Hey everyone,

Today I'm sharing a project I initially built to solve a personal problem that has quickly been picking up traction: HoneyWire v2.0. Hopefully it will help you out as well!

I wanted to run high-fidelity network canaries in my network, but I couldn’t justify enterprise pricing, and I wasn’t a fan of managing custom orchestration across all my VMs to make available OSS solutions work.

So, I built HoneyWire. It’s a completely free, open-source distributed deception platform.

It uses a point-in-time CLI wizard to deploy hardened, distroless Docker traps. You run the command once, it spins up the decoy, registers it to your centralized Hub dashboard, and the setup agent completely exits. No persistent background daemons.

Main Features:

Zero-Agent: No ongoing background overhead on your hosts.

Centralized UI: Manage fleet settings, deployments, View fleet health, uptime, and lateral movement alerts.

Alerting: Built-in push notifications and SIEM forwarding.

Privacy: 100% free, open-source.

UX: 60 seconds from a fresh Linux box to an active cyber canary.

GitHub Repo: https://github.com/andreicscs/HoneyWire Landing Page: https://honeywire.dev/

Would love to hear your thoughts on the architecture or any feedback if you test it out!

AI Disclosure: As a student and solo developer/maintainer, I used AI as a “junior dev” during project development to help accelerate boilerplate writing and documentation. All core architecture, system structure, and security logic were fully designed and implemented by me.

Hello all,

I have recently joined a company as a system administrator and I am in a dire need of advice.

In the interviews we discussed how it is needed for the company to manage Windows endpoints, apply policies, patch them and make sure that they comply with new regulations.

They told me the RMM that they will use and I took for granted that I will have an AD or intune as a tool along side it.

Apparently all I will have is the RMM tool, nothing else, which I think is insane. They expect me to manage the local policies through scripts that I will push through the RMM.

I have told my supervisor that this is not a good idea because the endpoints will basically be unamanged devices, scripts are not reliable and tend to break with updates, they won't stack well... etc. The response was: "this is how we were advised to proceed" (probably by the RMM company, I did not ask), with automations and scripts. I asked for a possibility for an MDM but they will have to check the cost of that.

Now the colleague (field tech) that was starting the project before I came along is fine with it somehow, and I had a look into a script that will set the password "policies". It is a combination of "net" and changing the local security database of windows.

Am I out of touch? I have to admit that I am relatively new to the field and my scripting skills are not good. I am writing a report about this which I am not sure if I should send or not.

What would you do here? Do I need to skill up and take it on?

Hello!

Sorry in advance for quite a long post but I am unsure how to explain everything without writing it all down here... so thank you and please bare with me! :)

I've just started a new job as junior IT sysadmin and am trying to figure out whether my worries are normal or if this is just what some smaller companies are like and everything is ok.

During the hiring they've told me they have no internal IT department and relies only on 2 external IT people: -1 consultant who sometimes helps with sharepoint -1 sysadmin who manages everything but also works fulltime for another company They've also mentioned they had recently migrated to M365 and that the migration has caused all kinds of issues with permissions, access rights, and overall administration. It sounded very messy but also interesting, so I still accepted the offer thinking I will have to deal mostly with M365.

Now I've started this job and got to know that comany's CEO is apparently quite controlling and wants to know and see everything. He is also a Global admin in M365 and has additional high privilege roles assigned. I've also learned that the expectations now seems much bigger than what I would normally think that only a junior sysadmin alone should do since they expect me to: -help with sharepoint administration and it's structure -manage and redesign existing M365 permissions and access -communicate with all departments to understand their workflows, requirements and software that they use -review entire companys IT infrastructure -potentially introduce company wide AI and security policies -work with and administrate MS Dynamics and PowerBI (I told them that I have no or almost no experience with those) -work with integrations between sales platforms and internal systems -participate in and maybe even lead future CRM migration (no more info) -help with creating a document management system because they currently don't have it -potentially introduce on prem servers in future

At this moment I have only sharepoint permissions in M365, which are nowhere near enough for many tasks I'm being asked to help with not to mention that I have no admin access in my computer either. I've requested necessary access to actually do tasks they're expecting from me from the external sysadmin. I asked for global admin and local admin rights, providing detailed info in an email for why I need them. I've also cc'd my manager (that's not even related to IT) to document everything. The external sysadmin just sorta ignored me by only replying that they wish to meet up sometime later so I still have no access. I honestly don't get how I'm supposed to manage systems if I cannot even access them or see what's inside normally...

I also asked my manager a fairly direct question the other day: 'If the company needs all of this why did you hire specifically just a junior sysadmin instead of an experienced IT manager or some senior sysadmin?' The answer I got was that they want to 'grow a person internally alongside the company needs'... Then I pointed out that someone with more experience would make less mistakes and be able to set everything properly. The response then was basically that they are not afraid of mistakes because they're an RnD company where mistakes are normal. They also said that they didn't want someone who would come in and 'do everything their own way'.... like wtf..? That answer then left me confused and speechless because things like permissions, security, infrastructure and stuff already have best practices for a reason!

So...is this a normal situation for smaller companies that are building their internal IT for the first time? Is this an actual growth opportunity and I'm just worrying for nothing..? Would you guys be concerned and think about exiting already? I'm simply very confused on what's the right thing to do...

Currently working at a small manufacturing business that is drowning in the "we've always done it this way..." mentality and I just hope I can get out of here before it bites them in the ass.

Anyone got experiences with technical debt or outdated IT practices snowballing into a complete disaster? Surely companies can't limp along indefinitely... right?

We’re currently implementing additional security controls for our hosting platform, and one of the biggest challenges we’re encountering involves customers connecting over mobile networks. As users move between towers or regions they are frequently assigned different IP addresses within very short timeframes, which complicates IP-based allow-listing.

Is there a reliable way to obtain and maintain up-to-date CIDR ranges for major mobile providers such as AT&T, Verizon, and T-Mobile?

For reference, we currently use this from Starlink that provides a public feed of their IP space.

Great example of why using placeholders like [email protected] is a bad idea.

Hello all! We're starting a platform co-op that offers alternatives to big tech services. What are your thoughts on the following operating philosophy? (any other advice/recommendations is appreciated too)

Operating Philosophy

Choose the most boring option that meets business needs. This has several reasons:

• We're providing services, not learning or playing.
• Boring works. They're either battle tested or stupidly simple.
• Much easier to maintain and onboard.
• We're not a FANG company; we should just do what everybody does and call it a day.
• Easier to debug.
• More portable if we ever need/want to switch VPSs.

Case study

Debian with Docker containers reverse proxied through NGINX

• Debian -- very boring; not even Ubuntu
• Docker -- boring. not even Podman, and certainly not Kuberneties
• NGINX -- boring. most widely used reverse proxy by a long shot

Using Debian means that we will have very long term support, which means less downtime and easier maintanence . Also everything is available for Debian, whereas [obscure distro] won't have a broad application support.

Docker has been the de-facto standard for a long time. It's portable and has widespread application support, and it's scalable. We don't actually need swarms of instances running everywhere communicating with each other, so Kuberneties would be overkill. Docker allows us to have an instance running and create a second instance when upgrading to avoid downtime.

NGINX is extremely common. It's battle tested, and it's so widely deployed that if there's a security vulnerability there will be many bigger fish to catch than us. Also most sysadmins will have experience with NGINX, so onboarding and maintaining will be easy.

Going to be working on refactoring an ISP's webmail application. After some study, I really do like Roundcube and was wondering what kind of plugins you offer clients? What's your preferred topology?

We use an email gateway for spam, but is there anything to help with unsubscribe automation that is proven?

He notado que algunos mensajes desaparecen sin dejar rastro en intervalos irregulares.

No hay logs visibles, no quedan registros en caché y tampoco hay evidencia de eliminación manual.

¿Alguien más está observando este comportamiento? ¿Puede ser un sistema sin persistencia o estamos viendo filtrado activo en tiempo real?

I do a lot of hosting migrations and got tired of checking DNS records across multiple tools every time. So I built my own.

No signup, no ads.

Feedback welcome.

Thank you for sharing your experiences :)

cross-posted from: https://lemmy.zip/post/61407838

Made this post on forum.mikrotik.com and it's awaiting approval from moderation, figured I'd try here...

Hey everyone!

Been running into an issue the last few weeks with trying to setup a VLAN on my home network.

Hardware/OS/IP:

Router (R) = GL.iNet GL-MT6000 (Flint 2), OpenWrt 25.12.1, 10.1.10.1
Office switch (O) = CRS310-8G+2S+, MikroTik SwOS 2.18, 10.1.10.2
Living room switch (LR) = CSS610-8G-2S+, MikroTik SwOS Lite 2.21, 10.1.10.3

Followed a few different guides on the OpenWrt side of the house, primarily this one

During my multiple attempts I have wiped all devices and started fresh a few times and I always end up in the same situation…

VLAN appears to be working on the LR switch (CSS610)

VLANs tab
    Port 1 is my trunk and a member of all 4 of my VLANs
        10 = LAN (Used for network devices and maintenance)
        20 = IoT
        30 = Guest (not configured on the switch, only for WIFI)
        40 = Main (Primary VLAN for my network)
        50 = Servers
    Ports 2-5 are members of VLAN 40
    Port 6 is a member of VLAN 10
VLAN tab
    Port 1 = Strict, Only tagged, Default ID 1
    Port 2 -5 = Strict, Only untagged, Default ID 40
    Port 6 = Strict, Only untagged, Default ID 10

This seems to work great, devices will get 10.1.40.x IP addresses and I can connect to port 6 and get 10.1.10.x IP address. Confirmed that my firewall rules also seems to work (although I’ll probably want to run this past OpenWrt forum as well).

But when I go to look at the O switch (CRS310), I’ll mirror this configuration, I’ll get DHCP and DNS, but I can’t reach the WAN or ping any other devices apart from the network equipment. Most recently I tried just VLAN 10 because I figured it would be using the LAN firewall rules and work correctly, but I get the same issue… correct IP address but no traffic.

Note: These screenshots are from last attempt to get something to work, when I mirror the CSS610 setup, I get the same results.

I had to follow these steps to get the SwOS boot to work on the CRS310

Curious if either…

• Have I configured the CRS310 incorrectly and something needs to be different vs the CSS610 which seems to work?
• Is there is a known VLAN related bug with the CRS310 & SwOS?

Any advice and guidance would be appreciated, feel like I am going in circles at this point.

Happy to share any outputs or screenshots from my OpenWrt router if it’ll help, but the issues do seem to be related directly to this CRS310 switch.

I have begun the process of building a lab for my team of HPC consultants, and I'm trying to make some plans. I would like this to be as flexible as I can make it. I live 3½ hours away from the site, so the fewer trips down there to recable and/or move stuff around the better! Most of this hardware has various older InfiniBand connectivity, along with multiport LOM & OCP cards at either 1Gb or 10Gb. Most also have the option to do dedicated and shared BMC. We have 2 dedicated IPs (so far) that I'm currently using for the head node's BMC & SSH access. This will be all Linux, though we will be accessing web interfaces when testing various products. My initial thoughts:

• Identify what we want to keep and what we want to excess. There's some _very_old hardware in there! There's also some old OmniPath hardware in there. We don't see much OPA, but some team members seem to think that may change. Still this stuff is old.
• Carve out a management/provisioning network. Ideally, this will allow us to switch between dedicated and shared BMC ports at will. We use this for customer knowledge transfer when we demo our cluster management software. The share ports are usually the onboard port 1, which is usually 1gb, so this is easy enough. We can probably cable all of that up to 1 switch.
• Identify a subset of nodes to cables up the capability of accessing the campus network. These systems are behind the company VPN, and we will be controlling login access ourselves. While I'm not worried about someone on the team doing something nefarious on the company network, I don't want everything to have this capability. Still, having the option with some will give us some flexibility, and we have a handful of systems with more Ethernet ports than we would otherwise need (campus LAN access is 1Gb).
• Head node will run Proxmox to give us the flexibility to spin up temporary test heads for team member projects. The idea here is we can partition the network using VLANs to isolate what a group is doing with some systems from what anybody else is doing. The current head node has sufficient space to host shared home directories. We will also have a small IBM ESS that will be added to these racks next time I'm there.
• I had thought about running some containers in either a VM on the head node or some LXCs. Right now the only thing I'm thinking about on that front is netbox.

This is what I have off the top of my head. If there's any useful software, procedures, or if I'm on the wrong path entirely, I'd appreciate your help. We have a modest budget, but we did convince our management to at least buy us a used 1Gb switch that is at least similar hardware that we would see "in the wild." We're hoping we can use the lab to show value there and get them to approve some other, still modest, requests in the future!

I work on an HPC and often I have to share files with other users. The most approachable solution is to have an external cloud storage and recline back and forth. However there's some projects that are quite heavy (several TB) and that is unfeasible. We do not have a shared group. The following is the only solution I found which is not to just set al permissions to 777, and I still don't like it.

Create a directory and set ACL to give access to the selected users. This works fine if the users create new files in there, but it does not work if they copy from somewhere else as default umask is 022. Thus the only appropriate solution is to change default umask to 002, which however affects file creation system wide. The alternative is to change permissions every time you copy something, but you all know very well that is not going to happen.

Does it really have to be such a pain in the ass?

I started my IT career in 2011, I have enjoyed it, I have got to do a lot of interesting stuff and meet interesting people, I will treasure those memories forever.

But, starting with crypto turing general computing from being:

"Wow, this machine can run so many apps at the same time!" or "Holy shit, those graphics look epic!" or "Amazing, this computer has really sped up that annoying task!"

To being:

Yo! Look at how many numbers I can generate!

That brought down my enthusiasm severely, but hey, figuring out solutions to problems was still fun.

Then came AI/LLMs.

And with it, a mountain of slop.

Finding help about an issue has gone from googling and reading help articles written by something with an actual brain to mostly being rephrased manuals that only provide working answers to semi standard answers.

Add to that a general push to us AI in anything and everything, no matter how little relevance it holds for the task at hand.

I also remember how AI was sold to the us at first, we were promised to do away with boring paperwork, so we could get on with our actual job.

What did we get? An AI that takes the fun and creative parts, leaving the paperwork for the workers.

We got an AI that we need to expect to be stealing our work and data at every point, giving us shit work back, while being told that we should applaude it and be grateful for it.

And the worst thing, the worst thing is that people seem happy with it. I keep getting requests to buy another Copilot license or asking for another AI service to be added to our tenant, I am sick of it!

We got an AI that somehow has slithered onto the golden throne and can't be questioned.

I am not able to leave the tech market at this time, but I will focus on more tangible hobbies going forward.

This year, I have given myself a project, I will try to build a model railway in a suitcase. That will be a Z-scale tiny world in a suitcase.

I have never done anything remotely like it, but I feel like I need something physical to take my mind off tech.

Sorry for the rant, but I just came off of a high from realizing and putting words to my feelings.

I'm moving Solarwinds over to this; Netbox for documenting network setup and rack diagrams of hardware, with nbxsync to sync Netbox over to Zabbix for uptime monitoring. So far its been amazing and easy to setup, are there any better alternatives to this that you're using?

Edit: Can no longer reproduce with same setup, issue seems fixed at googles side.

TL;DR: See title. How can I tell Google they're probably processing their mail wrong?

After setting up the Matrix Authentication Service (MAS) and exim-relay as mail server, I noticed verification mails sent from the service are often in the spam directory.

When digging deeper, I found out the mails are failing DKIM authentication. This was weird because DKIM is set up correctly, as verified by other mail providers and online DKIM test tools such as DMARC Tester.

Searching online for "gmail fails DKIM authentication, while other providers pass", I found regular reports, posts or similar without resolution, or unrelated resolutions such as DKIM alignment.

Using meld, I compared the original source of mails as received by gmail with those of other providers, and found a difference:

In other providers, the header for "From:" and "Reply-To:" fields are presented with double-quotes:

From: "John Smith" <[email protected]>
Reply-To: "John Smith" <[email protected]>

In gmail, where DKIM fails, there are no double-quotes:

From: John Smith <[email protected]>
Reply-To: John Smith <[email protected]>

As this should be the raw source each, I ruled out presentation issues and digged deeper.

I found out, that specifically the rust crate lettre, as used by the MAS, encodes names with whitespace using double-quotes. Further, from researching a bit more and reading RFC 2822 sections 3.2.4 and 3.2.5, I come to the conclusion that whitespace needs no quoting in mail headers.

I created issues upstream and downstream to report the issue at lettre and MAS, particularly that their mails are failing DKIM checks at gmail:

• https://github.com/lettre/lettre/issues/1125
• https://github.com/element-hq/matrix-authentication-service/issues/5497

If you've read that far, you probably wonder why I post all of that? For one, to provide another data point for people scratching their heads over mail issues.

But other than that: I'm pretty sure the google mail servers should not strip the quotes before doing the DKIM check. I assume they have some kind of decode -> process -> encode workflow, that then simply encodes the headers again, this time without the quotes. But IMHO a correctly signed message should not lead to an authentication error, even if the contents are not perfectly encoded.

I would be curious on getting some feedback from some mail experts on what is happening here. This is not my field of expertise and I'm going by what I've learned over the past 48h.

hi everybody, i‘m pretty new here and just want to see if switch from sysadmin subreddit to this place is an option.

i was searching for sysadmin communitys in lemmy and just saw that there are different sysadmin communitys on different instances? as far as i understand means this, that the participents got split in differen communities?

since the count of members is already a issue here in my opinion, how could we handle that? or why do you think different communities are the way to go?

just interested in your opinions

We're currently using a traditional third party email gateway for spam/phishing scans etc, and we're using that gateway to redirect a few hundred (don't ask) email addresses to Zendesk and few other places. Now we're moving to an integrated solution that means having 365 handle incoming emails directly and we're struggling with the best approach to porting those redirects.

As it stands, with our domains marked as Authoritative, email is bouncing before any mail flow rules are evaluated due to not having existing mailboxes or contacts. I suppose "best practice" is to create contacts or mail users for all of the support addresses we need to use, followed by either mailbox-level forwards or mail flow rules for all of those addresses (or lump them into a group where appropriate). But that way seems like a big pain in the ass to administer.

The other option is to set the domains as Internal Relay, which will allow 365 to skip checking whether an address exists, and then just use mail flow rules to handle the redirections directly, which we can script easily enough. But that way seems unsupported at best, and raises big questions about what happens when someone emails an actual non-existent address.

Googling didn't come up with much in the way of useful documentation so I asked a couple of AIs and they've been similarly inconclusive. Copilot thinks that misdirected email will simply bounce with a "no route found" NDR, and gave me error code 5.4.312 that appears to be made up, while ChatGPT thinks that it'll result in a mail loop and eventual 5.4.6 error, "routing loop detected".

ChatGPT's explanation seems more plausible and its suggestion of using a catch-all rule to either redirect or bounce mis-addressed emails sounds good on the surfacce, but again, I can't find anything written by actual humans to confirm or deny.

So I come to you, denizens of sysadmin! Is there any suggested or best practice configuration for the redirection of large amounts of email addresses? Is using Internal Relay on what is actually the final hop a supported configuration? Or is the only supported/sane option to use an Authoritative domain along with the additional overhead of mail contacts?

Hugely appreciate any thoughts!