Best posts made by stacksofplates

@scottalanmiller said in Centrally Controlled Local Backup System Options:

@stacksofplates said in Centrally Controlled Local Backup System Options:

I mean an outside the box scenario is you could use Jenkins to schedule all of this. Then just use something like Restic or Borg to do the backups either locally or to a central location.

Then you can have Jenkins send messages/emails on a failure. You'd just need a Jenkins slave at every site (can be whatever you are running the backup on).

Not specifically looking to trigger the backups remotely. Would like them to trigger locally and just report because if the Internet goes down, you don't want things to not keep going.

Salt or Ansible should be able to do this too. And you could script the responses.

I assumed that Jenkins would have the Ansible plugin (or Salt if there is one, not sure) so the slave could do whatever it needed with that tool. You could always deploy script and then just have a Jenkins job to scrape the data.

Probably more of a realistic scenario is to just have the scripts at each site deploy to the location (remote or local) and then have Prometheus monitor that. You could pretty easily have an exporter report any failures on the systemd unit (or whatever service you want).

@dafyre said in Centrally Controlled Local Backup System Options:

The endpoint pricing seems to be ~$10 /user /month.

How does that work with multiple sites? I'm one user backing up 100 sites, so it's just $10 a month?

@scottalanmiller said in Centrally Controlled Local Backup System Options:

@jmoore said in Centrally Controlled Local Backup System Options:

@scottalanmiller said in Centrally Controlled Local Backup System Options:

For those wondering why email doesn't cut it.... literally had an unrelated situation where they were using Veeam with email alerts and it didn't alert and no one knew it wasn't backing up for four months! The customer presumably knew that they had removed the backup target and not replaced it or communicated with anyone. But nonetheless, had there been the central console for this local backup job, we would have known instantly.

Reminds me of a couple weeks ago when we had an emergency alert go out on campus. I know this is fairly unrelated but but it does describe a flaw with email. I did not get an email giving me the notice because we were also having email issues at the time. So i walked out of a classroom at 4:00 in the afternoon and there was no staff left on campus but me. So yeah, have to have something else working besides email.

Yeah, the problem with any email based system is you don't know when you don't receive something. Email alerting is based on the "tell me when something is wrong" concept, which is fine to do. But alone is rarely enough. We need a "tell me that everything is okay, all the time" approach. We need to have constant verification that nothing has failed.

That's why I said Prometheus. It should be fairly easy to create an exporter to monitor this.

Or there may be one already for your backup utility. Heres one for Borg written in Bash.

https://github.com/teemow/prometheus-borg-exporter

I've used Graylog previously. We used limited amounts of the dashboards in Graylog and we mostly created our own in Grafana to display things we needed. The advantage to Graylog over Elastic Stack is RBAC is included out of the box, you don't have to purchase X-Pack or custom build anything to get that functionality.

But I don't believe it works natively with Wazuh like @IRJ mentioned.

@Emad-R said in Callback Provisioning with Ansible Tower:

@stacksofplates

It is, i added it even by IP and by hostname.

I wonder if this is related that i am running AWX in docker mode and if that is affecting it.

Btw do you know to install AWX without docker ?

Do you have PTR records set up for the host? I'm not sure if Tower looks at the IP or reverse name for the caller.

No it's Docker only. Only Tower has a non container based install.

@scottalanmiller said in How can I write two separate outputs from one command?:

Doesn't tee handle this for you?

No it's two separate log outputs. Taht would work if it was the same output. But I don't think he really needs that anyway.

@IRJ said in How can I write two separate outputs from one command?:

@stacksofplates said in How can I write two separate outputs from one command?:

Here's the output from systemd if you create a service:

Dec 09 15:16:47 localhost.localdomain systemd[1]: Started ClamAV Scanner.
Dec 09 15:16:47 localhost.localdomain scan.sh[23673]: LibClamAV Warning: **************************************************
Dec 09 15:16:47 localhost.localdomain scan.sh[23673]: LibClamAV Warning: ***  The virus database is older than 7 days!  ***
Dec 09 15:16:47 localhost.localdomain scan.sh[23673]: LibClamAV Warning: ***   Please update it as soon as possible.    ***
Dec 09 15:16:47 localhost.localdomain scan.sh[23673]: LibClamAV Warning: **************************************************
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: ----------- SCAN SUMMARY -----------
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Known viruses: 6561649
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Engine version: 0.101.5
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Scanned directories: 11
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Scanned files: 41
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Infected files: 0
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Data scanned: 32.97 MB
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Data read: 200.09 MB (ratio 0.16:1)
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Time: 30.328 sec (0 m 30 s)
Dec 09 15:17:17 localhost.localdomain systemd[1]: scan.service: Succeeded.

Can you show me your systemd service file?

[Unit]
Description=ClamAV Scanner

[Service]
Type=simple
ExecStart=/usr/local/bin/scan.sh

[Install]
WantedBy=default.target

#!/bin/bash

clamscan -i -r /home/jhooks/Downloads

A timer would just be this:

[Unit]
Description=Run Clam Scan

[Timer]
OnCalendar=*-*-* 00:00:00
Unit=scan.service

[Install]
WantedBy=default.target

I usually use virt-builder to build the image, and then I can clone from that. Then you have nice really small images to build from.

@wrx7m said in When should I use a Bastion Host?:

@stacksofplates said in When should I use a Bastion Host?:

The whitelisting is probably a lot easier with Okta. But if you set up your SSH config for your profile you can use the bastion host automatically so it's probably 6 and half dozen.

Is this with Okta Advanced Server Access?

I'm not sure exactly what @IRJ is using. I just know he uses Okta. But with any zero trust whitelisting is easier because it isn't necessarily IP based.

Depends what you want. ANSYS works well, is stupid expensive, and runs on Linux. But not sure how much CFD, acoustic, thermal, and mechanical engineering you're doing.

@scottalanmiller said in Static Web Site Design Tools:

Simple site just whipped up in Hugo. Definitely way faster to churn out a really simple site in Hugo compared to WordPress once you get a process down. And deploying via Git is awfully nice.

https://waxquixotic.com/

Since it uses Go's templating as a base, creating themes and extending themes is pretty easy. I've added custom parts to themes with custom types and it only took a small amount of time.

Netlify has a UI that you can build into your project. I haven't personally used them but they are a pretty popular static site host. From what I remember, the UI is just a single bit of javascript you add to your project.

@Dashrender said in Looking for free RMM kind, or at least with H/W and S/W inventory software with agent.:

@stacksofplates said in Looking for free RMM kind, or at least with H/W and S/W inventory software with agent.:

@scottalanmiller said in Looking for free RMM kind, or at least with H/W and S/W inventory software with agent.:

@openit said in Looking for free RMM kind, or at least with H/W and S/W inventory software with agent.:

By the way, what happened to Sodium, it was some relevant software I believe?

Being rebuilt. Company ended up with other money making projects that pushed it to the wayside when there was team turnover and it's very much in process, but there are ERP systems rolling out to production ahead of it unfortunately.

Why don't you just open source it and let others help?

I thought he wanted to make it a SaaS solution, not something for end users/companies to do on their own.

Doesn't mean it can't be open source.

@stacksofplates said in Looking for free RMM kind, or at least with H/W and S/W inventory software with agent.:

@Dashrender said in Looking for free RMM kind, or at least with H/W and S/W inventory software with agent.:

@stacksofplates said in Looking for free RMM kind, or at least with H/W and S/W inventory software with agent.:

@scottalanmiller said in Looking for free RMM kind, or at least with H/W and S/W inventory software with agent.:

@openit said in Looking for free RMM kind, or at least with H/W and S/W inventory software with agent.:

By the way, what happened to Sodium, it was some relevant software I believe?

Being rebuilt. Company ended up with other money making projects that pushed it to the wayside when there was team turnover and it's very much in process, but there are ERP systems rolling out to production ahead of it unfortunately.

Why don't you just open source it and let others help?

I thought he wanted to make it a SaaS solution, not something for end users/companies to do on their own.

Doesn't mean it can't be open source.

Depends on the language as to how much help they'd get from us I guess. But I bet there's a lot out there not in the community that would help.

@JaredBusch said in Should SodiumSuite Be Open Source:

review submissions and clean them up to standards for your code will likely outweigh any benefit.

You shouldn't be cleaning them up to your standards. That should be on whoever submitted the pull request. You give them the standards in your README and have the testing to ensure the standards are met. If you don't have that in place it means you don't really have standards.

@wrx7m said in Buttercup Password Manager:

Does bitwarden offer an import from keepass and other popular password tools? Lastpass does this and it works well.

https://help.bitwarden.com/article/import-data/

Here's a real world example. I did a pr with this tool. All of the testing and validation was done automatically. Here's their test cases. https://github.com/purpleidea/mgmt/tree/master/test They even test commit messages to ensure they meet standards. If you aren't already enforcing these standards, I'd say you're already behind the game.

edit: They even still have the tests from my pr 6 months ago. https://travis-ci.org/purpleidea/mgmt/builds/556074878?utm_source=github_status&utm_medium=notification

@scottalanmiller said in Should SodiumSuite Be Open Source:

It's not a little change of how licensing and visibility is done

I'm not trying to say a licensing change is trivial (although a lot easier going from closed to open than from one open to another). I'm saying if you pick the correct licensing, people can't just "steal" your code without A) giving you credit, and B) contributing their changes to you. That was my point to @Dashrender .

edit: apparently you can't do A) and "B)".