@WLS-ITGuy give this a try, you may need to go back more than a year though.

The last time I set up Graylog I had to configured SELinux. Allow the web server to access the network: sudo setsebool -P httpd_can_network_connect 1 Graylog REST API and web interface: sudo semanage port -a -t http_port_t -p tcp 9000 Elasticsearch (only if the HTTP API is being used): sudo semanage port -a -t http_port_t -p tcp 9200 Allow using MongoDB default port (27017/tcp): sudo semanage port -a -t mongod_port_t -p tcp 27017

The IT benefit to this entire thing is, by enabling this feature, IT will now have a backup of the configuration of all the phones. Even if a user changes a button. Now a phone can die and IT will simply change the MAC on the provisioning server and put the new phone on the desk. To the business, the benefit is to let users control their own buttons without IT getting involved. Buttons can easily be programmed by a user simply holding it down until the menu pops up. It takes very little instruction to teach users to pick Speed Dial or BLF and enter the number or extension. For most small shops, this doesn't matter in the first place. They rarely change anything. But for an organization over 20, it is very common to have users all needing different configurations on their phone buttons. Their Boss, their Queue Pause, their specific parking lots, etc.

@JaredBusch fair enough, I haven't used the product itself as of yet and wasn't aware it had whitelisting inside the product, if this was specific to just fail2ban then that method would be suitable, but in this case I agree with you, my mistake.

@black3dynamite said in Setting Up a Standard MySQL or MariaDB Database for an Application: @JaredBusch said in Setting Up a Standard MySQL or MariaDB Database for an Application: I like my approach to setting this up. Obviously, install MySQL/MariaDB first as noted above. Then do the following. This all needs done in the same SSH session, but otherwise things are simple. Choose once of these exports for your DB root password. The first one is for you to specify, the second generates a random one and echo's it back to you. # Specify your own password for MariaDB root user export DB_ROOT_PASS="somebigpasswordgoeshere" # Generate a random password for MariaDB root user export DB_ROOT_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 30)" echo "This is your MariaDB root password: $DB_ROOT_PASS" Specify the application database name and application user name # Database user to use for application export DB_USER='yourusername' # Database name to use for application export DB_NAME='yourdatabasename' Generate or specify a random password for the database user # Specify your own password for the application's database user export DB_PASS="somebigpasswordgoeshere" # Generate a random password for the application's database user export DB_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 30)" echo "This is your password for the application user: $DB_PASS" Then create the application database, use, and grant access. mysql -e "CREATE DATABASE $DB_NAME;" mysql -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';" mysql -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost';" mysql -e "FLUSH PRIVILEGES;" Finally, lock down the system without the interactive requirement of mysql_secure_installation # Secure MariaDB (this does what mysql_secure_installation performs without interaction) mysql -e "UPDATE mysql.user SET Password=PASSWORD('$DB_ROOT_PASS') WHERE User='root';" mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" mysql -e "DELETE FROM mysql.user WHERE User='';" # Beginning on some version of MariaDB after Fedora 29 was released, the test DB is no longer there by defualt. mysql -e "DROP DATABASE test;" mysql -e "FLUSH PRIVILEGES;" Your approach makes it easier to use as part of a script. It also generates random passwords, which I prefer.

@stacksofplates said in Install OpenSupports on Fedora 29: It does look nice though which can't be said for a lot of them. That is the reason I looked at it. The view was solid.

@Emad-R said in Installing MS SQL Server Express on CentOS: Et me guess it is much faster on Linux than on Windows server No idea, but it is one less Windows Server license needed. Also MS SQL Server Express works well for many tasks.

@NashBrydges said in Mass upload sound files into FreePBX: Very useful stuff, thanks for this. Self serving. I’m buildinging a mass import right now using this process.

@travisdh1 said in So I built: Pi-hole: @BRRABill said in So I built: Pi-hole: Where is @scottalanmiller to chime in that isn't the purpose of DNS? Careful, sounds like he's already infected you! Yes but I can't yell at people as good as him.

Nice write up, thanks!

@wirestyle22 said in Renewing Let's Encrypt certificates using a systemd timer: sudo systemctl enable certbot-renewal.timer As I did this again today, I thought I would post my quick tweak to this because I do not like the idea of it running hourly. I set mine to run twice a day with a 1 hour randomizer. [Timer] OnCalendar=*-*-* 01,13:00:00 RandomizedDelaySec=3600 Unit=certbot-renewal.service

For anyone interested, I recently setup Ansible AWX on Fedora 27 using this guide. Running as a local VM so didn't do anything with Nginx / reverse proxy.

@tim_g said in Use DHCP option 43 on Windows Server to tell UniFi devices how to find the controller: @jaredbusch I see, so just setting option 43 on whatever DHCP server you use is all you need. Nothing hardware specific is required on the network. Correct

@brandon220 said in Install Nginx as a Reverse Proxy on Fedora 27: Another question: When you access Nextcloud with https and the site check shows that everything passes But, when you place it behind Nginx, it "breaks" I am trying to understand what is happening behind the scenes to cause the error. Is anyone else seeing this happen on their instances? If you want to remove that warning, add the following in the server block location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; }

@hobbit666 said in Install Zabbix on Fedora 27: Just ran through this again as moved from a CentOS install to Fedora and only just noticed it pulls down Version 3.0.15? Current Version is 3.4.8. Does the script need changing or how do we update to the latest? 3.0.15 is Zabbix 3.0 LTS version. https://www.zabbix.com/download?zabbix=3.0&os_distribution=centos&os_version=7&db=MySQL Edit: You will have to manually install the new version.

And still works on my install that was 27 then upgraded to 28 and now upgraded to 29.

@WindowsGuy said in Install Nextcloud 13.0.0 on Fedora 27: The Apache vhost file location is no longer available. Do you have another location where I can find it or steps to configure it manually? here: wget https://raw.githubusercontent.com/sorvani/scripts/master/Nextcloud/nextcloud.conf

Veeam also has a Linux based recovery environment that can provide full recovery of Linux VM's into the HC3 system. Unlike windows, the virtio drivers are already built in to the Veeam Linux Recovery ISO so there is no additional step required for it to see the disk to recover to ... so in this example, I just want to restore all of disk vda from the backup repostory to the blank vda disk. https://us.v-cdn.net/6029942/uploads/editor/fo/34iyt1hfakvn.png Restore the entire disk. https://us.v-cdn.net/6029942/uploads/editor/86/b3yuhb1yaumf.png https://us.v-cdn.net/6029942/uploads/editor/m1/17w2jukfkncw.png

Well crap, I never added pictures to step 2. I will try to get to that later this afternoon.

@jaredbusch said in How to run JNLP files on Fedora Cinnamon with Firefox: @black3dynamite said in How to run JNLP files on Fedora Cinnamon with Firefox: In Chrome, selecting "Always Open Files of This Type" doesn't work? You are not allowed to select that for JNLP files in Chrome. Google and Oracle bickering takes a toll on end users

@dashrender said in Using HTML5 Playback in Firefox on Fedora: @jaredbusch said in Using HTML5 Playback in Firefox on Fedora: If anyone is curious as to why these libraries are not in the native Fedora repository, it is due to licensing. https://fedoraproject.org/wiki/Forbidden_items well, I'd be more curious as to why they aren't included with FF. But as you already told me privately, it's a conflict of license types. Yep, just because two different pieces of software are both open source, doesn't mean the licenses work together. https://en.wikipedia.org/wiki/Comparison_of_free_and_open-source_software_licenses

@dafyre said in KVM and Back Ups: @scottalanmiller said in KVM and Back Ups: @dafyre said in KVM and Back Ups: @scottalanmiller said in KVM and Back Ups: @dafyre said in KVM and Back Ups: In my experience with it, it has often corrupted randomly and to the point that it's own snapshots are no help, nor are VMware Snapshots. How could it correct VMware snapshots? I guess it's more that BtrFS doesn't detect the corruption early enough and our VMware snapshot are nothing but snapshots of corrupt data... That's about the only way I can explain it. General risk with hypervisor level backups. This is a huge reason for either local file based or what I call devops backups. They are at a higher level, so there is way more opportunity for this. But if the system was okay when you took the VMware snap, it should have been okay when you restored it. Regardless of corruption. Yeah, exactly.... and this is why Snapshots are not a backup! Snapshots absolutely are the backup mechanism.

@tim_g said in Beginner's Guide to KVM Administration: @fateknollogee said in Beginner's Guide to KVM Administration: @dustinb3403 said in Beginner's Guide to KVM Administration: ssh-keygen -t rsa The above generates the rsa keys required to connect without a password. I'm using ecdsa (instead of rsa) per this info: Choosing an Algorithm & Key Size ssh-keygen -t ecdsa -b 521 Nice. That's the equivalent to 15,360 bit RSA! I want to see if e everything I use including GitLab can support that. From my reading, it should.

@SJ2020 said in Use a php file to create a dynamic Yealink Remote Address book of FreePBX extensions: I know this post is a bit old. But it's been the closest I've gotten to this phonebook thing. I placed the file inside the pbx but when i navigate to the pbx.domain.com/ylab.php it shows a part of the script inside of it instead of the output. Clearly just taking part of the script i got from the GETHUB instead of supplying me with the output requested. Any ideas? You need to use the updated version. https://github.com/sorvani/freepbx-helper-scripts/blob/master/Extensions_to_Yealink_AddressBook/ylab.php

I haven’t tried it but process substitution may work if you enable envsubst. So rather than an include you might just be able to do: $( nslookup domain.com | yada yada) Driving so don’t feel like typing out anything.

@Tim_G said in Korora 25: MacBookPro install: tips | tricks | info: @JaredBusch said in Korora 25: MacBookPro install: tips | tricks | info: Okay, I signed in and then closed the lid. Light was showing standby. I left it for about 45 minutes. opened lid. Keyboard lights came on but the screen did not come back up. Pressing keys does nothing. Pressing power button does nothing. hard power cycle required to power on. So, seems to be the same issue. Does it happen when using Korora 25 Gnome? I have not installed anything else.