Latest Server related questions

My System environment, is Centos-7.9, Apache2.4, Php-fpm, PHP-7.4

I have postfix setup to send emails from the website, which is working in stand-alone test emails and when I turn the SELinux off.

However, if SELinux is enabled it will block sending the emails out from the server with below error in the /var/log/maillog

 postfix/sendmail[10883]: fatal: execv /usr/libexec/postfix/smtpd: Permission  ...

What I need to achieve that is almost done without the EFS/S3FS share:

1. SFTP pod used by some microservices that process content and deliver back processed content have sftp users that go to tenant specific paths (e.g. tenant-1, tenant-2) through SFTP, these chrooted paths are mounted to different EFS points through EFS provisioner.

2. Tenant pod - each mounting /var/s3fs <-> S3FS S3 bucket. A ...

I’ve done quite a bit of searching, and it seems this can be done, but the answers I seem to find are either vague or responses are something along the lines of “but why would you want to do that?”

I’m hoping someone can point me in the right direction to accomplish the following:

CURRENT SETUP

Visitor - > Cloudflare Proxy -> Web Server

Cloudflare DNS proxy sits in front of my web ser ...

Today I faced a what seemed like a DDOS attack. My server provider warned me about excessive CPU usage (400% for over 6 hours) and I couldn't access any website, could not login via SSH either. Lish console reported an error that went something like 'php-fpm out of memory'.

Only thing I could do was a hard reboot. After server was up again, I looked at fail2ban's status and it shows 'active(exite ...

I wrote a workshop database application for a client in Romania that had a Land Rover dealership a long long time ago in Access 2.0. Haven't heard from him in years, then last week he calls. He is still using the program ! and want me to "update" it.

Thank goodness for old MSDN library CD folders in back of file cabinets. So, I have installed an old copy of Win Server 2008 R2 Enterprise and load ...

Recently in our production Kubernetes cluster, we saw a lot of outbound reset connection, after some troubleshooting, we have below network flow captured.

Network Capture

we are really confused by this flow. in this flow.

1. from localport 33890, a new connection is created and sync packet is send out
2. for whatever reason, remote reset this connection.

then here comes the confusing part, all sync packs s ...

We've got a very weird issue going on here.

Take this example email (raw form, sanitized):

To: TestList@example.com
From: Thomas Ward via TestList <TestList@example.com>
Subject: Test Message
Date: Wed, 4 Aug 2021 19:44:49 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="------------EFA1B8DAB3C4E625DD16F705"
Content-Language: en-US
Sender: TestList@example.com
Reply-To: Th ...

I have two interfaces on server machine. The output of ip route is next:

default via 192.168.100.1 dev enp1s0 proto static metric 100
10.8.0.0/24 dev tap0 proto kernel scope link src 10.8.0.1
192.168.100.0/24 dev enp1s0 proto kernel scope link src 192.168.100.201 metric 100

and ip address is next (MACs are hidden):

...
1: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state U ...

I have a mail server for my domain with postfix and dovecot: mydom.com I want to send google calendar notifications with my own domain: user@mydom.com I explored two alternatives unsuccessfully

1. I created an alternative address on my gmail user I could send mails with my own address (user@mydom.com) but my calendar notifications have always as sender my gmail address although alternate address i ...

I'm trying to set up a build agent on a windows host using this plugin in Jenkins: https://plugins.jenkins.io/windows-slaves/

I've configured the windows build agent/node on the Jenkins master, and have set up the correct service account on the windows side and provided password, but am getting an error related to Netbios and CIFS, it seems:

Here is the error message:

[2021-08-04 10:36:28] [windows-agents ...

On my PC I have this stack:

• Microsoft Windows [Version 10.0.19042.1110]
• VmWare Player 16.1.2 build-17966106 installed in windows
• CentOS Stream 8 installed in a VM
• Docker 20.10.7 installed on CentOS
• nginx latest launched via docker run -p 8000:80 nginx

How can I access nginx from Windows chrome browser?

Within the VM it works - I can browse to http://localhost:8000 and see the nginx landing page, but s ...

...or, when does Admin not mean Admin?

I have Grafana configured to permit anonymous access:

GF_AUTH_ANONYMOUS_ENABLED=true
GF_AUTH_ANONYMOUS_ORG_NAME=Main Org.
GF_AUTH_ANONYMOUS_ORG_ROLE=Admin

For the most part this works great, but with the anonymous user I seem to be unable to do certain things, such as:

• Modify the default bashboard (e.g., I can't clink the "Remove this panel" link in the "ba ...

I am using v3.0.0 of CRS with ModSecurity set to DetectionOnly mode and the nginx connector. I want to set the anomaly score to 100 or so to fine-tune the settings, but I can't see where or how to do that. Looking in crs-setup.conf

nginx 1.18.0 if that helps

I am configuring etcd to bootstrap using DNS discovery but it says that the server is misconfigured and it appears to be querying the wrong port, and the SRV records don't seem right.

Please could you review the below and see my questions at the bottom of this post?

Specifications

root domain: etcd.ksone

server SRV record:

_etcd-server-ssl._tcp.etcd.ksone    SRV Simple  -   
0 0 2380 etcd2.ksone
0 0 2380 ...

I have SPF, DMARC and DKIM configured for my mail server (postfix) on a CentOS 7 OS. Outgoing mail is getting signed as normal. All email check sites says my stuff are secured and working great but there is a site I use that purposely sends various types of spoofed emails to test all parts of incoming filters and my server seems to fail a specific DKIM part.

Site used: https://emailspooftest.com Mail 5  ...