IT Discussion

• 

  domain controller in the cloud for small office?
  • Mike Davis

  27
  27
  Posts
  22
  Views

  

  Just did the math for moving beyond 10 users. JumpCloud makes sense if you're under 14 users. Beyond that the $111 for Azure works out better.

• 

  LANLess explained.
  • travisdh1

  47
  47
  Posts
  622
  Views

  

  @scottalanmiller said in LANLess explained.:

  Steam... the core of the LANless model, lol.

  For a home-based gaming rig, it really is!

• 

  Newb question - Running a script from the root directory
  scripts centos centos7 linux education • • DustinB3403

  29
  29
  Posts
  76
  Views

  

  @stacksofplates said in Newb question - Running a script from the root directory:

  @dustinb3403 said in Newb question - Running a script from the root directory:

  @stacksofplates said in Newb question - Running a script from the root directory:

  @dustinb3403 said in Newb question - Running a script from the root directory:

  @stacksofplates said in Newb question - Running a script from the root directory:

  @dustinb3403 said in Newb question - Running a script from the root directory:

  @stacksofplates said in Newb question - Running a script from the root directory:

  @dustinb3403 said in Newb question - Running a script from the root directory:

  @scottalanmiller said in Newb question - Running a script from the root directory:

  @dustinb3403 said in Newb question - Running a script from the root directory:

  @stacksofplates said in Newb question - Running a script from the root directory:

  @dustinb3403 said in Newb question - Running a script from the root directory:

  @danp said in Newb question - Running a script from the root directory:

  Is the directory in your path? What do you get from echo $PATH?

  echo $PATH
  /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/root/opt/scripts/:/root/opt/scripts

  I've added it (twice).

  Well first off you had /root/opt/scripts not /opt/scripts. Second you either have to log out and back in or tell your user to use the new path with something like

  source ~/.bash_profile

  I used ````~/opt/scripts``` initially, as I wasn't aware of just adding my scripts into one of the existing locations. (everything said just add a new directory).

  By simply moving the script into an already existing path, I am able to update with just "script.sh".

  When you are root and your home is /root and you put ~/opt/scripts that is /root/opt/scripts.

  Remember that ~ is a shortcut to your home directory, which is /root

  So by adding ```/opt/scripts/```` this would've worked, but would've added complexity for no reason.

  No that still isn’t a default location. In the OP you said you put the script in /opt/scripts. Where did you actually put it?

  Originally I created the directory /opt/scripts and put the script in there so the Directory looks like

  /opt/scripts/script.sh

  I went back and change the script location to be in /usr/local/bin

  So in /usr/local/bin I now have script.sh

  This now works without issue, and /opt/scripts no longer exists.

  Ok ya that’s where the problem was. /opt/scripts is different than /root/opt/scripts. If you would have had that in your .bashrc or .bash_profile (or whichever shellconfigure you’re using) it would have worked. But you still have to let the user know of the PATH change.

  I'm the user in this case, but I never really create / save my own scripts. I just got tired of running a set of commands, every other day.

  Thus the need to figure out how I could run the script, without having to jump into the exact directory from which the script was saved.

  I mean you have to let the user you are logged in as Know if the change. Either by logging out and back in or by temporarily sourcing the config.

  I've logged out, what do you mean "sourcing the config" ?

  If you change your PATH while you’re logged on the user account doesn’t know of that change. You have to either log out and log in again or temporarily do something like

  source ~/.bashrc

  Or the non-aliased version...

  . ~/.bashrc
• 

  Burned by Eschewing Best Practices
  best practices • • scottalanmiller

  966
  966
  Posts
  109163
  Views

  

  And we are back in full swing, this one is a train wreck:

  https://community.spiceworks.com/topic/2072941-virtual-machine-hosting

• 

  MSP charged with extortion
  msp it ethics it scandals donate scam • • ChrisL

  80
  80
  Posts
  2426
  Views

  

  @irj said in MSP charged with extortion:

  @scottalanmiller said in MSP charged with extortion:

  @penguinwrangler said in MSP charged with extortion:

  @scottalanmiller said in MSP charged with extortion:

  Serious reminder that corrption in America, having to pay off local officials, is just the same as it is in the third world.

  I didn't believe this until working at the law firm I work at now that mainly defends businesses. It is absolutely horrible what happens to businesses, especially SMBs.

  Yeah, there is no protection for ordinary people in America. The law isn't there to protect people, it is a weapon of the rich and powerful.

  We are a police state ...

  ftfy

  Unlike most, I know the how and when it actually happened. Won't get into that here tho.

• 

  Running nested VMs in Fedora 26 KVM / QEMU on Hyper-V
  • Tim_G

  5
  5
  Posts
  77
  Views

  

  @romo said in Running nested VMs in Fedora 26 KVM / QEMU on Hyper-V:

  @tim_g said in Running nested VMs in Fedora 26 KVM / QEMU on Hyper-V:

  Creating a Linux VM on Hyper-V is easy. Creating a nested VM inside your Linux VM running on Hyper-V... well, it's not going to work out of the box.

  Here's how to do it: https://www.timothygruber.com/hyper-v-2/run-a-nested-vm-on-kvm-qemu-vm-in-hyper-v/

  Why would you want to? In my case, there was a developer who needed to compile code on a special Linux VM, and immediately needs to test it inside a throw-away VM running in there.

  Doing this on his own or another physical PC or other means was not an option.

  Wouldn't this be a good case to use a LXC/LXD container and not have to mess with nested virtualization?

  No, the throw-away (nested) VMs have to be Windows images that are used with the product systems.

• 

  WPA2 Hacked
  • iroal

  56
  56
  Posts
  432
  Views

  

  @dustinb3403 said in WPA2 Hacked:

  @hobbit666 said in WPA2 Hacked:

  @mike-davis said in WPA2 Hacked:

  My controller now will let me upgrade some APs, but not others. For the client below, the APs are on the same firmware, but one is showing the upgrade available and the other not. I'll keep watching it as the day goes on.

  Did you download the Firmware to the controller or did it just appear by it self?

  The controller has to be upgraded through the normal upgrade process.

  No it does not. there is a button specifically to load out of band firmware.

• 

  RSAT for Windows 10 1709
  windows 10 1709 fall creators update 2017 rsat • • Dashrender

  2
  2
  Posts
  59
  Views

  

  @dashrender Nice thanks! I will install it on coming days.

• 

  DHCP on Server 2012 R2 does not understand Fedora 25
  fedora 25 dhcp server 2012 r2 • • JaredBusch

  16
  16
  Posts
  460
  Views

  

  https://www.freedesktop.org/software/systemd/man/networkd.conf.html

  http://ipv6friday.org/blog/2011/12/dhcpv6/

• 

  Equifax Again
  equifax hacked • • stacksofplates

  15
  15
  Posts
  304
  Views

  

  @aaronstuder I watched that video some time ago, such a good channel.

• 

  Catastrophic network gear failure yesterday
  • momurda

  32
  32
  Posts
  139
  Views

  

  Ubiquiti FTW. Great stuff, there.

• 

  Powershell issues with splitting or trimming data in a $string
  • computerchip

  6
  6
  Posts
  54
  Views

  

  @computerchip said in Powershell issues with splitting or trimming data in a $string:
  Change this: $data[0] | Out-File -filepath C:\temp\chip\whois_data.csv -append

  to

  $data=$data -join "," $intLastChar=$data.indexof("DNSSEC")+2 $data=$data.substring(0,$intLastChar)

  That converts $data to a string (separated by comma), finds "DNSSEC" and adds two to it (to remove the leading comma), and then tosses out everything extra.

• J

  Ubuntu/shred?
  • Jimmy9008

  39
  39
  Posts
  225
  Views

  

  @jimmy9008 said in Ubuntu/shred?:

  @gjacobse said in Ubuntu/shred?:

  Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...

  I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...

  We're donating with the drives, so will be wiping them to a reasonable standard.
  Just trying to find out id one pass of 0's is actually a reasonable standard....

  No it's not. DoD wiping is done with 7 passes. This is a very old standard and has been around a long time.

• 

  Hyper-V Failover Cluster FAILURE(S)
  • Kyle

  140
  140
  Posts
  317
  Views

  

  @dashrender said in Hyper-V Failover Cluster FAILURE(S):

  @tim_g said in Hyper-V Failover Cluster FAILURE(S):

  @kyle said in Hyper-V Failover Cluster FAILURE(S):

  @dashrender said in Hyper-V Failover Cluster FAILURE(S):

  The logs say the switches aren’t saturated, but I wonder is a network broadcast issues can’t be an issue here in the new network size.

  I'm going to have to verify the network settings are correct tomorrow again since the 5 NICs associated with the nodes are all over the place I'm going to guess it has something to do with that.

  They said they had this exact same issue a few months ago but the logs do not go back that far so I cannot compare the events. But having the cluster fail twice in 2 days isn't sitting right with me since it started occurring just days after switching IP ranges.

  I've dumped all the logs and documented everything I have found that look out of place.

  Isn't the SAN network isolated both physically and logically from everything else?

  Nope he said they are not.

  That's not good. So it isn't really a SAN, just a normal network with SAN traffic dumped onto it?

• 

  Install permissions
  • Joel

  8
  8
  Posts
  55
  Views

  

  Remember that if they can install things without any prompting, it means that malware will install without any prompting either. And that malware will have admin rights, not user rights.

• 

  Helpdesk SLAs
  • Ambarishrh

  20
  20
  Posts
  193
  Views

  

  @kyle said in Helpdesk SLAs:

  @travisdh1 said in Helpdesk SLAs:

  @kyle said in Helpdesk SLAs:

  @scottalanmiller said in Helpdesk SLAs:

  @ambarishrh said in Helpdesk SLAs:

  @scottalanmiller said in Helpdesk SLAs:

  @ambarishrh said in Helpdesk SLAs:

  we are a very small team now, 250+ users 3 techs. Screen connect plays a bigger role here! :)

  Idea is to set an SLA and review this on regular basis, find out the gap and either increase headcount or if no budget for additional headcount, then increase the SLA.

  With the current tech headcount, the SLA that we are thinking are:

  
  *Resolution includes temporary fix or work-around solution.

  New hardware requests usually take 4-6 weeks to deliver from HP (we can keep stock of 5 but the user requests are quite a lot this year and next year as well, but no finance approval to keep more than 5 as of now), so agreed with HR on this timeline.

  An SLA means that there is a punishment to you if you do not meet the requirements. What happens to the IT team if they cannot resolve these issues in the SLA time? How do you determine what is within the scope of what IT can have fixed and not?

  The purpose for this is also to evaluate the existing issues, see if our small team can cater the requirements and based on the results we either get more people or increase the sla. As of now this will be visible only to IT team and based on our analysis we will release to users on a later stage with SLA that we can achieve

  SLAs are not a good tool for that. Just use good reporting for that. SLAs are adversarial, not something you ever want to use internally.

  Yet they are integrated in several helpdesk options.

  Yes, because help desk software is a generic thing that can be used with the public, internally, or a combination of both. Just because a feature is already integrated doesn't mean it's a good option to use. I think of something like an SLA for leased lines like T1/T3.

  I know. I just wish they were more granular in features as there are some hard coded features the are unnecessary and just clutter the classification of tickets. We currently use ManageEngine Service Desk and SLA's are built in and part of the reporting metrics despite the fact we don't use them.

  I generally prefer light, simple helpdesks. Unless you are a huge organization, most of that extra stuff is just wasted and in the way.

• 

  Hyper V replica VS DFS
  • Joel

  17
  17
  Posts
  165
  Views

  J

  @tim_g said in Hyper V replica VS DFS:

  @jimmy9008 said in Hyper V replica VS DFS:

  @tim_g said in Hyper V replica VS DFS:

  @jimmy9008 said in Hyper V replica VS DFS:

  Also remember, replica/DFS is not a backup. This is useful if you are using it for some sort of DR, but its not a backup (just saying in case this was for a backup).

  It can be used as hardware redundancy and to speed up file access in remote locations.

  Yes, it has many uses. But my point was its not a backup. So, wanted to make sure this wasn't in place for a backup.

  Good call! He did mention a secondary offsite server... but never mentioned the reason. Could be for backup?

  My thoughts exactly. Hence saying what I said ;)

  If using replica from A -> B, and if they think its a backup.... just wait for the VM on A to get ransomware... and bad times as yep - B also has the locked files.

  Hyper-V Replica is not a backup. Its a DR type thing. DFS is not a backup, its a file distribution system.

• G

  Veritas NetBackup Enterprise Backup Installation
  • Ghani

  3
  3
  Posts
  69
  Views

  

  @ghani said in Veritas NetBackup Enterprise Backup Installation:

  Dear Team,

  I am a beginner to vertias enterprise backup. I need to know how to the implementation of new Vertias enterprise backup new environments. My customers have one NetBackup Enterprise license , 1TL4000 Tape library with 4LTO7FC drivers. kindly provide your suggestion/support to quick start NetBackup Enterprise backup.

  My point of view,
  a) Need to installing Netbackup Enterprise backup software on RHEL 7.0 OS Server.
  b) Need to installed Netbackup Media Server software on RHEL 7.0 OS server with connected Tape Library.
  c) Need to installed Agents on Veritas backup clients.

  Above step process is correct or wrong ? kindly provide your support.

  Thanks
  Ghani

  Sounds like the correct process. It's been quite a while since I did a greenfield NetBackup deployment and a lot may have changed. It was Solaris when I last did it, but I used to work for Veritas doing this in the field.

• 

  Yealink T4XG phones will not talk to FreePBX 14 over HTTPS
  yealink yealink t46g freepbx 14 • • JaredBusch

  29
  29
  Posts
  389
  Views

  

  So, my T46G at my house will provision over https to FreePBX 14.

• 

  Distro Selection for OSSEC
  ossec logging • • NetworkNerd

  13
  13
  Posts
  296
  Views

  

  After hearing the session on open source security tools at Spiceworld, I am going to give Wazuh a shot and do a POC of it vs. OSSEC. From what I have read, Wazuh is essentially OSSEC on steroids.

• 

  Install Telegram Desktop on Fedora 26 Cinnamon
  telegram fedora fedora 26 cinnamon • • JaredBusch

  14
  14
  Posts
  552
  Views

  

  @dashrender said in Install Telegram Desktop on Fedora 26 Cinnamon:

  @tim_g said in Install Telegram Desktop on Fedora 26 Cinnamon:

  It looks like Telegram is better and more secure all-around vs Viber.

  But, the only thing stopping me from asking my to switch over, for example, is the lack of one key feature:

  Two-way video chat

  I'm not sure if the lack of free SMS in Telegram would be bad, but it would need the two-way video chat to replace Viber.

  Curious - who are you video chatting with?

  It's mostly my wife and daughter with her family/friends in Sweden.

• 

  IT Quotes I Like
  • scottalanmiller

  68
  68
  Posts
  10199
  Views

  

  This is one I hate more than anything:

  "That's not how we do it, because we've always done it this (other) way"

  Okay while why? What issues have happened, what reasoning is there?

• 

  ombutel.com
  ombutel • • StuartJordan

  18
  18
  Posts
  301
  Views

  

  @rcuadra will you be incorporating different templates for various phone manufacturers like snom? I did not see these when I tried the pbx

• 

  Software and Hardware Raid
  • jmoore

  44
  44
  Posts
  276
  Views

  

  @jmoore said in Software and Hardware Raid:

  For myself there is value in me running a good Raid system at home. Who couldn't use a little better performance and reliability? I will do Raid 10. The most important thing to me is the learning experience and I like knowing best practices if at all possible. However, there are still things to consider. Remember everything I do at home is to help me learn something else in case I ever need it and I just l lots of vm's in a Raid 10 system?

  That's actually great for learning at home. Nothing is handed to you on a silver platter ready to go. That said, getting KVM and software RAID running is straight forward (notice I didn't say easy.)

• F

  Any reason to avoid /16 in 2017?
  • Francesco Provino

  23
  23
  Posts
  335
  Views

  

  @kyle said in Any reason to avoid /16 in 2017?:

  @scottalanmiller said in Any reason to avoid /16 in 2017?:

  @kyle said in Any reason to avoid /16 in 2017?:

  The employer I just went to work for was convinced to go from a /24 to a /16 because they were told this was necessary to fix the issues with the VLAN's. The turn up of this was on my 3rd day on the job so I had no idea when I signed on as to why they were making the change. The company has 14 locations on an MPLS but the IP addressing schema is all over the board.

  LMAO.

  I'm telling you. The "MSP" is like dealing with psychopathic monkey with alzheimer's.

  lol damn.

• D

  any help desk software suggestions?
  • dave247

  11
  11
  Posts
  187
  Views

  

  @dave247 said in any help desk software suggestions?:

  Does anyone have any suggestions for a simple-to-use company Intranet? The one we have right now again is passageways which totally sucks and really all we use it for is posting bulletins and adding links. I suppose it'd be nice if it could be integrated with the helpdesk tool...

  That's a loaded question, mostly because an Intranet is a different thing to every company. Sharepoint is the most common tool. Alfresco is common. But often just a wiki or a web page is fine. All depends on what you want for your Intranet.

• 

  Preferred WAF for your website
  • NashBrydges

  6
  6
  Posts
  187
  Views

  

  Cloudflare here. I recently enabled DNSSEC. Super easy.

• 

  Forcing Group Policy
  • Joel

  15
  15
  Posts
  310
  Views

  

  @wrx7m said in Forcing Group Policy:

  In the future you can also use this command (run as admin) on the affected system to view which GPOs are being applied.

  gpresult /h c:\gp.html /f

  Once it creates the file, open it and show all content and do a ctrl + f for the GPO name or even the setting specific to the issue to see if it says it is being applied or blocked. You can use this to troubleshoot link order or permissions issues or even if it is showing at all (maybe you have a wmi filter or link disabled)

  Group Policy Results in Group Policy Managment Console can provide the same results too.

• 

  HyperV Partitioning
  • Joel

  25
  25
  Posts
  335
  Views

  

  @storageninja said in HyperV Partitioning:

  My point is that things in the IO path go through that VM. They didn't want to write a full IO driver stack for Hyper-V so they have the VM for that. Compute/Memory doesn't go through it (that I know of), but network and disk IO do. (Otherwise Perfmon wouldn't work as a monitoring solution on the host).

  I think you have some misconceptions or misunderstandings regarding the Hyper-V architecture and components... or Hyper-V stack...

  This is not true at all, as it actually depends on the OS running in a VM.

  Operating systems that already have the integration components baked into their kernel (Enlightened VMs) use their own Hypercalls to communicate directly to the hypervisor, then to the physical hardware.

  Only for non-supporeted (older) operating systems, does the "parent partition" intercept the VM communication, emulating Hypercalls. In this case, there are performance degradations as the management OS needs to work as a bridge to allow the VM to access the hardware.

  To note, this is why it's important for VMs to be running with the latest IC version.

• H

  Infected Windows Laptop
  • harshmehta

  10
  10
  Posts
  142
  Views

  

  The safest plan is like @marcinozga suggested- Nuke it.