Sysadmin

The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies.

Please let me know if there is a better community to post to. This one seems like a good place to start.

I have a very short character ICU domain registered and it was working for months. Without changes to DNS or anything else, it suddenly stopped working. I found out that no DNS records were resolved anymore. It is not that they are invalid. They are non-existant on any DNS servers. According to dnschecker.org's DNS lookup for ALL records, there no records at all. Same with using dig, which just shows an A record with no value.

I use my own nameservers and all of my other domains work fine. I have not changed anything on my end either. Still, I switched to Namecheap's default name servers to see if that would resolve the issue. No change.

I contacted Namecheap few about a month ago. They opened a ticket for me with a High priority. They just a couple times now, saying they are still monitoring the issue but don't have an answer yet.

Is anyone else experiencing something similar? Any ideas what may be going on?

Broadcom is killing off VMware’s on-premises perpetual licenses – and getting set to strong-arm VMware customers onto subscriptions, by also ending the sale of Support and Subscription renewals for such customers.

VMware described this to customers as part of its plan to “complete the transition of all VMware by Broadcom solutions to subscription licenses.”

“We are [also] ending the sale of Support and Subscription (SnS) renewals for perpetual offerings beginning today” SVP Krish Prasad said in a FAQ.

Which VMware products are affected?

VMware Cloud Foundation
VMware vSphere
VMware vSAN
VMware NSX
VMware HCX
VMware Site Recovery Manager
VMware vCloud Suite
VMware Aria Suite
VMware Aria Universal
VMware Aria Automation
VMware Aria Operations
VMware Aria Operations for Logs
VMware Aria Operations for Networks

In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and Babuk ransomware.

While other reports point to malware downloads as initial access, in this report the threat actors gained access via a MSSQL brute force attack. They then leveraged Cobalt Strike and Tor2Mine to perform post-exploitation activities. Within one hour of the threat actors accessing the network, they deployed BlueSky ransomware network wide.

Security updates have been issued by Debian (gst-plugins-bad1.0 and postgresql-multicorn), Fedora (golang-github-nats-io,
golang-github-nats-io-jwt-2, golang-github-nats-io-nkeys, golang-github-nats-io-streaming-server, libcap, nats-server, openvpn, and
python-geopandas), Mageia (kernel), Red Hat (c-ares, curl, fence-agents, firefox, kernel, kernel-rt, kpatch-patch, libxml2, pixman,
postgresql, and tigervnc), SUSE (python-azure-storage-queue, python-Twisted, and python3-Twisted), and Ubuntu (afflib,
ec2-hibinit-agent, linux-nvidia-6.2, linux-starfive-6.2, and poppler).

Hey everyone. This magazine was on the abandoned list, so I put in to take over ownership, and here we are! I'd like to revive the sysadmin community here on kbin, and create a solid resource for all of us admins here on the fediverse.

For now, until the board becomes more active again, I'm going to moderate it myself, however if you'd like to help out please DM me here or over on Mastodon and we can hash out the details.

I'll be getting some basic board rules together soon, and will try to post as much useful and relevant information as I can. In the meantime, I hope to see everyone around, and feel free to post away, fellow admins!

Somebody I’m helping has an ancient, and i mean ancient (like 3 major versions before latest or so) install of Rundeck doing stuff for them. Might help them upgrade it to the latest (more like reinstall and configure from scratch, it was built years ago with assumptions no longer true), but before i commit I’d like to know if there’s decent replacements/alternatives for it these days.

In case you don’t know Rundeck, it allows you to set it up so that a number of users, with various privilege levels, are allowed to execute scripts on remote machines, with whatever privileges the given script needs, giving them parameters from an allowed set you configure. That’s all, no more, no less.

Sounds like something that should be common, but when you look for alternatives it gives you everything that’s ever been touched by the word DevOps, from Ansible and every “configuration engine” software ever made, to automation libraries and the like. I just want something that does this and no more, let people run scripts while preventing them to break stuff. If it’s something commandline friendly (Rundeck wasn’t as far as i can see) much better, and doubly so if it’s user friendly (have tried AWX and feels like it wants to be able to run the whole of Google from a browser window, dislike it in general, far too convoluted, and not user friendly at all for the not very techie office workers that use Rundeck today).

Somebody I’m helping has an ancient, and i mean ancient (like 3 major versions before latest or so) install of Rundeck doing stuff for them. Might help them upgrade it to the latest (more like reinstall and configure from scratch, it was built years ago with assumptions no longer true), but before i commit I’d like to know if there’s decent replacements/alternatives for it these days.

In case you don’t know Rundeck, it allows you to set it up so that a number of users, with various privilege levels, are allowed to execute scripts on remote machines, with whatever privileges the given script needs, giving them parameters from an allowed set you configure. That’s all, no more, no less.

Sounds like something that should be common, but when you look for alternatives it gives you everything that’s ever been touched by the word DevOps, from Ansible and every “configuration engine” software ever made, to automation libraries and the like. I just want something that does this and no more, let people run scripts while preventing them to break stuff. If it’s something commandline friendly (Rundeck wasn’t as far as i can see) much better, and doubly so if it’s user friendly (have tried AWX and feels like it wants to be able to run the whole of Google from a browser window, dislike it in general, far too convoluted, and not user friendly at all for the not very techie office workers that use Rundeck today).

Six or more day old accounts are currently serving dodgy links, under different subjects from your instance. Could someone look into this?

I have always configured a web server to default to a certain domain that I'm pointing to it. I just setup a web server with a few domains on it and realized I should be using a default sites-available config... I think.

Is there a best practice for setting up a web server with multiple domains? Right now, I have a self signed cert for the default config, in case someone points to my server for some reason OR if there is something done outside the configs for each domain. Since the default config has no domain associated to it, I had to use a self signed cert. Also, right now, I just have default return a 404.

If it makes a difference, I'm running nginx.

Is there some docs out there on what is best to do here? Thanks for any input.

Microsoft plans to introduce the new Microsoft Teams in mid-July 2023 and start replacing the classic Teams in September.

Today is Microsoft's June 2023 Patch Tuesday, with security updates for 78 flaws, including 38 remote code execution vulnerabilities.

Welcome to the June 2023 edition of What’s New in Teams! Following a month of great announcements from Microsoft Build 2023, we are not slowing down by bringing you 45 new features for the month of June. We have a great line-up of new features to announce. My personal favorites are Spatial Audio i...

Apparently also coming soon to Teams to help us "stay engaged in conversations as you browse the web". Thanks so much Microsoft - I always thought it was my social anxiety keeping me from staying engaged in conversations - turns out I was just using the wrong browser!

Does anyone else block AI tools like ChatGPT or Zoom notation extensions in their office network? Why or why not?

My team has been debating the risk involved with them but I've been on the fence. I saw this article (that's part ad for Asterisk) on it this morning and it got me thinking about it again.

https://thehackernews.com/2023/06/generative-ai-apps-chatgpt-potential.html

#ChatGPT #AI #security #sysadmin

Here's the error i'm getting. Seeing others on different sites are also reporting this issue.

-- 5.7.51 TenantInboundAttribution; There is a partner connector configured that matched the message's recipient domain. The connector had either the RestrictDomainsToIPAddresses or RestrictDomainsToCertificate set

The attack caused intermittent outages for about a day.

The transition will be "automatic", but if you're using Google Domains as of now, this is your heads up to start moving things unless you like Squarespace.

I recently found: AAD Auth from Canonical/Ubuntu for native AzureAD auth for Ubutnu systems. For the past bit we've mostly been Windows/macOS, and never really entertained linux for business use - mostly because we've never had the tooling for it. We exclusively use Azure AD (no on-prem AD), so in the past when looking the solution has been Azure AD Domain Services with SSSD.

Whilst this is likely very 'Googleable' and something I could spin up and test myself (which I likely still will), in the interest of trying to start some discussion on this magazine - I was wondering if anyone has had any experiences (positive/negative) with using native AAD auth with Ubuntu?