Latest Server related questions

I have two virtual servers.

The old: Ubuntu 12.04 with PHP 7.2. The new: CentOS 7.9 with PHP 8.0.

On both servers the same application is running. A cron is minutely getting some details from another website. similar to the following code

file_get_contents("http://mirror.facebook.net/centos/timestamp.txt")

On the old server, it worked well. I never had issues. On the new server, I have sometimes this M ...

I enabled the refint and memberof overlay with OpenLDAP 2.4.57, but when I create a groupOfNames I get a memberof_value_modify .. failed err=32 error. I also have syncprov enabled with a spare. What am I doing wrong?

group addition

$ ldapadd -W -x -D cn=admin,dc=mydomain,dc=tld << EOF
dn: cn=mygroup,ou=groups,dc=mydomain,dc=tld
objectClass: top
objectClass: groupOfNames
cn: mygroup
member:  ...

I am building a server in c++ that reads a lot from disc. When recording with perf I get this report:

  28.20%  server   [kernel.kallsyms]             [k] copy_user_generic_string
  18.14%  server   [kernel.kallsyms]             [k] clear_page_rep
   7.31%  server   server                        [.] SearchEngine::value_intersection<FullTextRecord>
   5.64%  server   server                     ...

I have an ipset named allowList.

I want to allow every connection to my machine on every port but port 80, which there I want to allow connections only to the ipset: allowList.

I want to target only the SYN packets from port 80 for efficiency, so that:

1. if tcp flag = SYN
2. if port is 80
3. if it matches the ipset named allowList

Then allow the connection, otherwise drop the packet (if the packet is SYN

Currently, I have drives that log the count LBA which they have processed - but that is a special SMART counter/value not generally available as it seems.

Is there any generic way of logging how much data was processed by a system per disk?

My normal config of haproxy is:

defaults
        log     global
        mode    http
        option  tcplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
##### MYSQL-CL #####
        listen  MYSQL-CL
        bind    10.17.1.65:3306
        mode    tcp
        option  mysql-check user haproxy_check
        balance roundrobin
     ...

First, I'll try to explain the current network layout. I'm not a super-experienced networking professional (yet...) and I have come up with a possible solution, but I wanted to run it by some experts and see what the cons are to my plan.

So we have a small business setup servicing about 12 users, right now it looks roughly like this:

Comcast Business Modem (providing two public IPs), this modem i ...

We currently have an existing windows domain that uses ip range 192.168.2.X.

The main internet router has an internal ip for this domain.

We've just purchased new server hardware and want to setup a new domain on the ip range 192.168.3.X.

How can we accomplish this given that it can't see the main router with has an internal ip in the 192.168.2.X range?

Or more globally, how do you create a new windows do ...

I have a bit of a unique situation with Ubuntu 20.04. I need to allow SFTP and SSH on port 22 but I want to limit SSH console connections using an ACL. I can't do this at a port level, AFAIK, as the traffic looks the same to my firewall so all I can do is allow TCP 22 to the server.

I am already using /usr/sbin/nologin as the shell in /etc/passwd for user accounts that need to SFTP only, howeve ...

I have a local network containing a machine named black running Ubuntu 16 server, and a raspberry pi. The pi has two network cards. One faces this local network, and the other connects to my ISP via a router. black has one interfaces which faces this network. The pi runs an ssh server configured out of the box.

I want to use sshuttle (or something else like it) to provide black with internet c ...

I need to allow ssh only through VPN (openvpn) using iptables. All services (ssh, vpn) are located on same machine. My current rules for vpn and ssh:

# set default policy
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

# flush rules
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X

# allow localhost
iptables -A INPUT -i $LO -j ACCEPT
iptables -A OUTPUT -o $L ...

So, today I found that Windows clients behave a little different to Linux and Mac DNS clients. Point in case:

The scenario

An nslookup of test.example.com, which returns a CNAME "test.temp.example.com". On Linux and mac this will return the result of the lookup of the CNAME, by means of a second DNS request. Rinse and repeat until an A record or an error is encountered.

The issue

On Windows 7/10 the r ...

The main purpose - remote access to the local network (video surveillance, smart home).

Input data: mikrotik router and server in the DigitalOcean.

Since mikrotik knows how to work with OpenVPN server only by login and password, I decided to run 2 OpenVPN servers:

1. /etc/openvpn/server-mikrotik.conf:

...
server 10.0.1.0 255.255.255.0
route 192.168.88.0 255.255.255.0 10.0.1.2
route 192.168.1.0 255.255.25 ...

Background: several parts of my host inventory are harvested automatically with the help of (many) scripts, mostly run out of cron. Many hosts have aliases (CNAMES, different network interfaces etc.) meaning that ssh host brings you to the same machine as ssh host_alias, and these aliases have a way to make it into the inventory and becoming immortal (because they pop up in several files) until m ...

We are working on a software solution and some of our providers are really CentOS 7 centered.

CentoS 7 will continue to produce through the remainder of the RHEL 7 life cycle, which will end sometime in 2024.

CentOS 8 will receive updates till December 2021.

CentOS Stream was announced by Red Hat but is apparently not a replacement for CentOS.

I am not very into diving in this if options are uncertain in  ...