Will setting this require a password at boot or only on occasions when one wants to change grub config?

https://secscan.acron.pl/centos7/1/4/2

@scottalanmiller , it would look like this.

#***********************************************************
# Install ansible
#***********************************************************

sudo apt install -y ansible


#***********************************************************
# Create or append ansible requirements file
#***********************************************************

sudo sh -c "echo '- src: https://github.com/florianutz/Ubuntu1804-CIS.git' >> /etc/ansible/requirements.yml"


#***********************************************************
# Install the role for CIS Ubuntu script from Github
#***********************************************************

cd /etc/ansible/
sudo ansible-galaxy install -p roles -r /etc/ansible/requirements.yml

#***********************************************************
# Create Ansible Playbook for CIS Ubuntu script
#***********************************************************

sudo sh -c "cat > /etc/ansible/harden.yml <<EOF
- name: Harden Server
  hosts: localhost
  connection: local
  become: yes
  roles:
    - Ubuntu1804-CIS
    
EOF
"


#***********************************************************
# Run ansible playbook file
#***********************************************************

sudo ansible-playbook /etc/ansible/harden.yml

You could use a github repository and manage ansible locally using shell scripts.

@brandon220 said in AzureAD and shares:

@IRJ @Obsolesce They actually want a DB for this data but keep finding subpar developers and wasting money.

That should be a NEED not a want.

Send to database and then back up the database. That's what needs to be done

@brandon220 said in AzureAD and shares:

@coliver They tried OneDrive and had a ton of trouble. They were constantly calling MS support to recover folders and files that were deleted in the middle of the night, when nobody was at their office. Folders were moved into random places.

It is VERY possible that it was user error on each occasion but the logs did not reflect that. They lost a ton of files too that had to be recovered from a backup. I will say that I have read about other occasions with similar results.

If they are using a single OD account, the logs aren't very helpful.

@brandon220 said in AzureAD and shares:

Isn't there a 1Tb limit on OneDrive? They are trying to use a single OneDrive account as a "file server".

That is why they dont know who is deleting shit. Everyone has permission to delete all files...

@brandon220 said in AzureAD and shares:

. Their PCs are not "joined" to AzureAD but their user accounts reflect this. Should they be joined?

He might not "need" this. Because his SaaS apps and azure VMs can connect to Azure AD itself. In a full cloud environment there may be little reason to have PCs domain joined. Especially if you aren't storing anything locally.

You could just blow away PC if there is even the slightest of any issue. Also, you could utilize Linux , Chrome OS , or Mac in your environment with ease.

You can also use Microsoft Intune to control Windows and Mac to a certain extent.

@brandon220 said in AzureAD and shares:

sharing files on the LAN is painful

That should be the easiest part of a cloud solution. LAN shouldn't even be a thought here. That doesn't make any sense and negates the benefit of using azure and 0365.

My Udemy reccomendations

Terraform - Absolutely loved this one!! It is all lab

https://www.udemy.com/share/101lhUA0UZdF9QTHg=/

AWS Security - Loved this course. It is all labs and extremely thorough

https://www.udemy.com/share/101lhWA0UZdF9QTHg=/

Ansible - Good course. I havent finished yet

https://www.udemy.com/share/101dMKA0UZdF9QTHg=/

CCSK practice tests - Decent practice tests. Helped prepare me for CCSK.

https://www.udemy.com/share/101lhYA0UZdF9QTHg=/

Then pick you Az103 course. As I mentioned earlier I did Az101 and Az102