Latest Server related questions

I need block IP range cause they uses bots. I'm enter two commands:

iptables -A INPUT -s 46.148.40.0/2 -j DROP
iptables -A INPUT -s 141.98.10.0/2 -j DROP

But in iptables-save it looks like

-A INPUT -s 127.0.0.0/2 -j DROP
-A INPUT -s 0.0.0.0/2 -j DROP

I try save it to file, edit and restore, but it transform to 0.0.0.0/2 and 127.0.0.1/2 again.

Then I tried ufw:

ufw deny from 46.148.40.0/2 to all
ufw de ...

I am collecting logs using rsyslog from about 5000 servers. My collector is writing all logs to a single file on an NFS volume using RFC5424 format. I am mounting this NFS volume on my promtail nodes, and using static_config to scrape the file. I can view the logs in Loki.

My problem: I don't see any labels in my log entries. I am unable to do LogQL queries based on hostname or any type of qu ...

I know numerous folks have asked similar question ... wordpress is in the root folder.

I have restored a Wordpress site mtp and get a 403 error for the home page and also wp-admin. I can access the site using /wp-admin/index.php and I can also access some other pages like /meet-me/

If I enable Wordpress debug and try to open /index.php I get a load of php depreciation warnings - but no errors.

this is my ...

Resolved.

I am provisioning my project-related GCP resources using Anthos Config Management (ACM). For one of my use cases, I configured an Eventarc trigger to activate a Cloud Run service when a new cloud run service is created. However, I am experiencing an issue with receiving events from Eventarc for deployment packages managed by ACM. The setup works as expected when I use the gcloud command fo ...

I saw a similar question asked here that is closely related, but the provided answer doesn't entirely address my doubts.

Assume a 3 node cluster is configured without a witness node, and all nodes are able to talk to each other.

As the number of nodes is odd, it should be able to achieve a quorum by itself, assuming at least 2 nodes are up and running and able to communicate with each other. This  ...

I'm looking to build a VM using KVM/qemu in my dedicated server and assign to it one of the 2 Ip addresses I got assigned for my dedi. However, following this guide https://medium.com/techtalk-blog/kvm-with-public-ips-and-vnc-for-a-linux-vm-64c78a6c43e1 It mentiones that and I quote:

If your IPs are not in the same subnet you will need to configure the host to perform routing, which is also not cov ...

I have a setup for nginx which has always worked well. I can create different users with multiple websites. (Debian 11)

For this I use the following commands

useradd -m myuser
mkdir -p /var/www
chmod -R 555 /var/www
mkdir -p /var/www/webuser
chown root:root /var/www/webuser

useradd webuser
usermod webuser -s /bin/false
usermod webuser -d /var/www/webuser

mkdir -p /var/www/webuser/html
mkdir -p /var/ ...

We manage a number of pcs running Windows Server 2012 R2 on various hardware (computers have differing network cards etc.). These machines are connected at different physical locations to a physical gateway/firewall which are then connected to each other and accessed through a vpn. This setup has worked fine for years but recently the servers are intermittently and at different times losing inbound func ...

I hope you can help me. I purchased this controller "ServeRAID M5210"

https://lenovopress.lenovo.com/tips1069-serveraid-m5210-sas-sata-controller

I am trying to use it in a custom build home lab server. However I do not get it working. I see the controller being recognized during boot, but I am not able to access the controller bios. Also in the OS it is shown as faulty. I tried Windows, Linux and ...

I need to purchase a USW-Enterprise-48-PoE as our infra,

• is already Unifi based.
• needs all 48 PoE ports.
• is short on rack space.

USW-Enterprise-48-PoE

As the USW-Enterprise-48-PoE-UK is currently sold out, is there anything stopping me from getting a USW-Enterprise-48-PoE-EU and powering it with a standard UK C13 cable? I cannot see any other difference between the two models.

meta backend is running in cn=config, OpenLDAP version is 2.4.44

I'm configuring an OpenLDAP meta backend to authenticate Active Directory users from two different domains. I can successfully log in a user through this authentication method but if the connection is inactive for about 15 min or more the authentication will fail. I have a wireshark packet capture running on the machine that shows m ...

Hi All hoping for some Linux genius advice

I inherited a VMWare VM cluster with a few production VM's

they were all way over provisioned and all have 1tb Thick drives

But are only using 100gb odd each

I want to reduce the size of the VHDX but with it being lvm it is proving tricky

I have used P2V to "move" a test vm on the same host but with a smaller vhdx,

The process went fine until +-97% (which i h ...

Given the tree on the controller

shell> tree /tmp/test/
/tmp/test/
├── override
│   ├── dir1
│   │   └── file_B.txt
│   ├── file_2.txt
│   └── file_4.txt
└── template
    ├── dir1
    │   ├── file_A.txt
    │   └── file_B.txt
    ├── file_1.txt
    └── file_2.txt

4 directories, 7 files

Copy the files to th ...

I'd like to check which packages were installed from non-free component on my server, following the recent announcement by the Debian team https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.html#non-free-split

I briefly looked into man dpkg, man apt-cache but couldn't find a quick answer to my question. Could anyone suggest a command or a one-liner?

(I didn't even know the  ...

We have been using imptcp module for remote logging high amount of logs (over 1M log lines per minute) received from >40 servers. Now we would like to switch to TLS, but it looks like imptcp does not support TLS, only imtcp.

Will imtcp support that amount of logs? As far as i can see, it does not support threads etc.

What else should we consider when switching to imtcp with gnutls support? Or may ...

I can't describe it properly, but I have a Thunderbird mail client, I use it to receive and send mail through a user I created and an available domain. I use IMAP and POP3 services there, I also have SMTP set up, I have created mail client users in the MySQL database. I have both Postfix and Dovecot set up via the LMTP protocol. I can no longer use the locally created users on my VPS, because I have dis ...

What is the configuration needed in Nginx to achieve the following behavior:

Whenever a request is received, it should be forwarded to application A; if application A returns { "allowed" :true} in response, the same request should be forwarded to application B and the response from application B should be returned to the client. However, if application A returns a { "allowed" : false} in response ...

Linux. I have for example two config files. First:

    criticalexceptions => [
    'yum-updatesd-helper: error',
    'cups: cupsd shutdown succeeded',
    'hda: drive_cmd: error',
    'end_request: I\/O error, dev fd0',
    'SAP[A-Z0-9]{3}_[0-9]{2}\[[0-9]+\]',
    'nrpe\[[0-9]+\]:',
    'collectd\[[0-9]+\]:',
    'kernel: cdrom: open failed',
    'gconfd.*Failed',
    'nrpe.*ERROR.*seteuid(0): O ...

I am trying to update an Azure Compute Gallery version but it's not working properly. The process I am following is as follows:

1. Deploy the old version from the Compute Gallery to a new VM and start.
2. Use RDP to login to VM and patch. The OS is Windows Server 2019. Its an application server with a single drive so basically IIS and third party application.
3. VM is patched using Windows Update and updates ar ...

I have a MinIO bucket that I need to transfer from one server to another.

mc --insecure mirror source/my-bucket dest/my-bucket

This MinIO bucket is versioned, and I use the MinIO version UUIDs as document references in my application.

I noticed however that when we perform a mirroring of a bucket to another place, the version UUIDs are lost (ie they are recreated).

In the official documentation, i ...

I am trying to create a VM hosted in Vsphere using salt-cloud and need to set the boot options for this VM.

From what I can tell there isn't an actual option for this so I guessing it needs to be part of my extra_config section, however I am not fully sure how to implement this.

My extra_config currently looks like this

  extra_config:
    vim.vm.BootOptions.efiSecureBootEnabled: True

But I get an err ...

We have seriously limited resources and Samhain seems to be the solution that responds to limiting resources like CPU etc most robustly for file integrity monitoring.

The target environment is an on-prem k8s deployment where we are interested in monitoring OS and configuration files on the node for security compliance.

There is around 50MB for the FIM solution, which would probably be deployed in a ...

I have a question about this feature, https://kubernetes.io/docs/concepts/services-networking/service/#environment-variables. Why k8s needs to inject service name and port into the pods as environment variables? Don't people always use k8s DNS to discover their services?

Could someone give a use case for when I should use them and when I should not?

I've configured my microk8s instance (one node). Works well. I've started digging in some linux network internals and I was dumbfounded looking at this:

$ ip -c -br link

lo               UNKNOWN        00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP> 
enp0s3           UP             08:00:27:ad:36:a3 <BROADCAST,MULTICAST,UP,LOWER_UP> 
enp0s8           UP             08:00:27:86:35:40 <BROADCAST ...

I'm trying out vnstat. I can see rx (recieved) and tx (transmitted) data counts for two interfaces. Simple enough. But what are the interfaces? how can I look up what service they represent?

I am using the Nginx resolver directive to implement an SNI forwarding proxy where Nginx inspects the TLS ClientHello header to retrieve the upstream host and then dynamically resolves the upstream address to forward the request onto.

The resolver documentation says that it'll cache DNS responses using the TTL by default, or using the valid parameter if specified.

Once Nginx has cached the DNS respons ...

We have a Fedora machine with eth0(ip:10.321.xx)connected to intranet. The same machine has a eth1 with a few more linux boxes connected in a 192.xx network. on the 10.321.xx n/w there is a PTP server. But I cant seem to get PTP time sync to work on any machines on the 192.xx n/w. I AM able to ping the PTP server from the 192.xx network machines. These are some configurations. I've disabled my normal ru ...

Say my client (current device) wants to connect to a URL, say foo.bar.com/spam/eggs/123, how do I serve or redirect to another specified URL, say 127.0.0.1:8080, and prevent the client from reaching foo.bar.com/spam/eggs/123?

What software can I use?

The essence of the problem: Zabbix does not allow deleting files in Windows.
It is especially critical when files need to be deleted every day.

I guess that's the issue with this item:

vfs.dir.size[D:\oracle\fast_recovery_area\db ]

Error message:

Check configuration:

When I run multipass list I am getting: list failed: failed to determine IP address.

sudo journalctl -u snap.lxd.daemon -n 300

lxd.daemon[3050]: time="2023-04-02T17:03:10-03:00" level=warning msg="Could not get VM state from agent" err="dial unix /var/snap/lxd/common/lxd/logs/multipass_amusing-labra>
lxd.daemon[3050]: time="2023-04-02T17:03:11-03:00" level=warning msg="Could not get VM state from a ...