IT Discussion

• 

  I'll Show You Mine If You Show Me Yours, Home Labs
  home lab lab show and tell • • scottalanmiller  

  134
  2
  Votes
  134
  Posts
  11790
  Views

  P

  @AdamF said in I'll Show You Mine If You Show Me Yours, Home Labs: @black3dynamite said in I'll Show You Mine If You Show Me Yours, Home Labs: @AdamF said in I'll Show You Mine If You Show Me Yours, Home Labs: So I decided to upgrade. :). Weekend project while I’m sick. Vms created, moving all data now. This is MUCH quieter than the r710. I have an R710 and its pretty quiet. That's what I thought too. but the R630 is even quieter! now I just have to upgrade my network switch to a fanless one, and I'll be all set. We already have lots of colo servers at work for testing where I can run whatever I want but having some stuff on the home LAN is nice. So I'm thinking about building something around this supermicro chassis for SOHO use: It's roughly 10" in all dimensions. It has 4x3.5" hotswap (SAS/SATA) and two internal 2.5". Takes micro-itx sized motherboards of which Supermicro has a couple of serverboards that fits. Can't go crazy because there are thermal restrictions but that wasn't the intention either. More along the lines of a small Xeon CPU and maybe 64GB RAM or so and a couple of drives.
• P

  Virtual appliances?
  vmware hyper-v kvm xen ova virtual appliance • • Pete.S  

  27
  1
  Votes
  27
  Posts
  154
  Views

  

  @stacksofplates said in Virtual appliances?: @travisdh1 said in Virtual appliances?: @stacksofplates What the what? Install Fedora sudo dnf install -y kubernetes `systemctl enable --now podman1 That's all it takes. Yeah I see you haven't actually done that. Podman is not Kubernetes. Also when you install Kubernetes you don't get a podman1 service (or any type of podman service). When you install Kubernetes that way you don't get a Kubernetes service. You seemingly have to start the kube-proxy, kube-scheduler, kube-controller-manager, kube-api-server, and the kubelet separately. It installs docker, which is deprecated in k8s now. They have switched to using containerd which is pretty much the standard runtime now. So I'll stick with my original recommendation. Yep, this is why I need to mess with this stuff in my home lab. I can't even talk about it intelligently yet!
• J

  Windows Task Scheduler not running my task. Cron for Windows?
  • JasGot  

  9
  1
  Votes
  9
  Posts
  61
  Views

  J

  @Pete-S said in Windows Task Scheduler not running my task. Cron for Windows?: When you have "interactive" don't you have to be logged in for the task to run? No, the only two options for Mode are "Interactive Only" and "Interactive/Background" the slash mean Or in this case.
• 

  Drive wiping tools
  • AdamF  

  20
  0
  Votes
  20
  Posts
  180
  Views

  

  @pmoncho said in Drive wiping tools: The first few were about 10 years ago, but that fun is done. Now its just a PITA, but with HIPAA and all, I figured better safe than sorry... Check with your shredding company. Many of them will accept drives in the shred truck the comes by. One of my clients does this. The shredding company jsut wants to know when drives are involved prior to arrival so they can make it first stop or last stop, i forget which. Because hot metal and paper = potential fire. I think it is last stop. so they can easily extinguish if needed.
• 

  Migrating SnipeIT to new server
  snipe-it migration • • Ambarishrh  

  5
  0
  Votes
  5
  Posts
  1191
  Views

  

  @farizazmi try following this: https://snipe-it.readme.io/docs/moving-snipe-it
• 

  Comcast Ethernet Dedicated Internet Fiber vs AT&T Dedicated Internet Fiber for Business Internet and PRI phone service
  • mas  

  11
  0
  Votes
  11
  Posts
  147
  Views

  J

  @JaredBusch said in Comcast Ethernet Dedicated Internet Fiber vs AT&T Dedicated Internet Fiber for Business Internet and PRI phone service: Did you just serious ask that of @scottalanmiller ???
• 

  PXE Boot & Software deployment
  package management sccm pxe software deployment pxe boot software management • • gjacobse  

  3
  0
  Votes
  3
  Posts
  37
  Views

  

  @Obsolesce said in PXE Boot & Software deployment: @gjacobse said in PXE Boot & Software deployment: What is your preference on PXE Boot deployment and software deployment? SCCM and Software Center seem to be a joke here. Although it could be the team responsible for managing it. We have a tremendous amount of issues with PXE Boot deployments, not installing the right image and thus nothing is installed or installed right ( Office 365, Adobe, VPN software, etc). If the agent isn’t right you delete from ADUC and SCCM and start over.. We are lucky if Software Center works,... some times. Published software packages break on a regular basis, aren’t available to install due to GPO, and you can’t run it ( that my group has found) in an elevated state for applications the user doesn’t see; not all applications are published to everyone... We use Intune for ~10k devices across a handful of countries and is working great for device and software deployment. I agree with this. Intune is replacing SCCM functionality in the best way possible.
• 

  Trouble with open files/folders on Windows file server?
  • dave247  

  21
  0
  Votes
  21
  Posts
  147
  Views

  

  By any chance are there any DFS shares on this File Servers?
• 

  is freePBX really free or not??
  • IT-ADMIN  

  50
  0
  Votes
  50
  Posts
  14520
  Views

  

  @Nagesh-Naik said in is freePBX really free or not??: @IT-ADMIN I am also seeing some missing menu what is the solution for it can you suggest me Things change over time. What you think is missing, is most likely something that no longer exists. Other than that, did you register the system with Sangoma?
• 

  inter building fiber cost per foot
  • JaredBusch  

  8
  1
  Votes
  8
  Posts
  73
  Views

  

  @Pete-S said in inter building fiber cost per foot: @JaredBusch said in inter building fiber cost per foot: @Pete-S I just wanted to buy some standard premade. Check the above link. They have premade multimode as well. The quote is for the same stuff. The local supplier they want to use is ~$300 more than FS for the 8 fiber cable.
• 

  Windows Batch: Select Drive
  • gjacobse  

  9
  0
  Votes
  9
  Posts
  124
  Views

  

  I was a little bored, so here you go: ## Example drive letter selection # Only allow X, Y or <enter> do{Write-Host -NoNewline -ForegroundColor Cyan "What drive letter do you prefer as a backup?" $letter = (Read-Host -prompt "(X) or Y?").ToUpper()} while ($letter -notin @('x','y','')) # This sets the default to X, allowing the user to simply press enter if X is OK. if($letter -eq ''){$letter = 'X'} # Now set the drive letter. New-PSDrive –Name $letter –PSProvider FileSystem –Root “\\server\backup” –Persist -ErrorAction SilentlyContinue Basic drive letter set is done, but we can be more complicated: # Do actions based on a user that has an network location from IP. $ipaddr = Get-NetIPAddress|?{$_.SuffixOrigin -eq "Dhcp" -and $_.AddressState -like "*preferred*"}|select -ExpandProperty ipaddress # Set the preferred drive letter. $letter = X If($ipaddr -like '192.168.0.*'){ New-PSDrive –Name $letter –PSProvider FileSystem –Root “\\alpha\backup” –Persist -ErrorAction SilentlyContinue Write-Host -ForegroundColor Green "You're in Alpha!`nBackup drive connected to Alpha site.`nHave a sumptuous day!" } # if you have more networks, insert here with more if statements. Else{ New-PSDrive –Name $letter –PSProvider FileSystem –Root “\\bravo\backup” –Persist -ErrorAction SilentlyContinue Write-Host -ForegroundColor Green "You're in Bravo!`nBackup drive connected to Bravo site.`nHave a sumptuous day!" }
• 

  Fail2Ban: Failed to access sock path
  • gjacobse  

  22
  0
  Votes
  22
  Posts
  167
  Views

  

  @JaredBusch said in Fail2Ban: Failed to access sock path: @gjacobse said in Fail2Ban: Failed to access sock path: Since that is a screen shot, it appears that some parts of the code is cut off. You are not listening. I said previously posted. Thus, you need to look before that. There in the actual .local file I did post, you will see an action listed. In the settings of said action is one of those options. I posted that screenshot of with the intentional size because it contains the comment regarding what each does as well as the format. Actually, I was and am listening. When I you are working from a 6.5” diagonal screen as I have been, you likely miss a bit of information. That said - not that it likely makes any difference. # fail2ban-client status sshd Status for the jail: sshd |- Filter | |- Currently failed: 24 | |- Total failed: 92 | `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd `- Actions |- Currently banned: 2 |- Total banned: 2 `- Banned IP list: (IPs)
• 

  EdgeRouter - openVPN restart
  • gjacobse  

  21
  0
  Votes
  21
  Posts
  6609
  Views

  H

  This shit still doesn't work properly through the EdgeOS-provided /etc/init.d/openvpn script. If you do /etc/init.d/openvpn status or systemctl status openvpn you get a green-light active (exited) but this is deceiving because it's a one-shot service and not a proper systemd daemon. systemctl edit --full shows the following piece of crap "service": [Unit] Description=OpenVPN service After=network.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/true ExecReload=/bin/true WorkingDirectory=/etc/openvpn [Install] WantedBy=multi-user.target /bin/true? Are you fucking kidding me, Ubiquiti? I pay thousands of €s for your shit and you still manage to be so bad at Linuxing. At least don't pretend you have a service or properly document your shit, ubnt. https://community.ui.com/questions/Restarting-OpenVPN/2e5c4e8b-ab61-49f1-a25b-e5aa23130d48 suggests that reset openvpn interface works but… it didn't. You can try it before you try the following. What helped me was to change settings so the config got regenerated. For example you could set or delete the following option: interfaces openvpn vtun0 openvpn-option "--cipher AES-256-CBC" then commit and see with sudo ss -lpn | grep :1194 that the thing's started. If OpenVPN is running or doesn't restart, you can killall openvpn a few times with forced Enter (hit the Enter key very hard, it's important) before you change the settings. Just wanted to mention this to anyone finding this thread through "openvpn restart edgerouter doesn't work" in google or similar. I hope I sweared enough for my first fucking post in this damn nice forum
• 

  Caddy vs. Nginx
  • NashBrydges  

  29
  0
  Votes
  29
  Posts
  3490
  Views

  

  @IRJ said in Caddy vs. Nginx: @JaredBusch said in Caddy vs. Nginx: You have to compile yourself if you want to use commercially. This is not something I will ever want to use because of that. Yeah that's kinda lame, but not a deal breaker. Nginx has to be compiled for more advanced use cases like WAF or certain HAProxy features. It's a bit of a bitch, but once you script it. It isn't too bad to do upgrades going forward. that doesn't seem to be a limitation anymore. I didn't see it on their documentation. Also I didn't realize Arden Labs made this. That's pretty cool.
• 

  Fedora History: missing commands entered
  • gjacobse  

  19
  0
  Votes
  19
  Posts
  75
  Views

  

  @scottalanmiller said in Fedora History: missing commands entered: @JaredBusch said in Fedora History: missing commands entered: @scottalanmiller said in Fedora History: missing commands entered: But I know what you mean and I've seen it before. But I'm trying to reproduce it now and can't. Same. I just tried also. Annoying as hell when I know I have seen it. No kidding, I know I've seen it too. I know I've seen that happen before as well, so make that 3. I just don't have time to look at the moment.
• L

  Recoverable Item Quota
  • Laksh1999  

  7
  0
  Votes
  7
  Posts
  71
  Views

  

  @dbeato said in Recoverable Item Quota: @Laksh1999 said in Recoverable Item Quota: gation hold.I have not tried to purge the dumpster.The recoverable Items quota is not getting decreased.The same size is available now This might help you https://docs.microsoft.com/en-us/microsoft-365/compliance/set-up-an-archive-and-deletion-policy-for-mailboxes?view=o365-worldwide#optional-step-5-run-the-managed-folder-assistant-to-apply-the-new-settings +1 to Start-ManagedFolderAssistant. OP will need to configure a retention policy or Set-Mailbox -Identity foo -RecoverableItemsQuota some_valid_value if they want something that's not default applied. One gotcha to consider (which has got me in the past) is that if the mailbox (on-premises) is using the quota defaults for its database, the RecoverableItemsQuota parameter will be ignored.
• J

  Who do you use for content delivery? (If that is even the right phrase)
  • JasGot  

  43
  0
  Votes
  43
  Posts
  268
  Views

  

  @JasGot said in Who do you use for content delivery? (If that is even the right phrase): @Obsolesce said in Who do you use for content delivery? (If that is even the right phrase): But still, the cost of 1TB of storage in B2 is 10x the cost of Wasabi. I just looked; 1TB at B2 is $5/mo and 1TB at Wasabi is $5.99/mo Oh wow, you're right, it stayed at 12 months when I looked at the calculator, I thought I chanded it to 1 month.
• 

  How to: Export the content of an OST file for forensics
  linux open source how to ost convert outlook data file ost conversion • • DustinB3403  

  1
  5
  Votes
  1
  Posts
  76
  Views

  No one has replied

• 

  Influxdb 2 - SSL
  • hobbit666  

  7
  0
  Votes
  7
  Posts
  102
  Views

  

  So been looking into this a bit more and influx have changed the way they handle stuff. From the documents. looks like you can do a .yaml file https://docs.influxdata.com/influxdb/v2.0/reference/config-options/ But they also mention creating a config file https://docs.influxdata.com/influxdb/v2.0/reference/cli/influx/config/create/ So i'm a bit confused how to get these working as i've tried both and when i restart the service "systemctl restart influxdb" i can get onto the UI with http:// but not https://
• F

  Vertically wall mounting Dell R640 Chassis
  • frodooftheshire  

  42
  0
  Votes
  42
  Posts
  210
  Views

  F

  I appreciate everyone's help!
• P

  Employee portal?
  • Pete.S  

  5
  1
  Votes
  5
  Posts
  111
  Views

  M

  https://github.com/bastienwirtz/homer https://github.com/linuxserver/Heimdall - this one doesn't have a way to add news feed , still great, it's being rewritten to nodejs https://github.com/rmountjoy92/DashMachine https://github.com/jeroenpardon/sui
• 

  Topics of Systems Administration
  system administration • • scottalanmiller  

  129
  1
  Votes
  129
  Posts
  408
  Views

  

  @hobbit666 said in Topics of Systems Administration: e.g. I'm down as being Infrastructure/Network Manager. But in peoples views where do my duties start and end? (But maybe this is for another topic) Well the first question is, why is "network" mentioned, given that that's a subset of infrastructure? That's like saying you are a vehicle/car mechanic. Saying you are a network manager, if that's all you are limited to (85% of the time at least) is one thing (I doubt this can be true, network anything doesn't exist outside of the enterprise space, even companies with many thousands of people generally don't need even a single dedicated network focused role), makes sense. And if you cover everything in the infrastructure space, but don't cover things like helpdesk, databases, applications, etc., then infrastructure makes sense (that would include systems, networks, platforms, etc.). But stating both doesn't. Either you are focused enough to say network and infrastructure doesn't apply. Or you are broader and should say infrastructure, and network doesn't apply. But then "manager" becomes a question. Admins run things, managers manage people. The terms are used very loosely outside of IT, but inside of IT they generally aren't. You admin hardware/software, you manage people and vendors/businesses. The title "IT Manager" is generally considered to be (and this holds up very universally when you talk to people) someone focused on managing people under them and/or vendors. But an IT Admin, would not be assumed to manage people or maybe not even use vendors, and just administer everything that falls under IT.
• 

  Port scanning tools
  • AdamF  

  13
  0
  Votes
  13
  Posts
  135
  Views

  

  @hobbit666 said in Port scanning tools: @travisdh1 said in Port scanning tools: That's really just nmap. Nothing wrong with using it, it is the official GUI frontend for nmap. Yeah but saves me learning nmap commands That too. I use nmap a lot from the command line, but I'm normally running a standard scan (no options, just nmap xxx.xxx.xxx.xxx) or looking for a specific port nmap -p 443 xxx.xxx.xxx.xxx covers 90% of what I use it for.
• M

  What would be a typical Network Admin Best Practice Cheatsheet...Anyone?
  • MrWright4hire  

  14
  1
  Votes
  14
  Posts
  195
  Views

  

  @MrWright4hire said in What would be a typical Network Admin Best Practice Cheatsheet...Anyone?: @MrWright4hire Thank you all for your feedback on Zabbix monitoring software. However, I'm looking for an actually daily checklist that one may have developed or came across to do daily checks for Network Admins. Do anyone know or have such a checklist? I do not. I find most positions like this (DBA, Net Admin, Systems, etc.) have very few, if any, universal tasks.
• 

  Linux: GeoIP Blocking
  linux geoip ip blocking geoip blocking • • gjacobse  

  19
  0
  Votes
  19
  Posts
  166
  Views

  M

  I use it in pfsense router. It works against script kiddies, bots/botnets, at least partially. It's just another layer of security. And like it was mentioned before, it reduces log noise, with almost no effort.
• F

  FIPS encryption (non domain laptops)
  • frodooftheshire  

  7
  0
  Votes
  7
  Posts
  180
  Views

  

  @IRJ said in FIPS encryption (non domain laptops): @frodooftheshire said in FIPS encryption (non domain laptops): @IRJ Wow. So I'm guessing I would need to wipe these machines and put on Windows 10 Enterprise 1809 to go a. get compatibility and b. make sure these devices continue to get security updates? But when I check 1809 EOL is May 11 2021??? I may just have this client work directly with a third party to manage all this as I don't imagine this will come up again, and I'm not sure it's worth the time investment to really get a grasp on everything and what's involved. Yeah it looks like it. I've not dealt with FIPs 140-2 on Windows before, only Linux. This document is from May 2020 and shows 1809 still as the latest FIPs 140-2 certification. https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf Before you get into a rabbit hole here, what's your actual requirement? This is the correct approach. What's the requirement? It takes a good amount of time and money to certify the OS so that's why the FIPS certified releases are behind. I'm not sure on Windows but with RHEL/CentOS you can enable FIPS mode on any release, it's just not "certified".
• 

  P2V: Fedora 33 desktop to KVM vm
  kvm desktop vm p2v fedora 33 • • FATeknollogee  

  10
  1
  Votes
  10
  Posts
  160
  Views

  

  Reporting back: The only tool that I had success with was https://relax-and-recover.org/ F33 desktop is now p2v'd.
• P

  Zoho Assist problem
  zoho assist • • Pete.S  

  12
  0
  Votes
  12
  Posts
  170
  Views

  

  For RHEL, CentOS, and Fedora that have Wayland enabled and is set to Wayland session by default when logging in. You would have to log out and then select GNOME on Xorg before you log in so you can remote desktop into them using remote tools like MeshCentral or TeamViewer. Lately I've been disabling Wayland and selecting Xorg as the default GNOME session for that reason.
• 

  Adding 8GB of RAM to the Acer Aspire 7 A715-41G-R7X4
  acer • • scottalanmiller  

  8
  2
  Votes
  8
  Posts
  1103
  Views

  

  @Dashrender said in Adding 8GB of RAM to the Acer Aspire 7 A715-41G-R7X4: @hobbit666 said in Adding 8GB of RAM to the Acer Aspire 7 A715-41G-R7X4: Personally i always like to match RAM - Size Make Speed etc. For the average person - hell, the average IT person too, does it even matter? It's not like you're likely running a gaming rig you're trying to squeeze every last ounce of power from. I know Scott is doing video editing - perhaps on this device.. so it might matter to him, a 1% performance increase could be several saved mins on a video... More than anything, matched sticks means the least potential for problems. THe price on matching was within about $1 of anything else and anything faster would be wasted.
• 

  Help Understanding LAN test Speed Results
  networking • • Fredtx  

  12
  0
  Votes
  12
  Posts
  177
  Views

  

  @Fredtx said in Help Understanding LAN test Speed Results: I ran a LAN Test speed using from a client to a server, which are both in the same LAN as it's a small dental office network. The results are showing 67.88Mbps (Writing/Upload) and 405.51Mbps (Reading/download). I don't know what their physical infrastructure is as I work remote, but I'm sure it's 1Gbps Ethernet. If that's the case, does this test result indicate there's an issue, with the huge difference between upload and download, all in the local LAN? That the test is labeled writing / reading.... then yes, you're expected to be testing a lot more than the network and a big difference would be expected.