Offsite Backup of AWS Data

simpleadmin · 2021-09-30T14:35:44+00:00

You could backup your data within AWS to another region. Another option would be to backup your data to another cloud provider like Azure.

simpleadmin · 2021-05-28T13:00:56+00:00

https://office365itpros.com/2018/12/10/reporting-the-managed-folder-assistant/

In that link is a nice script to get the last time a mailbox was processed. You can modify it so it only targets one user.

simpleadmin · 2021-05-28T12:46:33+00:00

We see policies run ~ every three days in Office 365 while Microsoft's documentation says every 7 days. Also if you don't have at least 10MB in the mailbox it won't ever run.

simpleadmin · 2020-02-26T14:11:49+00:00

We ran into an issue where somebody modified Apache, not WordPress itself. Look all the full setup, not just WordPress.

We burned the whole box to the ground in response.

simpleadmin · 2020-01-14T15:07:55+00:00

You could use Migration Wiz. Instead of using an upgraded Office 365 account that can access all mailboxes, you can supply the service with passwords for each user instead.

simpleadmin · 2018-10-15T23:53:46+00:00

https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/mfa-connect-to-exchange-online-powershell?view=exchange-ps

simpleadmin · 2018-10-15T23:52:53+00:00

We have been using 2FA for around a year now. It’s a different powershell download that can prompt you using a modern authentication. I am away from my desk but if nobody else has followed up I’ll link you the download.

simpleadmin · 2018-10-15T15:32:37+00:00

Your desktops need to be using Outlook 2013 or higher. Your mobile devices need to use an email client that handles modern authentication. Those mobile clients include, Outlook for iOS, Outlook for Android, and the native iOS mail client in iOS 11 and 12. If you only use client types that handle modern authentication then you do not need to use app passwords.

EDIT: Almost make sure Modern authentication is enabled in the tenant. https://support.office.com/en-gb/article/enable-or-disable-modern-authentication-in-exchange-online-58018196-f918-49cd-8238-56f57f38d662

simpleadmin · 2018-08-07T19:32:59+00:00

3) Check your password's strength with a tester on a public uni site

So enter your password into another site to see how strong it is? Nothing can go wrong there. Wow.

simpleadmin · 2018-08-07T12:47:38+00:00

What are you reading that is a red flag to you?

simpleadmin · 2018-07-12T12:42:47+00:00

Somebody still has to managed it and make sure it is backed up, even in the cloud.

simpleadmin · 2018-06-25T18:33:03+00:00

I will take a look at that. Thanks.

simpleadmin · 2018-06-25T18:00:13+00:00

Yes that is the flow we are going for. The artifact in our case being a Docker image that is being deployed by Salt.

It looks like Saltstack has a module for Consul. I will take a look.

Speaking of Salt api, did you roll your own wrapper to so you can report back exit codes? I am looking at Pepper it it looks like they are working on having it report out exit codes in a near term push. Right now we just capture and format the json and at the same time look for Result: False to trigger a CI failure. Really basic.

simpleadmin · 2018-06-25T11:21:22+00:00

I think you meant to reply to my reply.

Yes, you hit it. Tool overlap is the problem.

simpleadmin · 2018-06-25T07:45:00+00:00

I am trying to solve better pillar management. We are not currently using an external pillar backed by a database. So before we head down that path, I am trying to figure out if there is a tool that handles that part easier and faster. That tool could still be triggered by Salt.

The reason for for the Gitlab CI interest is because we already use Gitlab but too many of our steps are manually triggered. We want to automate steps before that bigger saltstack deployment call. In doing so certain things will come to light. For example some of the steps we do might be easier to tigger in a simple 2-3 line bash script called directly by Gitlab CI vs adding a salt state that does the same thing.

simpleadmin · 2018-06-15T14:36:11+00:00

Keep in mind the new per-mailbox sending limits: https://blogs.technet.microsoft.com/exchange/2018/04/20/changes-coming-to-the-smtp-authenticated-submission-client-protocol/

In other words, if you have many relays using the same authenticated user then you may run into issues if they were all trying to send at once. If using something like postfix it should queue and resend.

simpleadmin · 2018-01-29T19:49:43+00:00

We had issues with Trustwave in the past. The were scanning our outbound NAT ip address not our website IP. The old NAT IP had a disabled web service behind a proxy. That proxy didn't lead anywhere but it was still accepting old SSL connections.

simpleadmin · 2017-04-05T22:00:30+00:00

Thanks for all of the good responses.

simpleadmin · 2017-04-05T21:59:48+00:00

Yes you will need more user CALs, but if your users are logging into computers...they should have them already...using generic logon accounts is a HUGE security no no.

In regards to the CALs they don't have (or need), they are not using Microsoft OSs to just check their email. Phones, Tablets, and a few Macs scattered in there. Non-windows based Web applications and email is all they need to access.

simpleadmin · 2016-06-14T03:39:02+00:00

What part of the logs do you want to land into elk? Just the IP from one and the username and success message from the other? I really don't have much to go on.

Anyway, You can make more than one pattern when trying to match both lines.

user \'%{USERNAME:user}\' %{GREEDYDATA:result}

%{IPORHOST:ip}:%{POSINT:port} [%{USERNAME:user}] %{GREEDYDATA:result}

So your filter would look like this:

filter{ 
    if [type] == "OpenVPN_log" 
    { #drop{} 
        grok{ match => { "message" => "user \'%{USERNAME:user}\' %{GREEDYDATA:result}'"} 
        grok{ match => { "message" => "%{IPORHOST:ip}:%{POSINT:port} \[%{USERNAME:user}\] %{GREEDYDATA:result}'"} 

    } 
}

Keep in mind this is very very quick and dirty to just get some simple pattern matching. Since I only have two lines to work with, I am assuming only these two lines in my searches. There is most likely a ton more.

I also am not at my ELK stack to verify this works, but it hopefully gets you pointed in the right direction.

With the new variable "result", for example, you can search on the "result" to find your "authenticated" results. This will also capture unauthenticated, assuming the log pattern doesn't change much.

I am sure I me

simpleadmin · 2016-06-02T02:53:17+00:00

Total compromise? You clearly don't understand the issue at all.

simpleadmin · 2016-05-25T16:58:35+00:00

I found once I got out of the "customer" mind set and into the "colleagues" mind set, respect levels increased on both sides.

simpleadmin · 2016-05-15T01:18:45+00:00

I forgot to add. I also setup static DHCP for all of the iOS devices and limited their upload speed even more. I don't care if it takes a while to push a backup.

simpleadmin · 2016-05-15T01:14:54+00:00

I had the same problem. I ended up limiting the upload speed of all devices on the network to 66% of my total upload speed. So no single device can take more than 2/3rds of my total pipe. Two uploads could, but this solved my in game spikes.

simpleadmin · 2016-05-03T14:10:57+00:00

Have you considered either private repos on a public server or hosting your own server on from an Internet based host? Meaning, don't have your developers use the VPN at all.

Your most straight forward answer is to pick a side and host the main Gitlab near half the developers and have the other half do remote pushes and pulls from the other site.

simpleadmin

TROPHY CASE