@hobbit666 said in Port scanning tools:

@travisdh1 said in Port scanning tools:

That's really just nmap. Nothing wrong with using it, it is the official GUI frontend for nmap.

Yeah but saves me learning nmap commands 😆

That too. I use nmap a lot from the command line, but I'm normally running a standard scan (no options, just nmap xxx.xxx.xxx.xxx) or looking for a specific port nmap -p 443 xxx.xxx.xxx.xxx covers 90% of what I use it for.

@MrWright4hire said in What would be a typical Network Admin Best Practice Cheatsheet...Anyone?:

@MrWright4hire
Thank you all for your feedback on Zabbix monitoring software. However, I'm looking for an actually daily checklist that one may have developed or came across to do daily checks for Network Admins.

Do anyone know or have such a checklist?

I do not. I find most positions like this (DBA, Net Admin, Systems, etc.) have very few, if any, universal tasks.

I use it in pfsense router. It works against script kiddies, bots/botnets, at least partially. It's just another layer of security. And like it was mentioned before, it reduces log noise, with almost no effort.

@IRJ said in FIPS encryption (non domain laptops):

@frodooftheshire said in FIPS encryption (non domain laptops):

@IRJ Wow. So I'm guessing I would need to wipe these machines and put on Windows 10 Enterprise 1809 to go a. get compatibility and b. make sure these devices continue to get security updates? But when I check 1809 EOL is May 11 2021???

I may just have this client work directly with a third party to manage all this as I don't imagine this will come up again, and I'm not sure it's worth the time investment to really get a grasp on everything and what's involved.

Yeah it looks like it. I've not dealt with FIPs 140-2 on Windows before, only Linux.

This document is from May 2020 and shows 1809 still as the latest FIPs 140-2 certification.

https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf

Before you get into a rabbit hole here, what's your actual requirement?

This is the correct approach. What's the requirement?

It takes a good amount of time and money to certify the OS so that's why the FIPS certified releases are behind. I'm not sure on Windows but with RHEL/CentOS you can enable FIPS mode on any release, it's just not "certified".

Reporting back: The only tool that I had success with was https://relax-and-recover.org/
F33 desktop is now p2v'd.

For RHEL, CentOS, and Fedora that have Wayland enabled and is set to Wayland session by default when logging in. You would have to log out and then select GNOME on Xorg before you log in so you can remote desktop into them using remote tools like MeshCentral or TeamViewer.

Lately I've been disabling Wayland and selecting Xorg as the default GNOME session for that reason.

@Dashrender said in Adding 8GB of RAM to the Acer Aspire 7 A715-41G-R7X4:

@hobbit666 said in Adding 8GB of RAM to the Acer Aspire 7 A715-41G-R7X4:

Personally i always like to match RAM -
Size
Make
Speed etc.

For the average person - hell, the average IT person too, does it even matter? It's not like you're likely running a gaming rig you're trying to squeeze every last ounce of power from.

I know Scott is doing video editing - perhaps on this device.. so it might matter to him, a 1% performance increase could be several saved mins on a video...

More than anything, matched sticks means the least potential for problems. THe price on matching was within about $1 of anything else and anything faster would be wasted.

@Fredtx said in Help Understanding LAN test Speed Results:

I ran a LAN Test speed using from a client to a server, which are both in the same LAN as it's a small dental office network. The results are showing 67.88Mbps (Writing/Upload) and 405.51Mbps (Reading/download). I don't know what their physical infrastructure is as I work remote, but I'm sure it's 1Gbps Ethernet. If that's the case, does this test result indicate there's an issue, with the huge difference between upload and download, all in the local LAN?

That the test is labeled writing / reading.... then yes, you're expected to be testing a lot more than the network and a big difference would be expected.

@adam-ierymenko said in Zerotier failing to start after upgrade:

Do an update. We released new binary builds for Linux that should address this.

Sorry for resurrecting an old thread, but new installs are having the same selinux issue. Took some digging for me to figure out what was going on. Multiple attempts to install on Fedora 33.

Found this and might be helpful to this traffic issue. In a Windows Computer you could use Glasswire on a wim to find out what traffic is going out of it:
https://github.com/zerotier/ZeroTierOne/issues/1174
https://github.com/zerotier/ZeroTierOne/issues/1018
https://github.com/zerotier/ZeroTierOne/issues/867

This clear enough?
F19CD035-29E9-4C9E-9063-AA83129F6B88.jpeg

For some reason, it would not downgrade like normal within chocolatey

So I did an uninstall, reinstall of version 1.4.6, then pinned version 1.4.6 so it will not upgrade when the daily task fires that uprgades all packages.

choco uninstall zerotier-one -y choco install zerotier-one --version=1.4.6 -y choco pin add -n=zerotier-one

Of course I did it all via ScreenConnect.

711f661b-2f41-4bd0-a83b-a297a2d09376-image.png
58f00374-e5c1-4d6f-8de9-f88b95a662d8-image.png

This is what a pin does:
2a64dc4a-d595-4f68-ac76-2faa3f55d77b-image.png

@DustinB3403 said in Trying to get metrics comparing two APs Cisco and Ubiquiti:

@Dashrender said in Trying to get metrics comparing two APs Cisco and Ubiquiti:

ustomer wouldn't approve adding cabling to run extra APs.

How many do they have today?

That's kind of what I'm thinking of recommending, but would want to ensure that we're list apples to apples and not against grapefuites (if you get my point).

well sure - so look at what the current APs support, then find something that does that or better for the new APs, You might have to play with power settings to keep things from overlapping to much,...

@Dragon3303 said in Switch to fiber or stay with coax?:

We haven't had any big issues with service, speed, etc. to speak of. Potentially looking at switching to a 30x30

My takeaway from this is that you'd be paying more to go slower. If you're not having any real issues, why pay more to go slower?

@Dragon3303 said in Switch to fiber or stay with coax?:

I'm sure some of our remote folks may see some better file transfer speeds but I'm not sure how much of a difference that will make overall going from 12 mb to 30 mb.

For some folks, it will be noticeable, and others, not so much. It will largely depend on what kind of internet connection your remote users have outside of the office.

Have you considered talking to your current ISP to see if they can provide more upload speed?

Blue Iris is great. It is too bad it only runs on Windows. We have deployed in on mini PCs with great success.

@thejb said in Anyone Know a Good GUI for HAProxy?:

@scottalanmiller

$1200 does seem crazy, but it is an ADC not just a GUI for HAProxy.

Some features include an Accelerator built upon nginx, WAF for security, GSLB and high availability.

For more information on the features - https://www.snapt.net/platforms/aria-adc/features

Is there a reason that you don't natively support deployments to things like k8s? It seems crazy this day and age to not have first class support for that seeing as almost everything will be there. Esp in the enterprise space where this has to be marketed for.

@scottalanmiller said in Deploying NodeBB 1.14 on CentOS 8 with MongoDB 4.2:

By default, NodeBB uses the REDIS NoSQL database,

By default, in 1.15.x it uses Mongo

I'm pretty sure it did in the last version I installed also. But that was months ago and I do not recall clearly.

@JaredBusch said in Redirecting feedback from Linux command:

@Pete-S Pretty much what I do not want is the status bar from these two commands.

fwconsole ma upgradeall

fwconsole chown

Well, use grep to match for the progress bar then.

First output stderr to a file and look in the file.

I don't know how the progress bar looks when it's output as a stream of characters.
I'm guessing every update is something like

3076094/3076094 [===========>-------------] 60%<CR>

In that case grep for every line that doesn't contain a [ followed by a number of =, > or - and finally a ].

So something like:

grep -v '\[[=->]+\\]'

Or maybe even better:

grep -v '\[[=->]{28}\\]'

Above assuming there are always 28 characters inside the brackets in the progress bar.

PS.
Funny thing but there seems to be a bug in the forum software.
I had to use an extra backslash to get the above regex look right \[[=->]+\\\] instead of \[[=->]+\\]
They look right in the preview though.

@black3dynamite that will work. I'll report back on Monday when I get the user on the phone.

@scottalanmiller said in Ticket versus Projects:

@Pete-S said in Ticket versus Projects:

Looking at Zoho One we're actually thinking about going all-in for real. Zoho One is a subscription that gives you access to almost everything Zoho has - Mail, Workdrive, CRM, Desk, Projects, etc, etc. It's $30 per month for every employee.

We've looked at it, but the price just doesn't work for us. Even if we bought every tool that every person would ever use, we don't have a single user who comes up to the $30/mo price. Most are in the $3 range, so the gap is huge.

Our core users are mail, workdrive, and connect. Beyond that, everything is unique to a role.

Yes, I think it hard to come up in price for the common cheaper services and only makes sense when you have a high percentage of your workforce on one of the more costly things like Zoho Desk or Zoho CRM.

The enterprise edition of Zoho CRM for instance is $35 per month. Enterprise edition of Zoho Desk is also the same price.