Obviously the paths would change based on where they actually live and since I want this to live outside of an individual user, pointing to the user paths would make no sense in a production case.

Also on WSL, if you go into /mnt you can get a list of all of the disks that are mounted on your Workstation/Server.
In the case of my workstation I only have the 1 disk, so only c is listed. Severs would likely have other drives.

Just installed on CentOS 7.6 with XFS. Still flawless install.

@wirestyle22 said in Wazuh Manager Install - Ubuntu:

A few things:

The manager label is wrong. It says manger instead of manager.

@IRJ said in Wazuh Manager Install - Ubuntu:

Install Filebeat

There are two entries for "Install Filebeat"

I tried to install Filebeat going command by command and it can't find it.

Thanks I fixed the guide.

What you need to do is this:

#*********************************************************** #Install GPG keys and add repository #*********************************************************** curl -s https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-6.x.list #*********************************************************** # APT Update #*********************************************************** sudo apt update #*********************************************************** #Install Filebeat #*********************************************************** sudo apt install -y filebeat=6.7.1 #*********************************************************** #Download Filebeat config file to forward logs #*********************************************************** sudo curl -so /etc/filebeat/filebeat.yml https://raw.githubusercontent.com/wazuh/wazuh/3.8/extensions/filebeat/filebeat.yml #*********************************************************** #Edit Filebeat config file to point to Elastic Server IP (In this lab environment I am using 127.0.0.1) #*********************************************************** sed -i 's/YOUR_ELASTIC_SERVER_IP/192.168.122.181/' /etc/filebeat/filebeat.yml #*********************************************************** #Start Filebeat service and configure it to automatically start at boot #*********************************************************** sudo systemctl daemon-reload sudo systemctl enable filebeat.service sudo systemctl start filebeat.service

make sure to change 192.168.122.181 with your ip or localhost if you are using a single server for wazuh and ELK

@dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious):

@JaredBusch said in ScreenConnect/Connectwise control client exe (marked as malicious):

@dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious):

@scottalanmiller said in ScreenConnect/Connectwise control client exe (marked as malicious):

@dbeato no, just an online file by file virus scanner?

No, (although it should be for another thread) it gives you information about the file, file hash. or URL in question. Example below is the Itarian Remote Control application Executable:
2019-04-23_0039.png

It compares the has of the file to multiple AV and Technology companies to see if the hash has been flagged as malicious or not or if it is questionable.

How is that useful? The executable is rebuilt on every install for every group that it auto links to. that makes a hash useless.

That might be true for ConnectWise but not all Executables create a new hash everytime.

And in those unrelated cases, lots of things flagging the would be more meaningful.

@Francesco-Provino said in virt-manager for Windows:

@scottalanmiller you don’t want a GUI on the virtualization host, ever. Just spin a VM with virt-manager and launch it on your local machine with xming or one of the other solutions in the other comments.

Right, bypassing Windows can be an option, but it's a crappy one. But I got it working directly on Windows, so no need for a heavy VM for one app.

I think the perfect project management tool would be a combination of these.

Calendar is easiest as it just has to do what calendars do, and sync up to Google calendar and Zoho or any others for convenience.

Project management would let me separate things by client and their projects, and ultimately into todos.

Todos would not just have a "due date", but rather have a type of due "range". Or even separate dates for "get started" and "due". If I set a get started date 10 days before due date, the app would give me a working range.
If todos had time estimates, and ultimately the project had a time estimate, that would also help align starting and due dates, which would all be represented on the calendar.

Finally I could do time tracking but not in the usual sense. I might find it useful to track time on each todo, or on the project as a whole. But I actually track time by day. So each day of work I'm logging the tasks I do and taking notes on that.
At 9am to 10:30am I'm working on client X across two projects A and B.
Then from 10:45am to 12:00pm I worked on client Z on project C.

What this looks like is basically a chronological log. Like this:
Client Acme (a OneNote file)
-- Project X (A particular page)
4/19/2019 - (2:00) - (BILLED)
... notes ....
4/21/2019 - (1:30) - (BILLED)
... notes ...
4/22/2019 - (3:00) - (UNBILLED)
... notes ...

Within the concept of a daily log, I could work on any number of tasks or todos, doesn't really matter, as long as I have the total time spent and tracked in the daily log notes.

Then when I go to invoice Acme (every two weeks), I can add up the time on all their projects dating back to the last time entry that was billed.

I know todo apps or project management apps often have time tracking, but I feel like this is not a smooth experience, and the data is scattered around. I track time with a separate app Toggl which has a list of clients and projects to track against. This makes all my time entries feel together and easy to see at a glance. I can start a new timer in a few seconds and bounce between clients and projects and end up with 15 different entries through the day and easy to see them all. I don't find that simplicity within project management apps.

My ideal project management app would find a way to have that simplicity in its time tracking.

And the app doesn't need to try and become my billing tool, I have professional tools for billing. I don't know why every tool today wants to be your invoicing app too, it's annoying!

@JaredBusch Correct, I did not state that. However, my OP shows the version as 4.2. So, the issue is that I can't install the latest version available on Fedora. I will update the OP.

@Obsolesce said in Dar (Disk ARchive):

Looks pretty standard at a glance. How's it differ over other disk archiving backup tools?

I still prefer restic, but I could use this as an alternative to tar.

@pmoncho said in Get Windows Version from Command Line:

No doubt. Currently working on getting Server 2019 DC, DHCP, and RDS working in a lab. A few challenges so far. Was going to try using PS to do many tasks I normally do in GUI (force myself to learn as I go) but decided to put it on the back burner due to frustration. I will get there with PS but it has to wait.

Unfortunately, no matter how much we want to complain about PS and how Windows has no production-level roadmap at this point and is getting worse by the day, if you are going to run Windows today, PS is how it is done. Issues with PS have only one valid purpose to discuss - to use to explain to management why Windows shouldn't be getting deployed in production workloads, or why risks with it need to be accepted. It's like the licensing issues with Windows, these things all add up to cost and risk and risk is really just cost. It's part of the "decision numbers." Beyond that, it is what it is. If the business actually knows how costly it is and still chooses it, then PS is how you manage it.

If you deploy and start without using PS, it'll be that much harder to switch later. I know the learning curve is absurd and the whole thing is so much harder than it has any purpose being, but I would bite the bullet if at all possible and learn it now. It'll just be harder later.

@DustinB3403 said in Comparing PowerShell to Linux User Manipulation:

@scottalanmiller said in Comparing PowerShell to Linux User Manipulation:

@flaxking said in Comparing PowerShell to Linux User Manipulation:

It interesting to think about, one complaint about Linux is that it has fragmented off into tons of different distributions, however it's has managed to keep a lot of the tools standardized across them all.

That's very true. It's even moreso than that. Many of those tools remains standard across not just operations systems, but OS familys, too. AIX, Solaris, BSD, Linux... all those families tend to share a lot of tooling.

OSX even has kept mostly uniform with the command set from UNIX. It's surprisingly nice. I'm appreciating OSX more because things are easier to repeat over and over and to do things remotely.

Yeah, even with how rough many things are in OSX, their shell and command sets are definitely one place where even Apple is keeping ahead of MS.

@360col said in Office 365 Phone System Deployment:

MY experience so far. I have managed to get the phone (with S4B firmware) logged in using the web sign in with pin thing. But I had to log in to the handset via IP then initiate the whole process. Not very automated.

Yeah, once you have to do that, a username and password is almost everything that you need to set up SIP normally!

@Obsolesce said in What Happens When Microsoft Doesn't Issue Licenses:

@scottalanmiller said in What Happens When Microsoft Doesn't Issue Licenses:

So the reset and query tool that Microsoft provide do not work (they don't claim that they do in 2016, just that they thought that they would.) They report that all is well, and then RDS fails anyway. So there is both the licensing issue, and an issue with a lack of working tooling.

Next time do it properly?

And not use Microsoft? We did everything we were supposed to do, Microsoft messed it up. Short of not using anything that depends on Windows, what's the solution? Right now Insight and Microsoft are still going back and forth blaming each other.

Unfortunately, not using Windows isn't something we control. But without being able to control that, having a reliable product isn't always something IT determines.

@wirestyle22 said in Mitigating Nextcloud Two Factor Authentication Error:

I upgraded Nextcloud and for some reason two-factor authentication activated on my admin account. Since I couldn't access my admin account I needed to find a way via cli to disable two factor authentication, but because it wasn't configured there was no folder in /var/www/html/nextcloud/apps for me to rename, etc. Below is the command I found that worked for me.

sudo -u apache php occ config:system:set twofactor_enforced --value=false

Note: You have to run the command as apache, or if you're using Debian www-data.

You also need to be in the right folder

By default on Fedora

cd /var/www/html/nextcloud

Or

sudo -u apache php /var/www/html/nextcloud/occ config:system:set twofactor_enforced --value=false

@dbeato said in Intern Discussion episode 1:

@mary said in Intern Discussion episode 1:

@dbeato That's pretty cool to actually work with that technology. I'm kind of jealous!

I didn't like it though, nothing like breaking a cassette...

And they are so slow. You really don't know slow until you use an audio cassette for data storage. They actually recorded audio and played it back, and it is obviously linear. So image the worst, old floppy ever, now imagine that you couldn't use a table of contents but had to do everything at half speed, and sequentially! What might take three minutes with an old floppy could be 30 minutes with a cassette!

@flaxking said in Why mostly people hire Developers from India?:

Offshoring junior Devs that will end up always being junior Devs is a good way to make your senior developers have to work harder and give them incentive to find a new company.

LOL, and so true.

It depends if you are using an agent or just rsyslog. Rsyslog can do tls and compression but not sure if you can cache until the remote server is back up, you would have to be sending over tcp for it to be able to verify. It can do tcp but I don't know if it has built in mechanisms to cache until the remote returns. The best way to handle it with just rsyslog is to have multiple syslog servers (Graylog) to send to and then they store in their backend (Elasticsearch in the case of Graylog).

@JaredBusch said in Wazuh Agent Install - CentOS:

Why are you disabling agent updates?

Wazuh doesn't understand how to maintain their own repository, so when OSSIM updates their stuff, it breaks Wazuh. It's silly, easily fixable, and I don't have the time to maintain the thing myself.

A simple scheduled task to run a simple PoSh script would be easiest IMO.