Powershell – Get file audit reports from Event Viewer

Posted: March 24, 2023 in Scripts
0

I had task to check who and when is accessing file shares

First step was to enable folder/files audit

Then i should pull reports out of Event Viewer

Needed to get reports only for subset of shared folders and needed to exclude specific accounts from it

Below script returns time, folder being accessed and account who accessed it.

$EventId = 4663
$results = Get-WinEvent -FilterHashtable @{logname='Security'; id=$EventId; StartTime = "03/24/2023 09:30:00" } |`
Where-Object { $_.message -match "C:\\folder1\\" -or $_.message -match "D:\folder2" -or $_.message -match "D:\folder3" -and $_.message -notmatch "Account Name:\s*account1*" -and $_.message -notmatch "Account Name:\s*machine$*"}`
| Select-Object -Property TimeCreated, 
                            @{Label='Account'; Expression={$_.properties[1].Value}}, 
                            @{Label='ObjectNAme'; Expression={$_.properties[6].Value}}

$results | Export-Csv "C:\1.csv" -NoTypeInformation -Encoding UTF8

Advertisement

Windows Subsystem for Linux (WSL) – Make /etc/resolv.conf changes permanent

Posted: November 16, 2022 in Linux
0

Even after creating /etc/wsl.conf 

[network]
generateResolvConf = false

And specifying desired DNS server in /etc/resolv.conf, after WSL reboot, /etc/resolv.conf reverts it’s content.

Here is how to make changes in /etc/resolv.conf make permanent:

sudo rm /etc/resolv.conf
sudo bash -c 'echo "nameserver 1.1.1.1" > /etc/resolv.conf'
sudo bash -c 'echo "[network]" > /etc/wsl.conf'
sudo bash -c 'echo "generateResolvConf = false" >> /etc/wsl.conf'
sudo chattr +i /etc/resolv.conf

chattr +i command makes file immutable so /etc/resolv.conf file cannot be modified nor deleted.

Powershell – Run script from current directory and elevate as administrator

Posted: October 21, 2022 in Scripts
0

I created simple script to install FortiClient and put script and setup file in same folder and instead of specifying full path to FortiClientVPN.msi, wanted for script to locate full path of setup folder. Script will run if right click on it and select “Run with PowerShell”. Script will check if current user is Administrator, and if yes, it will elevate Powershell process, it’s equivalent to Run As admin.

Install.ps1:

param([switch]$Elevated)

function Test-Admin {
    $currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
    $currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
}

if ((Test-Admin) -eq $false)  {
    if ($elevated) {
        # tried to elevate, did not work, aborting
    } else {
        Start-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile -noexit -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition))
    }
    exit
}

# Restart Process using PowerShell 64-bit 
If ($ENV:PROCESSOR_ARCHITEW6432 -eq "AMD64") {
   Try {
       &"$ENV:WINDIR\SysNative\WindowsPowershell\v1.0\PowerShell.exe" -File $PSCOMMANDPATH
   }
 Catch {
     Throw "Failed to start $PSCOMMANDPATH"
 }
    Exit
}

# Save the current location and switch to this script's directory.
# Note: This shouldn't fail; if it did, it would indicate a
# serious system-wide problem.

$prevPwd = $PWD; Set-Location -ErrorAction Stop -LiteralPath $PSScriptRoot

try {
 # Your script's body here.
 # Install FortiClient VPN
  Start-Process Msiexec.exe -Wait -ArgumentList '/i FortiClientVPN.msi REBOOT=ReallySuppress /qn'
 # ... 
 $PWD  # output the current location 
}
finally {
  # Restore the previous location.
  $prevPwd | Set-Location
}

Powershell – Download file from Azure Storage account container

Posted: September 23, 2022 in Azure, Scripts
0

This script will check if there are any *.xml files created for current day and if yes, it will download it. Service principal is used for Azure authentication

Creating Service principal

In Azure portal, select Azure Active Directory – App registrations

New registration

Give name and click Register

Click on application – Certificates & secrets – Client secrets – New client secret

Create secret and write it

Click overview and write down application ID and tenant ID

Adding contributor role to Service principal on storage account

On storage account select Access control (IAM) – Add – Add role assignment

Select contributor – Next

Assign access to: User, group or service principal, select service principal

Service principal is used for Azure authentication.ApplicationID, service principal password, subscription and tenant ID are stored in encrypted file.

SSL cert is used for encyption/decryption credentials file.

Create credentials.csv file, example bellow:

appID, appPassword, tenantID, subscriptionID
11-222-3333,secret, 11-224-fggg-sddd,sssss-2222-122222

Encrypt credentials.csv file using one of previous posts, i described procedure in detail so won’t repeat it again.

# Error handling
Function Exception {
     $err = $_.Exception.Message
     write-output $err | timestamp >> $LogFile
     return $err   
 }
 

# Create logs directory and file if not exist
$LogFile = "C:\Navision\Logs\log.txt"
 
If (-not(Test-Path -Path $LogFile)){
    New-Item -Path $LogFile -ItemType File -Force -ErrorAction Stop
}
 
$module = "Az" 
filter timestamp {"$(Get-Date -Format G): $_"}
$resourceGroupName = "myResourceGroup" 
$storageAccName = "myStorageAccount" 
$container_name = "myContainer"
$downloadLocation = "C:\Navision\Downloads"
 
 
# Truncate log file
 
# Get number of lines of log file
$logfileLines = Get-content $LogFile | Measure-Object –Line | select -ExpandProperty Lines
if($logfileLines -gt '5000') {
    (Get-Content $LogFile | Select-Object -Skip 4000) | Out-File $LogFile
  }
 
 
# Create download location if not exists
If (-not(Test-Path -Path $downloadLocation)){
    New-Item -Path $downloadLocation -ItemType Directory -ErrorAction Stop 
}
 
 
Try{
   Write-Output "Decrypting credentials file" | timestamp >> $LogFile
   $CSV_F = Unprotect-CmsMessage -To "*svc-account@example.com*" -Path C:\Navision\credentials.csv.cms -ErrorAction Stop
}
Catch{
    Exception
}
 
 
$Data = $CSV_F | ConvertFrom-Csv
foreach($i in $Data){
   $appID = $i.appID
   $appPassword = $i.appPassword
   $tenantID = $i.tenantID
   $subscriptionID = $i.subscriptionID
}
 
Write-Output "File decrypted" | timestamp >> $LogFile
 
$azureAppCred = (New-Object System.Management.Automation.PSCredential $appID, ( $appPassword | ConvertTo-SecureString -AsPlainText -Force))
 
# Connect to Azure
# Install Az module if not exists
if (-Not (Find-Module -Name $module | Where-Object {$_.Name -eq $module})) {
    Install-Module -Name $module -Force -Verbose | Import-Module
} 
else {
    Write-Host "Module $module exist"
}
 
Write-Output "Connecting to Azure" | timestamp >> $LogFile
Connect-AzAccount -ServicePrincipal -SubscriptionId $subscriptionID -TenantId $tenantID -Credential $azureAppCred -ErrorAction Stop | Out-null
Write-Output "Connection to Azure finished" | timestamp >> $LogFile
 
# Get the storage account
 
Try{
    
   Write-Output "Connecting to storage account $storageAccName and container 
   $container_name " | timestamp >> $LogFile
   $storageAcc = Get-AzStorageAccount -ResourceGroupName $resourceGroupName -Name 
   $storageAccName -ErrorAction Stop
   ## Get the storage account context 
   $ctx=$storageAcc.Context
   ## Get container and get the xml file(s) created today
   $blobContents = Get-AzStorageBlob -Container $container_name  -Context $ctx -Blob "*.xml" -ErrorAction Stop | Where-Object{$_.LastModified.DateTime -gt ((Get-Date).Date)}
   Write-Output "Successfully connected to  storage account $storageAccName and container $container_name " | timestamp >> $LogFile
}
Catch{
   Exception
}
 
# Download file(s) from Storage account, if file exists
If ($blobContents){
Try{
       ForEach($blobContent in $blobContents){
          $output = "Found file(s) to download:" + $blobContent.Name
          Write-Output $output | timestamp >> $LogFile
          Get-AzStorageBlobContent -Container $container_name  -Context $ctx -Blob 
          $blobContent.Name -Destination $downloadLocation -Force -ErrorAction Stop
          $output = "Successfully downloaded file(s):" + $blobContent.Name
          Write-Output $output | timestamp >> $LogFile
    }
   }
 Catch{
      Exception
 }
}
Else{
  Write-Output "Nothing to download" | timestamp >> $LogFile
}

PowerShell – disk cleanup script

Posted: September 16, 2022 in Scripts
0

Script checks if C:\Windows\SoftwareDistribution\Download, C:\Windows\Temp,C:\Windows\ccmcache and user profiles folders are empty, if not delete it’s content, delete IIS logs older than 60 days, delete uknown user profiles and run Disk cleanup with all options checked.

 Function Check-if-empty-folder {
[cmdletbinding()]
Param (
[parameter(Mandatory=$true)]
[string]$folderName
 
)
$directoryInfo = Get-ChildItem $folderName | Measure-Object
$count = $directoryInfo.count
if($count -eq 0){
  return 0
}
else{
  return 1
 }
}
 
 
 
$Daysback = "-60"
$CurrentDate = Get-Date
$DatetoDelete = $CurrentDate.AddDays($Daysback)
$systemDrive = Get-ChildItem -Path Env:\SystemDrive | select -ExpandProperty Value
$iisPath = "$systemDrive\inetpub\logs\LogFiles\"
$foldersToCheck = @("$systemDrive\Windows\ccmcache", "$systemDrive\Windows\SoftwareDistribution\Download", "$systemDrive\Windows\Temp", "$systemDrive\Users\*\AppData\Local\Temp\*")
 
# Delete IIS logs older than 60 days
 
if(Test-Path $iisPath){
  $iisLogs = Get-ChildItem -Recurse $iisPath | Where-Object { (! $_.PSIsContainer) -and ($_.LastWriteTime -lt $DatetoDelete) }
  foreach ($iisLog in $iisLogs){
     Try{
        Remove-Item $iisLog.FullName -Force -ErrorAction Stop
        Write-Host "Deleted: " $iisLog.FullName -ForegroundColor Yellow
     }
     Catch{
        Write-Host "Error deleting: $iisLog.FullName; Error Message: $($_.Exception.Message)" -ForegroundColor Cyan
     }
    }
}
 
 
# Delete content of C:\Windows\SoftwareDistribution\Download, C:\Windows\Temp,C:\Windows\ccmcache and user temp folders
 
 
 foreach ($folderToCheck in $foldersToCheck){
     If (Test-Path -Path $folderToCheck){
     if([bool](Check-if-empty-folder -folderName $folderToCheck) -eq 1 ){
         $folderList = Get-ChildItem -Path $folderToCheck
         foreach($folder in $folderList){
         Try{
            Remove-Item $folder.FullName -Recurse -Force  -ErrorAction Stop
            Write-Host "Deleted: " $folder.FullName -ForegroundColor Yellow
         }
         Catch{
           Write-Host "Error deleting: $folder.FullName; Error Message: $($_.Exception.Message)" -ForegroundColor Cyan
      }
     }
   }
 }
}
  
# Delete unknown user profiles
 
Get-CimInstance win32_userprofile | foreach {
    ""
    $u = $_          # save our user to delete later
    try {
        $objSID = New-Object System.Security.Principal.SecurityIdentifier($U.sid) -ErrorAction stop
        $objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
        "User={0}" -f $objUser.Value
        "Path={0}" -f $u.LocalPath
        "SID={0}" -f $u.SID
    }
    catch {
        "!!!!!Account Unknown!!!!!"
        "Path={0}" -f $u.LocalPath
        "SID={0}" -f $u.SID
        Remove-CimInstance -inputobject $u -Verbose
    }
}
 
# Running disk Cleanup
cleanmgr /sagerun:1 | out-Null

Linux – Shell script to clear swap memory

Posted: August 30, 2022 in Linux, Scripts
1

This script will clear swap if swap memory usage is more than 80%

#!/bin/bash
# Get total Swap usage
TOTAL_SWAP=$(swapon -s | awk  '{print $3}' | grep -v 'Size')
# Convert Total Swap usage from KB to MB
TOTAL_MB=$((TOTAL_SWAP/1024))
# Get 80% of total swap usage
THRESHOLD=$(bc<<<$TOTAL_MB*0.8)
# Get currently used swap 
USED_SWAP=$(free -m | awk '/Swap/{print $3}')
# Check if currently used swap is greater than 80% of used swap 
if [ $USED_SWAP -gt ${THRESHOLD%.*} ]
then
BEFORE_CLEAR=$(date)
echo "Cleaning swap started on $BEFORE_CLEAR" > /tmp/swap.log
/sbin/swapoff -a
sleep 300
/sbin/swapon -a
AFTER_CLEAR=$(date)
echo "Swap cleared on $AFTER_CLEAR" >> /tmp/swap.log
fi

PowerShell – Get Azure Global Admins and last login date

Posted: July 15, 2022 in Scripts
0

This script will get all tenant global admins and will return their sign ins, if there is no sign in info, lastlogin column will be empty

Make sure module AzureAD preview is installed and imported (this module contains Get-AzureADAuditSignInLogs cmdlet)

Install-Module AzureADPreview -AllowClobber -Force
Import-Module AzureADPreview

Had to set sleep, otherwise, getting error Too Many Requests, noticed script executes much faster with try/catch block and will go to sleep if error is thrown.

Connect-AzureAD
$role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Global Administrator'}
$admins = @(Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId | select DisplayName, UserPrincipalName)
$results = @()
Foreach ($admin in $admins){
   $upn = $admin.UserPrincipalName
   Try{
      $LoginRecord = Get-AzureADAuditSignInLogs -Filter "UserPrincipalName eq '$upn'" -Top 1
   }
  catch{
      Start-Sleep -Seconds 20
      $LoginRecord = Get-AzureADAuditSignInLogs -Filter "UserPrincipalName eq '$upn'" -Top 1
  } 
  if($LoginRecord.Count -gt 0){
     $lastLogin = $LoginRecord.CreatedDateTime
   }
  else{
     $lastLogin = 'no login record'
  }
  $item = @{
        userUPN=$admin.UserPrincipalName
        userDisplayName = $admin.DisplayName
        lastLogin = $lastLogin
  }
  $results += New-Object PSObject -Property $item
}
$results | export-csv -Path c:\result.csv -NoTypeInformation -Encoding UTF8

Rsync – sync only files which are not locked and create log file in case of error

Posted: June 10, 2022 in Linux, Scripts
0

Needed to synchonize files from Apache web server to different directory but had to include only files which are currently not in use (not being uploaded) from /www-data/ folder to ,/data/map/uploads/ ,remove files from source directory after copying and to create log file only in case of error and filer log to show only actual error and not other statistics

#!/bin/bash
cd /www-data
find ./ -type f -exec sh -c 'for f; do lsof "$(readlink -f "$f")" > /dev/null || printf "%s\0" "$(realpath --relative-to /www-data "$f")"
  done' _ {} + |
rsync --remove-source-files -avz --from0 --files-from=- ./ /data/map/uploads/ 2> /tmp/rsync.log ;sed -i  "s/.*/\U&/g" /tmp/rsync.log| grep -e 'bytes  received' -e 'total bytes' -e files -e 'total file size:' >> /tmp/rsync.log

Alma Linux 8.4 – Status code: 404 during update

Posted: March 17, 2022 in Linux
0

Afer installing fresh Alma linux and setting up network, after trying to update

dnf update getting a lot of 404 errors

Errors during downloading metadata for repository 'appstream':
  - Status code: 404 for http://lon.mirror.rackspace.com/almalinux/8/AppStream/x86_64/os/repodata/150138a59aab918ba74498c7297a70a2941383aba246f098a39c17e217b36a7d-filelists.xml.gz (IP: 94.236.26.35)
  - Status code: 404 for http://mirror.terrahost.no/almalinux/8/AppStream/x86_64/os/repodata/b1f275be720a2a22d8e9e21c56d4bc574015ac61aaffd569cf01ca6801aa58c7-updateinfo.xml.gz (IP: 185.181.61.25)
  - Status code: 404 for http://mirror.reconn.ru/almalinux/8/AppStream/x86_64/os/repodata/868c9c2fa04a6369513cb8d4da34c421e9a08c00d062c85760c358c3a445fd2f-primary.xml.gz (IP: 188.64.168.74)
  - Status code: 404 for http://lon.mirror.rackspace.com/almalinux/8/AppStream/x86_64/os/repodata/868c9c2fa04a6369513cb8d4da34c421e9a08c00d062c85760c358c3a445fd2f-primary.xml.gz (IP: 94.236.26.35)
  - Status code: 404 for http://mirror.reconn.ru/almalinux/8/AppStream/x86_64/os/repodata/150138a59aab918ba74498c7297a70a2941383aba246f098a39c17e217b36a7d-filelists.xml.gz (IP: 188.64.168.74)
  - Curl error (56): Failure when receiving data from the peer for http://mirrors.melbourne.co.uk/almalinux/8/AppStream/x86_64/os/repodata/150138a59aab918ba74498c7297a70a2941383aba246f098a39c17e217b36a7d-filelists.xml.gz [Recv failure: Connection reset by peer]
  - Status code: 404 for http://mirrors.gethosted.online/almalinux/8/AppStream/x86_64/os/repodata/868c9c2fa04a6369513cb8d4da34c421e9a08c00d062c85760c358c3a445fd2f-primary.xml.gz (IP: 194.156.79.82)
  - Status code: 404 for http://lon.mirror.rackspace.com/almalinux/8/AppStream/x86_64/os/repodata/b1f275be720a2a22d8e9e21c56d4bc574015ac61aaffd569cf01ca6801aa58c7-updateinfo.xml.gz (IP: 94.236.26.35)
  - Status code: 404 for https://almalinux.uib.no/8/AppStream/x86_64/os/repodata/150138a59aab918ba74498c7297a70a2941383aba246f098a39c17e217b36a7d-filelists.xml.gz (IP: 129.177.13.60)
  - Status code: 404 for http://mirror.cov.ukservers.com/almalinux/8/AppStream/x86_64/os/repodata/b1f275be720a2a22d8e9e21c56d4bc574015ac61aaffd569cf01ca6801aa58c7-updateinfo.xml.gz (IP: 94.229.65.150)
  - Status code: 404 for http://mirror.cov.ukservers.com/almalinux/8/AppStream/x86_64/os/repodata/150138a59aab918ba74498c7297a70a2941383aba246f098a39c17e217b36a7d-filelists.xml.gz (IP: 94.229.65.150)
  - Status code: 404 for http://mirror.reconn.ru/almalinux/8/AppStream/x86_64/os/repodata/b1f275be720a2a22d8e9e21c56d4bc574015ac61aaffd569cf01ca6801aa58c7-updateinfo.xml.gz (IP: 188.64.168.74)
  - Status code: 404 for http://mirrors.coreix.net/almalinux/8/AppStream/x86_64/os/repodata/150138a59aab918ba74498c7297a70a2941383aba246f098a39c17e217b36a7d-filelists.xml.gz (IP: 85.13.241.50)
  - Status code: 404 for http://mirror.terrahost.no/almalinux/8/AppStream/x86_64/os/repodata/868c9c2fa04a6369513cb8d4da34c421e9a08c00d062c85760c358c3a445fd2f-primary.xml.gz (IP: 185.181.61.25)
  - Status code: 404 for https://almalinux.uib.no/8/AppStream/x86_64/os/repodata/868c9c2fa04a6369513cb8d4da34c421e9a08c00d062c85760c358c3a445fd2f-primary.xml.gz (IP: 129.177.13.60)
  - Status code: 404 for http://mirror.cov.ukservers.com/almalinux/8/AppStream/x86_64/os/repodata/868c9c2fa04a6369513cb8d4da34c421e9a08c00d062c85760c358c3a445fd2f-primary.xml.gz (IP: 94.229.65.150)
  - Status code: 404 for http://mirrors.melbourne.co.uk/almalinux/8/AppStream/x86_64/os/repodata/b1f275be720a2a22d8e9e21c56d4bc574015ac61aaffd569cf01ca6801aa58c7-updateinfo.xml.gz (IP: 92.63.142.155)
  - Status code: 404 for https://almalinux.uib.no/8/AppStream/x86_64/os/repodata/b1f275be720a2a22d8e9e21c56d4bc574015ac61aaffd569cf01ca6801aa58c7-updateinfo.xml.gz (IP: 129.177.13.60)
  - Status code: 404 for http://mirrors.gethosted.online/almalinux/8/AppStream/x86_64/os/repodata/b1f275be720a2a22d8e9e21c56d4bc574015ac61aaffd569cf01ca6801aa58c7-updateinfo.xml.gz (IP: 194.156.79.82)
  - Status code: 404 for http://almalinux.mirror.katapult.io/8/AppStream/x86_64/os/repodata/b1f275be720a2a22d8e9e21c56d4bc574015ac61aaffd569cf01ca6801aa58c7-updateinfo.xml.gz (IP: 185.53.57.11)
  - Status code: 404 for http://mirror.netweaver.uk/almalinux/8/AppStream/x86_64/os/repodata/868c9c2fa04a6369513cb8d4da34c421e9a08c00d062c85760c358c3a445fd2f-primary.xml.gz (IP: 109.169.41.51)
  - Status code: 404 for http://mirrors.coreix.net/almalinux/8/AppStream/x86_64/os/repodata/b1f275be720a2a22d8e9e21c56d4bc574015ac61aaffd569cf01ca6801aa58c7-updateinfo.xml.gz (IP: 85.13.241.50)
  - Status code: 404 for http://mirror.netweaver.uk/almalinux/8/AppStream/x86_64/os/repodata/b1f275be720a2a22d8e9e21c56d4bc574015ac61aaffd569cf01ca6801aa58c7-updateinfo.xml.gz (IP: 109.169.41.51)
  - Status code: 404 for http://mirrors.gethosted.online/almalinux/8/AppStream/x86_64/os/repodata/150138a59aab918ba74498c7297a70a2941383aba246f098a39c17e217b36a7d-filelists.xml.gz (IP: 194.156.79.82)
  - Status code: 404 for http://mirror.netweaver.uk/almalinux/8/AppStream/x86_64/os/repodata/150138a59aab918ba74498c7297a70a2941383aba246f098a39c17e217b36a7d-filelists.xml.gz (IP: 109.169.41.51)
  - Status code: 404 for http://mirrors.melbourne.co.uk/almalinux/8/AppStream/x86_64/os/repodata/868c9c2fa04a6369513cb8d4da34c421e9a08c00d062c85760c358c3a445fd2f-primary.xml.gz (IP: 92.63.142.155)
  - Status code: 404 for http://mirror.terrahost.no/almalinux/8/AppStream/x86_64/os/repodata/150138a59aab918ba74498c7297a70a2941383aba246f098a39c17e217b36a7d-filelists.xml.gz (IP: 185.181.61.25)
  - Status code: 404 for http://almalinux.mirror.katapult.io/8/AppStream/x86_64/os/repodata/150138a59aab918ba74498c7297a70a2941383aba246f098a39c17e217b36a7d-filelists.xml.gz (IP: 185.53.57.11)
  - Status code: 404 for http://mirrors.coreix.net/almalinux/8/AppStream/x86_64/os/repodata/868c9c2fa04a6369513cb8d4da34c421e9a08c00d062c85760c358c3a445fd2f-primary.xml.gz (IP: 85.13.241.50)
  - Status code: 404 for http://almalinux.mirror.katapult.io/8/AppStream/x86_64/os/repodata/868c9c2fa04a6369513cb8d4da34c421e9a08c00d062c85760c358c3a445fd2f-primary.xml.gz (IP: 185.53.57.11)
Error: Failed to download metadata for repo 'appstream': Yum repo downloading error: Downloading error(s): repodata/868c9c2fa04a6369513cb8d4da34c421e9a08c00d062c85760c358c3a445fd2f-primary.xml.gz - Cannot download, all mirrors were already tried without success; repodata/150138a59aab918ba74498c7297a70a2941383aba246f098a39c17e217b36a7d-filelists.xml.gz - Cannot download, all mirrors were already tried without success; repodata/b1f275be720a2a22d8e9e21c56d4bc574015ac61aaffd569cf01ca6801aa58c7-updateinfo.xml.gz - Cannot download, all mirrors were already tried without success

Luckily, i had another Alma Linux system and decided to copy content of repo files from that machine

On /etc/yum.repos.d folder edited almalinux.repo

# almalinux.repo

[appstream]
name=AlmaLinux $releasever - AppStream
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream
# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/$basearch/os/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[extras]
name=AlmaLinux $releasever - Extras
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras
# baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/$basearch/os/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

## Sources
[baseos-source]
name=AlmaLinux $releasever - BaseOS Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos-source
# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[appstream-source]
name=AlmaLinux $releasever - AppStream Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream-source
# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[extras-source]
name=AlmaLinux $releasever - Extras Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras-source
# baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

## Debuginfo
[baseos-debuginfo]
name=AlmaLinux $releasever - BaseOS debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos-debuginfo
# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[appstream-debuginfo]
name=AlmaLinux $releasever - AppStream debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream-debuginfo
# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[extras-debuginfo]
name=AlmaLinux $releasever - Extras debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras-debuginfo
# baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

Created file almalinux.repo.rpmnew

# almalinux.repo

[baseos]
name=AlmaLinux $releasever - BaseOS
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos
# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/$basearch/os/
enabled=1
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[appstream]
name=AlmaLinux $releasever - AppStream
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream
# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/$basearch/os/
enabled=1
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[extras]
name=AlmaLinux $releasever - Extras
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras
# baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/$basearch/os/
enabled=1
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

## Sources
[baseos-source]
name=AlmaLinux $releasever - BaseOS Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos-source
# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[appstream-source]
name=AlmaLinux $releasever - AppStream Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream-source
# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[extras-source]
name=AlmaLinux $releasever - Extras Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras-source
# baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

## Debuginfo
[baseos-debuginfo]
name=AlmaLinux $releasever - BaseOS debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos-debuginfo
# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[appstream-debuginfo]
name=AlmaLinux $releasever - AppStream debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream-debuginfo
# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

[extras-debuginfo]
name=AlmaLinux $releasever - Extras debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras-debuginfo
# baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

Created file almalinux-resilientstorage.repo

# almalinux-resilientstorage.repo

[resilientstorage]
name=AlmaLinux $releasever - ResilientStorage
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/resilientstorage
# baseurl=https://repo.almalinux.org/almalinux/$releasever/ResilientStorage/$basearch/os/
enabled=0
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

## Sources
[resilientstorage-source]
name=AlmaLinux $releasever - ResilientStorage Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/resilientstorage-source
# baseurl=https://repo.almalinux.org/almalinux/$releasever/ResilientStorage/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

## Debuginfo
[resilientstorage-debuginfo]
name=AlmaLinux $releasever - ResilientStorage debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/resilientstorage-debuginfo
# baseurl=https://repo.almalinux.org/almalinux/$releasever/ResilientStorage/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

Then was able to update system and to install other software

Office 365 – compauth=fail reason=601

Posted: February 18, 2022 in Exchange
1

Mails received from mailchamp.com, were declared as spam. Following errors arrives in mailbox:

Authentication-Results: spf=pass (sender IP is 10.20.30.40)
smtp.mailfrom=something.example.com dkim=pass (signature was verified)
header.d=something.example.com;dmarc=fail action=none
header.from=example.com;compauth=fail reason=601
Received-SPF: Pass (protection.outlook.com: domain of something.example.com
designates 10.20.30.40 as permitted sender) receiver=protection.outlook.com;
client-ip=10.20.30.40; helo=m42-181.mailchimp.com;
Received: from m42-181.mailchimp.com (10.20.30.40) by
DB5EUR03FT015.mail.protection.outlook.com (10.152.20.145) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.4930.15 via Frontend Transport; Tue, 1 Feb 2022 12:25:07 +0000
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=something.example.com; q=dns/txt;

SPF record:

something.example.com TXT v=spf1 include:mailchimp.com ~all

DMARC record:

v=DMARC1; p=none; sp=none; adkim=s; aspf=s; rua=mailto:dmarc_agg@example.com,mailto:dmar@domain.com

After spending some time googling decided to change SPF record

something.example.com TXT v=spf1 include:mailchimp.com include:spf.protection.outlook.com include:protection.outlook.com ~all

Then emails from mailchimps started to land into inbox

Older Entries