@stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

@dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

@stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

@dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

@stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

There's a big movement now around SBOM with tools like in-toto, SPIFFE/SPIRE, TUF, and a lot more. We are working with gov't clients and they are headed towards requiring SBOM information for each release.

It's been mandated that software now include a SBOM (see my recent post in IT news).

Yeah but that mandate is only for open source (for whatever dumb reason). I'm all for SBOMs for open source software, but it's ignoring the fact that the issue has historically come from closed source software. An SBOM is much less effective when you already have access to 99% of what's included in the product.

Well it mentions open source specifically, but also targets close source

Ah I read the first part. It made it sound like it was only open source.

Not that anyone but the US Government will know what is actually included in any specific closed source software

@fredtx usually the process is far simpler than you'd expect.

@irj just reserving the space

@gjacobse I was wondering what denable was lol... good eye.

Corrected it

Makes me think of the classic blade chassis, and while they worked they weren't really efficient with a low end backplane...

@scottalanmiller said in Postfix Script to send email automatic:

This is the industry standard way, it's so quick, easy, efficient and standard that no one ever considers reinventing the wheel because the wheel is so good.

People have repeatedly reinvented the wheel. . . .

@nadnerb said in Ransomware Isn't the Problem, IT Departments Are:

meatware being meatware

@voip_n00b said in Proxmox VE 7.0 Released:

@jaredbusch yes

Mark one product off of the options list....

If the business had this system that was their bread and butter, that is going to cost so much money and time to ensure doesn't go offline, and they still let it happen.

Then this is entirely the businesses fault and stop supporting stupid fucking decisions..... like trying to get a 2003 Server to P2V and continue running it.

There was certainly virtualization options back 6 years ago, hell I moved 3 organizations to completely virtual within that time span...

@eleceng At this point you're probably fucked, someone may have a 2003 server key lying around but that isn't a long term solution.

I'd cut my losses and move to a new OS and simply export whatever data is on the drives.

How long has Server 2003 been EOL'd, 6 years? And this system was still physical until very recently. . .

Sunk cost fallacy here, there can't be that much value in this server to offset the cost of just moving to a new platform.

If you can host it yourself, I know @scottalanmiller is running Tactical RMM, I assume all of NTG is using it, globally.

Could save you some long term costs if you can manage and support it yourself.

@gjacobse said in WinRM: Security Question:

@eddiejennings said in WinRM: Security Question:

@gjacobse said in WinRM: Security Question:

Here, it's turned off by design as a security risk, which to some degree I can see and agree with, but now I'll have to annoy users and in some cases drive across town to perform a minor task I could have done with PS.

What's the specific risk?

Well - that is my question and I don't know that I will get any more of an answer other than:

"Remote Powershell execution"

I feel as if I had a tool in the box and it's been welded so it can't be used.

WinRM in and of itself could of course be used for malicious intent. But so can Manage Engine or any other remote management tool. Someone picked WinRM and said "No" because they don't know how it works or how to secure the environment from abuse.

@hobbit666 said in Spreadsheet background image:

@gjacobse said in Spreadsheet background image:

How often do you need to do this?

Not often at the moment, it's only really for diagnosis of boards when I need help
Just thought it would be a nice way of putting the data on to share.

Try ShareX (It is Windows Only though) but it works amazingly well. Best screenshot tool I've used and has a ton of functionality without the complexity.

The only thing I do at install is disable the "Uploading" of images (which it asks the first time anyways).

@flaxking said in Checking multiple Directories to confirm all files are identical:

I would think you would be able to use robocopy to do a diff

Probably, but the issue still comes down to system resources.

Anything that is storing in memory will quickly consume the available resources.

Maybe if I pipe the about to a file it won't be so bad..

@dashrender said in Checking multiple Directories to confirm all files are identical:

One thought - run a md5 hash and output filename date hash to a file, then compare the contents of the files between the servers.

you could run the job individually on each server so all three plus devices could run at once - assuming not all on the same VM host.

This appears to be working, thanks for the idea!

dir D:\Files -Recurse | Get-FileHash -ea Continue > C:\D-Files.txt

Dumps out one large file, I could then use a file comparison tool to quickly check these outputs.

@dashrender said in Checking multiple Directories to confirm all files are identical:

@dustinb3403 You'll likely have to do some type of line fixup, i.e. if a file is missing, then every line after that would be a mismatch...

Maybe, Meld has actually been pretty good about that type of "issue" and can find the record anyways.

Has anyone had to do something like this? With the recent PrintNightmare vulnerability, we're obviously patching our systems, but we're also implementing some changes via GPO to force trusted print servers to be used, only.

What I am trying to sort out is a way to scan every system in a domain and see if it has a printer that is shared, specifically systems without the Printer sharing role installed (workstations, random servers etc).

This is a very rough hit for what I have, so I'm not sure if it actually would work. When I run it I'm getting a quota violation.

Import-Module ActiveDirectory
$comp = Get-ADComputer -Filter 'ObjectClass -eq "Computer"' | select -ExpandProperty DNSHostName
Get-Printer -ComputerName -Filter $comp  | where Shared -eq $True

@pete-s I guess, still seems like "participation trophies". I'm at the point where I'd rather just have the cash or time off and not deal with this kind of game.