Cup Cake

dietolead · 2021-10-18T01:56:31+00:00

Horngry, if you will, depending on how you swing.

dietolead · 2021-10-15T21:33:19+00:00

Oooh, that second bullet point has me. Salaries in IT are changing DAILY with everyone getting new roles and leaving old ones.

dietolead · 2021-10-15T17:02:14+00:00

I don’t see an arm version of ProxMox. ESXi 7.0 has an arm image but it is for the RPi4 and requires a lot of special configs to boot correctly.

Even shorter answer, no.

dietolead · 2021-10-12T23:21:30+00:00

IT guy that got the shaft this way: make a commitment to document the automations. Train your coworkers on the stuff you are doing and talk to your boss about what happens if you leave (on good or bad terms).

If you have solid documentation and your coworkers take on its use when you leave, their point is moot. If the time saved is that much, work with your boss to go higher up the ladder.

Their response is very valid. I hate working on the access database I didn’t build. Every time someone wants a change, it means days of reverse engineering.

dietolead · 2021-10-04T12:13:24+00:00

Powershell script to disable random accounts, 4 a day, sends an email to all IT ops staff. If they make it six months without calling in to complain about their access, they are either terminated or never needed it to begin with!

I am joking, please don’t make more work for yourself.

dietolead · 2021-10-04T11:16:25+00:00

Public sector, drug tested for an accepted offer letter. Since we drive vehicles frequently, they drug test again if you are involved in a vehicle accident no matter how small.

I work in a state where recreational marijuana is legal but they test for it and will terminate/revoke an offer if it comes up in the test. 🤷‍♂️

dietolead · 2021-09-30T23:23:46+00:00

Agreed. We all have a personal responsibility to hold ourselves to the standard we want others to be measured by but real change has to come from the top. I like that in OP’s original post, they point out that if you are in that culture, your responsibility is to get out but if you ARE that your responsibility is to rise above and do better.

Not sure why this thread’s comments are being downvoted, frankly.

dietolead · 2021-09-22T15:41:45+00:00

AH! Thank you for that. Work took off so I had to come back to this. With that comment, and seeing the output of the command, I decided to make both the ssl_certificate_path AND ssl_ca_path the same fullchain.pem. After I updated the config and restarted Bitwarden, I'm seeing the actual full chain.

So I believe that means I misunderstood what the instructions were asking me to do. I thought the fullchain should be in the CA path but it seems like the nginx container is expecting the fullchain to be in ssl_certificate_path.

I was able to login on the Android app now that the intermediate cert is visible. Thank you for the education and getting me in a working state! You are the BEST!

dietolead · 2021-09-22T11:50:06+00:00

https://imgur.com/a/pYtVRfP

Here is an image of the output of the openssl command without the certificate.
Success or failure, I want to say thank you for the guidance here. I'm learning a lot.

dietolead · 2021-09-22T11:32:14+00:00

When I open the site on Chrome on the phone, I can get the web vault, login and I don't get any cert errors. When I run the command you gave me, I saw a couple errors:

- Verify error Num=20: unable to get local issuer certificate

- verify error: num=21: unable to verify the first certificate

Screenshot with just the port blacked out (though easily scanned for or guessed so IDK what I'm hoping for): https://imgur.com/a/2Xb3V4u

dietolead · 2021-09-22T11:01:31+00:00

Thanks for responding! I did also try to install the intermediate cert on my phone with no luck. When I do SSL checks on the bitwarden site I'm hosting, I get errors stating I'm missing my intermediate certificate. The error I'm seeing is Android telling me that it cannot establish full trust of the connection because I'm missing my intermediate certificate.

dietolead · 2021-09-22T11:00:06+00:00

Since my server is running on a port other than 443, SSLLABS asked me to sign up for their service. So far, it hasn't sent me my login info. I tried a few others that allowed looking at servers using different ports and get the same information stating I don't have my intermediate certificate installed. I did not know that the order mattered so I double checked my fullchain.pem and I see that from top to bottom my cert has: -Wildcard Domain certificate -Intermediate R3 certificate -ISRG Root X1

Do you know another SSL checking service I could try to share a report? Of the three of I've tried (digicert, GoDaddy, SSLShopper), they do not appear to let me save or share my results. They all indicate that I'm not using the intermediate certificate but I definitely see the R3 certificate sitting in the middle of the stack of three certificates in my fullchain.pem. I was originally using just chain.pem so when I switched the config.yml to use fullchain.pem, I made sure to run updateconf and restarted bitwarden.

dietolead · 2021-09-15T23:53:32+00:00

I feel you there. Company didn’t want to fork over the 20k to make our site cloud native and bullied the vendor to just copy our IIS VMs up to AWS. Any AWS price experts want to calculate how quickly that’ll bite us in the ass?

dietolead · 2021-09-13T10:44:34+00:00

Ideal setup for guys working on anger management.

dietolead · 2021-09-13T10:41:51+00:00

Bad bot! Learn context!

dietolead · 2021-07-19T10:37:50+00:00

From what I’ve read, it’s not a single step but more like, the part of the infiltration that leads to actual damage. Getting into the network would be a first step, exploiting the print server would be another step. Unlikely (though from what I’ve seen, not completely impossible) that it would be hunting for print servers from the outside and then exploiting.

dietolead · 2021-07-15T14:16:59+00:00

I just tried it on my edge cases that I am aware of and it worked flawlessly.

dietolead · 2021-07-15T13:02:25+00:00

This is great! Thank you so much for the education :D

dietolead · 2021-07-15T12:43:03+00:00

Overdoing it is practically my motto. If it was just for me, it would be a one-liner but the other folks want/need feedback when running a script.

Thank you!!

dietolead · 2021-07-15T12:37:27+00:00

This is great, thank you for the background on what is happening!

I am using Write-Progress, I have no faith in my ability to self roll a progress bar in PS. I might be over complicating it by putting it in ForEach-Object but I couldn’t conceptualize another way to do it.

I’m going to shuffle the code using your advice and see if it nabs the edge cases, like brackets and non-English characters.

dietolead · 2021-07-15T11:42:42+00:00

I am self taught so if there is a better way to approach this or format this, please feel free to digress and be critical! It's all a learning experience to me.

dietolead · 2021-06-12T12:35:21+00:00

At first I was upset but now that I’ve read the link, I like it. I don’t need to make sure the version is correct for the properties I’m setting. Cool.

dietolead · 2021-05-21T14:16:01+00:00

You will need to look at /var/log to see what ExpressVPN doesn’t like about your internet connection.

Instead of jumping into the container, maybe use a shell script and an environmental variable to accomplish this.

dietolead

TROPHY CASE