i encountered a scenario where an employee returned to the organization after their office365 persona was past the 30 day soft-delete limit. normally, that is no big deal; they’d just end up with a new mailbox. however, in this case i believe since a litigation hold was enabled on the mailbox, the mailbox was retained as a deleted mailbox past the 30 day marker in exchange online. the mailbox would not reattached to the reenabled AD user and i could not manually recover the inactive mailbox in exchange online because this was a federated user. microsoft has instructions on how to recover an inactive mailbox here: https://technet.microsoft.com/en-us/library/dn894100(v=exchg.150).aspx, but they do not work on a federated user. there’s a very convoluted workaround described here: https://blogs.technet.microsoft.com/exovoice/2016/11/21/how-to-restore-an-inactive-mailbox-for-a-federated-user-in-an-exchange-hybrid-deployment/

additional info:
https://technet.microsoft.com/en-us/library/dn186233(v=exchg.150).aspx
https://technet.microsoft.com/en-us/library/dn144876(v=exchg.150).aspx

for starters:
get-mailbox -inactivemailboxonly -identity [UPN]

then you have to remove the litigation hold to be able to do anything with the mailbox, like so:
set-mailbox -inactivemailbox -identity [alias] -litigationholdenabled $false
source: https://technet.microsoft.com/en-us/library/dn890381(v=exchg.150).aspx

the following all resulted in “The operation couldn’t be performed because ‘user’ matches multiple entries.”:
remove-mailbox -identity [alias] -permanentlydelete
remove-mailbox -identity [upn] -permanentlydelete
remove-mailbox -identity [“display name”] – permanentlydelete
get-mailbox [alias] -includeinactivemailbox | remove-mailbox -permanentlydelete

i then ran “get-mailbox [alias] -includeinactivemailbox | fl” and retrieved a unique SamAccountName”
and followed up with:
remove-mailbox -identity [SamAccountName] -permanentlydelete
this time the error was “This mailbox cannot be permanently deleted since there is a user associated with this mailbox in Azure Active Directory”.
finally some progress…

i then unsynced the local AD user and forced the deletion of the O365 account with the usual tactic of:
get-msoluser -returndeletedusers -userprincipalname [UPN] | remove-msoluser -removefromrecyclebin -force
then after a minute or so i was able to run the remove-mailbox command above successfully

quick start method:
https://github.com/instructure/canvas-lms/wiki/Quick-Start
i had to run the following to get ./CODES.sh –full setup to successfully complete:
gem list bundler
sudo gem uninstall bundler
sudo gem install bundler -v 1.12.5

production method:
https://github.com/instructure/canvas-lms/wiki/Production-Start
i had to uninstall some other versions of ruby and standardize on ruby2.3.
check ruby version with: ruby -v
after the ruby cleanup i needed to run: sudo gem update –system
to alter the postgres password for the “canvas” user i ran:
sudo -u postgres psql postgres
\password canvas

in ubuntu, uninstall the netcat-openbsd version by running:
sudo apt-get remove –purge netcat-openbsd

then run:
sudo apt-get install netcat-traditional

verify the traditional netcat version is installed by running:
nc -h
if the -e option is listed then traditional is installed

port scanning:
nc -v -w 1 192.168.1.10 -z 1-1000
mirabox.local [192.168.1.10] 53 (domain) open
mirabox.local [192.168.1.10] 22 (ssh) open
^the 1-1000 portion indicates the port range

banner grabbing:
nc 192.168.1.1 80
HTTP/1.1 200
HTTP/1.0 400 Bad Request
Server: httpd/2.0

nc -nv 10.0.2.7 80
(UNKNOWN) [10.0.2.7] 80 (http) open
HTTP/1.1 200
Apache/2.4.23 (Win32) OpenSSL/1.0.2h PHP/5.6.28

nc -nv 10.0.2.7 21
(UNKNOWN) [10.0.2.7] 21 (ftp) open
220-FileZilla Server version 0.9.41 beta

nc 192.168.1.10 22
SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u4

nc -nv 10.0.2.7 143
(UNKNOWN) [10.0.2.7] 143 (imap2) open
* OK localhost IMAP4rev1 Mercury/32 v4.62 server ready.

transferring a file:
nc -v -w 30 -p 3333 -l < mytext.txt (sending)
nc -v -w 2 192.168.1.50 3333 > mytext.txt (receiving)
-or-
nc -nv 10.0.2.7 3333 < mytext.txt
nc -nlvp 3333 > mytext.txt

server/client chat:
nc -nlvp 4000 (server)
listening on [any] 4000 …
connect to [10.0.2.7] from (UNKNOWN) [10.0.2.8] 44010
test
test2

nc -nv 10.0.2.7 4000 (client)
(UNKNOWN) [10.0.2.7] 4000 (?) open
test
test2

this is something i’ve been mulling over for the past few months. most enterprise NAS devices support NDMP backups which is nice. what’s not nice is that most backup software vendor want a fortune (practically) to use the NDMP functionality.

this made me research freeware and open source NDMP backup solutions. the big open source names like bacula and amanda also charge for NDMP functionality. i also found ndmpcopy, but it didn’t seem very straight forward from the docs i found.

the most promising thing i found was “bareos” which seems to be a not so amicable fork of bacula that includes NDMP functionality free of charge.

bareos info:
http://doc.bareos.org/master/html/bareos-manual-main-reference.html
https://github.com/bareos/bareos/blob/master/README.NDMP
http://www.admin-magazine.com/Articles/Free-Enterprise-Backup-with-Bareos

***update 12/16/2016***
forget the above information, i’ve found a method of backing up NAS presented shares with netbackup without incurring additional licensing costs. the netbackup server itself can directly back up SMB shares. the process is detailed in the support article “How to back up CIFS shares on Windows with Netbackup” – https://www.veritas.com/support/en_US/article.TECH198175

my goto utility for disk wiping is usually DBAN, but at least in the past i’ve always encountered some problems with getting DBAN to detect external disks i.e. connected via USB. this may no longer be an issue with the latest versions but i didn’t feel like repeating old mistakes. so i started looking at utilities that could be ran directly from the host OS.

at first i tried the eraser utility in windows but it kept crashing during the wipe process. i believe i’ve always had some stability issues with this application.

next, i decided to research the available options in linux. like everything in linux it appeared that were a million ways to skin this cat. from some very basic research these methods seem to be the easiest and relatively secure:
dd if=/dev/urandom of=/dev/sdb bs=1M
scrub /dev/sdb
scrub -p dod /dev/sdb
shred -v /dev/sdb

the “scrub -p dod” option seems to be the most secure. note: in ubuntu i had to install the package for scrub.

i’ve been looking into the security certifications to take one in early 2017. here’s the info i gathered so far:

i haven’t messed around with vnc in ages so i was a little bit lost on how to set it up on a modern linux system. after some googling and trial and error i figured out the following… in ubuntu 16.04, vnc is built into the system as desktop sharing (just use the dash to search for this phrase). ubuntu help about this here: https://help.ubuntu.com/16.04/ubuntu-help/sharing-desktop.html

desktop sharing is actually just gnome’s vnc implementation vino. everything appeared straight forward at this point, but i could not connect to the vino server from a windows machine using tigervnc. i kept receiving a “no matching security types” error when attempting to connect. additionally, the vino server log listed “advertising security type 18” during start up. a quick search indicated that encryption needed to be disabled.

i ran into issues thinking that i could disable vino encryption globally (via root) and everything would be fine. apparently, the setting is per user. to alter the setting install dconf and run dconf-editor and change /org/gnome/desktop/remote-access/require-encryption to false.

i was applying some updates to my mirabox recently (which was running debian wheezy) and i decided hey why don’t i see if i can upgrade this thing to debian jessie. this ended up being a big mistake. jessie installs a version of udev that requires a newer kernel than supplied by the mirabox. i forced a new ARM kernel package on the mirabox and was 98% sure that the system would not come up after a reboot.

my suspicions were correct and i had an unbootable mirabox. after doing some digging i found it was possible to create a microSD rescue disk (download link: https://docs.google.com/file/d/0B0imSF-34b8dZEc0SFo3N1Fzb0E/edit). create a 100MB fat16 partition on a microSD card and then create another partition that consumes the rest of the space as ext3. copy the mirabox file to the fat16 partition and extract the rootfs.tgz file to the ext3 partition.

next interrupt the boot process over a usb-serial connection to get into the uboot mode. with the microSD card inserted into the mirabox run:
usb start
set bootcmd ‘usb start; fatload usb 1 0x6400000 mirabox; bootm 0x6400000’
set bootargs ‘console=ttyS0,115200 root=/dev/sdb2 rootwait’
boot

i ran “usb start” first because it appears that the microSD (MMC) access relies on the usb/mass storage subsystem.

the mirabox will now boot from the microSD rescue disk. on first boot the system seemed to infinitely hang at eth0 becoming available. to get around this i plugged eth0 into a spare wireless router port and tried the boot once more. this time it went much better and i was able to get to a login and use the root/nosoup4u credentials.

i then plugged in a usb stick that i had copied a rootfs_mira_debian7_v5_v7_arm8766.img file to (download location: https://code.google.com/archive/p/mirabox/downloads). i then went to the directory where the usb stick auto-mounted. it ended up being /media/usb2 in my case.

i then ran:
ubiformat /dev/mtd2 –flash-image=rootfs_mira_debian7_v5_v7_arm8766.img
sync
reboot

and removed the microSD card and usb stick.

sources:

Reflashing GlobalScale Mirabox filesystem

https://www.newit.co.uk/forum/index.php?topic=3880.0