@jrc said in Snipe-IT Upgrade from 4.6.7 to 4.7.5 not working.:

Cannot create cache directory /home/jcoombes/.composer/cache/repo/https---repo.packagist.org/, or directory is not writable. Proceeding without cache
Cannot create cache directory /home/jcoombes/.composer/cache/files/, or directory is not writable. Proceeding without cache

This is normal. You are running something as the apache user and it has no access to your home directory.

Looks like the problem is with the CDR database. If I remove that from the backup (temporarily), the backup completes as normal.

@PhlipElder said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

@Pete-S said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

@PhlipElder said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

@Dashrender said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

@dafyre said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

@PhlipElder said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

All it takes is one absentminded click or drive-by that's completely shielded from us as we go about the day to day stuff and it's done. Game over. Say, "Bubbye".

There's always going to be that risk or one absentminded click.

Granted an Air-gapped PWA is a good way to handle it.... but so is not saving passwords in RDP files (I don't do this), and if you use an app like MobaXterm that can encrypt the files for you, use a good pass phrase.

However if your admin machine is owned, you have bigger issues to start with.

Well, the idea is that the air-gapped machine won't ever be in a situation to become compromised, is my guess. I haven't had a chance to look at the MS link Philip sent earlier.

There are several ways to implement with the simplest being the main machine having two VMs installed on it. One for day-to-day and one for client/systems management. Nothing is done on the machine itself with all designated tasks being done in their respective VM.

We have a number of laptops that came back from client refreshes. So, we're using them as our dedicated management machines. Asus makes a great external USB3 DisplayLink and DisplayPort external monitor that allows for two screens. That makes the work easier.

There is security leakage between VMs on a client machine for instance over clipboard.

Have a look at Qubes. https://www.qubes-os.org/

It's probably the best implementation of security separation to date.

Using the Hyper-V VM Console without RDS pass-through eliminates any access to the VM beyond console.

Same with KVM or whatever.

@dafyre said in iptables deny taking precedence over accept:

@IRJ said in iptables deny taking precedence over accept:

#Port Range 95000
$IPT --append INPUT --match tcp --protocol tcp --src $somenetwork_1 --sport 95000 --jump ACCEPT
$IPT --append INPUT --match tcp --protocol tcp --src $somenetwork_2 --sport 95000 --jump ACCEPT

I'm assuming this is not support to be a correct number... but --sport can't be > 65536.

Yeah I just randomized port numbers. Not actually using that

I'm not sure what to look for since I don't have anything that has crashed

It is also a free trial weekend for the game on Steam, for anyone wanting to fire it up and see what they think.

@Dashrender said in Server 2008 R2 Standard ISO:

@DustinB3403 said in Server 2008 R2 Standard ISO:

This topic is 3 years old. . . wtf.

I was wondering why this popped back up.

Spammer who got nuked.

This thread is like a honey trap, lol. Works really well.

@IRJ said in Scripting partioning on AWS:

@stacksofplates said in Scripting partioning on AWS:

@IRJ said in Scripting partioning on AWS:

Found this chart on a somebody's project on github. Seems like a reasonable place to start?

ce0c63ba-39ea-47f3-8720-370ff5d73ff6-image.png

Ours would have been more like:

mount size / 12GB /home 1GB /var 10GB /var/log 5GB /var/log/audit 5GB /tmp 1GB

That's a little too liberal for EC2 instances. I could definitely see that working for on prem though.

Yeah. The numbers you had looked fine. Especially if they aren't going to be long living servers.

@Markferron said in PoE powered lighting:

@Kelly Just out of curiosity, were those people in IT or electrical/maintenance? It would be interesting to see what department would pay for what when things go wrong.

It was electrical. They actually manage the day to day function of the lights. IT maintains the software and OS running it, but nothing beyond that.

@Dashrender Yea, it worked.

@Dashrender said in License Hyper-V Virtual Machines...:

@Obsolesce said in License Hyper-V Virtual Machines...:

@Jimmy9008 said in License Hyper-V Virtual Machines...:

@Obsolesce said in License Hyper-V Virtual Machines...:

@Jimmy9008 said in License Hyper-V Virtual Machines...:

Hi folks,

I have Windows Server Datacenter 2019 licenses. If I install Hyper-V server, rather than Windows Server with the role, can I setup AVMA and have the host auto license the VMs?

Or, do I need to login to each VM and add the Datacenter key?

Best,
Jim

Avma does not work on Hyper-V Server.

You'll need to install Hyper-V role on Windows Server DC if that is a must have among any other DC only features.

So, if I have the Hyper-V Server installed only - how do I use my Datacenter license on the VMs? I guess I login to each and enter the key manually?

Correct, or you can do this instead:

https://docs.microsoft.com/en-us/windows-server/get-started/kmsclientkeys

This is the recommended solution.

You have a DC license, so you can spin up a VM that does nothing but act as a KMS for your other server VMs.

Right with DC, you have no issues with quantity of licenses.

@krisleslie said in Having sluggish performance on my Xen Server VM's, looking for suggestions to boost performance:

Otherwise I need some major help on trying to get what Scott is saying I need done. I think Scott hit it on the head, I just don't know where to start.

You mean with adding the logical volume on the RAID controller?

@dafyre said in Bad one: SonicWALL Remote Management Vulnerability:

PFSense has a newer fork now as well, known as OPNSense (https://opnsense.org/)

More modern UI and such, decent packages available if you need extra stuff, but as far as routing and a firewall, it's pretty excellent!

Both have a third party UTM add on option, too.

After comparing the Coronet vs the MS E5 cloud app security license, I'm not seeing any alerts in Coronet that are already available in the cloud app security portal. The Coronet interface is just a improved and easier to work with interface. I'll be sticking with my E5 license for now since I'm getting the alerts I need with only paying for one E5 license vs paying per user with Coronet.

@Dashrender said in FreePBX with Centurylink IQ SIP ...:

CenturyLink/AT&T/Verizon, etc are all carriers AND ISPs

But all, by law, and by physical necessity, MUST operate them as two different things. That one company owns two businesses is just common sense. That's not relevant, it's still bundling versus not bundling. And none of them pretend that they are combined, all of those sell them separately, proving the point.

@stacksofplates said in AzureAD and shares:

@scottalanmiller said in AzureAD and shares:

@stacksofplates said in AzureAD and shares:

From what I've seen it's murky if you don't have to provide those also. I've seen some people say that things written along side of the application need to be made available also.

People claim lots of things, but if that is the case, then the risks of open source instantly apply to proprietary, and all concerns of OS are gone (relatively speaking.) Unless the risk comes solely from modifying the code itself, the open vs close debate is off as the risks become equal.

I think you're missing my point. I'm not saying one has more or less risks than the other. I'm saying that both have them. They both take understanding. You (the editorial you) can't say proprietary licensing is hard and takes a lot of time, and say open source doesn't. Same the other way around. They both take time and understanding in how the language is actually written.

Okay, that I buy. Licensing is hard, period. But it's never a reason to avoid open source. Closed source carries all risks of open source, and more. That doens't mean open source doesn't have risks, just fewer.

@Dashrender said in What is the best workflow to setup VitalPBX:

@JaredBusch said in What is the best workflow to setup VitalPBX:

@bnrstnr said in What is the best workflow to setup VitalPBX:

@rcuadra popped back in yesterday... Maybe he could help?

Well, that was honestly why I replied here again. Also @scottalanmiller is back in the states and may have valid input as I know that he has deployed this.

Or at least set it up on the PBX side, no telling on the phone and SIP/telco access side.

Why would the phone side be any more or less difficult?