This is somewhat in response to what @Curtis posted, but I think it should be a topic on it's own. Automation is paramount to security. DoD is seeing that and talks about the new SecDevOps role.

Interesting points from the article:

• bug and security fixes in minutes instead of weeks or months;

• continuous feedback from the warfighters that need and use the software, instead of a rigid separation between developer and end-user;

• automated testing and security, instead of laborious and fallible manual checking of countless lines of code;

• a Continuous Authorization to Operate (ATO) process for rapid deployment and scalability, instead of having to develop a final product and then wait for a lengthy security review before actually using it;

• holistic and “baked-in” cybersecurity instead of constantly scrambling to patch problems after the fact;*

• use of “microservices,” discrete, modular capabilities that can be quickly added to existing software, instead of having to reinvent the wheel and develop such functions anew for each project;

• the ability to deploy the same software on any environment, including DoD-approved cloud services.

https://breakingdefense.com/2019/06/fail-fast-not-twice-dods-push-for-agile-software-development/

@tim_g said in How far will bitcoin and other cryptos fall?:

To me, the Bitcoin is like a bizarre and risky stock that I would most likely avoid long-term investment due to its volatility, which also includes the risk of it going away completely. I don't feel potential gains are worth the risk at this point of it's lifetime, and feel I'm comfortable making less in less volatile ways.

Sure, I wouldn't mind poking it with a stick for shits 'n giggles... but I'm not going to put it under my pillow if you know what I mean.

Put in $20-50 and play with it. If nothing else it's just cheap entertainment.

Extract user, password, and group information from the 4 following files

Find the user(s) you want to copy. Copy the entire line for each user.

example:
user:x:1001:1001::/home/user:/bin/bash

vi /etc/passwd

Do the same for the shadow file.

vi /etc/shadow

Now on the group files. You will want to copy your user line, but you will also want to copy any lines that much any relevant groups.

vi /etc/group
vi /etc/gshadow

Now if are using key authentication you will need to copy
/home/user/.ssh/authorized_keys to the new server.

First you will need to create the directories

mkdir /home/user
mkdir /home/user/.ssh

Then copy authorized_keys file.

ssh-copy-id myuser@remoteserver

or

scp myuser@remoteserver:/home/user/.ssh/authorized_keys /home/user/.ssh/authorized_keys

It sucks that I live 6 miles from the space center and I have to drive 50 miles to Orlando for work. We get such a great view from our back yard. Our old house was only 3 miles away from KSC. The entire house would shake for regular rocket launches. The first 3-4 times it launches happened at 6am, we would wake up like we were under attack lol.

@hobbit666 said in Another Cron issue - reboot:

Wonder why my simple reboot in Cron tab doesn't work.

00 16 * * * /sbin/shutdown -r now

Also tried Just

reboot

Adding the user to sudoers.d

Using
Ubuntu Mate 18.04 setup with a user called "display1"

Run as root and initiate a script that runs reboot . I would avoid using now as it will just stop everything and could crash services.

So do something create a sh file like this with reboot command and put to script file
vi /etc/scripts/reboot.sh

I like the tone, once you get used to it. It keeps you on your toes and makes you a better IT professional.

I do agree it can be harsh for new people, but honestly I dont give a fuck. I like the challenging attitude.

@scottalanmiller said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

Another company follow up while I'm thinking about them. Their social media has remained totally silent since Feb 4th. And their blog that was always a twice weekly thing has been silent since a few days before that. The news reports definitely continue to seem to have been real, contrary to what they stated.

Goes to their blog one week before the compromise.

The title of the article is correct. Just remove the dash

It's truly mind blowing how many ticketing systems are out there in the wild.

@DustinB3403 said in Printer Leasing/Maintenance - Installing Software on the Network for Monitoring Print Devices:

@Dashrender said in Printer Leasing/Maintenance - Installing Software on the Network for Monitoring Print Devices:

@IRJ said in Printer Leasing/Maintenance - Installing Software on the Network for Monitoring Print Devices:

@DustinB3403 said in Printer Leasing/Maintenance - Installing Software on the Network for Monitoring Print Devices:

@IRJ said in Printer Leasing/Maintenance - Installing Software on the Network for Monitoring Print Devices:

Honestly, I have never worked at a single company where IT supports printers, other than initial setups.

Must be fucking nice that the accountants are installing toner and removing paper jams.

Smart accountants know that IT handling printers is a waste of fucking money. Why pay someone $100k+ a year and have them work on printers?

Really - it shouldn't be IT fixing it, I think Scott would say that's Bench's job... and while some DC bench techs can make $100K/yr... most are probably more in the 30-60K range.

Do you consider yourself bench/IT or some combination? Don't you work at a place where you'd fill all of these gaps? Would you want Frank the tank ripping paper jams out the printers you support and potentially making a bigger issue of it? Costing more money by said printer being offline.

I dont give a F about Frank or his printer because the printer is under contract. He can call the printer contract vendor and they will send someone out

You never now what something is actually worth until you try to sell it.

Brush up your resume, talk to recruiters and send it out. See what bites you get and what pay ranges are for those roles. You arent obligated to take any of them.

With Graviton2, AWS is making it clear that it is serious about ARM processors in the data center as well as moving cloud infrastructure innovation at its pace.

https://www.zdnet.com/article/aws-graviton-2-what-it-means-for-arm-in-the-data-center-cloud-enterprise-aws/?ftag=CMG-01-10aaa1b

I kind of agree with @scottalanmiller in principal, but from a business point of view this is so ass backwards that it isn't really fixable with any IT tool(s)

• IT staff heads need roll. They so fundamentally failed their job at this point there is no way you can trust the leadership of IT to fix this. I mean its so far behind what we usually call poor IT.

• Policies and Procedures must be drafted and reviewed by management and employees. It is important that every involved manager and employee signs that they have read, understand, and agree to follow said policies and procedures.

• This is likely going to take at least a year to begin this process because you have to first of all implement proper controls, then implement policies and procedures, and finally get complete buy in from everyone and force them to read and sign everything.

I loathe this question (it's not you) because everyone asks it and it really doesn't matter. They spend so much energy worrying about the distro that they miss the Linux experience of customization because they are so focused on a particular flavor.

Honestly, it doesn't matter. I would use Ubuntu which is easy enough to use for anyone and is well supported. To me gnome looks really nice by default on Ubuntu, and is your best community supported workstation distro by far.

I've been using wireguard for a month or two now. We have Linux, Mac, and Windows clients on it. It works fine on all systems, and is easy to do split tunneling if you are looking for that feature.

If you intend on using VPN and wireguard. As in you use wireguard for one connection and VPN for others, you will need to turn off the wire guard interface with a one line command.

Wireguard is nice because it's activated do boot and you don't even have to think about it. Unless of course you need to connect to another VPN and redirect to that VPN's DNS. In that case, you just temporarily change the state of wireguard to down.

I don't care about the speed much because I'm not transferring files, but it definitely is improved over Openvpn.

Use Office365 with Intune, and you can keep the data on OneDrive and not even allow users to save documents locally.

Putting the same vulnerable windows servers on a Linux hypervisor host doesn't do anything to secure them unless you are shutting them off.

There has to be a better way to store just the data if that's all your concerned about. What database are these windows served running? You can run SQL on Linux and do it on one small server if it's just for accessing archives.

Have you thought about the addressing the real problem? What's making these users need a terminal server in the first place?

Are all users really dependent on terminal server or are some using it for convenience?

Can you replace any of these dated apps with web apps?

@dustinb3403 said in Where to start...:

l
Cloud has these negatives

• Long term cost
• Vendor lock in
• Limited support - support package dependent
• Performance (internet) can be a limiting factor

You have no idea what you're talking about.

@jaredbusch said in KVM or VMWare:

@stacksofplates @IRJ
While you are both correct with your statements. The idea that the typical SMB is using or even understands these tools is ignoring reality of the typical SMB.

This really sums it up.

@irj said in KVM or VMWare:

I would say most SMBs who aren't trained in IaC would be better off with other options.

This is why it is either vCenter, Proxmox, or Hyper-V Manager

I agree, and I knew what you meant. However, you didn't specifically say SMB. You said any business. You did also mention it was places you consulted so it could be assumed you meant SMB.

However, this ML so I had to argue