You tell me.
A client, a doctor none the less, still has a running XP in the praxis and at home. It is highly specialized for 24h EKG monitoring - and also VERY expensive. The Software - actually just for the driver for win7 - would have cost 20’000.-, for four patients and four years operation?
He has one more year to pension, so we had a VM running a well protected XP for the time of Win7 and now, with Win10…
It works, is secure, client happy, 'nuff said! 
Hihihi, I see that 
That praxis also had among the most exotic stuff i ever connected to the network - and monitored in Zabbix!
Like 2 Philips Ultraschall, another Ultraschall from another company, a Horriba and UriSys, both serially connected to a Network Port which is in turn monitored. The Horriba and UriSys both deal with urine monitoring…
All three ultraschall have some form of XP (embedded?)…
Cool and interesting, as our company has exactly those kind of clients too.
How are these “plans” generated? Is there a tool for that, to generate them (semi-)automatically or all “painted” manually?
All in WebGUI of Zabbix… 
Klick add, drag and drop to the “right” position, choose the host and symbol…
These are LIVE plans, each host can signal issues, updates and such.
You can also set the icon according to state…
Like the nuclear cloud when an important server goes “poof”…
At some clients i also add “boxes” or “areas” to symbolize rooms, or buildings (a form of grouping…)
Zabbix is really well templatable, and that can save a lot of time. Like I made my own template for raspberry monitoring & NUT, with a nice host screen all rolled into one.
Daaamn, another reason to soon install Zabbix 
But I have to force myself for someholidays first, else I am risking a burnout
Holidays and relaxation also increase awareness and “Aufnahmefähigkeit”, or the ability to suck up new info…
Just more fun around, when you’re back, recharged and ready to roll up your sleeves!
Absolutely!
Do you know, where the noise in nethserver comes? I mean on my gentoo box and also on hosted proxmox server, it is quiet where in nethserver log, even now that I disabled password login and only password secured certificate based login is allowed there are still all those attempts logged like:
Feb 21 23:37:11 hostname sshd[14242]: Invalid user zabbix from 139.99.89.53 port 50182
Feb 21 23:37:11 hostname sshd[14242]: input_userauth_request: invalid user zabbix [preauth]
Feb 21 23:37:11 hostname sshd[14242]: Received disconnect from 139.99.89.53 port 50182:11: Bye Bye [preauth]
Feb 21 23:37:11 hostname sshd[14242]: Disconnected from 139.99.89.53 port 50182 [preauth]
Feb 21 23:37:13 hostname sshd[14250]: Invalid user dev from 190.1.203.180 port 52452
Feb 21 23:37:13 hostname sshd[14250]: input_userauth_request: invalid user dev [preauth]
Feb 21 23:37:13 hostname sshd[14250]: Received disconnect from 190.1.203.180 port 52452:11: Bye Bye [preauth]
Feb 21 23:37:13 hostname sshd[14250]: Disconnected from 190.1.203.180 port 52452 [preauth]
Feb 21 23:37:20 hostname evebox: 2020-02-21 23:37:20 (evefileprocessor.go:176) – Total: 125; last minute: 1; EOFs: 60
Feb 21 23:37:24 hostname sshd[14286]: Received disconnect from 138.68.237.12 port 45846:11: Bye Bye [preauth]
Is nethserver just configured to log more verbosely than a standard debian or gentoo would probably do? I was under the impression, that disabling password login it would stop those attempts on those random ports that are closed anyway… Nevermind, this (restrict ssh to cert.based access) was my last task for the next days/weeks. I have to take a break
Well it depends. My gentoo box is mail-, web and nextcloud server among some other services, and although you see some attempts trying to guess password accounts for mail, which I take care of with fail2ban, there are no log entries about ssh attempts. The same goes with proxmox srv which I admit only non standard ssh port is open. But still - no ssh attempts logged whatsovever whereas the spaming in nethserver log as copy/pasted above is bit much. Nevermind. Maybe thats normal nowadays, even the ssh port is changed to a non standard port here on nethserver too. Nope, random stuff, not my ips…
Maybe I’ll post a new thread asking @devs if it is normal behaviour that /var/logmessages is so noisy on ssh attempts to closed ports.
A “standard” Debian or Gentoo simply doesn’t have ANY services available. Where there’s nothing, there’s also nothing to log.
Hook up your Gentoo with sshd on the standard port 22 to your internet, you’ll soon see log entries…
And I think your NethServer does have a LOT more services available than just SSH…
It IS a Server, and not a WorkStation…
Are any of those IPs yours?
Have a good “Recharge”!!!
Thank you!! It was a pleasure to chat with you as always!
CU - after recharge!
yep, just wanted to add that enabling fail2ban made noise disappear immediately. Surprisingly enough, there were just 11 ips banned for now, that were generating all this entries, and now its quiet and /var/log/messages is readable again
Changing ports from standard 22 to 2222 is already a BIG help, fail2ban silences those with Portscanners…
Windows the same thing - change RDP to say 3391-3399, that’s already a BIG help.
That’s a small registry work to do it locallly (I have the standard port and the other port available locally, externally only the other port is available. More secure boxes are only reachable via VPN.
OPNsense can easily do PAT (Like NAT, but dealing with Ports).
Something like accept 3391 from internet, forward to 3389 (the standard RDP port) on box XXX…
This saves the trouble of doing it in the windows registry…
My personal standard working set:
mc, nano, htop, screen, fail2ban
Monitoring:
snmp, zabbix agent
I like having these tools on all my Un*x based boxes, no matter if server or workstation.
It’s like my swiss army knife…
Andy
222 and 2222 are “too far” knockable anyway.
I choose another non standard port for SSH. Without Fail2ban, no “failed logins” reported when i connect.
21 is also good. portscanners expect telnet…
FTP maybe?
sry, meant 23…
