User Tools

Site Tools


main

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
main [2017/03/29 21:12]
bryanheinz [main]
main [2018/11/13 21:27] (current)
bryanheinz [Sign Meraki SCEP CA Cert]
Line 1: Line 1:
 # main # main
 +This wiki serves as my quick and dirty documentation and fixes. There'​s very little explanation. Mostly its just steps to perform with references if more context is needed.
  
   * [[apple|Apple]]   * [[apple|Apple]]
   * [[profles|Configuration Profiles]]   * [[profles|Configuration Profiles]]
   * [[hypervisor|Hypervisor]]   * [[hypervisor|Hypervisor]]
 +  * [[munki|Munki]]
 +  * [[reposado|Reposado]]
  
-### test 
  
 ## dokuwiki ## dokuwiki
Line 91: Line 93:
  
 ## Upgrading a Unifi controller ## Upgrading a Unifi controller
-1) Log into the controller and go to Settings > System and uncheck “Automatically upgrade firmware” +  - Log into the controller and go to Settings > System and uncheck “Automatically upgrade firmware” 
- +  ​- ​SSH into the Unifi controller 
-2) SSH into the Unifi controller +  ​- ​Type: apt-get update 
- +  ​- ​Type: apt-get install unifi 
-3) Type: apt-get update +  ​- ​After the upgrade finishes log back into the controller and go to Access Points 
- +  ​- ​Upgrade the access points (this will kick users off the AP) 
-4) Type: apt-get install unifi +    ​If the AP doesn’t restart and start checking back in: 
- +      ​- ​SSH into the AP as root 
-5) After the upgrade finishes log back into the controller and go to Access Points +      ​- ​Type: reboot
- +
-6) Upgrade the access points (this will kick users off the AP) +
- +
-   a) If the AP doesn’t restart and start checking back in: +
- +
-\    \    i) SSH into the AP as root +
- +
-\    \    ii) Type: reboot+
  
  
Line 197: Line 191:
 This will change the IP address until the next reboot. On the next reboot the IP address will flip over to this since we set it in the Networking preferences. This will change the IP address until the next reboot. On the next reboot the IP address will flip over to this since we set it in the Networking preferences.
  
-## Creating SSH keys for password-less SSH+## Creating SSH key pairs for password-less SSH
  
 1) On the client machine run <​code>​ssh-keygen -t rsa -b 4096</​code>​ 1) On the client machine run <​code>​ssh-keygen -t rsa -b 4096</​code>​
  
-2) Copy the output ​.pub contents ​file to <​code>​/home/$user/,ssh/authorized_keys</​code>​+2) Copy the .pub file contents ​to the servers .ssh/authorized_keys file 
 + 
 +References:​ 
 +  * [[http://www.paulkeck.com/​ssh/|HOWTO: set up ssh keys]]
  
 ## Decrypt encrypted SSH keys ## Decrypt encrypted SSH keys
Line 344: Line 341:
 On the Select Recipient page, select a user you want to forward all email to. Select the Deliver message to both forwarding address and mailbox check box if you want both the recipient and the forwarding email address to get copies of the emails sent. Click or tap OK, and then click or tap Save. On the Select Recipient page, select a user you want to forward all email to. Select the Deliver message to both forwarding address and mailbox check box if you want both the recipient and the forwarding email address to get copies of the emails sent. Click or tap OK, and then click or tap Save.
  
-## Create SSH Key Pairs 
-1) Run and walk through the command: 
- 
-<​code>​ssh-keygen -t dsa</​code>​ 
- 
-2) Copy the new .pub key to the server'​s .ssh folder and rename it to "​authorized_keys"​ 
- 
-References: 
-  * [[http://​www.paulkeck.com/​ssh/​|HOWTO:​ set up ssh keys]] 
  
 ## SFTP Too Many Login Attempts ## SFTP Too Many Login Attempts
Line 423: Line 411:
 References: References:
   * [[https://​www.forensit.com/​downloads.html|ForensiT]]   * [[https://​www.forensit.com/​downloads.html|ForensiT]]
 +
 +## Expanding Graylog Storage ##
 +These steps were used to add storage for Graylog Server ''​Graylog 2.4.5+8e18e6a''​ and ''​Debian 9.4''​.
 +
 +WARNING: Do not use a NAS. If the NAS goes offline when Graylog isn't expecting it to (crashes or even soft-reboots) it can mess up Graylog.
 +
 +  - Add storage to the VM in ESXi
 +  - Reboot VM
 +  - Install parted: ''​sudo apt-get update && apt-get install -y parted''​
 +  - Find the raw disk: ''​sudo parted -l | grep Error''​ (Error: /dev/sda: unrecognised disk label)
 +  - Set the partition scheme: ''​sudo parted /dev/DISK mklabel gpt''​
 +  - Create the partition: ''​sudo parted -a opt /dev/DISK mkpart primary ext4 0% 100%''​
 +  - Verify the partition creation: ''​lsblk''​
 +  - Create the partition filesystem: ''​sudo mkfs.ext4 -L PARTNAME /​dev/​PARTITION''​ (if the disk was sdb, this should be sdb1)
 +  - Verify the filesystem creation: ''​lsblk --fs''​
 +  - Make a mount point: ''​mkdir /​mnt/​newStorage''​
 +  - Mount the new storage: ''​mount -o defaults /​dev/​PARTITION /​mnt/​newStroage''​
 +  - Create a safe space to copy the log indexes ''​mkdir /​mnt/​newStorage/​nodes''​
 +  - Run an initial rsync ''​rsync -av /​var/​lib/​elasticsearch/​nodes/​ /​mnt/​newStorage/​nodes''​
 +  - Stop Graylog: ''​systemctl stop graylog-server.service''​
 +  - Stop Elasticsearch:​ ''​systemctl stop elasticsearch.service''​
 +  - Run rsync again to mirror the existing indexes: ''​rsync -av --delete-during /​var/​lib/​elasticsearch/​nodes/​ /​mnt/​logs/​nodes''​
 +  - Verify that there are no differences between the folders: ''​sudo diff -qr --suppress-common-lines /​var/​lib/​elasticsearch/​nodes/​ /​mnt/​logs/​nodes''​
 +  - Move old data ''​mv /​var/​lib/​elasticsearch/​nodes/​ ~/​nodes''​
 +  - Create a new "​nodes"​ folder ''​mkdir /​var/​lib/​elasticsearch/​nodes/''​
 +  - Unmount the new storage: ''​umount /​mnt/​newStroage''​
 +  - Add ''/​dev/​PARTITION /​var/​lib/​elasticsearch/​nodes ext4 defaults 0 2''​ to ''/​etc/​fstab''​
 +  - Mount fstab: ''​mount -a''​
 +  - Verify the data is present: ''​ls /​var/​lib/​elasticsearch/​nodes/''​
 +  - Move the indexes into their proper spot: ''​mv /​var/​lib/​elasticsearch/​nodes/​nodes/​* /​var/​lib/​elasticsearch/​nodes/''​
 +  - Fix permissions:​ ''​chmod -R elasticsearch:​elasticsearch /​var/​lib/​elasticsearch/​nodes''​
 +  - Reboot
 +  - Verify Graylog is up-and-running
 +  - Verify index data is present on the server ''​ls /​var/​lib/​elasticsearch/​nodes/''​
 +
 +
 +References:
 +  * [[https://​www.digitalocean.com/​community/​tutorials/​how-to-partition-and-format-storage-devices-in-linux| Partition and Format Storage Devices in Debian]]
 +  * [[http://​docs.graylog.org/​en/​2.4/​pages/​configuration/​graylog_ctl.html#​extend-disk-space|Extend disk space]]
 +
 +====== Sign Meraki SCEP CA Cert ======
 +  - Log into Meraki Console
 +  - Goto Organization -> MDM
 +  - Under ''​SCEP CA Certificate Configuration''​ download the ''​Meraki\_SCEP\_CA\_CSR.csr''​
 +  - Copy the CSR to your Windows CA server
 +  - Open PowerShell with admin privileges
 +  - Run this command: ''​certreq -submit -attrib "​CertificateTemplate:​SubCA"​ Meraki\_SCEP\_CA\_CSR.csr''​
 +    - Select your CA when prompted
 +    - Save the file, name it whatever you want
 +  - Back in Meraki on the Orgs MDM settings click ''​Choose File''​ under the ''​SCEP CA Certificate Configuration''​ settings
 +  - Select and upload your signed cert
 +  - Click ''​Save''​
 +  - Test install the cert
main.1490821975.txt.gz · Last modified: 2017/03/29 21:12 by bryanheinz