@dafyre said in iptables deny taking precedence over accept:

@IRJ said in iptables deny taking precedence over accept:

#Port Range 95000
$IPT --append INPUT --match tcp --protocol tcp --src $somenetwork_1 --sport 95000 --jump ACCEPT
$IPT --append INPUT --match tcp --protocol tcp --src $somenetwork_2 --sport 95000 --jump ACCEPT

I'm assuming this is not support to be a correct number... but --sport can't be > 65536.

Yeah I just randomized port numbers. Not actually using that

@scottalanmiller said in Mangolassi mobile site is very jumpy:

@RojoLoco said in Mangolassi mobile site is very jumpy:

@JaredBusch said in Mangolassi mobile site is very jumpy:

@IRJ said in Mangolassi mobile site is very jumpy:

@scottalanmiller said in Mangolassi mobile site is very jumpy:

@Emad-R said in Mangolassi mobile site is very jumpy:

@IRJ

How easy it is to create a modern android app of an existing website? I think a few lines of code for this. And theoretically, you can put the APK shared somewhere. I think that is the only real solution but is it worth the hassle. I once did this and to MangoLassi site but I was bored and found it not really worth it. Also, what is your phone specs/model ?

making an APK of the site does very little, basically just encapsulates it. I think all the issues carry right on through.

Yeah it is just a wrapper

Like a condom for ML........

You don't know where ML has been, good precaution.

More importantly, ML doesn't know where you've been.

Lies! you have all the infoz!

@IRJ said in Well this is bad... VPN vulnerability release:

This really seems like a backdoor was found

http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html

And this is an oh got me moment

Sounds that way, yeah.

@IRJ said in Scripting partioning on AWS:

@stacksofplates said in Scripting partioning on AWS:

@IRJ said in Scripting partioning on AWS:

Found this chart on a somebody's project on github. Seems like a reasonable place to start?

ce0c63ba-39ea-47f3-8720-370ff5d73ff6-image.png

Ours would have been more like:

mount size / 12GB /home 1GB /var 10GB /var/log 5GB /var/log/audit 5GB /tmp 1GB

That's a little too liberal for EC2 instances. I could definitely see that working for on prem though.

Yeah. The numbers you had looked fine. Especially if they aren't going to be long living servers.

Here is a much simplier way to do this.

head -1 /tmp/tmp1.txt >> /tmp/tmp1.txt

Like for example adding rd.break at boot.

Yeah I'm wrong. sudo being involved means it can't be privilege escalation because you're getting the proper amount of access.

I know you were just explaining how to do it but this is a simple task with Ansible.

- name: Ensure user exists user: name: Joe state: present password: "password_hash" groups: wheel, libvirt

Instead of needing the hash up front you can do things like:

{{ Password1234 | password_hash('sha512') }}

@IRJ said in Remote Sudo Escalation:

The vendor is telling me I should be able to run .sh file directly from samba share on client server2. So ssh should not need to be part of equation. Otherwise having the share would be pointless.

Sounds like the vendor needs some basic IT support themselves.

Honestly, anything higher than the 1080p resolution on a 13-inch laptop is a gimmick. The screen size is simply too small for any practical case of higher resolution. And even with 1080p, I have to scale my 13.3-inch laptop to 150%.

Bookmarking site. Thanks @IRJ!

Got it working. I had to set the user to nobody instead of guest. Oddly enough it would mount as guest, but just not be readable.

@IRJ said in Test:

From mangolass.it , hey look we have a

4b296e6f-55cf-494b-a24f-08fe5815935e-image.png

Or just a second domain name...

Hey, thanks

@wirestyle22 said in Fail2ban on load balancer:

@IRJ said in Fail2ban on load balancer:

@wirestyle22 said in Fail2ban on load balancer:

@IRJ said in Fail2ban on load balancer:

@wirestyle22 said in Fail2ban on load balancer:

@wrx7m False positives too. If I blocked all Canada traffic as an example, LogMeIn will intermittently not work because they have data centers in Canada. There is essentially no benefit to it and a few, mostly small downsides. It just aids sale because it sounds cool.

That's not what's being talked about here. We are talking about doing in on a load balancer for a specific service. In this case https traffic to a specific application.

I was talking specifically about potential problems with geo-location. I understand what is being discussed

If you do geo-blocking then it becomes part of the process of installing new software and services to add a whitelist of IPs for that service. Any cloud hosting provider has something similar to this.

https://help.logmein.com/articles/en_US/FAQ/Whitelisting-and-LogMeIn

For what real benefit though? That is kind of my point. It's a PITA but also doesn't benefit you really

The point is, it's about politics. The value has nothing to do with IT when it does have value. Any (or essentially any) value comes from unhealthy organizations driven by politics and not by results. Which, as I've said many times, is the average company.

I've them . 5 years now. My eyes don't bleed anymore and so I spend way more time in front of a screen 😞

@Dashrender said in How can I turn off auto centering in LibreOffice Calc?:

@bnrstnr said in How can I turn off auto centering in LibreOffice Calc?:

@DustinB3403 said in How can I turn off auto centering in LibreOffice Calc?:

Do you have Column A locked so when you scroll everything else moves and A is hidden? Or is that filter on A only to find numbers etc?

It's just the behavior of a normal workbook. Nothing hidden or locked (from my experience anyway). If the column you want to edit extends off the right edge of the screen it moves the window to try to make the whole column visible.

Not that it's relevant really, but I don't see a way to turn it off in Excel either.

Yeah, I've seen this behavior in Excel before - definitely annoying... I get what they are doing - showing all the data for that column... but still.

I understand it, too. It would be nice if it was something you could toggle though

@DustinB3403 said in Microsoft alternative - open source project?:

This is the part that CERN's team is pissed about.

TL:DR CERN's contract with Microsoft as an Academic institution pricing was revoked, and priced jacked way the hell up.

A prime example is that CERN has enjoyed special conditions for the use of Microsoft products for the last 20 years, by virtue of its status as an “academic institution”. However, recently, the company has decided to revoke CERN’s academic status, a measure that took effect at the end of the previous contract in March 2019, replaced by a new contract based on user numbers, increasing the license costs by more than a factor of ten. Although CERN has negotiated a ramp-up profile over ten years to give the necessary time to adapt, such costs are not sustainable.However, recently, the company has decided to revoke CERN’s academic status, a measure that took effect at the end of the previous contract in March 2019, replaced by a new contract based on user numbers, increasing the license costs by more than a factor of ten. Anticipating this situation, the IT department created the Microsoft Alternatives project, MAlt, a year ago.

Yep.

Found the answer here:
https://unix.stackexchange.com/questions/32908/how-to-insert-the-content-of-a-file-into-another-file-before-a-pattern-marker

sed 's/CHANGEME/$x/g' origfile | x="$(<file2insert)" envsubst '$x' > newfile

This will replace every CHANGEME occurence in origfile with the content of file2insert. Remove last g from sed to replace only the first occurrence of CHANGEME.