@FATeknollogee to answer your original question, I host mine on site or in colo so far, simply because the capacity already exists for any client that is using it.

If I need to recommend it to a client without infrastructure, Vultr storage node will be the first suggestion for most deployment sizes as Scott mentioned.

I bet Ansible or Salt have options for it too.

@jrc said in Linux Permission Assignments:

To me a group is a collection of a certain type of user and is then used to streamline permissions to certain resources. EG Instead of giving read permission to Cathy, Joan and Frank, you can just create a group with them in it, and give that group read permission thereby simplifying your job.

I cannot for the life of me think why you would want a single user group with the same name as the user in it. Are there permissions that can only be assigned to a group rather than directly to the user?

What am I missing here?

Setgid creates group specific permissions for files in the directory with setgid turned on.

Having a group id also lets you do things like have root own a file and be able to modify it but let apache and only apache read it.

Edit: I see Romo beat me to it with the links. I didn't read them until just now.

Thank you for your feedback on 5nine Manager, guys.
Our goal is to provide an intuitive yet powerful product for complete centralized Hyper-V management experience.
It is now de-facto standard for managing environments with up to 20 Hyper-V host.

Now we are going even further, and prepared a great product, that can help you scale, segregate user management roles with RBAC, automation support and even more. Enjoy!

Beta program for 5nine Manager Datacenter is now open to public:
http://try.5nine.com/beta-5nine-managerdatacenteredition/

@scottalanmiller said in Nethserver for FTPS/SFTP:

@alefattorini said in Nethserver for FTPS/SFTP:

It should work flawlessly, do you have any issue?

I guess a big question is, with Nethserver is.. does it "just work" or is there a setting that needs to be selected? Not sure if this is the default behaviour or not.

Mostly this. I haven't done anything with it yet and before I invest the time, I'd like to know if it possible and/or how difficult it is, especially since a co-worker claims that it did not and he went with IIS to get the same task done (and then he sat there cursing the whole day because he doesn't like Microsoft products).

@jimk said in What's Even Cooler Than Cloud Computing? Space Computing:

This is big news. Some will find it very good and cool, while others will be seriously freaked out by it. I'm curious to see what the actual payload will be for $2M per launch.

Combine this with SpaceX new ISP in space, our entire Internet might be floating above us soon!

@Joel said in Hosted Data Solution:

The downside to Dropbox and similar solutions is that we'd need to download & sync their 200GB to each computer including 1 external user.

That size puts them at a pretty small Vultr tier, too.

@Mike-Davis said in "You don't just restore a server":

I would poke around it long enough to figure out if the server had been logged in to, or if a user's computer encrypted all the files. You don't want it coming right back. Like others said, figure out how it got infected and then restore back before the infection.

If you want to do that, in 95% of cases, take a fresh backup, isolate it and do that offline in a forensics lab after you deal with getting production back. Just leaving it alive could result in more data leaving the environment.

@NerdyDad said in Proposed Session: SELinux Deep Dive:

I'm resurrecting this topic for suggestion to discussion for the DFW Mango Meetup.

Oh nice.

@momurda said in Restoring SBS after cryptoware infection:

Wasnt there an SBS version where the only way to join a doimain was using IE on a client?

With SBS, you can do things the "normal" way, but if you use their tools like the dashboard, it does some extra stuff in the background. For example, if you run the web based join program, it sets your DNS statically so that the server is the first DNS server. This is useful if your router is doing DHCP and you can't turn it off. It helps someone that is not a full time admin take care of the basics.

@JaredBusch said in OpenSSL CSR with Subject Alternative Name:

@EddieJennings said in OpenSSL CSR with Subject Alternative Name:

@JaredBusch Correct. The "ye olde way" is how I've typically made a CSR and private key. The link I included talks about making a configuration file, which allows you to include SAN in your CSR.

Ah, did not read the link. Yes, using a config file is the only method to get any SAN on a cert with OpenSSL.

And after re-reading my post, I realized how terrible it was :(. I was hoping to find a one liner kind of thing, but alas. That particular article made it clear how to do it.

By this article, some of the unindexed files could be file attachments...

https://support.office.com/en-us/article/Unindexed-items-in-Content-Search-in-Office-365-d1691de4-ca0d-446f-a0d0-373a4fc8487b?wt.mc_id=o365_portal_mmaven&ui=en-US&rs=en-US&ad=US

@wirestyle22 said in Renaming all user profiles to *.old:

@Reid-Cooper said in Renaming all user profiles to *.old:

You could... accidentally run a script that would make you required to rebuild everything.

Nah, it's not my job to force them to make the right decisions. Not even my friend

Well then, do whatever bills the most.

@KOOLER said in StarWind Virtual Tape License Error:

OK, there are good news and bad news.

Bad news: VTL is NOT included in the free version.

Good news: we'll add some LIMITED availability of it soon, just didn't;t decide on a restriction set.

Excellent news: I can give away to Tim_G an unlimited VTL license free of charge "just because" 🙂 So he's welcomed to drop me a line to

anton AT starwind DOT com

...and I'll engage him with the responsible persons here to move on.

P.S. Just a link to VTL thing:

StarWind Virtual Tape Library (VTL)

https://www.starwindsoftware.com/virtual-tape-library-feature

Sounds great, email sent!

This should get my project testing going once the license is ready.

@scottalanmiller said in Migrating Logs:

Really, log shipping with local storage is a thing of the past as well. Not what you are looking for with your use case, but long ago people did this. Today if you want to store logs beyond what fits on the local system you look at remote log servers like syslog, rsyslog, Kiwi, Graylog, ELK, loggly, Splunk and so forth. They have more useful platforms for dealing with centralized logs, archiving and backups.

Then we get into why you would use each. What product benefits what situation 😄

Easy way to identify LAN dependencies... consider opening a branch office. Do you feel that you need a VPN for a service? Guess what, that's a LAN dependency 🙂

@jrc said in Let's play name that computer:

@Tim_G

The machines you see in the picture are mostly 286 and 386 machines, so 1987 - 1991 or so. That said, 5.25' drives were still used in computers well into the early 90s.

Yes, I'm guessing VERY late 80s or early 90s from the looks of it. Not that that means much, but the style and materials feel like that era.

@jrc said in A Small Orange - bandwidth limit exceded:

Anyone mention web crawlers on here? Indexing servers (like Google) will hit a website over and over again looking for changes to catalog and add to their index.

Try adding a robots.txt to the root (http://www.robotstxt.org/robotstxt.html(

They should not create traffic anything like that.

Thanks Scott for the nod. The Gartner peer reviews is a tough and well moderated reviews site which asks companies on each service how they perform in different areas. https://www.gartner.com/reviews/market/secure-email-gateways .
I'd recommend picking a couple of services and contacting them for a trial. As you already have your list of requirements it shouldn't take long to narrow down who is relevant to you.

I have an RHCSA. I did the fast track class the week before. It was helpful for the test. I don't think it's a worthless test, but if you do manage RHEL systems all the time, it's fairly basic. You are expected to know basics with Bash like piping, redirection, regex, etc. I did find out about systemd-tmpfiles utility, which I didn't know existed.

Here's the objectives:

RHCSA exam candidates should be able to accomplish the tasks below without assistance. These have been grouped into several categories.

Understand and use essential tools
Access a shell prompt and issue commands with correct syntax
Use input-output redirection (>, >>, |, 2>, etc.)
Use grep and regular expressions to analyze text
Access remote systems using ssh
Log in and switch users in multiuser targets
Archive, compress, unpack, and uncompress files using tar, star, gzip, and bzip2
Create and edit text files
Create, delete, copy, and move files and directories
Create hard and soft links
List, set, and change standard ugo/rwx permissions
Locate, read, and use system documentation including man, info, and files in /usr/share/doc
Note: Red Hat may use applications during the exam that are not included in Red Hat Enterprise Linux for the purpose of evaluating candidate's abilities to meet this objective.

Operate running systems
Boot, reboot, and shut down a system normally
Boot systems into different targets manually
Interrupt the boot process in order to gain access to a system
Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes
Locate and interpret system log files and journals
Access a virtual machine's console
Start and stop virtual machines
Start, stop, and check the status of network services
Securely transfer files between systems
Configure local storage
List, create, delete partitions on MBR and GPT disks
Create and remove physical volumes, assign physical volumes to volume groups, and create and delete logical volumes
Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label
Add new partitions and logical volumes, and swap to a system non-destructively
Create and configure file systems
Create, mount, unmount, and use vfat, ext4, and xfs file systems
Mount and unmount CIFS and NFS network file systems
Extend existing logical volumes
Create and configure set-GID directories for collaboration
Create and manage Access Control Lists (ACLs)
Diagnose and correct file permission problems
Deploy, configure, and maintain systems
Configure networking and hostname resolution statically or dynamically
Schedule tasks using at and cron
Start and stop services and configure services to start automatically at boot
Configure systems to boot into a specific target automatically
Install Red Hat Enterprise Linux automatically using Kickstart
Configure a physical machine to host virtual guests
Install Red Hat Enterprise Linux systems as virtual guests
Configure systems to launch virtual machines at boot
Configure network services to start automatically at boot
Configure a system to use time services
Install and update software packages from Red Hat Network, a remote repository, or from the local file system
Update the kernel package appropriately to ensure a bootable system
Modify the system bootloader
Manage users and groups
Create, delete, and modify local user accounts
Change passwords and adjust password aging for local user accounts
Create, delete, and modify local groups and group memberships
Configure a system to use an existing authentication service for user and group information
Manage security
Configure firewall settings using firewall-config, firewall-cmd, or iptables
Configure key-based authentication for SSH
Set enforcing and permissive modes for SELinux
List and identify SELinux file and process context
Restore default file contexts
Use boolean settings to modify system SELinux settings
Diagnose and address routine SELinux policy violations
Red Hat reserves the right to add, modify, and remove objectives. Such changes will be made public in advance through revisions to this document.