@Dashrender said in SAMIT: Do You Really Need Active Directory:

@IRJ said in SAMIT: Do You Really Need Active Directory:

@Dashrender said in SAMIT: Do You Really Need Active Directory:

Toss in a situation where many users must be able to use nearly any computer in the office at any time - and now what? really - how do you manage that?

100 desktops, 100 users, and they play musical charges daily - now what?

Everything they access of value is cloud based, so you only care about authentication to that service not authentication to the local system.

You can prevent users from storing files locally on OD for example and in that case if their workstation is compromised none of the data is sensitive.

But basically - you are saying - BYOD all the things, and just not give a shit about the end device at all...
But you still have regulations, the reason you're running an SIEM.

Not BYOD and have standard builds with restricted permissions, but you dont really push anything because they are just a basic OS that lets you access resources. You let them update on their own.

@Dashrender said in SAMIT: Do You Really Need Active Directory:

@scottalanmiller said in SAMIT: Do You Really Need Active Directory:

@Dashrender said in SAMIT: Do You Really Need Active Directory:

Sure - because, as stated a moment ago - almost no one ever talks about AD - but they are talking about AD DS or whatever you want to call the total and complete bundle of things that come with the Windows Server license that typical shops use.

AD DS is 20% of AD, it's more specific and under the hood, not less specific and under the hood. It's actually making the discussion worse, not better.

Imagine if we called every single thing on Linux "Apache" because Linux often ships with Apache. Imagine calling Samba, DNS, and LibreOffice "Apache" and just going "everyone means everything when they say Apache?"

Then how the heck do they talk about Apache? No wonder every Windows admin is confused, if your claim is true - not a single Windows admin knows any Windows component, feature, or functionality? That's crazy. How do they function? How do they communicate? No wonder so many Windows components get rolled out when they are not needed if everyone thinks that it's all one thing and none of it has a name or known purpose!

As you mention - GPOs is nothing more than files on a SMB file share, it's not really an installed thing - it becomes "enabled" for lack of a better work only after a PC has joined a domain.

I wonder if a workstation can be hacked to look for a directory that houses the GPO files and integrate them without being a domain member? i.e. is there a registry key for that? lol

Uh, what?

Why would anyone want to do that? If you hacked a system you just scan the registry (if you care, but unlikely).

@Emad-R said in [Using GNU\Linux on your

why the fuck should i go buy 1000$, go blow your money for bragging rights, if your smart you can get Win 10 Home license for 15$ valid but you just need to research

Then do it and quit bitching. If you can't handle Linux that's fine. Most people can't.

@Obsolesce said in Tighten your tinfoil hat - International Surveillance:

@IRJ said in Tighten your tinfoil hat - International Surveillance:

Also which one us is worse to have your data?

Depends on your crimes... But for everyone else, who cares. Every US company (think Facebook, telecoms, hacks, etc) already has more on you than the NSA; they probably just aggregate it all into one DB.

The social media part is true, but you don't have to be a criminal. You just have to be 3 or 4 deep of one

@Dashrender said in W2, the IRS Test, and Who Do I Work For?:

So - is all this shit I'm hearing nothing but lies? or are the rules different in CA? or are they just a bad company (OK we already know they are a bad company, so don't dive to deep into that).

CA is different than the rest of US like usual. They are trying to take away contractor roles, and honestly everyone is pissed about it. Contractors like being contractors and companies like paying that way. Leave it to CA to go fuck with people for no reason.

@dave247 said in Looking for some insight/input for setting up a "hot site"/fail-over environment:

@IRJ said in Looking for some insight/input for setting up a "hot site"/fail-over environment:

@dave247 said in Looking for some insight/input for setting up a "hot site"/fail-over environment:

We have a few locations that are all relatively close by

That is probably the craziest thing about going through all this hassle and being in the same geographic region. I would seriously consider a colo outside of the area. I mean you do all that work and put in all these expenses and you have an area wide disaster and its potentially gone.
Colocation costs are not much more than hosting at your own facility.

yeah that would be preferred but we likely won't be able to get our company owners to spend that much money. Setting up a minimal warm site in our other building would be much cheaper/easier.

I went through what you're going through about 10 years ago. Almost identical.

What we found is that everything we put in place and all the procedures we had to follow to meet our BCDR was so much work that we decided it was extremely stupid to spend hundreds of thousands of dollars in licensing, manpower, and procedure to get our stuff operational to meet our BCDR and then fail because of a location.

My boss asked for a remote site instead of using another local facility and it was a no brainer to everyone involved include C level non IT people. They understood costs and effort level to get there.

@pmoncho said in Bash script to manage file directory by size:

@IRJ said in Bash script to manage file directory by size:

I am housekeeping some directories by running a script to delete everything older than X days.

find /var/backups/app1* -mtime +30 -exec rm {} \;

That seems to be working ok, but size is varying among servers. I would rather delete oldest files once I threshold is met.

Example: I have a hard limit of 5GB that I cannot exceed. After keeping 30 days worth of files on some servers I am only using 500MB and others 3GB. I would rather keep more days and just not exceed 5GB so I can use all available space.

So I am thinking something like this :

If directory exceeds 4GB, then delete the 5 oldest days of logs

You can use du -h to get directory usage and then eval it.

Edit: I believe du -hs will give you a summarized in human readable form

Yeah I think this is the route I will need to go.

@DustinB3403 said in Wazuh with Agents with Overlapping IP Addresses:

I've not seen anything that suggest DHCP agents are supported. Seems static assignment only.

DHCP is not the issue. It's having the same internal IP address which is the issue.

Yep I agree with others. Just don't use static IPs at all. If you don't have to use reservations that's even better.

@DustinB3403 said in Scripted visudo updates:

@stacksofplates said in Scripted visudo updates:

@DustinB3403 said in Scripted visudo updates:

@stacksofplates said in Scripted visudo updates:

Just drop in a file with the sudo permissions there. A good convention is to name the file the user/group name and then put the user or group in the file with the permissions. It should be picked up by the system then. That's just the dump directory for configs so you don't have to edit /etc/sudoers

So would I simply drop a file with my Cmnd_Alias and users there?

Sorry (just looking to see an example)

Here's an example. The file could be called dustin:

dustin     ALL=(ALL) NOPASSWD: ALL

Gotcha, so yeah I'd just setup a touch and vi process to add a file to that location with my permissions.

Thanks for the clarity.

use cat instead of vi to automatically write the file

cat > /etc/sudoers.d/dustin <<\EOF
dustin     ALL=(ALL) NOPASSWD: ALL
EOF

@stacksofplates said in How to script a process upon wake up on Ubuntu:

You could just modify the bluetooth.service to have this :

[Unit]
...
`After=suspend.target hibernate.target hybrid-sleep.target`

...

[Install]
WantedBy=suspend.target hibernate.target hybrid-sleep.target

What file are you using?

This is what I found /etc/systemd/system/bluetooth.taget.wants/bluetooth.service

@Dashrender said in AppGini - building a webpage/db:

@stacksofplates said in AppGini - building a webpage/db:

Airtable is a good tool for this kind of stuff

Nice, though I'm guessing not HIPAA compliant (or at least they won't sign a BA for it)...

yup, guessed it

You are trying to design something in house to store PHI?

@Dashrender said in AppGini - building a webpage/db:

@IRJ said in AppGini - building a webpage/db:

I would say there is a never a case where you want to design something in house to store PHI. Unless, of course you are a software company that is willing to go through things like external code review, pen testing, HIPAA certification, etc. It is just a HUGE risk that could potentially put your upper management in a hot seat (or prison) if there is a breach.

This is in-house for in-house use only. How is this any worse than storing PHI in Excel?

@G-I-Jones said in HelpDesk Options:

Okay guys, all my other important shit is done and I have some time to really grind out some learning here. I'm going to try making a VM with one of the options listed on zammad.org for a HelpDesk. This is a prime opportunity to get my feet wet in Linux as it's something we need to get up, but there isn't a terrible rush. Plus, I enjoy coding.

As far as Linux goes, and of the list provided below before I start reading trying to figure out what the hell I'm doing, does anyone have anything helpful to point out about any of the options?

So far I have:

Source: All command line?
CentOS: better at Ubuntu with server stuff, but may lack in end user experience
Debian: tiered releases, lacks the user friendliness of Ubuntu.
Ubuntu: desktops or servers. free and common.
Docker: something about a container that works well inside Ubuntu?

I'm planning on reading more, but I'm just scratching the surface here and don't want to get off on the wrong path here spending hours learning one I won't use. Any tips would be appreciated.

I would run on either CentOS or Ubuntu. Docker containers can be nice, but if you are brand new to linux you are better off learning how to do things from base OS level first. Especially if you dont consider running other containers on this host.

@pattonb said in SEO primer:

@scottalanmiller Is Matomo,Open Web Analytics,AWStats of any value. I suspect am I asking as to whether tying into the Google World provide any advantage. or will the other software provide me with the data I need. as for as data , I only really need traffic, visits, pages, how long they stay, or pages they view. Basic ( in my mind) , to see whether traffic is increasing/decreasing , and which pages draw the most interest. The audience is local, services provided don't extend beyond the local area , pop, ~1.4 million

Matamo provides all this. It is what I use.

It really sucks to have to lock it down by IP. You might as well not have a cloud service at that point.

I can also think of some valid reasons for employees to clock in our out off-site. Compliance training, travel, etc.

I would put this responsibility on employees and not IT. Using a time clock is just part of working a job.

Why would you host it on prem? Cloud bitwarden has been great, and is affordable

@Dashrender said in Weird thing on O365 account:

@IRJ said in Weird thing on O365 account:

@coliver said in Weird thing on O365 account:

Pitch them MFA.

Nah. Just set it up, and say its security in place so you wont get hacked again.

No pitch needed, just do it.

I don't have that level of authority, I'm an IT consultant for them, nothing more.

I have a meeting with them tonight (the whole company actually - some training stuff), but in light of this SECOND hack - I'm seriously thinking I ditch all of my current conversation and talk about password managers and 2FA only.

Second hack? Then you didn't do your job the first time.

There is really no discussion. Its a must have and they could lose their Office 365 account otherwise. Their account already has a poor reputation with Microsoft.

It's not a conversation, it's you do this or a drop you as a client

I am looking at adding either AWS WAF or modsecurity to an all AWS environment.

Mod Security

Pros: FOSS
      CSP Agnostic
      Community and paid support
      Wazuh integration already there


Cons: Additional resource consumption on EC2 instances (potentially causing autoscaling and additional costs)

AWS WAF

Pros: No additional resource consumption
      Autoscaling handled by AWS
      Better DDOS protection
      Wazuh integration in latest version of wazuh agent


Cons: Unknown costs (many moving pieces like lambda calls, data streams, and log storage)
      Complexity (lots of terraform scripting)
      AWS only

Certifications by Microsoft are just a way of having getting professionals to push their products. Subscription based products are much more profitable then Windows Server.