Simple Security Models

C.I.A – Confidentially,  Integrity, Availability

A.A.A – Authentication (Multi-Factor Authentication / 2-factor authentication), Authorization, Accounting

Advertisements

List of Real-time cyberthreat map

The below is my list of real-time cyberthreat maps originated from different companies:

https://www.fireeye.com/cyber-map/threat-map.html

http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&list=0&time=16365&view=map

http://map.norsecorp.com/#/

https://cybermap.kaspersky.com

 

Public Folders stopped working after upgrade from Office 2013 to Office 2016

The fix was to re-created the Outlook profile by creating a new one.

Navigate to Control Panel -> Mail -> Show Profiles -> Create and choose to be a default one.

Once this is done a new *.pst files will be created. This means that all emails for that Mailbox will be downloaded from the Exchange.

Don’t remove the other profile until confirmed by the end user that all is working and nothing get lost.

FSR TO DFS SYSVOL Migration on Windows Server 2012

Lab:

Windows 2012 AD Services

Functional Level 2003 raised to 2008 R2

CHECK BASICS

on domain controllers issue

net share – check if the sysvol are shared

repadmin /replsum – to check if the synchronization is working

regedit then HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters then check that entry SysvolReady is 1. You need to check on all domain controllers.

services.msc – check if the DFS Replication in the extended tab is set up Automatic Startup

MIGRATE FUNCTIONAL LEVEL

In my case I was on 2003 so had it raise it to 2008 (2008 R2).

First Make sure that all your AD server are within the level you raise.

So if you raise to 2008 R2 all your AD servers need to run at least Windows Server 2008 R2

Administrative Tools Folder -> Active Directory Domains and Trusts  Right click on domain then click on Raise domain functional leven Then choose the one you want from the list. Click Raise. This should only take few second. Once done on Primary AD the changes should be made to all of them.

to check which your DC is Primary issue

nltest /dclist:domain.int 

You will see that one of your DC has got [PDC] flag which means it’s primary

MIGRATE THE DOMAIN TO THE PREPARED STATE

BACKUP FIRST

Check install role Windows Server Backup from Add role control panel. It should on the second list of services after you press Next first time.

To make a state backup run: https://technet.microsoft.com/en-us/library/cc742124.aspx

wbadmin start systemstatebackup -backupTarget:\\myshare\dc1

Wait until backup is finish it may take some time.

SET GLOBAL STATE ON PDC DOMAIN CONTROLLER IDEALLY (Make sure it’s not RODC) (Read-only)  https://blogs.technet.microsoft.com/askds/2011/10/28/friday-mail-sack-they-pull-me-back-in-edition/#netdom

Use the command below firs to check then move it says Start dfsrmig /setglobalstate 1

Do not progress further until all domain controllers are showing “Prepared” state

check using

dfsrmig /getglobalstate

THIS PROCESS MAY TAKE SOME HOURS/DAYS

 

 

How to install multiple packages with Ansible

The below is my task example used in ansible-playbook of how you can install multiple packages in Debian use ‘yum’ in redthat/centos distros.

The below install bind (Dns) packages and it’s making sure that the bind9 is started


# This playbook contains common plays that will be run on all nodes.

- name: Is Bind Installed?
  apt: name={{ item }} state=installed
  with_items:
   - bind9
   - bind9-doc
   - dnsutils

- name: Is Bind Started?
  service: name=bind9 state=started

How to create directory and make sure that the permission are correct using Ansible

The below is an example of what you can enter in your task/main.yml file if you are using ansible-playbook command

The below will create multiple directories if does not exist and it will make sure that the permission are correct.


---
### This is main task for DNS Slave servers

- name: Make sure that directories for Slave servers exists
  file:
   path: '{{ item }}'
   state: directory
  with_items:
   - /var/cache/bind/Data
   - /var/cache/bind/Slave
   - /var/cache/bind/Slave.rev
   - /var/log/named

- name: Make sure that directory have got correct permissions
  file:
   path: '{{ item }}'
   owner: bind
   group: bind
  with_items:
   - /var/cache/bind/Data
   - /var/cache/bind/Slave
   - /var/cache/bind/Slave.rev
   - /var/log/named