Sysadmin Mega Thread

Sounds like you’re on the right track to me. Random docker containers from random places aren’t a great idea, but the linuxserver.io people are pretty legit.

2 Likes

Additionally if there’s both a container from linuxserver.io as well as from $PROJECT itself there is likely a good reason for that. Assuming the official container is any good linuxserver.io tends to discontinue their versions.

1 Like

Just accepted a job offer for a sysadmin position for a medium sized company. This is going to be my first proper sysadmin position.

What’s the first thing I should do, or make a checklist on the first few days after I start working? I was made aware that there’s a backlog of stuff since the last admin left and I’m expecting that I’ll inherit a dumpsterfire of an infrastructure.

What I have in mind is to first read up on any documentation left by the previous admin, check if there are backups in place, if the backups are functional and offsite backups, if there’s incident response/disaster recovery plan written up and go ham with a label maker in the datacenter making sure everything’s labeled correctly and then last after ensuring that infra is good to check for endpoint AV management if all agents are active and check for any stale assets during asset inventory.

8 Likes

Confirming EVERYTHING is getting backups is an excellent 1st step. 2nd is making sure there is monitoring for absolutely everything of importance… Every service that needs to stay running, every network connection, every SSL cert and domain name that will eventually expire, every UPS, etc. Nothing worse than something important silently failing and going unnoticed.

3 Likes

Is there an equivalent of elastic endpoint security that integrates with Prometheus/graphana? Or can elastic endpoint already integrate with it? I’ve heard ELK is really resource hungry so I’m leaning towards Prometheus/graphana/Loki but I need a FOSS cross-platform endpoint security solution.

Does anyone have a good password manager for mac that doesn’t require a Apple Account?

For linux I use KeePass and it’s awesome, but I figured since it’s a new platform maybe someone here has some experience or a recommendation.

cotton

ps

It would be ideal if it could generate complex passwords, and also was locally installable rather than a cloud service.

1Password is very Mac-like in that a lot of attention is given to UI/UX to make it friendly to non-technical people, although it does have a cli tool and some advanced features. The business versions are cloud based. I use it because I have my clients use it and it’s easier if we’re all on the same thing. If it were just me though, I’d probably go with keepass or Bitwarden.

1 Like

I just use KeePass(X/XC? Not sure, would have to check the exact flavour), and I keep the db in Nextcloud. Then again, I avoid browser integration so ymmv…

1 Like

Strongbox is a good iOS/Mac password manager. It has a paid tier though. There is a license for life, monthly and yearly options. Its a KeePass variant so it is good. The only reason I am not buying this is that I wish to return to the Android ecosystem and use an actual free one.

i’ve googled it up quickly and … isn’t that just a bunch of premade rule/filter ?
It doesn’t look any smarter than what you can already do, but you will have to make the rule yourslef.

Maybe there is a repo of rule for grafana that would trigger for similar event ?

1 Like

:man_shrugging:

I thought it was something you installed on the endpoint but maybe not?

I need some advice on this one.

I need to run a shell command using ansible to gather structured output from a program. I then use ansible filters to build a datastructure in memory where I can do lookups on.

Picture this as the output of a bash command which is stored as a string in an ansible variable:

INPUT (IT’S A MULTILINE STRING)

teamname:Cougars
description:Baseball
member:John,second
member:Bill,first

teamname:Rockies
description:Baseball
member:Phil,pitcher
member:Peter,catcher
member:Wilbur,centerfield

teamname:marlins
description:MinorLeague

I need to build a data structure represented like:

POSSIBLE OUTPUT EXAMPLE 1

teams:
  Cougars:
    teamname:Cougars
    members:
      - john,second
      - Bill,first
  Rockies:
    teamname:Rockies
    description:Baseball
    member:
      - Phil,pitcher
      - Peter,catcher
      - Wilbur,centerfield
  marlins:  
    teamname:marlins
    description:MinorLeague
    members:

so far I can split them on the “\n\n” character, because that is the demarcation of the “objects” or teams here. This builds an array of a single strings. Each string is an index. For each string the key value pairs are delimited by “\n” characters. Assuming I could split these into key value pairs, I need to make the “members” into a list of objects maping them from the “members:” string.

Any suggestions on this before I keep rambling?

Here’s a python representation of the data structure:

POSSIBLE OUTPUT EXAMPLE 2

teams = {
  "Cougars" : {
    "teamname": "Cougars",
    "description":"baseball",
    "members": ["john,second","Bill,first"]
  }
  "Rockies":{
    "teamname":"Rockies",
    "description":"Baseball",
    "member": ["Phil,pitcher","Peter,catcher","Wilbur,centerfield"]
  }
  "Marlins":{
    "teamname":"marlins",
    "description":"MinorLeague",
    "members":[]
  }
}

TFW

I want to know more ansible/jinja so i could actually help

It looks like you’ve extracted a data structure. Is that accurate? If not, I suggest doing positive lookbehinds. (see below) Do you absolutely need it represented the way you’ve listed? Your required output is very close to yaml, so I’d suggest allowing for quotes and just dump it to yaml.

You could do the following:

templates/teams.yaml

{{ teams | to_nice_yaml }}

Positive Lookbehinds:

(?<=teamname:)(.*$) will match the name part of the teamname line.

Here’s an example:

1 Like

The problem is I need to convert text output generated from a bash command (see first data set). It’s a string.

I need to use filters to change into a dicitionary of dictionaries with “members” as a list for each key.

Basically, I need to create a datastructure from a string that is similar to the yaml or python structures I presented after the output.

1 Like

Ahh, ok. Sorry got distracted by output format.

Let me have a think for a minute.

1 Like

@cotton ; here’s how I would do it.

I would split the string on \n\n like you’re currently doing, then I’d run a bunch of regex queries on that string. I’m assuming bash.

#!/usr/bin/env bash

TEST="teamname:Cougars
description:Baseball
member:John,second
member:Bill,first"

TEAM=$(echo "$TEST" | grep -Po "(?<=teamname:)(.*$)")
DESCRIPTION=$(echo "$TEST" | grep -Po "(?<=description:)(.*$)")
MEMBERS=$(echo "$TEST" | grep -Po "(?<=member:)(.*$)")


echo $TEAM
echo $DESCRIPTION
for MEMBER in $MEMBERS;
do
  echo $MEMBER
done

There should be a way to do regex these pattern matches in straight bash, but I forget how it works.

3 Likes

I think I might have an approach with python… I’ll post in about 20 minutes.

3 Likes

For sure; whatever works. Either way, I hope I was able to help.

1 Like

If you’re doing this a lot, yeah you probably want to write yourself a custom filter in Python.

That said, if you’re a sadomasochist like me, you can probably do it with existing filters. I’ll see if I can whip something up for you.

1 Like