@JaredBusch said in Fail2Ban: Failed to access sock path:

@gjacobse said in Fail2Ban: Failed to access sock path:

Since that is a screen shot, it appears that some parts of the code is cut off.

You are not listening. I said previously posted.

Thus, you need to look before that.

There in the actual .local file I did post, you will see an action listed. In the settings of said action is one of those options.

I posted that screenshot of with the intentional size because it contains the comment regarding what each does as well as the format.

Actually, I was and am listening. When I you are working from a 6.5” diagonal screen as I have been, you likely miss a bit of information.

That said - not that it likely makes any difference.

# fail2ban-client status sshd Status for the jail: sshd |- Filter | |- Currently failed: 24 | |- Total failed: 92 | `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd `- Actions |- Currently banned: 2 |- Total banned: 2 `- Banned IP list: (IPs)

This shit still doesn't work properly through the EdgeOS-provided /etc/init.d/openvpn script. If you do /etc/init.d/openvpn status or systemctl status openvpn you get a green-light active (exited) but this is deceiving because it's a one-shot service and not a proper systemd daemon. systemctl edit --full shows the following piece of crap "service":

[Unit] Description=OpenVPN service After=network.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/true ExecReload=/bin/true WorkingDirectory=/etc/openvpn [Install] WantedBy=multi-user.target

/bin/true? Are you fucking kidding me, Ubiquiti? I pay thousands of €s for your shit and you still manage to be so bad at Linuxing. At least don't pretend you have a service or properly document your shit, ubnt.

https://community.ui.com/questions/Restarting-OpenVPN/2e5c4e8b-ab61-49f1-a25b-e5aa23130d48 suggests that reset openvpn interface works but… it didn't. You can try it before you try the following.

What helped me was to change settings so the config got regenerated. For example you could set or delete the following option:

interfaces openvpn vtun0 openvpn-option "--cipher AES-256-CBC"

then commit and see with sudo ss -lpn | grep :1194 that the thing's started. If OpenVPN is running or doesn't restart, you can killall openvpn a few times with forced Enter (hit the Enter key very hard, it's important) before you change the settings.

Just wanted to mention this to anyone finding this thread through "openvpn restart edgerouter doesn't work" in google or similar. I hope I sweared enough for my first fucking post in this damn nice forum 😛

@IRJ said in Caddy vs. Nginx:

@JaredBusch said in Caddy vs. Nginx:

You have to compile yourself if you want to use commercially.

This is not something I will ever want to use because of that.

Yeah that's kinda lame, but not a deal breaker. Nginx has to be compiled for more advanced use cases like WAF or certain HAProxy features.

It's a bit of a bitch, but once you script it. It isn't too bad to do upgrades going forward.

that doesn't seem to be a limitation anymore. I didn't see it on their documentation.

Also I didn't realize Arden Labs made this. That's pretty cool.

@scottalanmiller said in Fedora History: missing commands entered:

@JaredBusch said in Fedora History: missing commands entered:

@scottalanmiller said in Fedora History: missing commands entered:

But I know what you mean and I've seen it before. But I'm trying to reproduce it now and can't.

Same. I just tried also. Annoying as hell when I know I have seen it.

No kidding, I know I've seen it too.

I know I've seen that happen before as well, so make that 3. I just don't have time to look at the moment.

@dbeato said in Recoverable Item Quota:

@Laksh1999 said in Recoverable Item Quota:

gation hold.I have not tried to purge the dumpster.The recoverable Items quota is not getting decreased.The same size is available now

This might help you
https://docs.microsoft.com/en-us/microsoft-365/compliance/set-up-an-archive-and-deletion-policy-for-mailboxes?view=o365-worldwide#optional-step-5-run-the-managed-folder-assistant-to-apply-the-new-settings

+1 to Start-ManagedFolderAssistant.

OP will need to configure a retention policy or Set-Mailbox -Identity foo -RecoverableItemsQuota some_valid_value if they want something that's not default applied. One gotcha to consider (which has got me in the past) is that if the mailbox (on-premises) is using the quota defaults for its database, the RecoverableItemsQuota parameter will be ignored.

@JasGot said in Who do you use for content delivery? (If that is even the right phrase):

@Obsolesce said in Who do you use for content delivery? (If that is even the right phrase):

But still, the cost of 1TB of storage in B2 is 10x the cost of Wasabi.

I just looked; 1TB at B2 is $5/mo and 1TB at Wasabi is $5.99/mo

Oh wow, you're right, it stayed at 12 months when I looked at the calculator, I thought I chanded it to 1 month.

So been looking into this a bit more and influx have changed the way they handle stuff.

From the documents. looks like you can do a .yaml file
https://docs.influxdata.com/influxdb/v2.0/reference/config-options/

But they also mention creating a config file
https://docs.influxdata.com/influxdb/v2.0/reference/cli/influx/config/create/

So i'm a bit confused how to get these working as i've tried both and when i restart the service "systemctl restart influxdb" i can get onto the UI with http:// but not https://

I appreciate everyone's help!

https://github.com/bastienwirtz/homer

https://github.com/linuxserver/Heimdall - this one doesn't have a way to add news feed 😞 , still great, it's being rewritten to nodejs

https://github.com/rmountjoy92/DashMachine

https://github.com/jeroenpardon/sui

@hobbit666 said in Topics of Systems Administration:

e.g. I'm down as being Infrastructure/Network Manager. But in peoples views where do my duties start and end?
(But maybe this is for another topic)

Well the first question is, why is "network" mentioned, given that that's a subset of infrastructure? That's like saying you are a vehicle/car mechanic. Saying you are a network manager, if that's all you are limited to (85% of the time at least) is one thing (I doubt this can be true, network anything doesn't exist outside of the enterprise space, even companies with many thousands of people generally don't need even a single dedicated network focused role), makes sense. And if you cover everything in the infrastructure space, but don't cover things like helpdesk, databases, applications, etc., then infrastructure makes sense (that would include systems, networks, platforms, etc.). But stating both doesn't. Either you are focused enough to say network and infrastructure doesn't apply. Or you are broader and should say infrastructure, and network doesn't apply.

But then "manager" becomes a question. Admins run things, managers manage people. The terms are used very loosely outside of IT, but inside of IT they generally aren't. You admin hardware/software, you manage people and vendors/businesses. The title "IT Manager" is generally considered to be (and this holds up very universally when you talk to people) someone focused on managing people under them and/or vendors. But an IT Admin, would not be assumed to manage people or maybe not even use vendors, and just administer everything that falls under IT.

@hobbit666 said in Port scanning tools:

@travisdh1 said in Port scanning tools:

That's really just nmap. Nothing wrong with using it, it is the official GUI frontend for nmap.

Yeah but saves me learning nmap commands 😆

That too. I use nmap a lot from the command line, but I'm normally running a standard scan (no options, just nmap xxx.xxx.xxx.xxx) or looking for a specific port nmap -p 443 xxx.xxx.xxx.xxx covers 90% of what I use it for.

@MrWright4hire said in What would be a typical Network Admin Best Practice Cheatsheet...Anyone?:

@MrWright4hire
Thank you all for your feedback on Zabbix monitoring software. However, I'm looking for an actually daily checklist that one may have developed or came across to do daily checks for Network Admins.

Do anyone know or have such a checklist?

I do not. I find most positions like this (DBA, Net Admin, Systems, etc.) have very few, if any, universal tasks.

I use it in pfsense router. It works against script kiddies, bots/botnets, at least partially. It's just another layer of security. And like it was mentioned before, it reduces log noise, with almost no effort.

@IRJ said in FIPS encryption (non domain laptops):

@frodooftheshire said in FIPS encryption (non domain laptops):

@IRJ Wow. So I'm guessing I would need to wipe these machines and put on Windows 10 Enterprise 1809 to go a. get compatibility and b. make sure these devices continue to get security updates? But when I check 1809 EOL is May 11 2021???

I may just have this client work directly with a third party to manage all this as I don't imagine this will come up again, and I'm not sure it's worth the time investment to really get a grasp on everything and what's involved.

Yeah it looks like it. I've not dealt with FIPs 140-2 on Windows before, only Linux.

This document is from May 2020 and shows 1809 still as the latest FIPs 140-2 certification.

https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf

Before you get into a rabbit hole here, what's your actual requirement?

This is the correct approach. What's the requirement?

It takes a good amount of time and money to certify the OS so that's why the FIPS certified releases are behind. I'm not sure on Windows but with RHEL/CentOS you can enable FIPS mode on any release, it's just not "certified".

Reporting back: The only tool that I had success with was https://relax-and-recover.org/
F33 desktop is now p2v'd.

For RHEL, CentOS, and Fedora that have Wayland enabled and is set to Wayland session by default when logging in. You would have to log out and then select GNOME on Xorg before you log in so you can remote desktop into them using remote tools like MeshCentral or TeamViewer.

Lately I've been disabling Wayland and selecting Xorg as the default GNOME session for that reason.

@Dashrender said in Adding 8GB of RAM to the Acer Aspire 7 A715-41G-R7X4:

@hobbit666 said in Adding 8GB of RAM to the Acer Aspire 7 A715-41G-R7X4:

Personally i always like to match RAM -
Size
Make
Speed etc.

For the average person - hell, the average IT person too, does it even matter? It's not like you're likely running a gaming rig you're trying to squeeze every last ounce of power from.

I know Scott is doing video editing - perhaps on this device.. so it might matter to him, a 1% performance increase could be several saved mins on a video...

More than anything, matched sticks means the least potential for problems. THe price on matching was within about $1 of anything else and anything faster would be wasted.

@Fredtx said in Help Understanding LAN test Speed Results:

I ran a LAN Test speed using from a client to a server, which are both in the same LAN as it's a small dental office network. The results are showing 67.88Mbps (Writing/Upload) and 405.51Mbps (Reading/download). I don't know what their physical infrastructure is as I work remote, but I'm sure it's 1Gbps Ethernet. If that's the case, does this test result indicate there's an issue, with the huge difference between upload and download, all in the local LAN?

That the test is labeled writing / reading.... then yes, you're expected to be testing a lot more than the network and a big difference would be expected.

@adam-ierymenko said in Zerotier failing to start after upgrade:

Do an update. We released new binary builds for Linux that should address this.

Sorry for resurrecting an old thread, but new installs are having the same selinux issue. Took some digging for me to figure out what was going on. Multiple attempts to install on Fedora 33.