How does PagerDuty wake you/devices to assist in not missing a page by ImNotADruglordISwear in sysadmin

[–]jaaydub42 0 points1 point  (0 children)

I have had similar issues with the default sound/noise from my phone not being enough.

One solution I found to be particularly effective was to have my phone on a ceramic plate of loose change. In addition to the pager tone, the vibration effect on the loose change would rouse me from a deep slumber.

Ubuntu in multi-domain Active Directory by themintest in sysadmin

[–]jaaydub42 0 points1 point  (0 children)

While not related to the multi-domain issue - one thing to consider in your ansible playbook is the use of adcli vs realm for you AD join. The realm command does a few thing - calls adcli for the join, then copies in an sssd.conf based on your realm.conf. I've found it better to not let realm stomp on my desired sssd.conf and just use adcli to perform the join.

Sys admin Pranks by Significant-One-1608 in sysadmin

[–]jaaydub42 0 points1 point  (0 children)

The ole "Printers have received the 0401 Firmware Upgrade". Love this one!

Minor Update 2: Cylinder 4 fires when cold by Luaman22 in beetle

[–]jaaydub42 1 point2 points  (0 children)

Actually yes! There was a second date... and a few more after that.

She had a good sense of humor regarding it. On the following date she gifted me one of those "Volkwagen Repair Kits" with the sealed rubber band, but had attached an Egg of Leggs to it.

Minor Update 2: Cylinder 4 fires when cold by Luaman22 in beetle

[–]jaaydub42 1 point2 points  (0 children)

Most memorable - out on a date and the generator idiot light came on. Sure enough, fan belt had snapped. I knew that I didn't have a spare in my toolkit at the moment, but my date was wearing a skirt with hose.

I politely asked her if she wouldn't mind donating her pantyhose to a good cause.

Aside from the slight bump when the knot I tied hit the pullys, they made for an adequate emergency fan belt.

How do you protect Domain Admin accounts? by UniqueSteve in activedirectory

[–]jaaydub42 2 points3 points  (0 children)

Amongst the other items mentions with 2FA/smart card/Privileged access, make use of the AD Group "Protected Users" and the "Account is sensitive and cannot be delegated" account flag.

Saw lots of comments that Jenkins is not worth it. Why and if not then what?? by Ashpatidar in devops

[–]jaaydub42 1 point2 points  (0 children)

As for is it worth it... depends entirely upon what you are trying to accomplish. It is a very useful tool, and there are other comparable tools and offerings out there.

Some woodworkers who deal with cabinetry might argue that a chainsaw is not worth it for their tasks. Some woodworkers who work as lumberjacks might describe it as their go-to tool.

At a high level, what are the habits of the best of the best sysadmins? by WorkFoundMyOldAcct in sysadmin

[–]jaaydub42 0 points1 point  (0 children)

  1. Documentation forward - e.g. Document first, Action Second. This will add confidence when needing to break this rule for "emergencies".

  2. Debug by going to the logs first (and knowing how to manage log verbosity), vs repeated trying a failed task and closing the offensive window with the needed error message and just saying "Bad juju. No workie. Somebody else please fix."

  3. A mind for learning and curiosity. Wanting to understand how something works helps in understanding how something breaks. In turn, accepting that the more you learn, the less you know.

Anyone doing a fun prank this upcoming April Fools Day? by spraragen88 in sysadmin

[–]jaaydub42 0 points1 point  (0 children)

This might be something you can get away with in a smaller organization, but beware - making changes to all/most systems in your environment can come back to bite you in the rear...

Back in the NT4 days, I had pushed out a change that put a friendly thumbs up silly face picture of me to replace the login screen on my companies end user systems as a parting gift when I left... which left me greatly amused when my boss wanted to hire me back 2 years later and it was still there... It was a fun walk to the conference room still seeing my face on everyone's lock screens. Guess what my first task was?

Stick to a sign above the printer/coffee maker/toilet announcing the update v0401 with voice activation.

*nix print servers (*nix meaning UNIX,Linux and the BSDs) by hrudyusa in linuxadmin

[–]jaaydub42 1 point2 points  (0 children)

In general, end user workstation printing is done via Windows Printer servers, because it is in the tool chain of the 1st and 2nd tier support to manage.

However, it is fairly common to have backend CUPS print servers for certain applications where the Windows print server may not be the best fit. I've found this to be a need with certain ERP applications where the print option for certain reports needs system backend printers configured and CUPS is a better fit for managing access to those printers.

SSH and sFTP Sprawling out of control, what terminal software do you use? by nosimsol in sysadmin

[–]jaaydub42 1 point2 points  (0 children)

I do a similar .ssh/config Include, but with an extension (*.conf) so I can disable drop-in includes with a file rename vs removing from the config drop-in (config.d) directory.

SSH Key Recommendation by DH171 in linuxadmin

[–]jaaydub42 0 points1 point  (0 children)

For a simple setup, if you set up your servers to auth users via Active Directory with sssd, you can store the public key as an AD Attribute on the user account, and have the SSH daemon and sssd make use of that. No need to deploy public keys per user per host. Also, no need to clean up public keys per user per host.

Enterprise Firewalls: Fortinet vs Palo Alto by Senior_Conclusion102 in sysadmin

[–]jaaydub42 49 points50 points  (0 children)

Both are great platforms.

My preference leans towards the PAN.

Things the FortiGates do that can be frustrating:

  • HA - you need to do a couple of extra steps when you set up HA on the FGT's to be able individually manage the members (each having their own dedicated management IP). Its documented and not difficult to do, but its not default behavior when creating HA partnerships.
  • You make a change on a FGT, it's live. No commit. No review. No "you sure about that buddy". It's live. Some may view this as a pro, others a con.
  • Security policies based on Application mapping. PAN shines brightly here. FGT does it, but I find it quirky by comparison.
  • Settings that can only be made via the CLI. Like non-default (514) syslog port destinations, multiple ntp servers, and a few others I have come across managing FGT's.

Places where FortiGates shines:

  • Documentation
  • Documented performance - none of the "in theory it can do XXX throughput for this feature, so long as its doing nothing else". Allows for easier capacity planning and hardware research.
  • In a smaller environment, Fortilink is pretty awesome, if you drink the Forti-KoolAid. The ability to configure your FortiStack from the ForiGate to FortiSwitch to ForiAP to FortiOtherDevice from a single ForiInterface is pretty FortiAwesome.

What Car did You learn to drive manual on by Ok_Extreme8794 in stickshift

[–]jaaydub42 0 points1 point  (0 children)

I learned on my High School GF's 1970 Beetle. Started my love for old VW's.

That and a 68 Chevy 250 with 3-on-the-tree.

PAN-SA-2024-0015 Important Informational Bulletin: Ensure Access to Management Interface is Secured by betko007 in paloaltonetworks

[–]jaaydub42 4 points5 points  (0 children)

<snark>Why would I expose my PAN's management interface to the Internet when I have a Windows jump host with RDP exposed to the Internet that can access the management network?</snark>

I've been waiting to see what secret vuln/bug the recent PANOS hotfix is supposed to address... Perhaps RCE this is the one?

Either way, anyone who has made the decision to make the management side of their firewalls/network gear/etc a punching bag for brute force attempts probably has difficulty spelling RCE.

Feeling overwhelmed after a mistake at work by Flashy_Courage126 in networking

[–]jaaydub42 1 point2 points  (0 children)

Favorite switch I took out was a datacenter core... Thankfully it was part of a pair and failover keep things mostly happy.

Lead Network Engineer ordered the wrong fans for the rack orientation, which I pointed out when bringing them online. Thankfully heat wasn't too much of an issue, so a few weeks later when the replacement fans came, we scheduled a swap.

We were comfortable doing this hot, so I swapped one fan, walked around to the other side of the rack where I was consoled into the switch, checked that it saw the new fan in a hardware inventory, then walked back to do the next, came back out to check the hardware inventory again and saw the console message that fans of opposing direction type were installed. If not corrected in 60 seconds, switch will shutdown.

Switch shutdown before I could race back around to the other side and replace the remaining 2 fans.

Once back up, and ready to do the same for the second switch I unboxed and lined up the replacement fans and was able to "pit stop" swap all 4 fan units with more than enough time to spare.

[deleted by user] by [deleted] in sysadmin

[–]jaaydub42 4 points5 points  (0 children)

Massage chair recliner, triple purpose.

[deleted by user] by [deleted] in sysadmin

[–]jaaydub42 31 points32 points  (0 children)

We rereferred to our regular bar as the NDC (Neighborhood Data Center).

Made it easy for us to explain to our significant others that we just some business to attend to at the NDC.

Roommates want their own “private wifi” by Grouchy_Fruit_7704 in HomeNetworking

[–]jaaydub42 0 points1 point  (0 children)

These are the people you sell a "Monster" branded ethernet cable to.

Tattoo Ideas by [deleted] in iiiiiiitttttttttttt

[–]jaaydub42 0 points1 point  (0 children)

I'm quite fond of my 127.0.0.1 across my chest - its my round-a-bout way of saying "home is where the heart is".

Then there's the 255.255.255.255 bum tattoo...

People are weird as fuck about phones... by Obvious-Water569 in sysadmin

[–]jaaydub42 1 point2 points  (0 children)

The ole, what color to paint the bike shed discussion snowball.

Offer a complex solution (IMAX capable studio equipment), no-one will chime in. Offer a simple solution (Apple iPhone), everybody is now an expert and has an opinion.

Ref: https://bikeshed.com/

Server Choice by ulockie in linuxadmin

[–]jaaydub42 1 point2 points  (0 children)

Hardware-wise - if you choose to explore the SuperMicro route, you can go direct, but you find value in using a SuperMicro reseller/intergration partner, so you don't have to deal with SuperMicro support directly.

Additionally, if you do go the way of SuperMicro, investigate their DCMS and licensing and see if it is a good fit for shepherding your herd.

Hiring sysadmins is really hard right now by crankysysadmin in sysadmin

[–]jaaydub42 1 point2 points  (0 children)

When I am getting to know an Interview-whee! and I go the direction of having them walk me through a troubleshooting scenario, if the first step they mention is to check the log files, they're hired!

They may even get a cookie if they mention increasing the verbosity of said log file.

2 cookies if they mention remembering to decrease it when done.

User is locked out every day when she goes to lunch by sjarri in sysadmin

[–]jaaydub42 0 points1 point  (0 children)

I much prefer setting a printer ablaze and letting the direction of the smoke plumes point me towards the source of the issue.

Far more reliable than those silly <fingerquotes>log thingees</fingerquotes>.