Latest Server related questions

I have a small Apache webserver that was CentOS but is now AlmaLinux 8, and I've been trying to update httpd via dnf to protect against the recently disclosed vulnerabilities: https://httpd.apache.org/security/vulnerabilities_24.html

Numerically, the machine's httpd version number never exceeds 2.4.37, but I've read elsewhere that RHEL backports CVE fixes to each Apache version that aligns to their OS rel ...

Am running an EKS cluster deployed on a node (in public subnet) with two namespaces, one pod running in each of the namespaces. I have created two NAT gateways on the same subnet. I would like to route egress traffic from pod A to NAT gateway A and egress traffic from pod b to NAT gateway B. Am well aware that this use case is peculiar and NAT gateways arent supposed to be used this way, but my situatio ...

So here is our setup

Server: rsyslog server - CentOS 7

Client: Cisco Catalyst C6880-X-LE

/etc/rsyslog.conf from the CentOS 7 server:

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal

$template TmplAuth, "/var/log/client_logs/%HOSTNAME%/%PROGRAMNAME%.log"
$template TmplMsg, "/var/log/client_logs/%HOSTNAME%/ ...

Running kubeadm init phase certs apiserver --config kubeadm.yaml

Is it possible to have multiple/custom root certificate to be used for group of users/kubectl/config files?

I am asking because, I would like to give access, on a per project basis - and then afterwards remove the custom root cert - but keep the the "original" root cert for special kubectl administrators.

I have seen that you can use s ...

I have Debian running on an old Mac mini as a home router etc. with various of my crap running on it.

It produces e-mail, for example from the result of cron jobs. I've used /etc/aliases to direct this to the main user account, but I'd prefer it to go to my real e-mail address instead.

Don't want:

• send an e-mail from the command line,
• receive e-mail.

Do want:

• mail that would have gone to root goes

I want to run a python script that starts by importing a large table of data. I've seen that instead of using the upload option form the SSH panel of the VM I can use the storage bucket and start by uploading the file into there, and then transfer it to my VM directory. However, I didn't get how to transfer (read) the file. What should I do to see the file on my VM when I type 'ls' for example? alternat ...

I have a user activity logger and querying system for an ISP with very high log events rate (5k-10K /second). It needs to relate both Radius/Session and NAT Syslogs based on a common InternalIP field. Each session has two events Start and Stop. A roughly 24hr data produced by 3000 users, can be like 20 Million records, expected to go up.

My solution consists of 2 parsing and persisting agents for each l ...

I have a simple config (based on googling and copy paste) that contains an error, I don't know how to proceed.

I would like to forward all mails received to an smtp-server that requires username+password+TLS

The config:

listen on 0.0.0.0 port 25
action "relay" relay host "smtp://smtp.foo.bar" mail-from "@foo.bar"
match for any action "relay"

Apparently there is an error on line 2:

Oct 13 21:08:56 raspb ...

I've set up a Postfix mail server with SpamAssassin and spamass-milter for SPAM detection. Everyhting so far seems to work well. My mails are getting tagged as SPAM within the subject and are forwarded to a specific recipient (with the -B option of spamass-milter).

I know that I can change the behaviour how SpamAssassin modifies the original message via the report_safe option. The default value is  ...

I am trying to establish a VPN tunnel between a Classic CPN gateway and an on-prem VPN gateway. A requirement for the on-prem gateway is that traffic coming out of my VPN must present as a public external IP address (not a private IP address).

I am able to establish the tunnel using the public IP address of the VM. I am also able to route traffic from the VM to the Cloud VPN using a routing rule. ...

The issue i'm experiencing is that with one DNS server out of the 3 I have, any bogus dns entry always resolves to a certain IP not part of my network.

For example, nslookup abc123 = 192.124.249.12, nslookup sdfs3242 = 192.124.249.12. Even DNS entries that are valid in my network still resolve to that same IP.

If I log into the DNS server and do local queries, everything turns out fine and bogus dns ...

I setup a website with wordpress using NGINX and PHP-FPM.

backend.site.com is for wordpress-backend

site.comis for the nuxt-frontend

My Problem

When i access the frontend by typing www.site.com i get redirected to backend.site.com

# /etc/nginx/conf.d/default.conf

server {
    listen 80;

    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    ssl_certificate     /etc/nginx/ssl ...

I have backend applications that I want to put on one subnet and a set of servers that must have access to the internet on the other subnet. The idea is to put the servers within a DMZ. Additionally, all these servers will be separate guest machines within VirtualBox. All the guest hosts are ubuntu as well.

I know this question has been asked historically, but the answers I have yet to find are not all too helpful in this one niche use case.

I currently have one router running DD-WRT on 192.168.0.1, one router connected to the previous with IP 192.168.0.2 that runs as a VPN client, and one Raspberry Pi set up to run https://pi-hole.net DNS filtering on 192.168.0.21.

Ultimately, my goal here is just to  ...

For IPv4 I have a rule that blocks the VPNs to access the local addresses like this:

:PRIVATE_ADDRS_FILTER - [0:0]
-A PRIVATE_ADDRS_FILTER -d 10.0.0.0/8 -j DROP
-A PRIVATE_ADDRS_FILTER -d 172.16.0.0/12 -j DROP
-A PRIVATE_ADDRS_FILTER -d 192.168.0.0/16 -j DROP
-A FORWARD -j PRIVATE_ADDRS_FILTER

Is this how I would do it for IPv6? (based on this source)

:PRIVATE_ADDRS_FILTER - [0:0]
-A PRIVATE_ADDRS_F ...