Monitor Nextclouds API XML via PRTG with Powershell

In order to monitor your Nextcloud API (XML) via PRTG, you can use the following steps: 

https://github.com/flostyen/PRTGScripts/tree/master/PRTG-NextCloud-Status which is a fork of https://github.com/freaky-media/PRTGScripts/blob/master/PRTG-NextCloud-Status/ (I simply added TLSv1.2 support and adjusted the howto guide, all the work was done from freaky-media 😊)

1. Installation in PRTG

1.1 Copy the PS1 File to your PRTG server in the path C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML. If you want to monitoring nextcloud systems from your PRTG remote probes, copy the script to the remote probe.

PRTG add powershell file

1.2 Create the following lookup files NextCloudMessageLookup.ovl, NextCloudStatusCodeLookup.ovl, NextCloudStatusLookup.ovl into your PRTG installation folder C:\Program Files (x86)\PRTG Network Monitor\lookups\custom

PRTG add lookup files

1.3 Reload Lookups:
PRTG GUI -> Setup -> System Administration -> Administrative Tools -> Load Lookups and File Lists -> Go! Button

PRTG reload lookups

2. Configuration in PRTG

2.1 Add the sensor "EXE/Script Advanced" PRTG add sensor 

2.2 Change the sensor name

2.3 Choose in the powershell script PRTG_NextCloud.ps1.

2.4 Add parameter -NCusername *AnExtraNCAdminUser* -NCpassword *StrongPassSentence* -NCURL *YourNCFQDN*

PRTG XML sensor settings

 Result

 
PRTG monitorts Nextcloud API XML via PowerShell Script Screenshot

Slow USB3 data transfer speed on debian with proxmox

Issue

Recently I saw a debian proxmox system, which had a usb3 hdd mounted. The hdd write speed should have been ~100MB/s and the USB 3 connection speed was 5GB/s. However the datatransfer speed was very slow, about 5-6 kB/s. The hdd was mounted to /mnt/usbhdd01/. A short speedcheck showed the issue:

root@proxmox1:~#
root@proxmox1:~# dd if=/dev/zero of=/mnt/usbhdd01/test03012021-2036uhr.img bs=1024 count=10000
^C220+0 records in
220+0 records out
225280 bytes (225 kB, 220 KiB) copied, 35.8676 s, 6.3 kB/s 😕
root@proxmox1:~#

Solution

After some troubleshooting I found out why: /etc/fstab had the options auto,nofail,sync,users,rw:

# <file system> <mount point> <type> <options> <dump> <pass>
/dev/pve/root / ext4 errors=remount-ro 0 1
UUID=1234-4567 /boot/efi vfat defaults 0 1
/dev/pve/swap none swap sw 0 0
proc /proc proc defaults 0 0
UUID=aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee /mnt/usbhdd01 ext4 auto,nofail,sync,users,rw 0 0

After changing that to defaults and re-mounting it, speed was fast again:

# <file system> <mount point> <type> <options> <dump> <pass>
/dev/pve/root / ext4 errors=remount-ro 0 1
UUID=1234-4567 /boot/efi vfat defaults 0 1
/dev/pve/swap none swap sw 0 0
proc /proc proc defaults 0 0
UUID=aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee /mnt/usbhdd01 ext4 defaults 0 0

Short speedtest:

root@proxmox1:~# dd if=/dev/zero of=/mnt/usbhdd01/test03012021-2110uhr.img bs=1024 count=2000000
2000000+0 records in
2000000+0 records out
2048000000 bytes (2.0 GB, 1.9 GiB) copied, 20.3455 s, 101 MB/s 😊

Nextcloud VM backup and restore scripts

For moving nextcloud vm installations from one vm to another or in order to move from nextcloud-vm@ubuntu16 to nextcloud-vm@ubuntu18 as well later again from nextcloud-vm@ubuntu18 to nextcloud-vm@ubuntu20 I successfully used the following two scripts, which therefore I highly can recommend:

Download the scripts to /root/:

sudo -i
cd ~
wget https://codeberg.org/DecaTec/Nextcloud-Backup-Restore/raw/branch/master/NextcloudBackup.sh
wget https://codeberg.org/DecaTec/Nextcloud-Backup-Restore/raw/branch/master/NextcloudRestore.sh

Secure the scripts:

chown root NextcloudBackup.sh
chown root NextcloudRestore.sh
chmod 700 NextcloudBackup.sh
chmod 700 NextcloudRestore.sh

Execute the scripts:

./NextcloudBackup.sh
./NextcloudRestore.sh 20201223_223941

To mount a SMB/CIFS share:  

mkdir /mnt/cifsdir
sudo mount -t cifs -o user=YourSMBUser,password=YourVeryLongPassSentence //192.168.0.10/somedir /mnt/cifsdir
 
 
 

 

ISP Vodafone DOCSIS 3 - 365 Days Monitoring PacketLoss

I've been using the ISP Vodafone (formerly Unitymedia) and I've upgraded end of April from 400 down/20 up MBits to Gigabit down/50 up MBits. I'm monitoring different destinations in the internet using PRTG. The destination in the following graph was monitored using an interval of 30s with 5 different ping icmp echo-requests each interval.

Since then the average packet loss went down from ~0,6% to 0,00-0,05%:



Increase disk and zfs of nextcloud vm running on proxmox

To increase the data disk of your nextcloud vm, which is running on proxmox, you need to do the following:

  1. Make sure no disk snapshot is active or delete them.
  2. Shutdown VM. 
  3. Check current disk size of your data disk of your nextcloud vm using lvs on your proxmox hypervisor:

    root@proxmox1:~#

    root@proxmox1:~# lvs

      LV            VG  Attr       LSize  Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert

      data          pve twi-aotz-- <3.49t             0.78   0.28

      root          pve -wi-ao---- 96.00g

      swap          pve -wi-ao----  8.00g

      vm-100-disk-0 pve Vwi-a-tz-- 40.00g data        9.99

      vm-100-disk-1 pve Vwi-a-tz-- 40.00g data        0.06

      vm-101-disk-0 pve Vwi-a-tz-- 40.00g data        58.01

      vm-101-disk-1 pve Vwi-a-tz-- 40.00g data        1.60 <-- This is my nextcloud data disk

    root@proxmox1:~#

    root@proxmox1:~#
     
  4. In my case this disk is mounted as scsi1 to the VM:Proxmox vm hardware disks 
  5. Increase the disk size using qm resize <vm-id> <scsi-id> <size>, so for example qm resize 101 scsi1 +100G your disk:

    root@proxmox1:~#

    root@proxmox1:~# qm resize 101 scsi1 +3210G

      Size of logical volume pve/vm-101-disk-1 changed from 40.00 GiB (10240 extents) to 3.17 TiB (832000 extents).

      Logical volume pve/vm-101-disk-1 successfully resized.

    root@proxmox1:~#

    root@proxmox1:~# lvs

      LV            VG  Attr       LSize  Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert

      data          pve twi-aotz-- <3.49t             0.78   0.28

      root          pve -wi-ao---- 96.00g

      swap          pve -wi-ao----  8.00g

      vm-100-disk-0 pve Vwi-a-tz-- 40.00g data        9.99

      vm-100-disk-1 pve Vwi-a-tz-- 40.00g data        0.06

      vm-101-disk-0 pve Vwi-a-tz-- 40.00g data        58.01

      vm-101-disk-1 pve Vwi-a-tz--  3.17t data        0.02

    root@proxmox1:~#

    root@proxmox1:~#

    Proxmox virtual hardware disk resized
     
  6. Start your VM.
  7. Check the zpool size using zpool list
  8. Check the /mnt/ncdata size using df -h
  9. Read the new partition size using parted -l with the answer "fix" for the adjustment
  10. You can delete the buffer partition 9 using parted /dev/sdb rm 9
  11. Extend the first partition using to 100% of the available size parted /dev/sdb resizepart 1 100%
  12. Use zpool export zpool export ncdata 
  13. Import zpool again zpool import -d /dev ncdata
  14. Set zpool online zpool online -e ncdata sdb
  15. zpool online -e ncdata /dev/sdb you can adjust the partition to the correct size
  16. Check the new zpool size using zpool list
  17. Check the new /mnt/ncdata size using df -h

Example with nextcloud 20 on Ubuntu 20.04:

root@nextcloud:~#
root@nextcloud:~# zpool list
NAME     SIZE  ALLOC   FREE  CKPOINT  EXPANDSZ   FRAG    CAP  DEDUP    HEALTH  ALTROOT
ncdata  39.5G  46.0M  39.5G        -     3.13T     0%     0%  1.00x    ONLINE  -
root@nextcloud:~#
root@nextcloud:~# df -h
Filesystem                         Size  Used Avail Use% Mounted on
udev                               3.9G     0  3.9G   0% /dev
tmpfs                              797M  1.2M  796M   1% /run
/dev/mapper/ubuntu--vg-ubuntu--lv   39G  5.5G   32G  15% /
tmpfs                              3.9G  8.0K  3.9G   1% /dev/shm
tmpfs                              5.0M     0  5.0M   0% /run/lock
tmpfs                              3.9G     0  3.9G   0% /sys/fs/cgroup
/dev/sda2                          976M  198M  712M  22% /boot
/dev/loop0                          55M   55M     0 100% /snap/core18/1705
/dev/loop1                          56M   56M     0 100% /snap/core18/1932
/dev/loop2                          61M   61M     0 100% /snap/core20/634
/dev/loop3                          70M   70M     0 100% /snap/lxd/18520
/dev/loop4                          62M   62M     0 100% /snap/core20/875
/dev/loop5                          72M   72M     0 100% /snap/lxd/18546
/dev/loop6                          31M   31M     0 100% /snap/snapd/9721
/dev/loop7                          32M   32M     0 100% /snap/snapd/10492
ncdata                              39G   19M   39G   1% /mnt/ncdata
tmpfs                              797M     0  797M   0% /run/user/1000
root@nextcloud:~#
root@nextcloud:~# parted -l
Model: QEMU QEMU HARDDISK (scsi)
Disk /dev/sda: 42.9GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:

Number  Start   End     Size    File system  Name  Flags
 1      1049kB  2097kB  1049kB                     bios_grub
 2      2097kB  1076MB  1074MB  ext4
 3      1076MB  42.9GB  41.9GB


Warning: Not all of the space available to /dev/sdb appears to be used, you can
fix the GPT to use all of the space (an extra 6731857920 blocks) or continue
with the current setting?
Fix/Ignore? Fix
Model: QEMU QEMU HARDDISK (scsi)
Disk /dev/sdb: 3490GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:

Number  Start   End     Size    File system  Name                  Flags
 1      1049kB  42.9GB  42.9GB  zfs          zfs-4172ff7a9f945112
 9      42.9GB  42.9GB  8389kB


Model: Linux device-mapper (linear) (dm)
Disk /dev/mapper/ubuntu--vg-ubuntu--lv: 41.9GB
Sector size (logical/physical): 512B/512B
Partition Table: loop
Disk Flags:

Number  Start  End     Size    File system  Flags
 1      0.00B  41.9GB  41.9GB  ext4


root@nextcloud:~#
root@nextcloud:~# parted /dev/sdb rm 9
Information: You may need to update /etc/fstab.

root@nextcloud:~#
root@nextcloud:~# parted /dev/sdb resizepart 1 100%
Information: You may need to update /etc/fstab.

root@nextcloud:~#
root@nextcloud:~# zpool export ncdata
root@nextcloud:~#
root@nextcloud:~# zpool import -d /dev ncdata
root@nextcloud:~#
root@nextcloud:~# zpool online -e ncdata sdb
root@nextcloud:~#
root@nextcloud:~# zpool online -e ncdata /dev/sdb
root@nextcloud:~#
root@nextcloud:~# zpool list
NAME     SIZE  ALLOC   FREE  CKPOINT  EXPANDSZ   FRAG    CAP  DEDUP    HEALTH  ALTROOT
ncdata  3.17T  46.1M  3.17T        -         -     0%     0%  1.00x    ONLINE  -
root@nextcloud:~#
root@nextcloud:~#
root@nextcloud:~#  df -h
Filesystem                         Size  Used Avail Use% Mounted on
udev                               3.9G     0  3.9G   0% /dev
tmpfs                              797M  1.2M  796M   1% /run
/dev/mapper/ubuntu--vg-ubuntu--lv   39G  5.5G   32G  15% /
tmpfs                              3.9G  8.0K  3.9G   1% /dev/shm
tmpfs                              5.0M     0  5.0M   0% /run/lock
tmpfs                              3.9G     0  3.9G   0% /sys/fs/cgroup
/dev/sda2                          976M  198M  712M  22% /boot
/dev/loop0                          55M   55M     0 100% /snap/core18/1705
/dev/loop1                          56M   56M     0 100% /snap/core18/1932
/dev/loop2                          61M   61M     0 100% /snap/core20/634
/dev/loop3                          70M   70M     0 100% /snap/lxd/18520
/dev/loop4                          62M   62M     0 100% /snap/core20/875
/dev/loop5                          72M   72M     0 100% /snap/lxd/18546
/dev/loop6                          31M   31M     0 100% /snap/snapd/9721
/dev/loop7                          32M   32M     0 100% /snap/snapd/10492
tmpfs                              797M     0  797M   0% /run/user/1000
ncdata                             3.1T   19M  3.1T   1% /mnt/ncdata
root@nextcloud:~#

haveibeenpwned.com Cit0day pwned readmore.de and many others

I have been notified by haveibeenpwned.com that one of my accounts was pwned by the mass leak Cit0day: https://haveibeenpwned.com/PwnedWebsites#Cit0day
https://www.troyhunt.com/inside-the-cit0day-breach-collection/

Luckily I'm using unique passwords pass-sentences for each site (big recommendation exactly for this case). Still I wanted to know which site and which account have been pwned. So I read Troy Hunts awesome articles and checked his lists of affected sites which he posted on GitHub: 


There I found the site: It was forum.readmore.de were I have been active in earlier years. Also readmore.de published a statement about this: https://www.readmore.de/news/160319-datenleak-im-forum/

The cit0day list of Troy Hunt shows many more affected sites. The following list shows only entries with over 250.000 entries:

chordie.com {1.515.111} [HASH+NOHASH]
iwantdata.com {1.348.505} [HASH]
flyinghearts.info {1.223.954} [HASH+NOHASH]
brandownerssummit.com {1.097.335} [HASH+NOHASH]
storelp.ru {921.784} [HASH+NOHASH]
oasiscollectors.com {912.513} [HASH+NOHASH]
thaiacoustic.com {851.312} [NOHASH]
tourtips.com {825.921} [HASH]
siliconindia.com {805.254} [NOHASH]
creocommunity.com {777.130} [NOHASH]
ec.sod.co.jp {713.904} [HASH+NOHASH]
au2exchange.com {710.152} [HASH]
ptcland.org.tw {630.816} [HASH+NOHASH]
naturalendo.com {627.789} [HASH+NOHASH]
prima-finden.de {612.158} [NOHASH]
3-3sunlight.com.tw {598.611} [HASH+NOHASH]
classifieds.fullhyderabad.com {576.108} [HASH+NOHASH]
mail.kompamagazine.com {551.820} [HASH+NOHASH]
budvarealestate.com {.543.618} [HASH+NOHASH]
chelyabinsk-gid.info {537.386} [NOHASH]
techbizvideos.com {536.355} [HASH]
lavoraconnoi.euronics.it {527.347} [HASH+NOHASH]
irondogcompetition.org {521.390} [HASH]
itotal.ru {508.490} [NOHASH]
museum.solovki.info {503.675} [HASH]
rematazo.com {.499.011} [HASH+NOHASH]
livedatelove.com {493.441} [HASH+NOHASH]
trackmill.com {486.057} [HASH+NOHASH]
vobu.com.ua {476.715} [HASH]
california.bizhwy.com {473.275} [HASH+NOHASH]
uniondeexportadores.com {470.663} [HASH+NOHASH]
techimo.com.txt {433.497} [HASH+NOHASH]
screenagers.pl {423.124} [HASH]
pif-paf.ru {416.708} [HASH+NOHASH]
streamlive.to {414.949} [HASH]
danasoft.com {408.129} [NOHASH]
news.fumubang.com {400.880} [HASH]
meetmaster.ru {398.671} [HASH+NOHASH]
mindset24global.com {395.789} [NOHASH]
hichem.com {395.498} [HASH+NOHASH]
adihk.qht.az {383.326} [HASH+NOHASH]
iitbrain.com {378.957} [HASH+NOHASH]
ricoh.looedu.com {368.426} [HASH]
msmemart.com {365.523} [HASH+NOHASH]
jobs-bank.com {361.551} [HASH+NOHASH]
koka36.de {359.072} [HASH+NOHASH]
irbsandc.com {358.518} [NOHASH]
fijilive.com {353.033} [HASH+NOHASH]
clpsct.org {.346.605} [HASH+NOHASH]
arcai.com {342.484} [HASH]
playersdirectory.com {331.498} [HASH+NOHASH]
doballfree.com {331.332} [HASH]
travel4.innolife.net {330.835} [HASH+NOHASH]
cqxuelang.com {329.583} [HASH+NOHASH]
uptrax.de {328.836} [HASH+NOHASH]
ggmania.com {328.458} [HASH+NOHASH]
peoplesrepublicofcork.com {326.999} [HASH]
no1hsk.co.kr {323.825} [HASH+NOHASH]
eng.arendator.ru {322.673} [NOHASH]
surinpao.org {319.290} [HASH]
fone-me.com {318.944} [HASH]
andprinterstoo.com {317.470} [NOHASH]
cambridge.edu.au {314.457} [HASH+NOHASH]
releasemyad.com {309.881} [HASH+NOHASH]
qht.az {309.046} [HASH+NOHASH]
weart-caen.com {309.024} [HASH]
Zildjian.ru {307.674} [HASH+NOHASH]
shop77.ru {306.517} [HASH+NOHASH]
aexchange.net {306.438} [HASH]
paperpk.com {303.035} [NOHASH]
acutecrohns.com {299.089} [HASH]
afaqsreporter.com {298.297} [HASH+NOHASH]
boatersresources.com {296.165} [HASH+NOHASH]
ticketclub.it {293.500} [NOHASH]
cyberlearningmauritius.org {292.357} [HASH+NOHASH]
oyunkayit.com {290.811} [HASH]
autosportwilly.com {289.989} [HASH+NOHASH]
omni-interconsult.com {286.848} [HASH]
pk.ipobar.com {286.038} [HASH+NOHASH]
startender.ru {284.538} [HASH+NOHASH]
newreleasetoday.com {280.659} [HASH+NOHASH]
forum.fxopen.ru {.276.828} [HASH+NOHASH]
texas.bizhwy.com {274.626} [HASH+NOHASH]
musicer.net {274.456} [HASH]
shop98.ru {273.714} [HASH+NOHASH]
ciangs.com {270.939} [HASH+NOHASH]
onthionline.net {270.837} [HASH+NOHASH]
solidworkscommunity.com {270.058} [NOHASH]
refips.org {269.982} [HASH+NOHASH]
seurch.rabota.bg {267.827} [HASH+NOHASH]
tab.testbag.com {267.794} [NOHASH]
smartsoft.kiev.ua {267.219} [HASH+NOHASH]
exam.3ddl.org {267.007} [HASH]
uninstallfix.com {266.276} [HASH]
new-hampshire.bizhwy.com {265.677} [HASH+NOHASH]
titles.box.sk {263.662} [HASH+NOHASH]
chemical123.com {.262.294} [HASH+NOHASH]
myzlat.ru {262.083} [NOHASH]
wyoming.bizhwy.com {.259.767} [HASH+NOHASH]
shadi.com {259.723} [NOHASH]
oregon.bizhwy.com {.259.340} [HASH+NOHASH]
ias100.in {257.343} [NOHASH]
rhode-island.bizhwy.com {.255.713} [HASH+NOHASH]
urmay.com {255.086} [HASH+NOHASH]
wei.weilinzhou.com {254.526} [HASH]


As always: 

Import Nextcloud VM OVA to Proxmox VE

How to import a Nextcloud VM OVA image file to a Proxmox VE server:

1. Unzip the file:

root@proxmox1:/var/lib/vz/images#
root@proxmox1:/var/lib/vz/images# tar -xvf Nextcloud_VM_v20_www.hanssonit.se.ova
Nextcloud_VM_www.hanssonit.se.ovf
Nextcloud_VM_www.hanssonit.se.mf
Nextcloud_VM_www.hanssonit.se-disk1.vmdk
Nextcloud_VM_www.hanssonit.se-disk2.vmdk
root@proxmox1:/var/lib/vz/images#
root@proxmox1:/var/lib/vz/images# ls -lah
total 3.6G
drwxr-xr-x 2 root root 4.0K Dec  6 14:33 .
drwxr-xr-x 5 root root 4.0K Dec  6 14:00 ..
-rw-r--r-- 1 root root 1.8G Dec  6 14:26 Nextcloud_VM_v20_www.hanssonit.se.ova
-rw-r--r-- 1   64   64 1.8G Oct 28 21:37 Nextcloud_VM_www.hanssonit.se-disk1.vmdk
-rw-r--r-- 1   64   64  17M Oct 28 21:38 Nextcloud_VM_www.hanssonit.se-disk2.vmdk
-rw-r--r-- 1   64   64  338 Oct 28 21:06 Nextcloud_VM_www.hanssonit.se.mf
-rw-r--r-- 1   64   64 7.4K Oct 28 21:06 Nextcloud_VM_www.hanssonit.se.ovf
root@proxmox1:/var/lib/vz/images#

2. Import the OVA/OVF using qm importovf:
qm importovf <vm-id> <file.ova> local-lvm 
My VM-ID was 101, so it looked like this: 

root@proxmox1:/var/lib/vz/images#
root@proxmox1:/var/lib/vz/images# qm importovf 101 Nextcloud_VM_www.hanssonit.se.ovf local-lvm
  Logical volume "vm-101-disk-0" created.
transferred: 0 bytes remaining: 42949672960 bytes total: 42949672960 bytes progression: 0.00 %
transferred: 429496729 bytes remaining: 42520176231 bytes total: 42949672960 bytes progression: 1.00 %
transferred: 858993459 bytes remaining: 42090679501 bytes total: 42949672960 bytes progression: 2.00 %
[...]
transferred: 42949672960 bytes remaining: 0 bytes total: 42949672960 bytes progression: 100.00 %
Logical volume "vm-101-disk-1" created.
transferred: 0 bytes remaining: 42949672960 bytes total: 42949672960 bytes progression: 0.00 %
[...]
transferred: 42949672960 bytes remaining: 0 bytes total: 42949672960 bytes progression: 100.00 %
root@proxmox1:/var/lib/vz/images#
root@proxmox1:/var/lib/vz/images#

3. I had to add a NIC in the VM Hardware:

Proxmox VM Hardware Nic


Python security testing using mutmut

If you want to test your python code for bugs and possible security issues, one way is mutant testing using mutmut: https://pypi.org/project/mutmut/

Test automation is very important but most of the times only positive test cases are tested, not the negative ones, which might break the programms logic or the python code. This is used by attackers in order to find possible holes, bypasses or in order to break your application. 

Idea behind mutation testing

The idea behind mutation testing is: A programm should describe a path to the correct result. If the programms code is changed at any position a bug should be produced. If the programm still comes to the result "OK", then the programm is not testing the input/parameters or operations enough. This is called a mutant. 

Mutation testing means to make the programm so resilient, that no mutants are created. Another great article about mutation testing can be found here: https://hackernoon.com/mutmut-a-python-mutation-testing-system-9b9639356c78

Getting started

pip install mutmut
mutmut run

This will by default run pytest on tests in the “tests” or “test” folder and it will try to figure out where the code to mutate lies. Run

mutmut --help
for help. More can be found here: https://pypi.org/project/mutmut/

Forget the phrase "password" - it should be pass-sentence

It is unfortunate that the word "password" has the word "word" in it. That leads to people almost always use one word, add one or two numbers to it, maybe a special character and thats it:

Classic passwords:
alina11$
456peter
nadine030
target123
cowboy123

etc..

word + number (+ special char) ==> ❌very bad security

Solution

So how can that be fixed because remembering long complex passwords like oT(O§%isaB"4 is hard. Answer: Instead of using "words" in passwords, use sentences.

Example:
ilikenewyorkquitealot
natureisimportanttome
danhasbeautifuleyes
ireallylovethehow2itsecblog

=> 🔒✅ Stronger passwords
=> 🔒✅ Fast to type
=> 🔒✅ Easy to remember

Additional tipps:
1. Always use two or multi-factor-authentication (2FA/MFA)
2. Use a password-manager (like the free keepass)
3. Protect your mailaccounts! Use unique and long passwords with 2FA for them. Because that is the place were you reset your passwords.


German:

Vergessen Sie "Passwort", es sollte "Pass-Satz" heißen

Unglücklicherweise heißt es "Passwort". Darin steckt das Wort "wort". Viel besser wäre, wenn es "Pass-Satz" heißen würde. Das klassische Password sieht wie folgt aus:

alina11$
456peter
nadine030
target123
cowboy123

etc..

Wort + Zahl (+ Sonderzeichen) ==> ❌Sehr schlechte Sicherheit

Solution

Was kann man in der Praxis dagegen tun? Denn sich lange komplexe Passwörter merken wie oT(O§%isaB"4 ist schwierig. Antwort: Statt "Pass-Wörter" zu verwenden, lieber "Pass-Sätze" verwenden:

Beispiel::
ilikenewyorkquitealot
natureisimportanttome
danhasbeautifuleyes
ireallylovethehow2itsecblog

=> 🔒✅ Bessere Sicherheit
=> 🔒✅ Schnell eingetippt
=> 🔒✅ Leicht zu merken

Zusätzliche Tipps
1. Immer Zwei- oder Mehrfaktor-Authentifizierung verwenden (2FA/MFA)
2. Einen Passwort-Manager verwenden (wie das kostenfreie keepass)
3. Schützen Sie Ihre Mailaccounts! Nutzen Sie mindestens dort immer einzigartige lange Passwörter + 2FA. Denn hier werden Passwörter zurückgesetzt.

Intel NUC 10th gen running VMware ESXi 7.0

Due to growing data I had to add more storage. Therefore I bought a new Intel NUC (10th generation)  running VMware ESXi 7.0. Really helpful for the setup is again virten.net, which provides all the necessary information.

Simply installing the ESXi on the NUC using a USB stick. For creating the USB stick I used rufus. For the ESXi image use the steps from virten.net, in order to create an ESXi 7.0 image with a network interface card driver which works for Intel NUC 10th gen (otherwise an error about "No Network Adapters" is shown).

Start PowerShell (with Admin-Rights) and type in:

Add-EsxSoftwareDepot https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
Export-ESXImageProfile -ImageProfile "ESXi-7.0.0-15843807-standard" -ExportToBundle -filepath ESXi-7.0.0-15843807-standard.zip
Remove-EsxSoftwareDepot https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
Add-EsxSoftwareDepot .\ESXi-7.0.0-15843807-standard.zip
Add-EsxSoftwareDepot .\ESXi670-NE1000-32543355-offline_bundle-15486963.zip
New-EsxImageProfile -CloneProfile "ESXi-7.0.0-15843807-standard" -name "ESXi-7.0.0-15843807-NUC" -Vendor "virten.net"
Remove-EsxSoftwarePackage -ImageProfile "ESXi-7.0.0-15843807-NUC" -SoftwarePackage "ne1000"
Add-EsxSoftwarePackage -ImageProfile "ESXi-7.0.0-15843807-NUC" -SoftwarePackage "ne1000 0.8.4-3vmw.670.3.99.32543355"
Export-ESXImageProfile -ImageProfile "ESXi-7.0.0-15843807-NUC" -ExportToIso -filepath ESXi-7.0.0-15843807-NUC.iso
Export-ESXImageProfile -ImageProfile "ESXi-7.0.0-15843807-NUC" -ExportToBundle -filepath ESXi-7.0.0-15843807-NUC.zip

If there is an issue "about_Execution_Policies" (https:/go.microsoft.com/fwlink/?LinkID=135170), like:

+ Import-Module VMware.ImageBuilder
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : Sicherheitsfehler: (:) [Import-Module], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess,Microsoft.PowerShell.Commands.ImportModuleCommand
 

then you can help yourself using the following temporary workaround:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

❗Warning! This is a possible security issue (see MS documentation). Set this setting back to default after creating the image using:

Set-ExecutionPolicy -ExecutionPolicy Default 

Update 04.01.2021: After having problems with large file transfers from and to the ESXi or from and to VMs running on the ESXi, I've reinstalled ESXi6.7u3 on the NUC. The problems continued and large file transfers using SCP, using SFTP or HTTPS always were corrupted or broke up, no matter which application or operating system. So I decided to switch to proxmox. Proxmox and the VMs on Proxmox work fine and have no issues.

SIEM Use Case - find suspicious powershell commands

Microsofts Powershell is a very mighty tool, which can be used as LoLBin. To detect suspicious powershell commands or scripts, a SIEM use case in order to find suspicious powershell-commands can be:

Logging / Data Source

Active PowerShell Script Block Logging (Event ID 4104) OR use your Advanced Endpoint Protection AEP or Endpoint Detection and Response EDR tool like VMware Carbon Black, Microsoft Defender ATP, Crowdstrike or the other tools.

SIEM use case / fetch suspicious powershell

1. process = powershell.exe

&&

2. cmd = ToBase64String OR FromBase64String OR -e OR -en OR -enc OR -enco OR -encod OR -encode OR -encoded OR -encodedc OR -encodedco OR -encodedcom OR -encodedcomm OR -encodedcomma OR -encodedcomman OR -encodedcommand OR -ec

&&

3. not cmd = Windows\CCM\*

More very useful information

Windows 10 start menu critial error fix

A possible solution to the following error in Windows 10 when trying to use the start menu:

English Error:

Critical Error – Your Start menu isn't working. We'll try to fix it the next time you sign in.

German Error:

Schwerwiegender Fehler Ihr Startmenü funktioniert nicht. Wir beheben das Problem, sobald Sie sich neu anmelden. Jetzt abmelden.

Start menu error

Possible solution for Windows 10 start menu

  1. Launch the Task manager
  2. Open a new PowerShell window with administrative privileges


  3. Paste the following line into the PowerShell window

    Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

    Powershell Command

  4. Ignore the errors and wait until it is finished (a new line PS C:\Windows\system32 is shown)
  5. Reboot Windows

 If that doesnt not help, try sfc /scannow or dism /online /cleanup-image /restorehealth or checkdisk or analyze the issue with procmon.

Monitor Nextclouds API XML via PRTG with Powershell

In order to monitor your Nextcloud API (XML) via PRTG, you can use the following steps:  https://github.com/flostyen/PRTGScripts/tree/master...