the S.A.M.S.I.G. blog

Security Automation Management Scripting Infrastructure Geek

Extending GPT/LVM disk on CentOS

Friday turned out to be a tinker day, one of those where you come home a little wiser than when you left ūüôā

In production we have some HPE servers running large data collections, something I guess would qualify as big-data. They are based on CentOS 7.2 and each have a data volume of 15TB that was running low.

Continue reading

How to license Microsoft Server 2016 in a virtual environment

Or maybe the title should have been “How to correctly license Microsoft Server 2016 in a virtual environment”

I know it’s not a new thing and there are many sites describing the procedure on how to find out what license packs you need when having to license correctly with the changes made to the license model beginning with Server 2016.

Continue reading

Kickstart your knowledge in 2018

Christmas is just around the corner and the year is coming to a close.

Usually this last quarter is one of the busiest of the year for the companies as the last orders needs to be closed before the financial year closes.

So when January comes we should be filled with renewed energy and a lot of new years resolutions that needs to be fulfilled.

One of them could be how to advance our skillset, maybe get inspired to take on new projects to move the business forward or simply just meet some old or maybe new friends and get a feeling of what direction the industry is heading in 2018.

Here are a couple of the “must attend” events in the first quarter of 2018, both in Copenhagen.

Continue reading

Junk Mail filter in Office 365

One of the things we found after moving the mail to Office 365 is that sometimes mail will get moved to the Junk mail folder even though the Exchange Online spam filter and Outlook configuration was modified in a way that would allow mail to arrive in the Inbox.

So what is happening?

Although we have changed the configuration in Outlook and Exchange Online, we still have a junk email rule per mailbox in Exchange. This behaviour has been present since Exchange 2010 but we are seeing this becoming an issue when mailboxes are being migrated from on-premises (where it have been disabled) to Exchange Online that have the junk email configuration enabled by default.

Therefore we need to connect to Exchange Online through powershell and use the Set-MailboxJunkEmailConfiguration cmdlet to change the settings for each mailbox.

The quick and dirty command is:

Set-MailboxJunkEmailConfiguration <user> -Enabled $false

Microsoft actually has a great writeup on the subject here: https://technet.microsoft.com/en-us/library/bb123559(v=exchg.160).aspx

It is worth mentioning that this setting can also be changed from the users web mail.

Preparing Azure AD (Office 365) for SIEM Integration – Part 1

Office 365 (O365) allows customers to host their Office solution in the Microsoft cloud. With the proper credentials and configuration, it’s possible for the LogRhythm System Monitor to collect O365 management events from the following applications through the Office 365 Management Activity API:

  • SharePoint
  • OneDrive
  • Exchange
  • Azure Active Directory (Azure AD)

Continue reading