File directory – Boom Directory http://boomdirectory.com/ Fri, 30 Sep 2022 10:00:27 +0000 en-US hourly 1 https://wordpress.org/?v=5.9.3 https://boomdirectory.com/wp-content/uploads/2021/08/cropped-icon-32x32.png File directory – Boom Directory http://boomdirectory.com/ 32 32 Install Samba on RHEL-based Linux distributions https://boomdirectory.com/install-samba-on-rhel-based-linux-distributions/ Thu, 29 Sep 2022 22:02:05 +0000 https://boomdirectory.com/install-samba-on-rhel-based-linux-distributions/ Image: joyfotoliakid/Adobe Stock Samba is a key part of using Linux in a professional environment. With this subsystem, users can share directories on the network so that others can view and even modify the content they contain. SEE: 40+ open source and Linux terms you need to know (TechRepublic Premium) With some Linux distributions, like […]]]>
Image: joyfotoliakid/Adobe Stock

Samba is a key part of using Linux in a professional environment. With this subsystem, users can share directories on the network so that others can view and even modify the content they contain.

SEE: 40+ open source and Linux terms you need to know (TechRepublic Premium)

With some Linux distributions, like Ubuntu Desktop, many things are in place by default. Other distributions, such as those based on Red Hat Enterprise Linux, may not include everything needed to get Samba working out of the box. That’s what I’m here for: I want to walk you through the process of setting up and running Samba on RHEL-based Linux distributions.

What you’ll need to get Samba working on RHEL-based distributions

The only things you will need to install Samba are an RHEL-based Linux distribution and a user with sudo privileges. I’ll demonstrate with EuroLinux, but this process should work with just about any RHEL-based distro.

How to Install Samba

The first thing we need to do is install Samba. To do this, log into your Linux distribution and open a terminal. From the terminal window, run the command:

sudo dnf install samba samba-common samba-client -y

Make sure the service is started and enabled with:

sudo systemctl enable --now smb

That’s it for the install. Let’s create a share.

How to create a Samba share

Let’s create a share in /srv. To do this, create a new folder with the command:

sudo mkdir -p /srv/samba/euroshare

You can name the share in the samba directory whatever you want.

Give the new share the appropriate permissions with the following commands:

sudo chmod -R 755 /srv/samba/euroshare
sudo chown -R nobody:nobody /srv/samba/euroshare
sudo chcon -t samba_share_t /srv/samba/euroshare

Next, we will create a share from the smb.conf file. Open the file for editing with:

sudo nano /etc/samba/smb.conf

At the bottom of this file, add the following:

[Public]
path = /srv/samba/euroshare
public = yes
guest only = yes
writable = yes
force create mode = 0666
force directory mode = 0777
browseable = yes

Save and close the file. Restart Samba with:

sudo systemctl restart smb

How to adjust the firewall

Now we need to open the firewall so that Samba can be accessed. First, create the new firewall rule with:

sudo firewall-cmd --add-service=samba --zone=public --permanent

Reload the firewall with:

sudo firewall-cmd --reload

At this point, the Samba share should be accessible from other machines on your network. And with the public smb.conf configuration, even anonymous users have read and write access to the share.

How to limit access to registered users

If you don’t want such broad access granted to the share, you can configure it so that only legitimate users can access the share. The only caveat to this is that the user will need to have an account on your machine. Of course, you can still create a sambashare user, so all you need to do is give that user’s credentials. To create the sambashare user, run the command:

sudo adduser sambashare

Be sure to give the user a strong/unique password.

Then give the new user a samba password with:

sudo smbpasswd -a sambashare

Then activate the user with:

sudo smbpasswd -e sambashare

Then the public smb.conf entry should look like this:

[Public]
path = /srv/samba/euroshare
browsable = yes
writable = yes
guest ok = yes
read only = no
create mask = 0644
directory mask = 2777

Next, we will need to give the sambashare user access to the folder with:

sudo chown -R sambashare /srv/samba/euroshare

Restart Samba with:

sudo systemctl restart smb

Now the sambashare user should have full access to the share.

And that’s how we do Samba-based Linux distribution with RHEL. You can now dance knowing that you have allowed users on your network access to the files and folders on it.

Subscribe to TechRepublic How to make the technology work on YouTube for all the latest tech tips for professionals from Jack Wallen.

]]>
How to Enable Fullscreen Widgets on Windows 11 https://boomdirectory.com/how-to-enable-fullscreen-widgets-on-windows-11/ Wed, 28 Sep 2022 05:19:25 +0000 https://boomdirectory.com/how-to-enable-fullscreen-widgets-on-windows-11/ As Microsoft announced the next big Windows 11 2022 update, it also released a new version in the Dev channel. The Redmond giant is wildly experimenting with new features in the Dev channel. One of those features is the fullscreen widget table, but it’s still hidden behind a feature flag. However, there is a nifty […]]]>

As Microsoft announced the next big Windows 11 2022 update, it also released a new version in the Dev channel. The Redmond giant is wildly experimenting with new features in the Dev channel. One of those features is the fullscreen widget table, but it’s still hidden behind a feature flag. However, there is a nifty way to enable fullscreen widgets array on Windows 11. So if you are running the latest development version, you can immediately enable fullscreen widgets on your Windows 11 PC. , let’s go to the tutorial.

I tested the fullscreen widget panel on Windows 11 Dev Build (25201 or later) and it worked perfectly. However, the same command did not work on Windows 11 22H2 update which is rolling out to all users. So those in the stable channel have to wait for the feature to go live in the future or join the Windows Insider program.

Enable Fullscreen Widget Table on Windows 11

For now, Windows 11 Dev Channel Insiders can immediately enable full-screen widgets, and here’s how:

1. First, you need to set up ViVeTool on your Windows 11 PC. In case you don’t know, ViVeTool is a free and open-source tool that allows you to enable experimental features on Windows 11. So go -y and download ViVeTool from the developer GitHub page.

2. After that, unzip the ZIP file in Windows 11 by right clicking on it. Then choose the “Extract Alland click “Next”. The files will be extracted to a folder in the same directory.

configure ViVeTool

3. After the files are extracted, right click on the extracted folder and choose “Copy as path“. This will copy the folder path to your clipboard.

configure ViVeTool

4. Now press the Windows key to open the Start menu and search for “CMD”. The command prompt will appear at the top of the search results. In the right pane, click “Execute as administrator“.

ordered

5. In the command prompt window that opens, type cd and add a space. Then right-click in the CMD window to automatically paste the directory path we copied above. You can also press “Ctrl + V” to paste the address directly. Finally, press Enter and you will navigate to the ViveTool folder. Note that the path will be different for your PC.

cd "C:UsersmearjDownloadsViVeTool-v0.3.1"
configure ViVeTool

6. Once you have moved to the ViVeTool folder in the command prompt, run the command below to enable fullscreen widget table in Windows 11.

vivetool /enable /id:34300186
Enable Fullscreen Widgets on Windows 11 (2022)

7. Now close the command prompt window and restart your computer. After logging in, click the widget button in the lower left corner or use the Windows 11 keyboard shortcut “Windows + W”. In the upper right corner you will now find a “develop” button. Click on it.

Enable Fullscreen Widgets on Windows 11 (2022)

8. There you go! The full screen widget panel now works on your Windows 11 PC without any issues. You can again click the expand button to put it in half screen or full screen, according to your convenience.

Enable Fullscreen Widgets on Windows 11 (2022)

Disable Fullscreen Widget Table on Windows 11

If you want to disable the fullscreen widget panel on Windows 11, return to the ViVeTool directory as shown above. Then run the command below from the CMD window.

vivetool /disable /id:34300186
Enable Fullscreen Widgets on Windows 11 (2022)

So these are the commands you need to run to get the full screen widget panel on your Windows 11 PC. I think it looks pretty neat and you can quickly get information about all the happenings in the world by a glance. With upcoming support for third-party widgets, the widget panel will become even more useful. Anyway, it all comes from us. If you want to enable taskbar overflow on Windows 11, head over to our linked guide. And to learn more about these upcoming Windows 11 features, we’ve compiled a list for you. Finally, if you have any questions, let us know in the comment section below.

]]>
Active Directory Attack Scenarios: Printer Path to Domain Admin https://boomdirectory.com/active-directory-attack-scenarios-printer-path-to-domain-admin/ Fri, 23 Sep 2022 17:23:28 +0000 https://boomdirectory.com/active-directory-attack-scenarios-printer-path-to-domain-admin/ Active Directory is an essential application within an organization, facilitating and centralizing network management through the creation of domains, users and objects, as well as user authentication and authorization. Active Directory doubles as a database, storing usernames, passwords, permissions, and more. Active Directory is a perfect example of a double-edged technological sword. While such a […]]]>

Active Directory is an essential application within an organization, facilitating and centralizing network management through the creation of domains, users and objects, as well as user authentication and authorization. Active Directory doubles as a database, storing usernames, passwords, permissions, and more. Active Directory is a perfect example of a double-edged technological sword. While such a centralized application can streamline IT operations, it is also an irresistible target for attackers. And unfortunately, it may be easier to access Active Directory than you think.

In this series, we’ll walk through four different scenarios based on actual penetration testing engagements that sought to compromise Active Directory, each highlighting important considerations that show how to better anticipate attacks and protect this vital application. For this first scenario, we will demonstrate why no attack vector should be ignored.

A weak link in the chain: misconfigured printers

There are many paths an attacker can take to compromise infrastructure. Since printers are not regularly used by attackers, security teams tend to ignore these devices as well. However, printers have become increasingly sophisticated and versatile over the years and are essentially specialized computers well integrated into an organizational network, interacting with or exposing different services like FTP, SMB or SMTP. For example, a user can use a printer to scan a document and email it to themselves or save it to a file server. To do this, many organizations provide these devices with corporate domain credentials. For example, username “printer1” and password, “printprintprint”. Unfortunately, sometimes printers are only configured during initial setup and then left behind, often without updates or patches. This makes Printers a great place to attempt a first breach.

A Case for Never Reusing Passwords

In this engagement, we researched and discovered two printers that had domain credentials and exposed certain HTTP SOAP APIs on TCP ports. Any user with administrative privileges or administrative credentials for the printer could interact with the server and retrieve configured FTP and SMB usernames and passwords. There is both a Core Impact module and some GitHub projects that can be used to easily perform this checkout. This revealed three different sets of credentials. Two were invalid, meaning their passwords were no longer in use. The last was a domain user account, which would have been ideal, but the account was disabled.

However, during such engagements, it is important to maintain an attacking mindset. Skilled and experienced attackers will always try to use what is available to them, even if it requires workarounds. An experienced attacker is likely aware of the common practice of having employees with multiple domain user accounts, depending on their role. For example, an IT team member can get both a normal user account and a privileged account.

Although this is theoretically a security measure so that the employee only uses the account with the least privileges necessary to complete a task, it can also be a security weakness. There are often trivial, easy-to-guess naming conventions for usernames, and it’s not uncommon for employees to make the mistake of using the same password for all of their different accounts.

This was the case for this engagement. John Doe’s disabled domain account password worked for logging into his regular user account, which was still enabled. We were able to use this account, conduct a password spray attack, and gain local administrator privileges on seven different hosts.

Setbacks and Successes: Stealth and Security Checks

Following the success of the password spray attack, we accessed the Security Account Manager (SAM) databases and Local Security Authority (LSA) secrets of the discovered hosts. Nothing of interest came out of these efforts, so we then decided to access the host’s process memory to try and extract credentials that would hopefully have broader privileges . However, before we could complete this task, our account was disabled by the defense team.

Despite this, we were far enough along in the process to have other options we could turn to. Having previously retrieved the contents of the hosts’ SAM databases, we decided to test all NTLM password hashes of the default administrator account RID 500 on all hosts in the domain. In the end, this gave us local administrator privileges on four new hosts.

We repeated the process of recovering SAM databases and LSA secrets. However, we were again caught and a host, which appeared to be a file server, was isolated from the network to restrict access. Since file servers often have privileged user credentials in memory, we thought it was worth waiting for it to come back online, which would probably be in a few hours, because the File servers are so essential to carry out regular organizational activities.

The isolation was indeed temporary, but the security team had changed the password for the RID 500 user account and also disabled it. Despite having basic security controls in place, the initial security weaknesses we exploited gave us enough information to keep moving forward.

Shutdown: Using a Kerberos service ticket to take control

We had previously retrieved all information from the SAM database in the second set of hosts, including the file server that we no longer had access to. Therefore, we were still monitoring the NTLM password hashes of computer accounts. Typically, computers change their passwords every 30 days, unless they are prompted to do so sooner. This reset was not triggered, so we were able to continue.

We used the NTLM password hash of the file server computer account to create a Kerberos service ticket to access any service as a user, allowing a domain administrator to access the SMB service.

As can be seen above, our fake ticket allowed us to access the LSASS memory from which we were able to extract the domain and administrator credentials. Using these credentials, we could log into the domain controller and run operating system commands, thus completing our goal.

Conclusions: the need for large surveys

This engagement illustrates how a few simple misconfigurations ultimately led to taking full control of the domain. Moreover, it shows the need to remain vigilant once an attack is detected. Our focus for this engagement was not stealth, so it’s likely that our password spray attack raised some flags, initially notifying the security team of our unusual activity. While it’s great that the security team caught us red-handed not once, but twice, it’s worth noting the fact that the penetration testing team still had enough information to continue to advance. Until you are sure an attacker has been thwarted, security teams should remain on high alert.

]]>
How to Transfer Ownership of Google Drive Folder and Files https://boomdirectory.com/how-to-transfer-ownership-of-google-drive-folder-and-files/ Fri, 23 Sep 2022 04:41:57 +0000 https://boomdirectory.com/how-to-transfer-ownership-of-google-drive-folder-and-files/ Using Google programs makes it easy to collaborate with friends and colleagues using the sharing feature. These documents have different levels of access for members with access, but the owner has the most control over them. Luckily, if you own a file, you can use the sharing settings in Google Drive to easily transfer your […]]]>

Using Google programs makes it easy to collaborate with friends and colleagues using the sharing feature. These documents have different levels of access for members with access, but the owner has the most control over them.

Luckily, if you own a file, you can use the sharing settings in Google Drive to easily transfer your ownership. In this article, you will find easy-to-follow steps for the Google Drive file ownership transfer process.

How do I transfer ownership of Google Drive folder and files?

There are two steps you need to take to transfer ownership of your files and folders. Initially, you must send a property invitation on your behalf. Then the recipient must accept the request on their part.

Step 1: Share Google Files

You can only transfer ownership of files and folders to users who already have Editor-level access to those files. For those without access, you must share the file or folder before sending the ownership invitation. The method to share your files and folders is mentioned below:

On the web browser

  1. Open Google Drive on your browser
  2. Navigate to the target file or folder.
  3. Right click on the file and click To share. Or, click the Share icon at the top of the page.
  4. Click the text box and enter the recipient’s email address.
    Enter-your-Gmail-address-to-share
  5. Click on the Access tab next to the email address to change access.
    Add a user to share the file
  1. Click on Send.

On mobile

  1. Open Google Drive on your smartphone.
  2. Navigate to the target file or folder
  3. Click on the three dots next to the file name.
  4. Click on To share.
    Click Share to Drive
  5. Enter the recipient’s email address in the text box.
    Enter-the-username-for-the-recipient
  6. Click on the Access tab to change the recipient’s access to the file.
  7. Click on the send icon in the lower right corner of the screen.
    Send-Invitation-to-Recipient

Step 2: Send Owner Invitation

The Transfer Ownership feature is only available for PC users. However, you can also use the desktop site feature on your Android devices. The method to send property invitation to other users is mentioned below.

On the desk

  1. Open Google Drive on your browser
  2. Navigate to the target file or folder and right-click on it.
  3. Click on To share or the Share icon at the top of the page.
    Share-drive-folder
  4. Click the access tab next to the account you want to transfer ownership to.
  5. Click on Transfer of ownership.
    Click on the transfer of ownership
  6. Click on Send an invitation.

On mobile

  1. Open Google Chrome on your phone.
  2. Type drive.google.com
  3. Click on the three dots in the lower right corner of the screen. (Top corner for Android)
    Click on the three dots
  4. Scroll down and tap Request a desktop site.Request-Desktop-site

When you open the desktop version of Drive on your phone, you can then transfer ownership of your files and folders. To do this, you can use the same steps mentioned earlier for a desktop.

You can’t transfer ownership of your files and folders in Drive if you’re using an iOS device. The desktop display method only applies to Android devices.

Step 3: Accept the invitation to become an owner

After receiving the ownership invitation, the recipient must accept the invitation to complete the process. Here are the steps to follow:

  1. Open Gmail on your browser or mobile app.
  2. Locate the mail with the forwarding invitation.
  3. Open the mail and click Accept.
    Accept property invitation

The previous owner will receive a confirmation email when the transfer of ownership is complete. Likewise, this owner will now have the Editor file access. The new owner will be able to change access, transfer ownership, or remove access to the file as they see fit.

Can I find ownership of the file I transferred?

If you succeed in transferring ownership of the files to your disk, you cannot undo it. The new owner will have full access to the file. You will only get ownership if they transfer it using the method mentioned above. If you click the Share button on a Google Doc, you can see who owns the file.

If you have access to both accounts, you can follow the steps in this article to transfer ownership back and forth as you see fit.

]]>
Europol and Bitdefender release free decryptor for LockerGoga Ransomware https://boomdirectory.com/europol-and-bitdefender-release-free-decryptor-for-lockergoga-ransomware/ Mon, 19 Sep 2022 09:45:00 +0000 https://boomdirectory.com/europol-and-bitdefender-release-free-decryptor-for-lockergoga-ransomware/ A decryptor for LockerGoga ransomware has been provision by the Romanian cybersecurity company Bitdefender in collaboration with Europol, the No More Ransom project and law enforcement authorities in Zürich. Identified in January 2019, LockerGoga hit the headlines for its attacks on Norwegian aluminum giant Norsk Hydro. It is believed to have infected more than 1,800 […]]]>

A decryptor for LockerGoga ransomware has been provision by the Romanian cybersecurity company Bitdefender in collaboration with Europol, the No More Ransom project and law enforcement authorities in Zürich.

Identified in January 2019, LockerGoga hit the headlines for its attacks on Norwegian aluminum giant Norsk Hydro. It is believed to have infected more than 1,800 victims in 71 countries, causing damage estimated at $104 million.

cyber security

The ransomware operation received a major blow in October 2021 when 12 people connected to the group, alongside MegaCortex and Dharma, were apprehended as part of an international law enforcement effort.

Decryptor for LockerGoga Ransomware

The arrests, which took place in Ukraine and Switzerland, also saw the seizure of cash worth $52,000, five luxury vehicles and a number of electronic devices. One of the defendants is currently in pre-trial detention in Zurich.

Zurich cantonal police further said they have spent the last few months examining the data storage devices confiscated from the individual during the 2021 arrests and identified numerous private keys that were used to lock the data.

cyber security

A decryption utility for MegaCortex is also expected to be released in the coming months. It is also recommended that the victimized parties file a criminal complaint in their respective countries of origin.

“These keys allow injured companies and institutions to recover data that was previously encrypted with the LockerGoga or MegaCortex malware,” the agency said. said.

As recommendations, the police department urges organizations to securely handle emails, block suspicious attachments, create regular backups, enforce two-factor authentication and keep IT systems up to date. .

]]>
How to configure a standby Azure AD Connect server https://boomdirectory.com/how-to-configure-a-standby-azure-ad-connect-server/ Thu, 15 Sep 2022 20:01:00 +0000 https://boomdirectory.com/how-to-configure-a-standby-azure-ad-connect-server/ Organizations often use Azure AD Connect to maintain the relationship between their on-premises Active Directory and their Office 365/Azure cloud instance, and in doing so, it’s important that they build in redundancy with business continuity in mind. Recently, our organization sought to make two significant changes to its sync relationship: configure a non-domain controller AD […]]]>

Organizations often use Azure AD Connect to maintain the relationship between their on-premises Active Directory and their Office 365/Azure cloud instance, and in doing so, it’s important that they build in redundancy with business continuity in mind.

Recently, our organization sought to make two significant changes to its sync relationship:

  • configure a non-domain controller AD Connect server
  • configure the existing sync server as a backup for failover in the event of a problem with the primary server

There should only be one sync server active at any given time to serve as the authority over data synced on-premises to the cloud.

It is possible to install AD Connect on domain controllers, and this is what we did with our initial on-premises AD Connect server, Server A. But in most cases it is better to use a dedicated server to avoid conflicts between the two roles. . It also makes it easier to isolate problems as they arise and to perform maintenance on one service without affecting the other. (Any server with AD Connect installed must be on-premises in your environment.)

So our team made service A the standby server and created a new server (server B) and gave it the sole purpose of being the primary AD sync server.

Changing only takes a few steps, but we’ve found it’s important to know which server you’re making changes to and export the existing sync server settings to the new server. Note: Servers do not automatically enter or exit staging mode; this must be done manually. This means that if the active AD Connect server is down for some reason, someone will need to take the secondary server out of staging mode to make it active.

We configured Server B with Windows Server 2019 and joined it to our domain, but before installing AD Connect, we exported the settings to Server A by doing the following:

  • On Server A, we opened the Microsoft Azure Active Directory Connect application and selected “Configure”.
  • We selected the option “View or export the current configuration” and then “Next”.
  • Under ‘Review your solution’, we clicked ‘Export settings’ and then ‘Exit’.
  • At this point the program asked for a “save location” to save the .json file to export with all configuration settings.

After exporting Server A’s configuration file, we moved on to Server B’s configuration, but at this point we haven’t put Server A to sleep. This should be done immediately before activating Server B to minimize the time there is no sync server active.

Next, we navigated to Server B, installed AD Connect, and started the Azure AD Connect wizard. After accepting the license agreement, we were prompted to use express settings or custom configuration. We clicked on “Customize”.

We checked “Import synchronization settings”, navigated to the location of the configuration file exported from Server A and clicked “Install”. Importing this file does not automatically make server B active; it comes later.

The next screen was for user sign-in options, and these are pre-selected based on how your first AD Connect server was configured (Server A in our case). We use single sign-on option for single sign-on (SSO). (AD Connect servers are automatically Passthrough Authentication agents, but you can configure multiple agents that aren’t AD Connect servers. More on that later.) We clicked “Next” to move on to the next screen.

To connect our Azure instance, we needed to provide credentials belonging to the “Global Administrator” role in Azure. We entered it and clicked “Next”.

You will be prompted to create a new AD account or use an existing one. The AD account basically serves as a service account to query on-premises AD and perform synchronization tasks. The easiest and recommended method is to create a new account with each AD Connect server to avoid issues. We chose to auto-generate the account, so we provided the credentials of an enterprise administrator from my domain. We clicked “OK” when we were done.

The next screen asks for your on-premises directory type and Active Directory domain or forest information to connect to.

We chose “Active Directory” as the directory type because we are a Windows domain store. We provided my forest directory as domain.local, and pressed “Next”.

The next screen confirmed the configuration and provided notes about it, such as AD Recycle Bin not active and device writeback settings. You can go back and follow Microsoft’s recommended configurations once this is complete, which we did and clicked “Exit” to continue.

Since we chose SSO earlier in the installation, we had to enter domain administrator credentials to configure AD for this room. We did it and clicked “Next”. Do!

When Server B is configured, Server A can be placed in staging mode and Server B removed from staging mode to make it the active AD Connect synchronization server. Only one of these servers should be active at a time to avoid synchronization conflicts.

Check that the synchronization is working

To verify that synchronization is working on the Azure side, see the Azure Active Directory admin center. Navigate to Azure Active Directory -> Azure AD Connect -> Azure AD Connect Health. From here you can access both “Sync Errors” and “Sync Services”, which should give you a good idea of ​​the status of the sync between your on-premises environment and your Azure instance.

If you’re using pass-through authentication, navigate to the Pass-through Authentication page (Azure Active Directory -> Azure AD Connect -> Pass-through Authentication). Here you should see at least the two AD Connect servers you have as agents, and you can add additional non-AD connection agents by clicking the “Download” button at the top of the page. In our environment, we have also made sure that all active domain controllers pass through authentication agents, so that only these servers have the task of authorizing authentication for SSO.

Join the Network World communities on Facebook and LinkedIn to comment on topics that matter to you.

Copyright © 2022 IDG Communications, Inc.

]]>
Prosecutors say man charged with murdering Brookside attorney left ‘his mobile, his van, his voice’ | KCUR 89.3 https://boomdirectory.com/prosecutors-say-man-charged-with-murdering-brookside-attorney-left-his-mobile-his-van-his-voice-kcur-89-3/ Tue, 13 Sep 2022 23:45:00 +0000 https://boomdirectory.com/prosecutors-say-man-charged-with-murdering-brookside-attorney-left-his-mobile-his-van-his-voice-kcur-89-3/ Dr. Emily Riegel was in her bathroom getting ready for work at the family home in Brookside around 8am on October 25, 2017, as her husband, Tom Pickert, finished breakfast with their two son and gathered them for school. Her school-aged sons were “running around, clumsy,” Riegel recalled Tuesday, and she said to them, “I […]]]>

Dr. Emily Riegel was in her bathroom getting ready for work at the family home in Brookside around 8am on October 25, 2017, as her husband, Tom Pickert, finished breakfast with their two son and gathered them for school.

Her school-aged sons were “running around, clumsy,” Riegel recalled Tuesday, and she said to them, “I love you, goodbye!”

Then she heard her husband say to the boys, “I didn’t hear anyone say goodbye to the greatest mom in the world!”

Those were some of the last words Riegel heard Pickert say before he was shot minutes later on their sidewalk after driving home from dropping the kids off at school.

Riegel was one of the first witnesses for the prosecution in the first-degree murder trial of David Jungerman, who is accused of killing Pickert, a 39-year-old lawyer, in retaliation for Pickert winning a 5-star judgment, $75 million against him in a case in which Pickert represented a homeless man.

Jungerman, visibly frail after spending nearly five years in Jackson County Jail, sat impassive as Riegel testified. The 84-year-old Raytown businessman, thought to be worth millions, wore a starched white shirt, black trousers and a special hearing aid so he could listen to court proceedings.

Riegel told the jury she heard two popping sounds seconds from her bathroom window, which faces the street. Riegel, a doctor, quickly descended the stairs and the porch, finding her husband lying on his side.

“There was so much blood pouring down the sidewalk,” she said between sobs, “that I knew he was dead.” She called 911.

“I was screaming for help,” she testified. “I was screaming to stop the van.”

Prosecutors said the white van parked in front of their home was driven by Jungerman, who wore a black plastic mask and used a gun to shoot Pickert.

During cross-examination, Jungerman’s attorney, Dan Ross, attempted to suggest that Riegel had never seen the van driver’s face and was in fact worried that someone else would harm her husband. .

But Riegel told police when they arrived that they suspected Jungerman because of the contentious case Pickert had won. He had sued Jungerman for beating up a homeless man who tried to break into Jungerman’s baby furniture warehouse. The man had to have his leg amputated.

Riegel said even before the October 2017 attack, she was worried about her husband’s safety.

“I was worried and asked him if he could be in danger if someone showed up and shot him in our yard,” she testified.

Earlier in the day, the jury heard Riegel’s 911 call on which she is heard screaming and crying, telling the dispatcher that her husband had been shot.

“I think he died on my sidewalk!” she says on the tape. Several family members in the courtroom audience nodded and shivered as the tape played.

Rich Sugg/rsugg@kcstar.com

The long-delayed criminal trial of David G. Jungerman, 84, left, began Tuesday morning at the Jackson County Courthouse downtown. Jungerman, of Raytown, is charged in the 2017 shooting death of attorney Tom Pickert, outside his home in Brookside on October 25, 2017. Jungerman faces charges of first degree murder and criminal action with a weapon.

Tim Dollar, a private attorney working for the Crown, said in his opening statement that Jungerman had a vendetta against Pickert for the long legal battle that began in September 2012, when Jungerman caught homeless man Jeffrey Harris by break-in to his warehouse.

In August 2017, a jury awarded Harris $5.75 million. But Jungerman refused to pay, and on October 15, 2017, Pickert filed notices of lien against Jungerman’s Raytown home and his business. Pickert was killed 10 days later. A .17 caliber bullet was discovered during his autopsy.

Police questioned Jungerman shortly after the shooting, after witnesses reported seeing a white van driven by an older man with white hair. They later collected surveillance tapes showing Jungerman driving from Raytown to Pickert’s home around 7 a.m. on the day Pickert was killed. Police later found the van hidden in a wooded area of ​​Jungerman’s property on a dirt road.

A search of Jungerman’s business and home found other evidence, including Jackson County property records showing Pickert’s address, a Manila file titled “Pickert Murder”, a black plastic mask in Jungerman’s closet, a .17 caliber bullet found in Jungerman’s other vehicle, and an Olympus digital audio recorder found in his bathroom.

On the tape recorder, police found a conversation Jungerman had had with his employee, a man named Leo Wynne, which Jungerman was unaware was being recorded.

“People know I murdered that son of a bitch,” Jungerman told Wynne on the tape. “The police know that too, Leo.”

Jungerman told Wynne they had to stop talking about the Pickert murder, but when he thought about the shooting, “I smile. This mother———-caused me a lot of trouble, Leo.

After laying out the background and evidence and playing the tape, Dollar told the jury he would find Jungerman guilty.

“His motive. His van. His voice,” Dollar said. “Stay focused on his motive, his van, his voice.”

Ross, Jungerman’s attorney, pointed to several issues with the prosecution’s case, saying there was “sloppy police work” including violations of police procedures and manipulation of the Olympus audio tape. The tape is missing 28 minutes, Ross said, which is 25% of the full recording.

Ross said the prosecution had fake evidence, but he admitted one thing.

“What they have – and that’s the only thing they have – is motive,” Ross said. “The rest is made up, folks,” Ross said.

]]>
Tutorial: Deploy a Full-Stack application on a Docker swarm https://boomdirectory.com/tutorial-deploy-a-full-stack-application-on-a-docker-swarm/ Mon, 12 Sep 2022 08:04:12 +0000 https://boomdirectory.com/tutorial-deploy-a-full-stack-application-on-a-docker-swarm/ If you are looking to scale Docker application deployments, you should make sure to group a collection of nodes into a Docker Swarm. I already explained how to deploy a Docker Swarm (with persistent storage) in “Build a Docker Swarm with persistent storage using GlusterFS”. You don’t have to deploy the Swarm with persistent storage, […]]]>

If you are looking to scale Docker application deployments, you should make sure to group a collection of nodes into a Docker Swarm. I already explained how to deploy a Docker Swarm (with persistent storage) in “Build a Docker Swarm with persistent storage using GlusterFS”. You don’t have to deploy the Swarm with persistent storage, but if you want to be able to retain your data (if something were to happen or you want to migrate the deployment), you’ll want to deploy the Swarm persistently.

Once your Docker Swarm is running, be sure to verify that all nodes are connected and ready by running the command (on the controller):

docker node ls

In the output, you should see something like this:

tpsl7enzswhkeef3dh8uswkxp *  docker1    Ready     Active         Leader      20.10.17

xnye548afhe1hc832kulh5sui     docker2    Ready     Active                          20.10.17

cammaze2fcfcomjpdo0fwz105   docker3    Ready    Active                          20.10.17

If all nodes are listed as Ready and Active, you can deploy to the stack. If not, you will need to figure out why until every node is listed as such.

Deploy a local registry

With the Swarm up and running, your next task is to deploy a local Docker registry. Fortunately, there is a container image created specifically for this purpose. On the Docker Swarm controller node, deploy the registry with the command:

docker service create --name registry --publish published=5000,target=5000 registry:2

If you issue the docker service ls command, you should see the registry listed as such:

zhquhrodsirp   registry   replicated   1/1        registry:2   *:5000->5000/tcp

Note that your service ID will not be the same as the one you see above (the random string of characters in the first column). As you see it listed, you are good to go. You can also verify that the registry was deployed successfully by running the command:

curl http://localhost:5000/v2/

If the only output you see is {}everything is going as planned.

Create a sample application

Guess what we’re going to create? If you guessed “Hello World”, you’re right. Create a new directory to host the project with:

mkdir ~/swarmtest

Change to this new directory with:

cd ~/swarmtest

First, we will create a Python file, named app.py with the command:

nano app.py

In this file, paste the following:

Save and close the file.

Next, we will create a requirements file with:

nano requirements.txt

In this file, add the following:

Save and close the file.

Now we will create our Dockerfile with the command:

nano Dockerfile

In this file, paste the following content:

Finally, create a docker-compose.yml file with:

nano docker-compose.yml

In this file, paste the following:

Save and close the file.

Deploy the app

With all the pieces in place, we can now deploy the stack to our Docker Swarm. However, before doing that, let’s test it to make sure it works with:

docker-compose up -d

If you get the error that the docker-compose command could not be found, install it (on an Ubuntu-based distro) with:

sudo apt-get install docker-compose -y

Once the deployment is complete, test the application with:

curl http://localhost:8000

You should see something like this:

Run it again and the result will be:

Stop the application with the command:

docker-compose down --volumes

Deploy the app to Docker Swarm

For our next trick, we’re going to deploy the app to our Docker Swarm. Before doing so, we first need to push the newly generated image to our local registry with:

docker-compose push

At this point, our text image is available in our local registry and can be used to deploy to Swarm. We can deploy the stack with:

docker stack deploy --compose-file docker-compose.yml swarmtest

Verify that the stack is running with:

docker stack services swarmtest

The output of the above command should look like this:

Let’s make sure it’s running on all nodes. Let’s say your nodes are on IP addresses 192.168.1.60, 192.168.1.61, and 192.168.1.63. Run the commands:

curl http://192.168.1.60:8000

curl http://192.168.1.61:8000

curl http://192.168.1.63:8000

You should come out like this:

Congratulations! You have just deployed a full stack application on a Docker Swarm. You can remove this stack with the command:

docker stack rm swarmtest

Done and done.

Band Created with Sketch.
]]>
Using the Subversion version control system on a server https://boomdirectory.com/using-the-subversion-version-control-system-on-a-server/ Sat, 10 Sep 2022 10:00:00 +0000 https://boomdirectory.com/using-the-subversion-version-control-system-on-a-server/ Subversion is an open source version tracking system. It keeps files in a central repository and provides version control on directories or files. As a developer, you can check out project files from a repository, make changes to them, and push them back again. Subversion also has a server component that you can use to […]]]>

Subversion is an open source version tracking system. It keeps files in a central repository and provides version control on directories or files. As a developer, you can check out project files from a repository, make changes to them, and push them back again.


Subversion also has a server component that you can use to host your projects. It works much like an ordinary file server.


How to Install Subversion

Subversion is easy to install. You can use the appropriate command to get your distribution started:


sudo apt install subversion apache2 libapache2-mod-svn


sudo dnf install subversion apache2 mod_dav_svn

Note that this command also installs the Apache2 web server. You will need a web server if you want to access the Subversion repository via HTTP or WebDAV. You can also use HTTPS, you will only need to install and configure a digital certificate to do this.

Once you have run this command, you can verify that subversion is correctly installed. You should now be able to run the svn command and you can see the current version using the –version option:

Server Setup with Subversion

If the installation went well, you can now start working on setting up the repository you will use with svn. Of course, you will have to create a new repository for this. First, create a folder in a root directory to place your repository there:

sudo mkdir /subversion

If you need to access your repository using WebDAV over HTTP, you will need to give Apache ownership of its directory. As Apache uses www-data default user, authorize this user as follows:

sudo chown www-data:www-data /subversion

You can now proceed to www-data user and start working on your repository. The command you would use to log in as www-data the user is:

sudo su -s /bin/bash www-data

You are now an Apache user and after this step you can create your Subversion repository as follows:

svnadmin create /subversion/myrepo

You now have a Subversion repository. To make this repository a bit more secure and identify its users, the next step is to create a user and set a password for them. To do this, use the following command:

htpasswd -cmb /subversion/passwd myadmin mypass

According to this command, your username will be myadmin and your password will be My past. You can modify these values ​​as appropriate for your situation.

Your Subversion repository is now ready to use. At this point, you can leave the www-data user using the go out ordered.

You can now upload a desired project or file to your repository using the command below:

sudo svn import <your-project-address> file:///subversion/myrepo -m "First Commit"

This command uses the import parameter to push everything in your project folder to your Subversion repository. In doing so, you need to add the validation message with the -m setting.

Using Accessor Methods in Subversion

You may have noticed that you are using the case:// protocol to add a project to your repository. This is just one of many network protocols you can use to access an svn repository. You can also use the WebDAV protocol over HTTP or HTTPS, or the subversion custom protocol. svn protocol.

Direct access to the repository

As you have seen, you can use the case:// protocol to access a local repository. Here’s how you can check out a local repository to your current directory:

svn co file:

When you check out the repository, svn displays a list of the files it contains:

Accessing WebDAV Help

To integrate your Subversion repository with Apache, you will need to configure some settings.

For the first step, activate the dave, dav_svnand dav_fs modules using the following commands:

sudo a2enmod dav dav_fs dav_svn

After enabling the required modules, you can now edit the /etc/apache2/mods-enabled/dav_svn.conf case. Create the file if it does not already exist and modify its contents as follows:

<Location /subversion>
DAV svn
SVNPath /subversion/myrepo
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /subversion/passwd
Require valid-user
</Location>

The AuthUserFile parameter refers to the file you created earlier using htpasswd. Adding it here will grant repository access to all users named in the file, provided they authenticate with a valid password.

Once you have created and saved this file, restart the Apache2 service with the following command:

sudo systemctl restart apache2.service

Now when you open a web browser and navigate to http://localhost/subversion/, you will see the contents of your repository. When you go to this address, you will be asked for your username and password:

Log in with username (eg. myadmin) and password (My past) that you configured earlier. You can access your Subversion repository using WebDAV after entering the username and password:

Access with SSL and WebDAV

The https:// protocol has almost the same configuration as the http:// protocol, with only a few important differences. To give an example, the .conf file you need to use when configuring is different. You must also install a digital certificate. Because as you know, this is the working logic of the SSL encryption method.

You can create a digital certificate yourself or install one issued by a competent authority. Assuming you have a digital certificate installed, what you need to do is simple.

The difference in this step is in the changes you will make to the configuration file. Below is an example configuration file for using SSL and WebDAV:

<Location /subversion>
DAV On
SSLRequireSSL
Options None
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /subversion/passwd
Require valid-user
</Location>

As you can see, the difference between https:// and http:// protocols is not so much in terms of changes in the configuration file. After these changes, you will need to restart the apache2 service. To run systemctl restart apache2.service do this.

Why use Subversion?

As a version tracker, Subversion remembers every change made to files and directories. It allows you to access older versions of software or documents you are working with and find their differences. This makes it easier to manage projects, especially if your development team is large or distributed.

There are many version control systems for Linux besides Subversion that you might want to consider.

]]>
How to enable PXE boot with VirtualBox https://boomdirectory.com/how-to-enable-pxe-boot-with-virtualbox/ Thu, 08 Sep 2022 14:28:00 +0000 https://boomdirectory.com/how-to-enable-pxe-boot-with-virtualbox/ Jack Wallen walks you through the steps of enabling PXE boot for virtual machines in VirtualBox. Image: tippapatt/Adobe Stock PXE stands for Preboot Execution Environment and is a client-server interface that allows computers to be booted from a remote server over a network. This allows you to work with an automated provisioning of servers and […]]]>

Jack Wallen walks you through the steps of enabling PXE boot for virtual machines in VirtualBox.

Image: tippapatt/Adobe Stock

PXE stands for Preboot Execution Environment and is a client-server interface that allows computers to be booted from a remote server over a network. This allows you to work with an automated provisioning of servers and workstations on a network.

SEE: 40+ open source and Linux terms you need to know (TechRepublic Premium)

Sometimes you might even want to do this with a virtual machine. But if you’re using VirtualBox, it doesn’t include all the parts needed to make PXE possible. Luckily it can be done and I’ll show you how to set it up.

What You’ll Need to Enable PXE Boot

For this to work you will need a running instance of VirtualBox on a Linux or Windows host. I will demonstrate on a Pop!_OS host and a test VM. That said, let’s do some virtual magic.

How to configure TEST VM settings

For your test VM, just create a new machine (I call mine TEST) but don’t attach an ISO to it. Once you have created this TEST VM, you will need to modify two parameters, which are:

  • Network: Set the network adapter to NAT, which is done in Network | Adapter 1 | Attached to.
  • Boot order: configure the virtual machine to start from the network, which is done in System | Motherboard | Start order. First, enable the network, then move it up (Figure A).

Figure A

Enabling and prioritizing network boot in VirtualBox.

That’s it for the VM settings.

How to add the necessary files

VirtualBox does not include the scripts required to manage PXE. Fortunately, you can add these scripts quite easily. Each host operating system stores these scripts in a different location. These locations are:

  • Linux and Oracle Solaris: $HOME/.config/VirtualBox.
  • the Windows: $HOME/.VirtualBox.
  • macOS: $HOME/Library/VirtualBox.

Open a terminal window and navigate to this directory. Once there, download the files with:

curl https://codeload.github.com/defunctzombie/virtualbox-pxe-boot/tar.gz/master | tar zx --strip-components 1

This command will create a new directory, named TFTP in the VirtualBox storage location.

One thing to keep in mind is that the files in this download are Ubuntu specific and do not include the latest two versions – this stops at Xenial. Also note that this download only installs Ubuntu. For other distros, you’ll want to find and add their specific instructions for PXE. You can also consult the TFTP/kickstart/basic.cfg file to learn how to create your kickstart file.

If you want to add newer versions of Ubuntu, you need to download the kernel and initrd files for those versions and place them in TFTP/installers/ubuntu/. For example, if you want to use 20.04, you can follow these instructions:

Download the ISO image:

wget https://releases.ubuntu.com/20.04/ubuntu-20.04.5-live-server-amd64.iso

Mount the image:

sudo mount ubuntu-20.04.5-live-server-amd64.iso /mnt

Copy kernel and initrd files

cp /mnt/casper/{vmlinuz,initrd} ~/.config/VirtualBox/TFTP/

Copy the ldlinux.c32 file

cp /usr/lib/syslinux/modules/bios/ldlinux.c32 ~/.config/VirtualBox/TFPT

Backup the default configuration file with:

mv ~/.config/VirtualBox/TFPT/pxelinux.cfg/default ~/.config/VirtualBox/TFPT/pxelinux.cfg/default.bak

Create a new default file with:

nano  ~/.config/VirtualBox/TFPT/pxelinux.cfg/default

Paste the following content into this file:

DEFAULT install
LABEL install
KERNEL vmlinuz
INITRD initrd
APPEND root=/dev/ram0 ramdisk_size=1500000 ip=dhcp url=https://releases.ubuntu.com/20.04/ubuntu-20.04.5-live-server-amd64.iso

Save and close the file.

How to create a symbolic link for your VM

Remember, we named our VM TEST. For each virtual machine that requires PXE, you must create a symbolic link from TFTP/lxelinux.0 to a new file with the same name. So, for our TEST VM, we would change to the TFTP directory with the command:

cd ~/.config/VirtualBox/TFTP

Next, we would create the new symbolic link with:

ln -s ./pxelinux.0 TEST.pxe

Remember that Linux is case sensitive, so if your VM is named TEST, the symbolic link must be named TEXT.pxe.

How to start your PXE-enabled virtual machine

That’s it for the setup. All you have to do now is start the virtual machine and you will be presented with two options:

  • Install
  • Start the installation

Congratulations, you now have PXE enabled with VirtualBox. Remember that for each virtual machine that needs to be PXE booted, you need to create the .pxe symbolic link.

Subscribe to TechRepublic How to make the technology work on YouTube for all the latest tech tips for professionals from Jack Wallen.

]]>