@WrCombs said in Huge Mistake:

you can mix drives ? in a Mirror RAID (if that's the right term for it) environment.

You probably should take the A+ training on this site shared by @scottalanmiller . Usually A+ isn't recommended for most IT career paths, but what you are doing on a daily basis would match up well with A+.

You have asked about training here several times and then bring up not being able to move up in your career. This is basic stuff and you should really consider building a foundation on something even if its A+ and then branch out from there.

This not to pick on you, but hopefully give you a chance to move forward in your career with tough love. You need to focus on training and follow through. You aren't brand new (2-6 months) in IT anymore.

@scottalanmiller said in Huge Mistake:

Was the boss' plan to format the drive meant to be done with both drives in there currently?

There is a big lesson in this statement. I think the majority of us would have shut down and removed power from the drive we didnt want to format. This doesn't even allow this mistake to ever happen.

If you are doing PC repair often, a hardware cloner can help. Back when I was doing desktops, I could clone a drive in 5-10 mins. SSDs are a fraction of that now.

I learned your same lesson and always had spare HDs that I would use to clone information. Somebody on here will talk about how this is bad for SSDs to be written over and over, and they are right to a point. However, to reach that write level is pretty fucking difficult and drives are cheap. So cover your ass by cloning especially in a situation like this.

@WrCombs said in Huge Mistake:

@pmoncho said in Huge Mistake:

@WrCombs said in Huge Mistake:

So let me start this off by saying if I hadn't listened to my boss first thing this morning, this mistake wouldn't have happened. but god forbid he say he was wrong.

Okay: so, Went and picked up a PC from a customer: the plan as it was said to me was

• Pick up PC

*Bring back to office, put 2 new HDD's in and pull over the information after we image it.

*take it back and install it at the site again.

So, what actually happened?

Brought the PC back, boss told me to stop, he has an idea.
Reformat one of the Hard drives we have here, on that PC and then have the FakeRAID we use rebuild the information, then test the PC to run a terminal and verify it works properly.

So I added the other drive to the PC. Little did I know (nor did I check) the Optical drive was set to boot first (which is where I added this Drive to the PC ). It came up as C: and the PC I wanted to load as C: loaded as D:

so when I opened cmd and typed in
format d: and pressed enter, I wiped all of the customer data from the Drives..

it wasnt until I noticed a program we don't use on aloha PC's was when I realized what I had done.

My Tuesday Fuck up in a nutshell. -- Let's all take a moment to give me shit for this colossal screw up.

we already downloaded a Software to Recover lost partitions and I have that running right now .

Sorry man.... I had a huge F'up in my career about 20 years ago. Fess up to it, fix it the best you can, eat crow, learn from it and never do it again. That is all you can do from this moment on.

From my F'up, I learned to "slow down, verify and think before hitting enter or clicking "yes""

Yeah, pretty rough. going to try fixing it with this software that's running.
But, I told him as soon as I saw what I did, took ownership because as @Obsolesce pointed out, I didn't verify what I was formatting before hitting enter.

good. I see you have taken ownership of it

We have all done stupid shit like this in our careers, and that is not really the issue here. I am worried about you passing on the blame to your boss as a maturity issue.

In no way shape or form can you blame the boss for this. It's on you 100% and that is ok because it happens ONCE or maybe twice. But you need to man up to the mistake, or else you will never grow as an IT professional. There is a reason why IT veterans like myself verify 3 or 4 times and click once. We have made the mistake before, but we learned from it.

Take ownership on this one, bud.

@kemal-tunc said in Wazuh when I write the rule I encounter with a problem (Nmap Scripting:

unfortunately didn't show

ip - - [02/Jul/2020:14:14:40 +0000] "HEAD /modelsearch/login.cfm HTTP/1.1" 404 1374 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"

/var/log/apache2/access.log

<group name="NMAP_Security_Correlations,">
<rule id="100100" level="5">
<match>Nmap Scripting Engine</match>
<description>NMap Scripting Engine Detected</description>
<location>/var/log/apache2/access.log</location>
</rule>
</group>

wazuh-manager restart done

You need to restart agents, too

@kemal-tunc said in Wazuh when I write the rule I encounter with a problem (Nmap Scripting:

What log file is storing this?

apache

If I replace nginx section with apache?

Yeah just change the location to match apache log

You do not need a decoder for this, just create a new rule file like the one above.

<!-- ################################### -->
<!-- # NMAP Detection Rule                   #  -->
<!-- ################################### -->


<group name="NMAP_Security_Correlations,">

  <rule id="100100" level="5">
    <match>Nmap Scripting Engine</match>
    <description>NMap Scripting Engine Detected</description>
    <location>/var/log/nginx/access.log</location>
  </rule>

</group>

If using NGINX, you could also just block this and not worry about alerting on it. Just add that to your NGINX configuration file.

if ($http_user_agent ~* (nmap scripting engine) {
    return 403
}

Ok so you are trying to detect when someone uses NMap scripting engine....

What log file is storing this?

Are you just verifying it works? ICMP is disabled in windows firewall quite often, and really isn't necessary.

VLAN them and use ACLs that don't even all them to communicate with any other hosts. Allow them only to reach out straight to the vendor outbound and no inbound connections whatsoever.

You pretty much need to treat them as compromised

@JaredBusch said in Vultr Mobile App:

@IRJ said in Vultr Mobile App:

You aren't asking the right questions. You are saying "How do I specfically do X?" not "What is the best way to achieve my desired results?."

Managing instances from a mobile is just a bad idea, I understand you are out and about and you may need to run a remote command or two on your mobile. Managing the console does nothing to help you. What you really need is SSH. There are apps that let you save SSH commands so if you needed to restart your database service you could save the command and it do it with a single click. You can automate updates that way or you can use something like unattended-upgrades to automatically do that for you.

In no scenario do I see having an app for Vultr being beneficial. Let us know what problem you are actually trying to solve.

You are missing the point. He was managing the instances. Not the server running in the instances.

What is he managing that he can't do from ssh?

You aren't asking the right questions. You are saying "How do I specfically do X?" not "What is the best way to achieve my desired results?."

Managing instances from a mobile is just a bad idea, I understand you are out and about and you may need to run a remote command or two on your mobile. Managing the console does nothing to help you. What you really need is SSH. There are apps that let you save SSH commands so if you needed to restart your database service you could save the command and it do it with a single click. You can automate updates that way or you can use something like unattended-upgrades to automatically do that for you.

In no scenario do I see having an app for Vultr being beneficial. Let us know what problem you are actually trying to solve.

@gjacobse said in Vultr Mobile App:

Thanks @scottalanmiller; I could see the need for me to use it more as I don’t have access to a network in which I can access it for much of the day. Working for home, I can’t say I would ever need it. But as I can’t access it from the State network, I’m limited to my mobile device. And while it’s accessible via a web browser, on a mobile device (phone or tablet) an app could be ‘easier’ maybe.

Or just use Ssh from your phone. Why do you need to access the management interface ever?

@JaredBusch said in Vultr Mobile App:

I don't manage instances from my cell phone enough.

The web interface works well enough.

I would not trust a 3rd party app.

And to add to this... Don't use your mobile to manage your servers. Didn't you just make a mistake yesterday by doing this

This is a very helpful document that compares AWS to Azure 1:1

It is nice to have for a reference

https://docs.microsoft.com/en-us/azure/architecture/aws-professional/services

I think this is pretty far off topic from "Looking to buy a SAN" even for magolassi lol.

@Dashrender said in Windows Domain join issue:

@IRJ said in Windows Domain join issue:

Is that DNS name already joined?

I would slightly change the DNS name, reboot, and try to join again.

never had that be a problem before - it just steals the slot, but then again, I'm using a domain admin account to do the join, if he's not, that could be the issue.

It's an AD issue that dates back to 2000 and maybe NT4. I figure it may have been resolved by now, but I remember having to slightly change PC names to get them to join in the old days, especially on the the tech side without access to remove duplicate entries.

Is that DNS name already joined?

I would slightly change the DNS name, reboot, and try to join again.