You got C-Suite buy in. Everyone else can eff off unless they are going to help you. I would recommend still dusting off that resume and making sure to update this. They are still making a killing off of you so make sure that they pay for some of the certifications for the stuff that you are doing.
Sounds like a lot of work for one person to be honest but if you have no obligations that need you home at a certain time and you are being compensated accordingly, you are picking up some valuable skills and doing the lordâs work there.
Regarding the part of too much work for one person, thatâs what I discussed before I was even hired as I was concerned about that. I originally declined the job offer because of that, but they scheduled a meeting with me to ensure that if the workload is too much, Iâll get a second person within the six months. With the promise of getting a second person I accepted.
Has anyone administered or worked with Odoo? It looks very extensive but maybe to the point of being unfocused. Still itâs nice to see an open source project provide business services like payroll and crm.
I need help building a really simple RPM, which take a single tarball that is a compressed directory, call it receiver-0.0.1.tar.gz, and extract it into /opt/receiver-0.0.1/
Thatâs it. However, the docs really donât explain this because itâs either a single file, or a more complicated task.
Please help me figure out how to write the spec file for this, or any guidance on creating an rpm for a single directory.
Your spec file should basically extract the tar ball to the build directory, copy it to the install directory, and mark all the files in the install dir to be included in the RPM.
Once you have a spec file place your source file (a .tar.gz) file in rpmbuild/SOURCES. Then use rpmbuild to create an rpm - ârpmbuild -bb file.specâ. (First b - build from spec file, second b - build the binary package).
Assuming youâve got the rest of the boiler-plate bits done already, something close to this should work, though itâs late and Iâm just spit-balling, havenât tested.
Does anyone using the IaC model use LaTeX or some kind of templating tool (erb, jinja, etc) to automate the upkeep of their documentation as their codebase changes?
I donât think anyone uses LaTeX for that. Ansible has the documentation built into the roles/collections and itâs all markdown/reStructuredText. Itâs not really automated though.
The disaster saga continues and I have some updates, mainly with good news
Got a budget of 50k for AVs, Veeam backups and 2x TrueNAS R20 systems (Thanks @SgtAwesomesauce for the suggestion btw)
About to close the purchase on the first TrueNAS system, you would not believe how much PAPERWORK there is if youâre an European company buying something from America
Began deploying Sophos Endpoint Protection onto employeeâs laptops remotely from the licenses I unearthed that were not used at all
Audited our systems in terms of access, disabled around 50 user accounts of employees that left for the last two to three years
Previous sysadmin used all UK vendors, so I turned my family visit trip to a business trip out of pocket to have in person meetings with new potential vendors based in EU (I just mainly wanted to not interact with family). Also ton of paperwork dear lord.
Previous sysadmin disabled Googleâs MDM for employeeâs phones. Why the fuck? Trying to get it enabled now.
Began the work of getting CMDB in terms of asset management implemented. The SNOW guy was smart enough to bring in contractors.
Not even two months in and already being thrown to do a certification for SNOW Sysadmin for free
Pushing for Zabbix monitoring, CTO gave double thumbs up for it âlooking niceâ and dumping alerts into chat, networking guy gave me thumbs up for it supporting LDAP login
Went to the datacenter last week with the CTO. Mentioned that we need to kill some of these ancient boxes and he just began to pull power cables for them. âIf someone needed those, theyâll screamâ, and nobody has to yet even peep about those boxes being gone
All 3 racks are full of ambers, spent 2 hours just trying to break into out of band management for a single server with the forbidden Dell knowledge and no login to the server or being able to shut it down. Also establishing OOB management now in works.
HASHICORP VAULT! C-Suite gave me thumbs up on local hosted vault as long as it works at 2 in the morning
Unearthed some stuff that was out of scope for the audit, found more security holes than swiss cheese
Engineers in meetings get visibly nervous when I raise hand or join their meetings because Iâm the companyâs security enfoncer. Pls donât be scared engineers JUST LOCK DOWN THAT UNPROTECTED ELK STACK!
Managers in standup amazed every single time with the amount of work I did the previous day and the engineers are praising me like the second coming of christ because Iâm giving them stuff like local storage in their geographic office, server maintenance, ability to use Google SSO or even a UPS for their server rack in the office
Thereâs even more, but Iâm shitposting this on a company time and I got a meeting in a minute so oops
EDIT:
I just had engineers threatening to quit the company because I want to implement 2FA onto VPNs and critical systems.
What.
EDIT:
After I alarmed the C-Suite about this, they told me that they were joking. Their joke got me into trouble. Smh.
Good, give it another two months and youâll start receiving bribes.
Ok, you know where the door is.
They probably were genuinely upset about 2FA. They just decided to throw you under the bus because at this point, the writingâs on the wall that youâre the big dick in the locker room and anyone not with the security program is going to get asked to leave.
This has been a joy to read. Iâm very happy to see the impressive amount of progress youâve made in 2 months or so.
NGL if I knew what company he was working for I would avoid them like the plague, not recommend their services, and boycott anything until their provided a clean bill of health from a reputable pen-tester.
If a company is that far in the gutter in terms of security they deserve all manners of hellfire that befall them.
This - if itâs anything like my company (whom I do like, though), youâve got a bunch of old guys that donât like what they perceive as just a new IT person telling them what to do and the âOh haha they were joking aroundâ was to just shrug it off.
They never had to before, so why should the new guy be allowed to change that? Thatâs the attitude I see around here a lot.
The joke is in poor taste and those people should not get a pass like this. Those kinds of jokes are reserved for only the closest friends and inappropriate for work acquaintances.
Soooo, something I forgot to mention that happened on Friday.
I saw the draft report of the security audit aaaandâŚ
90% of things on the network is labeled as critical or high severity, and most things were found just running unauthenticated nessus scan on the network
Guess I gotta throw deployment of Security Onion into the box alongside Zabbix and Hashicorp Vault.
For context, he wanted Google SSO for the Gitlab instance, but I told him that because we use 2FA with Workspace, he needs to enable mandatory 2FA for regular accounts per ISO 27001 requirements, and that VPNs will require 2FA too.
On Friday, I had a follow-up meeting with my manager, and he basically told me to stop scaring the engineers lol. Need to run any drastic changes by him now (Why was I allowed to do drastic changes without telling him from day one tho???).
TOTP instead of security keys is unfortunately a financial decision. I keep pushing for Yubikeys to be rolled out, but I already unfortunately proposed a budget for the next six months that was already approved, so I canât scrape 5k+ out of nowhere.
Okay you will laugh but I looked up what happened to the second IT guy in the other geographic office and he retired. Then two months later the main sysadmin left the company to be a software dev.
Anyway, I hope that with the audit report in the hand, I can finally get the push and support to get stuff fixed