f

Then it upgraded properly to Unifi 5.8.24

Maybe this will help someone.

Finally got Exchange working on Let's Encrypt with Win-ACME

If you have the original Outlook profile for that OST file then you can export directly from Outlook to PST without any tools. Otherwise you are going to need to pay for a tool such as Stellar OST to PST or other options.

Got my Nginx SSL Proxy to be using Certbot with CLoudflare DNS verification and it is renewing automatically

I also used the ODT as below

Download
setup.exe /download configuration.xml

Install
setup.exe /configure configuration.xml

@DustinB3403 said in What Are You Doing Right Now:

Just fixed the Company LED Christmas tree, someone was so kind to rip the cable in-half from the plug that fed the top half of the tree. So I had to make a small extension cable and wire it back together.

And got a user workstation backup and running. No video signal.

Time for Coffee.

If it got a power cable, it must be IT

This guide assumes you have an Nginx SSL Proxy as the tutorial of @JaredBusch below:
https://mangolassi.it/topic/16651/install-nginx-as-a-reverse-proxy-on-fedora-27

Now that you have his configuration see below

First you need to add the certbot repository

sudo add-apt-repository ppa:certbot/certbot

Then you install the software-properties-common package

sudo apt install software-properties-common

Update the repositories

sudo apt  update

Install the Certbot for Nginx

sudo apt-get install python-certbot-nginx

Install the Python-Pip package

sudo apt install python-pip

Install the Pip Module for Certbot-dns-cloudflare

sudo pip install certbot-dns-cloudflare

Get your CloudFlare API key
https://support.cloudflare.com/hc/en-us/articles/200167836-Where-do-I-find-my-Cloudflare-API-key-

Then setup a secret file with your key on whichever path you want, I chose the /root/.secrets folder,

sudo mkdir /root/.secrets
sudo chmod 0700 /root/.secrets/
sudo touch /root/.secrets/cloudflare.cfg
sudo chmod 0400 /root/.secrets/cloudflare.cfg

Edit the /root/.secrets/cloudflare.cfg by using nano

sudo nano /root/.secrets/cloudflare.cfg

Edit the file and enter your CloudFlare Email and your API key as below

dns_cloudflare_email = "[email protected]"
dns_cloudflare_api_key = "2018c330b45f4ghytr420eaf66b49c5cabie4"

Request a single, SAN or wildcard SSL Certificate from Cloudflare as below

sudo /usr/local/bin/certbot certonly --dns-cloudflare --dns-cloudflare-credentials /root/.secrets/cloudflare.ini -d domain.com,*.domain.com --preferred-challenges dns-01

Results should be as below

Then I added a cronjob as below

14 5 * * * /usr/local/bin/certbot renew --quiet --post-hook "/usr/sbin/service nginx reload" > /dev/null 2>&1

Then I added manually the configuration for SSL on the Nginx Configuration File

sudo nano /etc/nginx/conf.d/domain.conf

Added this section

listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

Check your configuration

sudo nginx -t

Reload Nginx

sudo nginx -s reload

Patching Zimbra in Ubuntu and other platforms has gotten much better
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.10/P4
All I needed to do was this

As root, install the patch. Type below command

apt-get update
apt-get install zimbra-patch

Switch to user zimbra

su – zimbra

ZCS must be restarted to changes to take effect. Type below command

zmcontrol restart

Same can be done on CentOS.

So I have been playing around with downloading a site offline for archiving purposes. In this case I have written scripts for the below:

For a Full Website (This will download the whole site as it is)

wget -mkEpnp https://mangolassi.it

For a group of Posts in numerical order(This example downloads all the topics from Mangolassi)

#!/bin/bash
for i in {1..2200000}
do
  wget -mkEpnp https://mangolassi.it/topic/$i
done

You can use CUPS Command Line
https://www.cups.org/doc/admin.html

lpadmin -p PrinterName -E -v socket://ip.address.of.printer -m printerdriver.ppd