Latest Server related questions

We have a NFS client which print in to messages this error:

kernel: nfs: server nfsserver not responding, timed out

it is printed about every minute. Normally I will think there had a communication issue or firewalled ports.

But here what is fun, the mounted NFS share works has expected, we cane R/W from it with the expected bandwidth!

Both server and client are RHEL7 the client mount it with the  ...

I have configured L2TP VPN on PfSense 21.05-RELEASE (amd64) and fedora 33 as client, once VPN is connected I can ping remote host but as soon as I tied to hit HTTP site (google.com) traffic flow of VPN stops In TCP dump can see outgoing traffic but no incoming traffic coming back after HTTP request also checked PfSense firewall no drops there and moving traffic back to client but client somehow drooping ...

If I go inside the file /etc/ssh/ssh_config, I can see "$OpenBSD" at the top of file. However, if I change the default port to a different value, it doesn't seem to work. A colleague informed me that's because Dropbear is the software server here, not OpenSSH.

Is there a way to be sure? I can't find an answer googling that.

I observed that netfilter changes the source port when a connection is established in the conntrack module. I need to prevent this behavior.

Here is what I have done to reproduce my problem:

1. I create a netfilter rule that will perform DNAT from port 2002 to 2003

sudo iptables -w -t nat -A OUTPUT -s 192.168.30.3 -d 192.168.30.1 -p udp --sport 2001 --dport 2002 -j DNAT --to-destination :2003

2. I t ...

I came across a weird issue when practicing permissions in Windows Server 2016. I gave read permission only to a shared directory for a group called "Human", but the effective access tap shows that the user "luke.skywalker" who's a member of the Human group has the following access

Here's the actual permissions

Here's the effective access

This of course led to the ability of Human group members to  ...

I'm having quite a headache on this one. It used to work but I just realized it does not work anymore. Possibly because after some update.

I have OpenVPN running with this config:

client
dev tun
proto udp
remote 45.152.181.35 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no

 ...

My Web server is running on Apache and I have restricted the Apache user not to allow anything outside the Website Document Root, However, I need to write a log file (User Auth Log) which needs to be written into a folder of the "/var/log/app"

How do I achieve this task in Centos7? Should I use a symlink? if so Can that be secure enough? because this log file will contain very sensitive data about the u ...

I have a simple question, however, I am struggling to understand how to do this in a secure manner,

I have a PHP-based web application that runs on Linux (Centos7), I have "user" access with Sudo privilege on the Linux server.

The web server (Apache) runs as an "apache" user with an "apache" group,

The problem is when I try to deploy applications using WinSCP, I get permission denied errors, the ONLY w ...

Is there any way to hide username if we send email via Linux terminal? For example, I just want to hide or delete "root" username from the email header.

I have one cron job send a report every day. For now this script runs as root user.

I have an issue where a new mailbox in Exchange Online is reporting Mailbox unavailable. The server response was: 5.7.1 Client does not have permissions to send as this sender when sending mail from an app server.

using these settings, values changed for security:

<mailSettings>
      <smtp from="[email protected]">
      <network host="ipaddress" port="25" userName="[email protected] ...

I am trying to use LogParser to return the data from my iis log files for the past 2 weeks. When I run the following I get "Error: Syntax Error: : no valid content: expecting opening parenthesis instead of token 'DATEADD(day,-14,'"

logparser "SELECT * FROM mylogfile.log WHERE date >= DATEADD(day,-14, GETDATE())" -o:datagrid

I'm trying to setup this scenario with goal of full subnet-to-subnet connectivity:

.--------------.            .--------------.                .--------------.
| linux        |--- LAN1 ---|  NATing      |--- INTERNET ---|  Cisco       |--- LAN2
| strongSwan   |  172.x.x.x |  ROUTER      |                |  RV130       | 192.168.a.a
| VPN gateway  |            |              |                |       ...

I've recently installed Apache Guacamole on Ubuntu 20.04 LTS and use NGINX as the proxy server. Everything works fine with it over HTTP but when I use HTTPS, the application still loads, but then the connections are super slow (get stuck for some seconds). About configuration, I've exactly done what the official documentation says and all the services run on the same server.

EDIT: NGINX Configuration: ...

With the azure policy addon enabled(as per organization policy), we can’t create privileged containers on the aks, azure kubernetes.

Our application is set to security context as below.

    securityContext:
        allowPrivilegeEscalation: false
        runAsNonRoot: true
        runAsUser: 999

So our app can create without privileged access. But, when linked with consul(through annotations), the cons ...

I have 1 machine and I am running on it 2 docker nodes,

1 node - for testing

2 node - for prod

I have a domain, for example foo.com I want to redirect the request to the correct servers based on the sub domain, for example:

test.foo.com => node 1

prod.foo.com => node 2

what tool can do it?

can a reverse proxy deal with private ips?

I am using linux