Latest Server related questions

Can the openscap's oscap tool be run on a container to scan the host VM?

NOTE: It runs fine on the RHEL container (after install)

Dockerfile

FROM registry.access.redhat.com/ubi8/ubi:latest

RUN yum -y update
RUN yum -y install -y openscap-scanner 

COPY benchmark.xml benchmark.xml

When I manually SSH from my Ansible server to a Cisco router, I see this on the command line:

me@ubuntu01:~/ansible$
me@ubuntu01:~/ansible$ ssh [email protected]
Password:
####################### Cisco Router 101 ########################
Hi, welcome to the company router!  Pls don't mess it up.
####################### Cisco Router 101 ########################


cisco101 line 388
% Password expirat ...

Coming from a Proxmox environment to VMware I'm puzzled by this behavior:

It's a rented environment and I was asked how much memory/disk storage/CPU do I need. I didn't account for memory randomly counting as "storage", so I'm now having issues with enough storage.

How does this even make sense and how can I disable it?

So I'm really new to kubernetes and I'm having this problem where the pods keep restarting. I've googled around a bit but not coming up with much help. All I have is a simple apache deployment, nothing fancy.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: website-deployment
  labels:
    app: website
spec:
  replicas: 2
  selector:
    matchLabels:
      app: website
  template:
    metadat ...

I have a networked printer (Canon iP8720) and it mostly works just fine out of the box with CUPS on Kubuntu 22.10. However the printer is capable of borderless printing, higher resolution than the 600dpi it's presently limited to, and a few other things. I've tried to manually edit the PPD file for it but it invariably fails, even after making only trivial changes. I mostly grok what the PPD file parame ...

I am thinking of using vultr as VPS. When I do a ping to binance api.binance.com which have their servers in Japan on the site https://hnd-jp-ping.vultr.com I get much worse ping from Japan than if I choose to ping from New Jersey. Why do I get better ping from New Jersey to binance api than from Japan when binance is located in japan?

Tokyo

$ping -c 4 -w15 api.binance.com
PING d3h36i1mno13q3.cloudfron ...

I tried access a remote server via

ssh -T -D 61480 -o ConnectTimeout=15 'target-box'

but it failed and I received an error log which I have included below. I was able to connect to the jump server step-by-step via SSH in the terminal, and then SSH to the target server from it. The file permissions were also not an issue, as they were set to 0600.

My config file:

'''
Host jump-box
  HostName 166.111. ...

Apologies if this has been answered somewhere, I've searched everywhere and couldn't find anything.

I'm a PhD student and I manage a small cluster for our group. When installing Ubuntu 20.04 on our servers we chose the "experimental" zfs feature. We've run into a few issues over the last two years and we never used ZFS to our advantage. We upgraded to Ubuntu 22.04 we'd like to uninstall it now -  ...

I don't like the idea of hosting on both example.com and www.example.com

but I can't get my dns setup to redirect www.example.com to example.com. So what I have right now is both of them work and serve up the webpage. If I have:

A     example.com     123.4.5.6
CNAME www.example.com example.com

shouldn't that do a redirect? I realize I can do this fairly easy with JavaScript.

I just don't like the id ...

I'd like to accomplish that scenario below.

Ningx must accept:

client_certificate_1.pem
client_certificate_2.pem
client_certificate_3.pem

OR

Ningx must accept:

file_with_certs.pem (containing)
    client_certificate_1
    client_certificate_2
    client_certificate_3

the problem is that I did not understand if that is possible or not: it seems I can specify the CAs to be trusted but not the indi ...

I've been trying to get users' ccache files to auto-renew with a couple methods neither of which are exactly working for me. This is a debian 11 box, MIT kerberos. My preferred option is to auto-renew the tickets WITHOUT cron jobs using SSSD config options. 2nd choice would be with cron jobs set up by individual users. The goal is to always have valid tickets for use by the users when logged on and also ...

We have an ELK stack set up on an ec2 instance that stopped working a month ago and I just got it working again (the problem was credentials with the cloudwatch logstash plugin).

What is strange is that it seems to be ingesting logs from over two years ago. I'm not very familiar with the ELK stack (I just inherited this old app), is this normal behavior? It will take days to catch up to present t ...

I'm looking for a simple way to schedule full + incremental backup of a remote FTP server (that also supports SFTP, but without SSH access) from My NAS that is based on Linux, WITH full SSH access. I'm surprised by the fact that there are a lot of solutions, but many of them are quite "oversized" for a simple task like this (for example: Bacula).

The idea is to setup a full backup every week and  ...

I have been struggling with deploying a Kaspersky network agent to my clients that are part of the work Domain.

I have performed the below steps;

1. Joined the client to the domain
2. Ping the name of the domain as well as my AD which is responsible for the deployment of the software
3. Tested if the MSI file works on a separate machine(mind due, the MSI was a .exe which I converted to MSI using third pa ...

I am trying to mount a Gluster volume within a systemd-nspawn container. I found two methods to do it from the official Github repo, but I have questions about both methods' security.

1. The CAP_MKNOD + DeviceAllow=/dev/fuse rwm + mknod /dev/fuse c 10 229 from https://github.com/systemd/systemd/issues/6553#issuecomment-350167906. But I can only make it work using a privileged container, am I doing  ...

In the case of a simple web-server with a MySQL database, the script has to dump the database, copy the web-server files and tar everything together. Then a NAS server Rsync the tar file via a "ssh-copy-id" done to a user "backup" that can only access it's own home folder where the backups are stored.

I know a feel things like store the credentials in a env file and limit the access to the script ...

I using docker-compose to run python app, In that I have a service as nginx. Currently I am using server_name localhost; and it is running fine. Now instead of localhost I am trying to use domain name eg www.example.com on my local system. So I edited nginx conf as server_name www.example.com. It didnot worked, On googling I found that I need to add this name to /etc/hosts file. I found few egs as bel ...

The WinHttpAutoProxySvc is disabled in Services on Windows Server 2019.

Is it safe to disable it and if it does, how to do it?

I'm running into this problem: https://stackoverflow.com/questions/63601757/https-outbound-requests-time-increases-to-5-min-after-14-21-days-on-an-instance

This service brokes every 2-4 weeks.

I have config haproxy.cfg like bellow

...
frontend app
        bind *:443
        mode tcp
        option  tcplog
        option forwardfor
        http-request set-header X-AONE-IP 10.0.0.1
        http-request set-header myheader 123

        use_backend be

backend be
        mode tcp
        http-request set-header X-AONE-IP 10.0.0.1
        http-request set-header myheader 123
        option f ...

I am running an EC2 Linux 2 AMI and was following an AWS tutorial to enable HTTPS on my server.

But when I try to restart Apache, error seen in the logs:

Apr 10 06:56:40 <maskediphere> systemd[1]: Starting The Apache HTTP Server... Apr 10 06:56:40 <maskediphere> httpd[30696]: (98)Address already in use: AH00072: make_sock: could not bind t...:]:80 Apr 10 06:56:40 <maskediphere> ht ...

My issue is that I can't establish an outgoing connection.

I followed this blog post to use TPROXY to redirect any TCP connection to a single listener:

iptables -t mangle -I PREROUTING -i eth0 -p tcp -j TPROXY --on-port=1234 --on-ip=127.0.0.1

I replaces the -d 192.0.2.0/24 with -i eth0 but from my understanding this shouldn't make a difference from the problem I'm facing.

I'm running a listener with

I configured an apache webdav server as follow:

<VirtualHost *:443>
  Protocols h2 http/1.1
  ServerName webdav.internal.example.local
  SSLEngine on
  SSLCertificateFile /data/certs/cert.pem
  SSLCertificateKeyFile /data/certs/cert.key
  SSLProtocol all -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256: ...

I'm struggle now for a longer time with the following issue:

[gnutls:error] [pid 1878860] [remote 127.0.0.1:8282] ssl_engine_set: mod_proxy requested TLS proxy, but not enabled for piped.[CENSORED].de:443

I tried a lot to fix this but nothing helped. In this case I host Piped by myself and did a Let's Encrypt Certificate.

Here's the Apache Site Config of this service:

<IfModule mod_ssl.c>
     ...

I want to learn VPX ADC in virtural environment. All the below 3 machines are connected via VMWare Workstation Bridged Network. Host-Windows 11, IP Address is 192.168.2.60 VM 1 - ubuntu20 ,apache server, IP Address is 192.168.2.56 VM 2 - Citrix ADC Release NS13.1 30.52.nc, NSIP is 192.168.2.31, SNIP, 192.168.2.32

I try to configure waf function for apache service on ubuntu20.I added the load bal ...

My Gitea instance is being brute-forced just as I write this text:

gitea  | Invalid user yinsen from 94.23.30.184 port 55154
gitea  | Connection closed by invalid user yinsen 94.23.30.184 port 55154 [preauth]
gitea  | Invalid user zhaoyy from 94.23.30.184 port 42294
gitea  | Connection closed by invalid user zhaoyy 94.23.30.184 port 42294 [preauth]
gitea  | Invalid user yangtingy from 94.23.30.184  ...

I am really exhausted to get pimcore running on my vps server.

I tried several OS like Unbuntu 18 / 20 or CentOS 7. I tried to install pimcore via composer. But there I always get some errors, when I tried to fix them, they lead to some more.

The best way for me is with the docker-compose.yml. I managed to install pimcore with that and I am able to run the containers described here : https://github.co ...

I have a map in nginx.conf,

stream {
    upstream s1{
        server 127.0.0.1:670;
    }
    upstream s2{
        server 127.0.0.1:680;
    }

    map $symbol_key $symbol_value{
        c1 s1;
        c2 s2;
    }
    server {
        set $symbol_key "c1";
        set $symbol_value "s1";
        listen 66;
        proxy_pass $symbol_value;
    }

}

If I delete map, the request can be routed to s ...

Relayed emails come 'from' [email protected], not [email protected], so I cannot reply.

I have several domains and am using Postfix to relay emails sent to [email protected] on to [email protected] as outlined in Your own mail server with Postfix leveraging Gmail as storage (via smtp.gmail.com). I have additionally set up Gmail aliases to send emails as [email protected] and it almost all works brilliantl ...

I have apache httpd 2.4.6 running on RHEL 7.9 Yesterday the service was shut down, and the only information I am getting from /etc/httpd/error_log-DATE is from the last line of the file:

[mpm_prefork:notice] [pid 1682] AH00170: caught SIGWINCH, shutting down gracefully

prior to this line, there are no other exceptional error message, aside from a few PHP notices, which I doubt are critical (PHP Noti ...

I would like to send a mail to a gmail address:

echo "This is the body of the email" | mail -s "This is the subject line" [email protected]

That is what I see in the logs

connect to gmail-smtp-in.l.google.com[142.250.27.27]:25: Connection refused
connect to gmail-smtp-in.l.google.com[2a00:1450:4025:401::1a]:25: Network is unreachable
connect to alt1.gmail-smtp-in.l.google.com[2a00:1450:4025:c03::1a] ...