20250512 notes

2025-05-12 10:50:38 +02:00
parent 41e3cc1e7f
commit ec24a01180
15 changed files with 648 additions and 63 deletions
--- a/.DS_Store
+++ b/.DS_Store
--- a/.obsidian/workspace.json
+++ b/.obsidian/workspace.json
@@ -37,7 +37,7 @@
            "state": {
              "type": "markdown",
              "state": {
-                "file": "diary/2025-05-02.md",
+                "file": "diary/2025-05-12.md",
                "mode": "source",
                "source": true,
                "backlinks": true,
@@ -52,16 +52,16 @@
                }
              },
              "icon": "lucide-file",
-              "title": "2025-05-02"
+              "title": "2025-05-12"
            }
          },
          {
-            "id": "f311d0c07a57b878",
+            "id": "86c29268ca41e5b5",
            "type": "leaf",
            "state": {
              "type": "markdown",
              "state": {
-                "file": "projects/OPNsense/STANDARDS/Monthly-Time.md",
+                "file": "projects/ssr/20250508-Zertifikate-einspielen.md",
                "mode": "source",
                "source": true,
                "backlinks": true,
@@ -76,16 +76,16 @@
                }
              },
              "icon": "lucide-file",
-              "title": "Monthly-Time"
+              "title": "20250508-Zertifikate-einspielen"
            }
          },
          {
-            "id": "33e939315b6ac8f0",
+            "id": "9561e0ce96909fdd",
            "type": "leaf",
            "state": {
              "type": "markdown",
              "state": {
-                "file": "projects/OPNsense/STANDARDS/Feature-Capability.md",
+                "file": "projects/patryk-projekt/202503012-initial.md",
                "mode": "source",
                "source": true,
                "backlinks": true,
@@ -100,17 +100,17 @@
                }
              },
              "icon": "lucide-file",
-              "title": "Feature-Capability"
+              "title": "202503012-initial"
            }
          },
          {
-            "id": "855d54493706a383",
+            "id": "9700bd7cccc0bbf4",
            "type": "leaf",
            "state": {
              "type": "markdown",
              "state": {
-                "file": "projects/OPNsense/STANDARDS/possible-impovements.md",
+                "file": "projects/patryk-projekt/20250512-gemma-planning.md",
-                "mode": "source",
+                "mode": "preview",
                "source": true,
                "backlinks": true,
                "backlinkOpts": {
@@ -124,35 +124,11 @@
                }
              },
              "icon": "lucide-file",
-              "title": "possible-impovements"
+              "title": "20250512-gemma-planning"
            }
          },
          {
            "id": "6afce9769f210b2e",
            "type": "leaf",
            "state": {
              "type": "markdown",
              "state": {
                "file": "projects/w&h-Projekt/20250430-ap-in-garten.md",
                "mode": "source",
                "source": true,
                "backlinks": true,
                "backlinkOpts": {
                  "collapseAll": false,
                  "extraContext": false,
                  "sortOrder": "alphabetical",
                  "showSearch": false,
                  "searchQuery": "",
                  "backlinkCollapsed": false,
                  "unlinkedCollapsed": true
                }
              },
              "icon": "lucide-file",
              "title": "20250430-ap-in-garten"
            }
          }
        ],
-        "currentTab": 1
+        "currentTab": 4
      }
    ],
    "direction": "vertical"
@@ -328,45 +304,45 @@
      "templater-obsidian:Templater": false
    }
  },
-  "active": "b865e0663684cf60",
+  "active": "9700bd7cccc0bbf4",
  "lastOpenFiles": [
-    "diary/2025-04-29.md",
+    "projects/patryk-projekt/202503012-initial.md",
-    "diary/2025-05-02.md",
+    "projects/ssr/20250508-Zertifikate-einspielen.md",
-    "projects/w&h-Projekt/20250430-ap-in-garten.md",
+    "projects/patryk-projekt/20250512-gemma-planning.md",
    "projects/patryk-projekt/20250319-projekt-berschreibung.md",
    "diary/2025-05-12.md",
    "diary/2025-05-09.md",
    "diary/2025-05-08.md",
    "projects/OPNsense/STANDARDS/possible-impovements.md",
    "projects/OPNsense/STANDARDS/Feature-Capability.md",
    "projects/OPNsense/STANDARDS/Monthly-Time.md",
    "projects/OPNsense/STANDARDS/Feature-Capability.md",
    "projects/sbx/meetings/20250506-saulius-meetup.md",
    "diary/2025-05-07.md",
    "diary/2025-05-06.md",
    "projects/sbx/20250505-sbx-projects-status.md",
    "projects/sbx/meetings",
    "diary/2025-05-02.md",
    "projects/onboarding/onboarding-new-employees/checklist-new-employee.md",
    "diary/2025-05-05.md",
    "diary/2025-04-03.md",
    "diary/2025-04-02.md",
    "diary/2025-04-01.md",
    "projects/sbx/manuals/Sophos-SG_PPPoE-data.md",
    "projects/w&h-Projekt/20250430-ap-in-garten.md",
    "diary/2025-04-29.md",
    "projects/kwa/firewall_migration/20250317_first-meeting.md",
    "projects/w&h-Projekt",
    "diary/2025-04-30.md",
    "projects/OPNsense/Schulungen/Untitled",
    "projects/OPNsense/unknown/opnsense-proposal-draft.md",
    "projects/OPNsense/Initial-Notes/OPNsense-approxminated-service-time.md",
    "projects/OPNsense/STANDARDS",
    "projects/OPNsense/unknown",
    "projects/OPNsense/unknown/opnsense-planing.md",
    "projects/OPNsense/unknown/opnsense-frankeriger-current.md",
    "projects/OPNsense/unknown/opnsense-checklists.md",
    "projects/OPNsense/unknown/opnsense-central-management.md",
    "projects/OPNsense/unknown/opnsense-bussines-edition.md",
    "projects/OPNsense/Schulungen/20250319-pre-meeting-prep.md",
    "projects/OPNsense/Schulungen/20250305-initial_ideas.md",
    "projects/OPNsense/Initial-Notes/OPNsense.md",
    "projects/OPNsense/Initial-Notes/OPNsense-config.md",
    "projects/OPNsense/Initial-Notes/OPNsense-config_summary.md",
    "projects/OPNsense/Initial-Notes/OPNsense-future.md",
    "projects/OPNsense/opnsense-utm-features/opnsense-ids_ips-suricata.md",
    "projects/OPNsense/opnsense-utm-features/opnsense-utm-checklist.md",
    "projects/OPNsense/opnsense-utm-features/opnsense-lets_encrypt.md",
    "projects/OPNsense/Initial-Notes/OPNsense_IDS-and-IPS.md",
    "projects/kwa/firewall_migration/20250414-preparation.md",
    "archive/APSA",
    "files/Pasted image 20250429110706.png",
    "projects/win10_2_win11",
    "projects/sbx/manuals",
    "projects/ssr/202504-4architekten",
    "projects/sbx/firewall-std",
    "archive/boschmann+feth",
    "files/discopharma/discopharma-infra.drawio.png"
  ]
 }
--- a/diary/2025-05-02.md
+++ b/diary/2025-05-02.md
@@ -4,16 +4,34 @@ $i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\
 ### KWA OPNsense nacharbeit
 - [x] Nina VPN einrichten
 - [x] backup via ftp to nas if possible --> backup via opncentral
 - [x] Switch und APs in IT-Glue hinterlegen
 - [ ] change ilo ip such that its in the mgmt net
 - [ ] unifi cloud key mit cloud koppeln
 - [x] Switch und APs in IT-Glue hinterlegen
 - [ ] physische Beschriftung anpassen
 ### SSR offene Themen
 - [ ] Wildcard Zertifikat abgelaufen
 - [ ] Firewall Migration
 - [x] homepage schriftart
 - [ ] MS Teams nicht mehr unterstuetzt unter MacOS<=13
 - [ ] Domaenen umziehen
 ## Timestamps
- 08:15 - 09:30: Ticketpflege
+- 09:30 - 10:15: Ankunft und Saulius Rechner und Accs unterstuetzen einrichten
- 09:30 - 10:00: Meinen Windows Rechner pruefen auf wichitge Dateien
+- 10:15 - 10:30: Mails sortieren
 - 10:30 - 11:00: Saulius unterstuetzen, Mailpflege
 - 11:00 - 11:30: Kontakt mit Annika Luedeke, Mails schreiben an Nina zu KWA und SSR, Pruefe KWA Firewall
 - 11:30 - 12:15: Lagebesprechung von Offenen anstehenden Themen bei SSR. VPN bei KWA Rechner von Nina einrichten
 - 12:15 - 13:30: Pause
 - 13:30 - 14:00: Liste erstellen aller Mac's bei SSR (Teams nicht mehr supported von MacOS<=13)
 - 14:00 - 15:00: Unterstuetzung Sebastian bei TGA
 - 15:00 - 16:00: IT-Glue docs fuer KWA Firewall
 - 16:00 - 16:15: OPNsense (central) pruefen, angebot fuer apsa erstellen lassen von Herrmann
 - 16:15 - 16:30: Ticketpflege
 ## todo
--- a/diary/2025-05-05.md
+++ b/diary/2025-05-05.md
--- a/diary/2025-05-06.md
+++ b/diary/2025-05-06.md
@@ -0,0 +1,92 @@
 $i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$
 ![important](files/sbx/important.png)
 ### KWA OPNsense nacharbeit
 - [x] Nina VPN einrichten
 - [x] backup via ftp to nas if possible --> backup via opncentral
 - [x] Switch und APs in IT-Glue hinterlegen
 - [x] physische Beschriftung anpassen
 - [ ] change ilo ip such that its in the mgmt net
 - [ ] unifi cloud key mit cloud koppeln
 - [ ] usv hat eine snmp karte
 ### SSR offene Themen
 - [ ] Firewall Migration
 - [ ] MS Teams nicht mehr unterstuetzt unter MacOS<=13
 - [ ] Domaenen umziehen
 ### Todo
 - [ ] apsa update firewall
 - [ ] ssr lizenz einspielen
 ## Timestamps
 - 08:45 - 09:00: Kaffee Fruehstucke
 - 09:00 - 09:30: TGA VPN geht nicht bei Hoelle: Firewall logs unf Einstellungen pruefen
 - 09:30 - 10:00: OPNcentral config anpassen, Moeglichkeiten durchgehen
 - 10:00 - 10:15: Lizenz bei APSA einspielen: Update muss durch gefuehrt werden mit reboot
 - 10:15 - 10:30: [x] Telefonat mit Herr Hoerz. (W&H Architekten)
 - 10:45 - 11:45: Pruefe KWA Firewall auf Rueckmeldung von Nina: Gateway routing Problem. Automatisch generiertes Gateway macht Probleme
 - 12:00 - 13:00: Pause
 - 13:00 - 13:30: Zertifikate einspielen
 - 13:30 - 14:30: Kennenlern Meeting mit Saulius
 - 14:30 - 15:30:  Anfahrt kwa
 - 15:30 - 16:30: Labeling, usv hat eine snmp karte, gespraech mit kunden, bilder machen
 - 16:30 - 17:30: VectorWorks23 bei Thea installieren: Programm beschaedigt.. es geht nicht
 ## Timestamps
 - 09:30 - 10:15: Ankunft und Saulius Rechner und Accs unterstuetzen einrichten
 - 10:15 - 10:30: Mails sortieren
 - 10:30 - 11:00: Saulius unterstuetzen, Mailpflege
 - 11:00 - 11:30: Kontakt mit Annika Luedeke, Mails schreiben an Nina zu KWA und SSR, Pruefe KWA Firewall
 - 11:30 - 12:15: Lagebesprechung von Offenen anstehenden Themen bei SSR. VPN bei KWA Rechner von Nina einrichten
 - 12:15 - 13:30: Pause
 - 13:30 - 14:00: Liste erstellen aller Mac's bei SSR (Teams nicht mehr supported von MacOS<=13)
 - 14:00 - 15:00: Unterstuetzung Sebastian bei TGA
 - 15:00 - 16:00: IT-Glue docs fuer KWA Firewall
 - 16:00 - 16:15: OPNsense (central) pruefen, angebot fuer apsa erstellen lassen von Herrmann
 - 16:15 - 16:30: Ticketpflege
 ## todo
 ### General
 - [ ] Liste erstellen aller Projekte, die es gibt und neuem Mitarbeiter vorstellen
 - [ ] handout fuer jeweils sophos und opnsense als vergleich
 - [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung
 - [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs
 - [ ] kwa/ssr snmp karten fuer usv
 - [ ] update filewave admin und central
 ### SBX
 - [ ] backup on external drive for pve.lab.softbox.net
 - [ ] check if possible to monitor vsphere passwd expiration
 - [ ] create obsidian templates (Meetings, People, )
 - [ ] sbx - opsreportcard summary for action plan
 - [ ] fuege bharchitekten zu connectsecure hinzu
 - [ ] erstelle connectsecure report fuer grasslfing
 - [ ] cybercns bei heilmaier
 - [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups
 #### OPNsense
 1. check franke rieger firewall setup
 2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...)
 3. test management via opncentral
 4. write manual for on-boarding 
 	- setup wan manually 
 	- couple to opncentral 
 	- send generic config via opncentral 
 	- use manual for missing specific configs
 	- check workings of everything
--- a/diary/2025-05-07.md
+++ b/diary/2025-05-07.md
@@ -0,0 +1,92 @@
 $i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$
 ![important](files/sbx/important.png)
 ### KWA OPNsense nacharbeit
 - [x] Nina VPN einrichten
 - [x] backup via ftp to nas if possible --> backup via opncentral
 - [x] Switch und APs in IT-Glue hinterlegen
 - [x] physische Beschriftung anpassen
 - [x] unifi cloud key mit cloud koppeln
 - [ ] change ilo ip such that its in the mgmt net
 - [ ] usv hat eine snmp karte
 ### SSR offene Themen
 - [ ] Firewall Migration
 - [ ] MS Teams nicht mehr unterstuetzt unter MacOS<=13
 - [ ] Domaenen umziehen
 ### Todo
 - [ ] ssr lizenz einspielen
 ## Timestamps
 - 09:15 - 09:30: Ticketpflege, Projektplanung
 - 09:30 - 09:45: Ninja Fehlermeldungen beheben, KWA Mailstore und mail server updaten
 - 09:45 - 10:00: Ticketpflege
 - 10:00 - 10:30: Ninja: Versuche Windows Updates durchzufuehren wo fehlgeschlagen. macht es nicht
 - 10:30 - 11:00: KWA - FW Migraiton: NInja monitoring: Passe Ip Addressen in Ninja an und setze firewall regeln
 - 11:00 - 11:15: KWA Bilder in IT_Glue eintragen
 - 11:15 - 11:30: Microsoft support schreiben. Plane Termine
 - 11:30 - 12:30: Linux Server updaten und sources.list updaten
 - 12:30 - 13:30: Pause
 - 13:30 - 14:00: Recherche: Glasfaser Anschluss bei  KWA, FritzBox raus, Mail an Sebastian und Nina
 - 14:00 - 16:30: Privat
 - 16:30- 17:00: [x] apsa firewall update nach lizenz verlaengerung. Mehrere updates
 ## Tuesday
 - 10:45 - 11:45: Pruefe KWA Firewall auf Rueckmeldung von Nina: Gateway routing Problem. Automatisch generiertes Gateway macht Probleme
 - 13:00 - 13:30: SSR: Zertifikate einspielen
 - 14:30 - 15:30: Anfahrt kwa
 - 15:30 - 16:30: Labeling, usv hat eine snmp karte, gespraech mit kunden, bilder machen
 - 16:30 - 17:30: VectorWorks23 bei Thea installieren: Programm beschaedigt.. es geht nicht
 ## Monday
 - 15:00 - 16:00: IT-Glue docs fuer KWA Firewall
 ## todo
 ### General
 - [ ] Liste erstellen aller Projekte, die es gibt und neuem Mitarbeiter vorstellen
 - [ ] handout fuer jeweils sophos und opnsense als vergleich
 - [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung
 - [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs
 - [ ] kwa/ssr snmp karten fuer usv
 - [ ] update filewave admin und central
 ### SBX
 - [ ] backup on external drive for pve.lab.softbox.net
 - [ ] check if possible to monitor vsphere passwd expiration
 - [ ] create obsidian templates (Meetings, People, )
 - [ ] sbx - opsreportcard summary for action plan
 - [ ] fuege bharchitekten zu connectsecure hinzu
 - [ ] erstelle connectsecure report fuer grasslfing
 - [ ] cybercns bei heilmaier
 - [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups
 #### OPNsense
 1. check franke rieger firewall setup
 2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...)
 3. test management via opncentral
 4. write manual for on-boarding 
 	- setup wan manually 
 	- couple to opncentral 
 	- send generic config via opncentral 
 	- use manual for missing specific configs
 	- check workings of everything
--- a/diary/2025-05-08.md
+++ b/diary/2025-05-08.md
@@ -0,0 +1,79 @@
 $i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$
 ![important](files/sbx/important.png)
 ### KWA OPNsense nacharbeit
 - [x] Nina VPN einrichten
 - [x] backup via ftp to nas if possible --> backup via opncentral
 - [x] Switch und APs in IT-Glue hinterlegen
 - [x] physische Beschriftung anpassen
 - [x] unifi cloud key mit cloud koppeln
 - [ ] change ilo ip such that its in the mgmt net
 - [ ] usv hat eine snmp karte
 ### SSR offene Themen
 - [ ] Firewall Migration
 - [ ] MS Teams nicht mehr unterstuetzt unter MacOS<=13
 - [ ] Domaenen umziehen
 ### Todo
 - [ ] ssr lizenz einspielen
 ## Timestamps
 - 08:45 - 09:00: Gespraech mit Saulius zu Veeam
 - 09:00 - 09:45: Ticketpflege
 - 09:45 - 10:00: Ueberblick verschaffen
 - 10:00 - 10:30: Update Hetzner Proxmox Server und Neustart. Loesche nicht-benoetigte Linux Server aus Ninja
 - 10:30 - 11:30: Bereite Migration von Apache Web Server zu nginx Web Server fuer sbx Cloud. Erstelle Backup der VM in pve. Bereite nginx config Datei vor
 - 11:30 - 12:30: Pause
 - 12:30 - 13:00: Installation nginx und konfiguration 
 - 13:00 - 13:30: Meeting mit Synnex support
 - 13:30 - 14:00: Nextcloud Upload testen, Design anpassen: Transparente Logos von Michael, Saulius Acc erstellen und Veeam Iso upload
 - 14:00 - 14:30: KWA: Internetzugangdaten im kundenportal aufrufen, Im IT-Gluehinterlegen
 - 14:30 - 15:30: cloud.sbx.de debug
 - 15:30 - 16:00: PPPoe bei KWA Konfigurieren
 - 16:00 - 16:30: Lea Danzi Teams Update
 - 16:30 - 16:45: Explain subnetting to azubis
 ## todo
 ### General
 - [ ] Liste erstellen aller Projekte, die es gibt und neuem Mitarbeiter vorstellen
 - [ ] handout fuer jeweils sophos und opnsense als vergleich
 - [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung
 - [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs
 - [ ] kwa/ssr snmp karten fuer usv
 - [ ] update filewave admin und central
 ### SBX
 - [ ] backup on external drive for pve.lab.softbox.net
 - [ ] check if possible to monitor vsphere passwd expiration
 - [ ] create obsidian templates (Meetings, People, )
 - [ ] sbx - opsreportcard summary for action plan
 - [ ] fuege bharchitekten zu connectsecure hinzu
 - [ ] erstelle connectsecure report fuer grasslfing
 - [ ] cybercns bei heilmaier
 - [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups
 #### OPNsense
 1. check franke rieger firewall setup
 2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...)
 3. test management via opncentral
 4. write manual for on-boarding 
 	- setup wan manually 
 	- couple to opncentral 
 	- send generic config via opncentral 
 	- use manual for missing specific configs
 	- check workings of everything
--- a/diary/2025-05-09.md
+++ b/diary/2025-05-09.md
@@ -0,0 +1,70 @@
 $i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$
 ![important](files/sbx/important.png)
 ### KWA OPNsense nacharbeit
 - [x] Nina VPN einrichten
 - [x] backup via ftp to nas if possible --> backup via opncentral
 - [x] Switch und APs in IT-Glue hinterlegen
 - [x] physische Beschriftung anpassen
 - [x] unifi cloud key mit cloud koppeln
 - [ ] change ilo ip such that its in the mgmt net
 - [ ] usv hat eine snmp karte
 ### SSR offene Themen
 - [ ] Firewall Migration
 - [ ] MS Teams nicht mehr unterstuetzt unter MacOS<=13
 - [ ] Domaenen umziehen
 ### Todo
 - [ ] ssr lizenz einspielen
 ## Timestamps
 - 09:15 - 10:15: Ticketpflege, Gespraech mit Michael udn Saulius zu Shz, Gespraech mit Saulius zu Veeam und Datenbanken
 - 10:15 - 10:45: Gespraech mit Sebastian zu IPAM and Netzwerk Monitoring Loesungen allgemein und bei Radiochemie
 - 10:45 - 11:00: Vorbereitung Meeting
 - 11:00 - 12:00: SBX Meeting
 - 12:00 - 12:15: Besprechung ueber Synnex Support Infos mit Max und Oli
 - 12:15 - 13:15: Pause
 - 13:15 - 14:15: nextcloud design und probleme mit max und saulius besprechen, Debug fehler... keine Loesung, Saulius uebertraegt Veeam ISO auf USB Stick damit ich sie in Nextcloud packen kann
 - 14:15 - 14:45: Nextcloud logs lesen
 - 14:45 - 15:30: Recherche zu checkmk
 - 15:30 - 16:00: Protokoll Ausarbeiten
 - 16:20 - 17:00: Nextclouds Updaten
 ## Thursday
 - 14:00 - 14:30: KWA: Internetzugangdaten im kundenportal aufrufen, Im IT-Gluehinterlegen
 - 15:30 - 16:00: PPPoe bei KWA Konfigurieren
 ## todo
 ### General
 - [ ] Liste erstellen aller Projekte, die es gibt und neuem Mitarbeiter vorstellen
 - [ ] handout fuer jeweils sophos und opnsense als vergleich
 - [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung
 - [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs
 - [ ] kwa/ssr snmp karten fuer usv
 - [ ] update filewave admin und central
 ### SBX
 - [ ] backup on external drive for pve.lab.softbox.net
 - [ ] check if possible to monitor vsphere passwd expiration
 - [ ] create obsidian templates (Meetings, People, )
 - [ ] sbx - opsreportcard summary for action plan
 - [ ] fuege bharchitekten zu connectsecure hinzu
 - [ ] erstelle connectsecure report fuer grasslfing
 - [ ] cybercns bei heilmaier
 - [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups
--- a/diary/2025-05-12.md
+++ b/diary/2025-05-12.md
@@ -0,0 +1,55 @@
 $i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$
 ![important](files/sbx/important.png)
 ### KWA OPNsense nacharbeit
 - [x] Nina VPN einrichten
 - [x] backup via ftp to nas if possible --> backup via opncentral
 - [x] Switch und APs in IT-Glue hinterlegen
 - [x] physische Beschriftung anpassen
 - [x] unifi cloud key mit cloud koppeln
 - [ ] change ilo ip such that its in the mgmt net
 - [ ] usv hat eine snmp karte
 ### SSR offene Themen
 - [ ] Firewall Migration - mache Termin mit ssr aus. frage nina vorher ob noetig
 - [ ] MS Teams nicht mehr unterstuetzt unter MacOS<=13
 - [ ] Domaenen umziehen
 ### Todo
 - [ ] ssr lizenz einspielen
 ## Timestamps
 - 09:00 - 09:30: Gespraech mit Patryk, Kaffee machen, Sortieren, Planen
 - 09:30 - 10:00: Ticketpflege
 - 10:00 - 10:15: Pause
 - 10:15 - 10:45: Patryk Projekt Planung
 ## todo
 ### General
 - [ ] Liste erstellen aller Projekte, die es gibt und neuem Mitarbeiter vorstellen
 - [ ] handout fuer jeweils sophos und opnsense als vergleich
 - [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung
 - [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs
 - [ ] kwa/ssr snmp karten fuer usv
 - [ ] update filewave admin und central
 ### SBX
 - [ ] backup on external drive for pve.lab.softbox.net
 - [ ] check if possible to monitor vsphere passwd expiration
 - [ ] create obsidian templates (Meetings, People, )
 - [ ] sbx - opsreportcard summary for action plan
 - [ ] fuege bharchitekten zu connectsecure hinzu
 - [ ] erstelle connectsecure report fuer grasslfing
 - [ ] cybercns bei heilmaier
--- a/files/.DS_Store
+++ b/files/.DS_Store
--- a/files/sbx/.DS_Store
+++ b/files/sbx/.DS_Store
--- a/projects/patryk-projekt/20250512-gemma-planning.md
+++ b/projects/patryk-projekt/20250512-gemma-planning.md
@@ -0,0 +1,185 @@
 ### USER
 I am a project supporter for a trainee which is working on his final project.  
 The project studies the implementation and evaluation of the open source security solution, [Wazuh](https://documentation.wazuh.com/).  
 **Study the documentation via a Web Search before answering.**  
 The project has to be completed in a time span of two weeks (10 work days).  
 For our hardware base we have a computer with 32 GB of RAM and a strong enough CPU.  
 Outline the project planning; this is a template for the project goals:  
 1. Implement Wazuh in a test environment. The base infrastructure has to be build and prepared. (Which OS?, Infrastructure scheme for the Wazuh agent, manager and alerting systems)  
 2. Implementation of penetration tests and potential attack scenarios (brute-force-attacks, port-scanning and exploits and weaknesses)  
 3. Analysis of Wazuh’s reaction. (Real time monitoring and alerting, automatic defense mechanisms, Logging and Reporting)  
 4. Optimization of Wazuh and Security policies.  
 5. Piratical importance and use in the industry  
 Think about the time scheduling and difficulties in the project.
 ### ASSISTANT
 Okay, let's map out a project plan for your trainee's Wazuh final project. Considering the two-week (10 workdays) timeframe, a Proxmox base, and the scope you're outlining, we need to be realistic and prioritize. This outline balances project goals with achievable milestones within the time constraint.  I’ll provide a detailed schedule with estimated time commitments and potential pitfalls.
 **Overall Strategy:**  We're going to aim for a *functional* implementation with a strong foundation for further exploration. We won't necessarily cover *every* feature of Wazuh in detail, but we will demonstrate core functionality and build a platform for the trainee to learn more.  Documenting each step thoroughly is crucial, not just for the project itself, but also for the trainee's learning.
 **1. Infrastructure & Base Build (Days 1-2 – High Priority)**
 *   **Operating System Choice:**  Ubuntu Server 22.04 LTS is a solid choice. It's widely supported, has excellent Wazuh compatibility, and is familiar to many Linux users. Debian is also excellent, but Ubuntu’s larger community and readily available resources often make troubleshooting easier.
 *   **Proxmox VM Configuration:**
    *   **Manager VM:** Minimum 4GB RAM (6-8GB is better for future expansion), 2 vCPUs.  Allocate enough disk space (50GB+) for logs and Wazuh data.
    *   **Agent VM (at least 2-3 for testing):** 2GB RAM is typically sufficient.  Allocate 20-30GB of disk space.
 *   **Infrastructure Scheme:**
    *   **Manager (Centralized):** This VM hosts the Wazuh manager components: `wazuh-manager`, `wazuh-logtest`, `wazuh-api`, and database (Elasticsearch is standard).
    *   **Agents (Distributed):** These VMs are the targets of Wazuh monitoring. They run the `wazuh-agent` process.  Ideally, these should represent different "typical" workloads: a web server, a database server (if possible), and maybe a desktop environment.
    *   **Alerting:**  We'll leverage Wazuh’s built-in alerting mechanism (email, Syslog). We're not setting up a dedicated external SIEM in this timeframe.
 *   **Task Breakdown (Days 1-2):**
    *   **Day 1:** Proxmox setup, Manager VM creation & basic configuration (network, hostname, time).
    *   **Day 1.5:** Agent VM creation (at least 2, more if time allows).
    *   **Day 2:**  Install and configure Wazuh Manager components on the Manager VM. Initial agent deployment. *Key: Get at least one agent reporting successfully to the manager.*
 **2. Penetration Tests & Attack Scenarios (Days 3-5 – Medium Priority)**
 *   **Focus on Fundamentals:** Don't try to do everything.  Pick 2-3 realistic scenarios that demonstrate Wazuh's capabilities.
    *   **Scenario 1: Brute-Force SSH:** Simple to execute, demonstrates authentication monitoring.
    *   **Scenario 2: Port Scanning (Nmap):** Demonstrates detection of reconnaissance activity.  Make sure the firewall rules don’t block the manager, so Wazuh can detect the scan.
    *   **Scenario 3: Exploiting a Vulnerable Service (e.g., vulnerable web server):**  Requires more setup but showcases vulnerability detection (if Wazuh's rules are configured to cover it, otherwise the goal is to show Wazuh detection and alerting of unexpected service activity).
 *   **Tools:**  Nmap, Hydra (for brute-force), Metasploit (optional for more complex exploits).
 *   **Task Breakdown (Days 3-5):**
    *   **Day 3:** Set up basic penetration testing environment (tools installation, initial configuration).  Execute SSH brute-force attack against an agent.
    *   **Day 4:** Execute port scanning against agents. Begin initial configuration of Wazuh rules (if time allows, focus on SSH brute-force and port scanning detection).
    *   **Day 5:** Execute the vulnerable service exploit (if chosen).  Focus on observing Wazuh's reactions.
 **3. Analysis of Wazuh Reaction (Days 5-7 – High Priority)**
 *   **Focus:** Real-time monitoring, alerting effectiveness, log analysis, and reporting.
 *   **Metrics:** Time to detection, accuracy of alerts, frequency of false positives.
 *   **Tools:** Wazuh dashboard, log files, command-line tools (grep, less).
 *   **Task Breakdown (Days 5-7):**
    *   **Days 5-6:** Review Wazuh dashboards and logs in real-time during and after the penetration tests.  Analyze the alerts generated.
    *   **Day 7:** Generate a basic Wazuh report (daily/weekly summary of detected events).
 **4. Optimization of Wazuh and Security Policies (Days 8-9 – Medium Priority)**
 *   **Goal:** Reduce false positives, improve detection accuracy, and tailor Wazuh to the specific environment.
 *   **Tasks:** Fine-tune Wazuh rules, adjust thresholds, exclude specific events from monitoring (carefully).
 *   **Considerations:** This is iterative. Expect to make adjustments based on observations from the analysis phase.
 *   **Task Breakdown (Days 8-9):** Review Wazuh’s documentation on rule customization and exclusion. Adjust rules as needed.
 **5. Practical Importance & Use in the Industry (Day 10 – Low Priority/Presentation Prep)**
 *   **Research:** Briefly research how Wazuh is used in different industries (security vendors, cloud providers, etc.).
 *   **Presentation:** Prepare a short presentation summarizing the project's findings, demonstrating Wazuh's capabilities, and discussing its potential benefits.
 **Potential Difficulties & Mitigation:**
 *   **Time Constraints:** Prioritize core functionality. Don’t try to cover everything.
 *   **Wazuh Complexity:** The initial setup can be challenging. Start with the basics and gradually add complexity.
 *   **False Positives:** Expected.  Requires time and effort to mitigate.  Emphasize the iterative nature of rule tuning.
 *   **Proxmox Knowledge:** Ensure the trainee has basic familiarity with Proxmox.
 *   **Dependency Conflicts:**  Occasionally, packages can conflict.  Be prepared to troubleshoot.
 **Important Notes for the Trainee:**
 *   **Documentation:**  Document every step, including successes and failures. This is critical for learning.
 *   **Ask Questions:**  Don't hesitate to ask for help.
 *   **Focus on Understanding:** The goal is to understand how Wazuh works, not just to get it working.
 *   **Have Fun!**
 To help me refine this plan further, could you tell me:
 *   What's the trainee's current level of Linux experience?
 *   Has the trainee worked with Proxmox before?
 *   Are there any specific security concepts or vulnerabilities the project should focus on?
 ### USER
 Write a summary - potentially visual/graphical - which shows the structure of the chosen setup: proxmox host with several VMs for the different purposes with taking into account network settings, user settings and other necessary information.    
 Too answer your questions:  
 - The trainee’s Linux experience is medium. But he has beginner knowledge in using the command line as he’s doing a course by <https://tryhackme.com/login>  
 - The trainee has not worked with promxox before, but I would help him to setup it up.  
 - The project should focus on security concept important in industry environments which are usually internal networks.
 ### ASSISTANT
 Okay, let's create a visual summary of the proposed setup, tailored to the trainee's experience and the focus on internal network security. I'll present this as a layered description that you can translate into a diagram (using tools like draw.io, Lucidchart, or even just hand-drawn).  I'll then follow this with considerations for user accounts and networking.
 **1. Visual Summary - Layered Diagram Description**
 *(Imagine this as a diagram with layers. We’ll describe each layer. I'm using text to represent visual elements; you or the trainee would translate this into an actual visual representation).*
 **Layer 3: Physical Hardware (Base)**
 *   **Element:** A box labeled "Proxmox Host Server"
    *   **Attributes:**  "32GB RAM", "Strong CPU", "Sufficient Storage"
    *   **Connection:** This is the base of the diagram.
 **Layer 2: Virtual Machines (VMs)**
 *   **Elements:** Three distinct boxes positioned above the Proxmox Host:
    *   **VM1: "Wazuh Manager"**
        *   **Attributes:** "4GB RAM (6-8GB Recommended)", "2 vCPUs", "50GB+ Disk"
        *   **Operating System:** Ubuntu Server 22.04 LTS
        *   **Services:** `wazuh-manager`, `wazuh-logtest`, `wazuh-api`, Elasticsearch (for Wazuh data)
    *   **VM2: "Agent 1 – Web Server"**
        *   **Attributes:** "2GB RAM", "1 vCPU", "30GB Disk"
        *   **Operating System:** Ubuntu Server 22.04 LTS (or a simplified web server OS like Alpine Linux for minimal attack surface – if appropriate for the trainee’s skill level)
        *   **Services:**  Apache/Nginx (minimal web server setup), `wazuh-agent`
    *   **VM3: "Agent 2 – Database Server"** (Optional – if time allows and the trainee is comfortable)
        *   **Attributes:** "2GB RAM", "1 vCPU", "30GB Disk"
        *   **Operating System:** Ubuntu Server 22.04 LTS
        *   **Services:**  MySQL/PostgreSQL (minimal database setup), `wazuh-agent`
 *   **Connections:** Arrows pointing *upward* from the Proxmox Host to each VM, indicating virtualization.
 **Layer 1: Logical Network (Overlay)**
 *   **Element:** A dotted-line box encompassing all three VMs, labeled "Internal Network (192.168.1.0/24)" – This is a simplified private network.
 *   **IP Addresses (Example):**
    *   Proxmox Host (Management Interface): 192.168.1.10
    *   Wazuh Manager: 192.168.1.11
    *   Agent 1 (Web Server): 192.168.1.12
    *   Agent 2 (Database Server): 192.168.1.13
 *   **Firewall:** *Crucially*, a simplified representation of a firewall within the Proxmox Host or on the network itself.  This highlights the need for controlled access.
 **2. User Accounts & Security**
 *   **Proxmox Host:**
    *   Create a dedicated user account for the trainee (e.g., `wazuh-trainee`).  Restrict access to the minimum necessary for managing the VMs.
    *   Enable 2FA (Two-Factor Authentication) for all Proxmox accounts.
 *   **Wazuh Manager VM:**
    *   Create a dedicated user for the Wazuh manager (e.g., `wazuh`).  Restrict privileges.
    *   *Important:* Configure SSH access to the manager *only* with key-based authentication. Disable password authentication.
 *   **Agent VMs:**
    *   Create a dedicated user for each agent (e.g., `webuser`, `dbuser`).
    *   Restrict user privileges.  Use `sudo` for necessary administrative tasks.
    *   Disable direct SSH access to the agents if possible (use `wazuh-agent` for remote management).
 **3. Network Considerations**
 *   **Private Network:** Use a private IP address range (e.g., 192.168.1.0/24, 10.0.0.0/24).
 *   **DHCP:**  Consider a DHCP server for simplified IP assignment.
 *   **DNS:**  Set up a basic DNS server (even just a local one) for name resolution.
 *   **Firewall Rules:**  (This is vital for a secure internal network)
    *   Allow traffic *between* the VMs necessary for Wazuh monitoring and agent communication.
    *   Restrict external access to the VMs.  For example, only allow SSH access to the Wazuh Manager from the Proxmox Host.
 **Important Notes for the Trainee & You:**
 *   **Documentation is Key:** Document *everything* – VM creation, configuration, network settings, user accounts.
 *   **Security Best Practices:** Reinforce security best practices throughout the setup process.
 *   **Gradual Complexity:** Start with the basics and gradually add complexity as the trainee gains experience.
 *   **Focus on the "Why":** Explain *why* certain configurations are necessary for security.
 *   **Testing:**  Thoroughly test the setup after each configuration change.
 To tailor this further, could you clarify:
 *   What level of detail should the trainee document? (e.g., full command output, just configuration files)
 *   Do you want the trainee to focus on specific security concepts (e.g., least privilege, defense in depth)?
--- a/projects/sbx/20250505-sbx-projects-status.md
+++ b/projects/sbx/20250505-sbx-projects-status.md
@@ -0,0 +1,6 @@
 ## Projects
 - Win10 auf 11 Upgrade
 - Firewall Migrationen (SG -> XGS, XG -> XGS fertig, SG -> OPNsense)
 - 
--- a/projects/sbx/meetings/20250506-saulius-meetup.md
+++ b/projects/sbx/meetings/20250506-saulius-meetup.md
@@ -0,0 +1,2 @@
--- a/projects/ssr/20250508-Zertifikate-einspielen.md
+++ b/projects/ssr/20250508-Zertifikate-einspielen.md
@@ -0,0 +1,10 @@
 ## Services
 - [ ] Kerio Control (Firewall)
 - [ ] Kerio Connect (Mail Server)
 - [ ] Univention LDAP/DNS
 - [ ] Synology
 - [ ] Mailstore
 - [ ] Filewave
 - [ ] Projekt Pro