Posts made by IRJ

@scottalanmiller said in Staying at your shitty employer is your fault:

@irj said in Staying at your shitty employer is your fault:

90% of jobs I'm looking at are remote post covid. Remote work existed before, but was less common

But 90% of good jobs were remote PRE-COVID. Anyone who is remote only because of COVID is a shitty shop that got better because they had to... means that the management failures are still there. Don't be lulled by jobs forced to look better than they are temporarily.

Good shops were always remote (when possible.) You can't be good and make people come into the office just for shits and giggles, the two are polar opposites conceptually. You can only make one thing a priority... is it doing a good job, or is it sitting in an office.

I agree with this, but at the same time pre-covid remote was much more difficult to find. It existed and I got to take advantage of it before covid, but man was it considered a perk back then.

I've still had a few jobs reach out and say they are remote until covid crap is over then they want you to move somewhere.. I just tell them no thanks I'm not interested in even talking.

Some of ya'll need to hear this...

• A bad employer or boss cannot ruin your career. Perhaps it can make your life hell for a year or two max. Anything beyond that is completely on you
• Contrary to popular belief, you have the ability to make or propose changes in any work environment. Labs and testing should be done regardless of company policy or direction. For examples companies afraid of cloud should at minimum have an AWS or Azure Lab.
• You don't have to enable your employer to be pennywise and pound foolish. (You don't have to host 50 different open source solutions to help your employer save perceived costs)
• I've never seen an employer that pays well ever give a shit about rocketchat or next cloud. Spend your time with technologies that real businesses are using
• IT jobs are plentiful and have been since 2005.
• 90% of jobs I'm looking at are remote post covid. Remote work existed before, but was less common
• You do have time and money for certifications and training. You just like to make excuses
• Worry about you first. When you're worried about you, then your goals and company goals should align 90% of the time. But at the end of the day, any company can cut you at any time. Just like you can walk out the door anytime. Never be hostage to the company no matter how much you think they depend on you.

Great extensive article on managing files and folders on Linux. This article was written by Bill Kindle and shared on his LinkedIn profile. I came across it and thought I'd share here.

https://adamtheautomator.com/linux-directory-commands/

@scottalanmiller said in RDP Security / Hardening:

Let's start with understanding the need. Why is RDP open at all? Is it only open to the LAN, or is it open to the world?

Yeah that is a much bigger concern than simultaneous connections.

@scottalanmiller said in Bad Pings from Windows, Good from Linux:

Weird networking issue. We have some Windows machines (mostly server VMs, but desktops too) and some Linux servers on a network with some print servers (old IOGear stuff.) The Linux machines can ping the print servers no problem, 100% success. Linux can ping Windows and vice versa. No network problems at all, until the Windows machines try to ping the print servers. Then there is 15-40% packet loss. We have no idea what could be wrong.

There are only two switches and we can't find any correlation there. Nothing is on wifi. Nothing crosses a router boundary.

Same physical adapter with Linux vs. Windows VMs the Linux can ping reliably and the Windows cannot!

Not many companies even use ping anymore. I'm sure you are testing this because of network performance issues not just solely based on ping.

What's the performance issue specifically?

@Dashrender said in Bad Pings from Windows, Good from Linux:

is there there a speed difference at which Linux pings vs Windows?

Not sure why @DustinB3403 downvoted this, but you are correct.

@Dashrender said in Bad Pings from Windows, Good from Linux:

is there there a speed difference at which Linux pings vs Windows?

https://feelingsec.wordpress.com/2018/01/04/fingerprinting-with-ping/

@JaredBusch said in Yet another way Azure sucks:

Ah, here we go, it made a group and that lets you delete everything.

Yeah this convenient when working with specific resources like building a specific app that is a collection of servers, networks, etc.

IaC still gives you more, because you can modify resources easier. You can make bulk changes very quickly and review each of those changes with much more granularity before applying.

@JaredBusch said in Yet another way Azure sucks:

When you want to delete a virtual machine, you have to clean up all the its manually.

There is not even an option to remove everything at once.

This is by design, because all your resources are separate. Companies that leverage Azure/AWS are not using the console to deploy resources for this very reason. Using infrastructure as code is the only way to go. Both Azure and AWS offer their own IaC at no cost, but you can use terraform as an open source cloud neutral deployment method as well.

Azure VMs and AWS EC2 are not VPS as you know. AWS does offer VPS style servers called lightsail. It's more affordable than EC2 and you would be able to delete with one click like youre used to doing. Of course you don't get all the other features like advanced networking, storage, etc.

@wirestyle22 said in Return Values in Bash Script and generate e-mail which shows successes, errors and if the directory is empty:

@JaredBusch said in Return Values in Bash Script and generate e-mail which shows successes, errors and if the directory is empty:

@wirestyle22 said in Return Values in Bash Script and generate e-mail which shows successes, errors and if the directory is empty:

@Obsolesce said in Return Values in Bash Script and generate e-mail which shows successes, errors and if the directory is empty:

@wirestyle22 said in Return Values in Bash Script and generate e-mail which shows successes, errors and if the directory is empty:

@stacksofplates said in Return Values in Bash Script and generate e-mail which shows successes, errors and if the directory is empty:

@wirestyle22 said in Return Values in Bash Script and generate e-mail which shows successes, errors and if the directory is empty:

@stacksofplates said in Return Values in Bash Script and generate e-mail which shows successes, errors and if the directory is empty:

Rather than mess with multiple arrays, you can just have a single dictionary that holds the file and status. A single function can decrypt the file. Then just save the file name and status of the decryption in that dictionary. Then loop through the dictionary and here I just print the data, but you could email it or send to Slack or whatever.

This was a quick pass so probably can be cleaned up a bit.

My reasoning behind two arrays was to keep it organized. If I do all successes in one and then all failures in the other. So I have this now:

#!/usr/bin/env bash
source "/home/user1/subdirectory1/master.sh"
decryptedFolderPath="/home/user2/subdirectory2/"
archiveFolderPath="/home/user1/subdirectory1/archive/in/"
extension=${fileName##*\.}
newFileName=${fileName%.*}
fileWithoutTimestamp="$newFileName.$extension"
encryptedItems=$(ls encryptedFolderPath*.pgp)
statusArray=()                                   

for i in $encryptedItems
do
gpg --batch --homedir /home/user1/.gnupg/ --passphrase "$PASS" --list-only --list-packets --yes --decrypt "$i" | grep -q "encrypted" > "$decryptedFolderPath"/"$fileWithoutTimestamp"
outPut=$(gpg --batch --homedir /home/user1/.gnupg/ --passphrase "$PASS" --list-only --list-packets --yes "$i" | grep -q "encrypted")

if [ $? != 0 ]; then
echo "$i is not a pgp file"
statusArray+=("failed to decrypt $i, with status code $? output from pgp: $outPut")
fi

if [ $? == 0 ]; then
statusArray+=("Succesfully Decrypted $i")
echo ${#statusArray[@]} | mail -s 'report' [email protected]
v=${i%.*}
encryptedFile="$v"
fileName=${encryptedFile##*/}
@@ -27,4 +34,4 @@ continue
fi
done

mv "$i" "$archiveFolderPath"

I think this is what you meant, right?

Well no. I meant Python can easily work with dictionaries (hash maps) vs doing multiple arrays. You'd have to switch to a hash map in Bash vs the multiple arrays.

Gotcha. Yeah it sounds more convenient it just going to take me more time to learn than I have with this current script

Isn't this the one you've been working on for like a year now? I'd say that's enough time to learn a little about scripting.

I built the original one awhile ago. Now I want to build more functionality into it. It's been static for a very long time.

Except, bash is not the place to build more functionality.

You use bash for basic stuff, or when there is no better option available.

technically there is no other viable option because I don't have the time to learn the alternative before I need this to be done by. the plan is to remake it in python later. after I convert some stuff and feel comfortable, I'll only use python

I learned the basics of python in a day or two. I bought udemy course and built a few python apps. I was able to find tutorials to build security tools like scrapers and scanners.

I've since added to these scripts and combined some of them. I'm not a python master, but it's very easy to pick up. There's also so many resources out there.

@stacksofplates said in Return Values in Bash Script and generate e-mail which shows successes, errors and if the directory is empty:

@wirestyle22 said in Return Values in Bash Script and generate e-mail which shows successes, errors and if the directory is empty:

I am breaking this down very slowly for myself. Not a bash master by any measure, but I do want to continue learning it. Arrays seems somewhat annoying in Bash. I will likely learn python to deal with more complex stuff I may need to do with them.

This would likely be easier in Python and more straightforward.

Yep

@DustinB3403 said in Another RDS server?:

@IRJ said in Another RDS server?:

Why do the users need a terminal server? Does everyone need it?

Are you asking the OP to justify the use case?

Yes

Why do the users need a terminal server? Does everyone need it?

@DustinB3403 said in At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Exchange:

I generally agree with that statement @IRJ except that the long term cost of hosting isn't cost effective as the vendor can price jack the rates any time that they want.

The market will dictate the price in the long term. Microsoft is not the only hosted email provider. They alone cannot control pricing. Unless they want to price themselves away from many customers including existing ones.

As @Dashrender mentioned, patching and security will be better with a major cloud provider. There are so many things we could talk about like automation, compliance, role separation, physical security, etc that clouds are going to do better. Not to mention internal actors are the number one threat to companies. Poorly configured exchange server could lead to denial of service, extended outages, data loss, etc.

All of that is great and fine, but the real reason companies choose hosted email is for cost savings. Whether it's exchange online or zoho. Hosting email on premise in 2021 is not cost effective in any way.

Have you thought about the addressing the real problem? What's making these users need a terminal server in the first place?

Are all users really dependent on terminal server or are some using it for convenience?

Can you replace any of these dated apps with web apps?

That looks like it's only applicable if you're not using trusted certificates. There's always a man in the middle risk this way.

@openit said in Is someone using Wazuh? Is alternative for Graylog, ME Data Security etc.?:

@openit said in Is someone using Wazuh? Is alternative for Graylog, ME Data Security etc.?:

@travisdh1 said in Is someone using Wazuh? Is alternative for Graylog, ME Data Security etc.?:

@openit said in Is someone using Wazuh? Is alternative for Graylog, ME Data Security etc.?:

I'm not familiar with Manage Engine Data Security Plus, so no idea how it compares to that.

Manage Engine Data Security Plus = File server auditing - monitor, alert, and report on all file accesses and modifications made to your file server environment.

I really need this kind, to monitor our Windows File server shares, once in a while, people come to ask me who deleted or modified these etc.

@IRJ Is Wazuh can do something like this? once I install an Agent on Windows File Server?

Yes it can. You can also exclude file types or directories to reduce false positives

@openit said in Is someone using Wazuh? Is alternative for Graylog, ME Data Security etc.?:

@IRJ Appreciate your inputs!

What do you want me to say? I've used it in labs and production environments. It works well and you can write custom rules.

You can search this forum and raise any questions in any topics that exist or create a new thread. I generally try to shy away from general questions like this. If you have any specific questions, then ask.