@scottalanmiller said in Azure Warm Backup Site:

@IRJ said in Azure Warm Backup Site:

Both places had under 250 employees and had offside data centers.

But had on prem for their primary workloads?

We had a very old core that only supported a few apps and none of them were SaaS at the time

I can confirm that RDP works again.

Apparently during the install of Asternic CDR reports a trigger was set that was pointing to a table that never got properly created. After I dropped the triggered from the asteriskcdrdb logging could start again.

Here is the trigger:

MariaDB [asteriskcdrdb]> show triggers; +--------------+--------+-------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+----------+----------------+----------------------+----------------------+--------------------+ | Trigger | Event | Table | Statement | Timing | Created | sql_mode | Definer | character_set_client | collation_connection | Database Collation | +--------------+--------+-------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+----------+----------------+----------------------+----------------------+--------------------+ | simp_channel | INSERT | cdr | BEGIN SET @orichn = ''; SET @dstchn = ''; SELECT SUBSTRING(NEW.channel,1,LENGTH(NEW.channel)-LOCATE("-",REVERSE(NEW.channel))) INTO @orichn; SELECT SUBSTRING(NEW.dstchannel,1,LENGTH(NEW.dstchannel)-LOCATE("-",REVERSE(NEW.dstchannel))) INTO @dstchn; IF @dstchan LIKE 'Local/FM%' THEN SELECT CONCAT('SIP/',SPLIT_STR(REPLACE(REPLACE(dstchannel,'#','-'),'@','-'),'-',2)) INTO @dstchn; INSERT INTO acdrunichan VALUES (NEW.uniqueid,@orichn,@dstchn); ELSE INSERT INTO acdrunichan VALUES (NEW.uniqueid,@orichn,@dstchn); END IF; END | AFTER | NULL | | root@localhost | utf8 | utf8_general_ci | utf8mb4_unicode_ci | +--------------+--------+-------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+----------+----------------+----------------------+----------------------+--------------------+ 1 row in set (0.01 sec)

Deleted it with:

DROP Trigger if exists asteriskcdrdb.simp_channel;

I concur. We're not putting much effort into our on-premises solution sets as the user there is the low hanging fruit and primary attack vector anyway.

For our hosting solutions though, what a PITA.

We coach our hosting contractors on locking down RDS to help mitigate any PEBKAC issues (ID10T types). And for the most part, they've been very successful as we have many examples of the "steel toed boots" preventing the bullet to the foot so to speak. 😉

The first time it is used, we have to manually type the domain\localadmin password.
995d4dcc-8f3f-428f-a56e-aafa241ca644-image.png
After that it is stored in credential manager.
e44ddd17-77ee-4318-a779-8edbc1471c2a-image.png

you can set static entries in EdgeOS.

Always set DHCP to give out the ERL for DNS. set service dhcp-server shared-network-name LAN subnet 10.254.103.0/24 dns-server 10.254.103.1 Always set the ERL to look at itself for a DNS (127.0.0.1 set system name-server 127.0.0.1 Make sure that DNS is listening on your LAN ports. set service dns forwarding listen-on eth1 set service dns forwarding listen-on eth1.2 Set DNS forward lookup to whatever. set service dns forwarding name-server 10.254.103.4 # my Pi-Hole set service dns forwarding name-server 1.1.1.1 If oyu are on a domain, tell EdgeOS to forward those to the DC. set service dns forwarding options server=/ad.domain.com/10.254.0.21 set service dns forwarding options server=/domain.local/10.254.0.21 set service dns forwarding options server=/domain/10.254.0.21 Set up your static DNS entries. set system static-host-mapping host-name nas inet 10.254.103.7

That was basically where I was 2 years ago - but clearly I didn't find the correct docs for my original thinking.

Not yet.

@scottalanmiller said in Payroll Provider gets Encrypted & Pays Ransom:

@JaredBusch said in Payroll Provider gets Encrypted & Pays Ransom:

@scottalanmiller's recent example clearly shows that. I would be interested to know how many man hours @NTG sunk into restoring that. And it was a small typical SMB office. Not a huge SaaS provider.

Not done yet. But ~28 to mostly recovered.

I"ve seen everything from 1 billable hour of labor (kicking off Veeam restore of 4 VM's and coming back when it was done) to 200 hours (rebuild from scratch, and recovered core ERP database from a developer clone on someone's laptop).

@scottalanmiller said in EFI Pace Won't Start After Vault Configuration Change:

Had to deal with Fiery too.

I think they misspelled that name slightly. Fire that company (I know, you wish they would.)

@Dashrender said in Need to Join Windows XP Clients to a 2016 Domain:

@scottalanmiller said in Need to Join Windows XP Clients to a 2016 Domain:

@Dashrender said in Need to Join Windows XP Clients to a 2016 Domain:

@scottalanmiller said in Need to Join Windows XP Clients to a 2016 Domain:

@Dashrender said in Need to Join Windows XP Clients to a 2016 Domain:

Does the XP machine need to be part of the domain? What about working around that issue?

We removed the domain completely.

So now you're what - trying to use a 2019 SMB file share or something?

What does file share have to do with AD? Completely disconnected concepts.

True - I was making my own leap -

So - where does this stand now then??

We removed AD. It turned out that it had been installed without evaluation and was serving no real purpose, but was posing a significant risk.

I suggest looking into the salt Logstash engine

@dbeato said in GPO for compatibility mode:

@Grey said in GPO for compatibility mode:

A previous admin created a gpo to alter and add an entry under the hive HKEY_CURRENT_USER in Key path Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range66 which forces a single entry for compatibility mode. I've spent a lot of time testing and, while the setting is to apply once and not again, it doesn't seem to allow a user to add more sites to compatibility mode and keep that addition after a reboot.

Has anyone successfully created a GPO for IE11 to enable CM for users to add items, while also pushing a list of our own? Is there a best method around for achieving this goal?

I have not, I only keep adding it through GPO (In the medical field which they have many sites as this).

Ditto - Just have to keep adding them via GPO. So glad we barely use IE 11 anymore.

Yeah me for posting shit always.. Just needed this again.

Saw the error and I was like.. hmm I posted about this.

e73ed3df-73d6-4e5b-a0b5-9f55aabbde79-image.png

@IRJ said in Web Site Pen Testing:

Here's a good free tool that I've used in the past.

https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Thanks @IRJ I'll check it out.

@stacksofplates said in Kvm network troubleshooting:

@scottalanmiller said in Kvm network troubleshooting:

Your server has an IP address of 192.168.122.1? Is that correct? Nothing wrong with that technically, but it would be exceptionally unusual. That's almost always the gateway address. What is the address of your gateway?

That's libvirts virtual bridge address for the NAT network.

Oh, duh, I missed the bridge. Carry on. 🙂

I should give Ansible a go one of these days, because whenever I research it, it seems to fall short of Salt, but it would be nice to really have concrete experience of how it falls short.

My current thinking is that if there's a windows feature that Ansible that Salt doesn't, I could probably just grab the powershell script + any dependent scripts and create Salt state/module wrappers around it.

Alternatively, Salt can run Ansible playbooks on minions, but the wrapper approach is more minimalist (don't have to install Ansible on each minion) and keeps secret security simpler.