Latest Server related questions

Today we have been alerted by the network support guys about high memory consumption in the firewall (FortiGate 100F) that could lead to it entering safe mode.

We searched the logs and found a truckload of DNS queries from the clients to the primary domain controller's SRV record (_ldap._tcp.pdc._msdcs.ourcompany.local), repeated to the tune of one every 15-20 seconds, per client. See linked screenshot. ...

I know the access via root won't work (client sshd_config and restricted account in FreeIPA). But is there a way to blacklist root either on the host or on FreeIPA so it's denied immediately rather than prompting for a password?

I'm wondering if I'm missing something... If not possible then I guess my next goal will be to log root attempts via FreeIPA and alert/report on them.

A colleague of mine has created a google cloud platform project for which we would like to use the Cloud Storage product. They have made me co-owner and storage admin in the IAM permissions. According to the google docs a storage admin has storage.objects.* permissions so I should be able to get bucket objects.

I wrote a simple python script to download some content as follows (pseudocode only):

I'm creating my first Pipeline to build a .NET Desktop application. I have added the needed task to my YML file but I'm getting the following error, regarding an assembly that may be missing or not found.

Error Message: "The type or namespace name 'AxAcroPDFLibre' could not be found..."

Screenshot of error

This is the complete code of my YML file:

# .NET Desktop
# Build and run tests for .NET D ...

My VNC session was lagging to the point that I couldn't really use it so I ran pkill -u myUsername from inside the VNC session rather than through ssh (dumb, I know) and ever since all I get when I startup VNC is a black screen with a working cursor. No one else on our server is having this issue meaning it's a me problem but I can't figure out a solution. I can still ssh into my account and have tri ...

Okta RADIUS only supports PAP-based authentication, which OpenVPN Access Server supports. Can someone help me understand how this makes any amount of sense??? (both how Okta can justify implementing this and how OpenVPN can support this?)

You would commonly see PAP used on ancient operating systems or legacy systems. And it’s very unusual to see PAP used by itself these days. That’s because P ...

To start, I am not well versed in server proxies but I can get along a bit.

Here is the scenario.

I am running an app within a docker container, using django, nginx, daphne, redis on an apache server.

1. Visit the website run by apache using example.com.
2. Apache does a proxy pass to Nginx (running in a container) 80:8080 and 443:8443
3. Then Nginx passes off to Daphne to run the actual app which is runnin ...

There are many good results out there on how to redirect "www" to "non-www" and visa versa.

The most recommended solution is this:

server {
    listen 80;
    server_name www.example.com;
    return 301 https://example.com$request_uri;
}

This works well for a single website configuration file. However, it quickly duplicates configuration when you have multiple websites under one Nginx server.

I'd really ...

I have Centos 8 Cli version installed , due to power off the OS starts directly in emergency mode without starting root user . I have attached screenshot here

The OS is on VMware Hypervisor esxi 6.5 and has very crucial data in it . I would be very thankful if anyone could help me fixing it or atleast copy the data from it . Thankyou in advance

I have nginx server running over linux environment, and it is handling the domains www.example1.com and www.example2.com. each domain has its own sitemap, so I need the correct sitemap loaded for each domain as it is in the root directory, for example:

www.example1.com/sitemap.xml is actually loaded from www.example1.com/sitemaps/1/sitemap.xml

And:

www.example2.com/sitemap.xml is actually loaded f ...

I'm having troubles with an EC2 server

I need to connect with an external SQL server that has whitelisted an elastic IP attached to the instance. All the security rules and routes are set in the most permissive way. However, the outbounding traffic from my EC2 seems to have another IP.

The output

sqlcmd -S <SQLServerIP> -U <User> -P 
Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Lo ...

I'm currently trying to read the authorization header in a PHP script that I'm calling with a POST request. The Authorization header is populated with a token. It seems the Authorization header is somehow removed before it arrives at my PHP script.

I use these lines and the problem is mitigated in Apache using .htaccess

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_ ...

I am trying to use IAM roles for service accounts in EKS. https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html

When it comes to create the IAM role to be assigned to a service account, I have to create it with a trust policy that refers to the OIDC provider of a specific cluster.

https://docs.aws.amazon.com/eks/latest/userguide/create-service-account-iam-policy-and-ro ...

I have the need for an inventory for servers, storage, network devices, etc. and I'm thinking to have this kind of information in a CMDB. It would first be used as an inventory, but later could be for configuration management as well.

Should I create my own CMDB, based on the KISS principle, and make it better over time ? Or get a tool that already does the job, but which I would not be able to evolve  ...

I am on CentOS8. I am facing similar situation as in this question, tried everything suggest in answers but could not solve.

Why I can't install ffmpeg on CentOS 7

I am trying to install ffmpeg-devel which needs ffmpeg-libs and which needs libgcrypt. Libgcrypt is required by systemd which is protected package and could not uninstalled. Libgcrypt-1.8.5-4.el8 is newer version than libgcrypt-1.5.3-14.el ...