Latest Server related questions

Any super user who has access to the Jenkins running on a Linux server can easily disable security authentication from config.xml file; then log in and can also decrypt sensitive passwords from console.

How can an application developer protect Jenkins (or any software) from server administrators where the application is hosted.

Is there any way to monitor changes to a file to protect from super user ...

I've not been a windows server guy for a long time, so I'm not super familiar with the newer MS server OSes... but I'm trying to link up my linux host to a NAS at a customer site. Their NAS is running Windows storage server 2019 and has some existing SMB shares that I'm also trying to export via NFS. The NAS isn't a member of their domain.

I enabled the NFS sharing and under the advanced sharing ...

I'm trying to use NGINX as a simple reverse proxy. My content is live on localhost:7700.

These are my steps:

apt-get -qq install nginx -y
rm -f /etc/nginx/sites-enabled/default
cat << EOF > /etc/nginx/sites-enabled/meilisearch
server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    location / {
        proxy_pass  http://localhost:7700;
    }
}
EOF

sy ...

We have three servers - Windows 2012 R2 - in Azure, running a variety of our own custom developed services. These services are configured to start automatically, so naturally, on startup or after a reboot we expect to find these services running.

Occasionally, we need to stop these services in order to upgrade our application. When we stop these services we want them to stay stopped until we are  ...

I have an Azure B2C tenant which uses custom policies to connect to our own API. The policy is currently provisioned with a *.something.dev certificate and expires every 3 months. The plan is to replace this current certificate with a CA issued certificate so we don't have to replace the certificate 4 times a year, but only once.

The error we receive after uploading a Comodo CA certificate howeve ...

I'm trying to use variables in the RewriteCond and RewriteRule like so:

SetEnv DOMAIN "example.com"
SetEnv SUBDOMAINS "www|assets"

#more config stuff, unrelated

#I separated the HTTPS redirect just in case, it didn't change anything.
RewriteCond %{HTTPS} !on [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTP_HOST} !^(%{ENV:SUBDOMAINS})\.%{ENV:DOMAIN}$ [NC]
Rewrite ...

I want to index the attachments using the "fts_decoder" plugin of dovecot. The documentation says the setting for same is

plugin {
  fts_decoder = decode2text
}

service decode2text {
  executable = script /usr/lib/dovecot/decode2text.sh
  user = vmail
  unix_listener decode2text {
    mode = 0666
  }
}

But where do I enter this setting or should I create a new file in conf.d folder. Also what are oth ...

I need to extract the name and mobile of all users in an AD group that consists of more than 5000 members.

When I previously did this I only had to extract the name, and this code solved my problem

Get-ADGroup 'xxx' -Properties Member | Select-Object -ExpandProperty Member | Sort
Get-ADGroup "xxx" -Properties Member | Select-Object -ExpandProperty Member | Get-ADObject | Select Name | Sort Name
((Get- ...

I've created an AWS instance in the default VPC and I've blocked all UDP traffic in the Network ACLs. Here's how my outbound rules look:

If I use traceroute, I get nothing, as expected:

[ec2-user@ip-172-31-32-1 ...

I'm new to Ansible. I created a playbook that uses PowerShell to reset your password of your admin account. The script has a check that only resets the password IF the account is enabled. When the account is disabled, it spits out a write-host saying they should create a ticket.

This all works fine , however, the job ends with a green status. Technically, this is correct cause the whole playbook ran cor ...

First, I want to create a one way forest trust with this command on the "main.adds" domain :

netdom trust main.adds /Domain:second.adds /Add /UserD:SECOND\administrator /PasswordD:* /UserO:MAIN\administrator /PasswordO:*

It returns (french Windows version, but I think it is easily understandable) :

Paramètre incorrect.
Essayez « NETDOM HELP » pour plus d’informations.

Since I cannot find any er ...

When I run OpenWRT sometimes I get errors like this,

daemon.notice hostapd: Frequency 5720 (primary) not allowed for AP mode, flags: 0x800416b NO-IR RADAR
daemon.err hostapd: Primary frequency not allowed

I can change it quite a bit, and it's still not allowed

daemon.notice hostapd: Frequency 5520 (primary) not allowed for AP mode, flags: 0x30197b NO-IR RADAR

Is there any geographical zone I can put  ...

I have a Ceph system with 8 OSD's and 8 disks mapped 1:1.

One of the disks is giving me smart errors and I would like to replace it.

How do I know which physical disk is mapped to which OSD?

I am trying to run a studio integration that was built in the past - so don't have access to the studio files etc. On running the integration - the following error is encountered.

"Integration Failed. com.capeclear.mediation.MediationException: application=wcc - Workday Out transport id=GetPageOfData encountered problem sending to endpoint 'https://wd3-impl-services1.workday.com/ccx/service/XXXX ...

On a router (busybox) I'm limited to shebang. On devices like these relaying on squashfs and flash storage it's common practice to mount --bind files from USB/CIFS/JFFS onto a file provided by the squashfs (and expanded in RAM).

e.g.

mount --bind /mnt/sda1/dnsmasq.conf /etc/dnsmasq.conf

I'm trying to automate some login in a script of mine but I can't find a way to display precisely what file was mo ...

I have a playbook with dynamic ec2 inventory, below is the graph.

$ ansible-inventory -i inventory/dynamic_inventory/uat_aws_ec2.yaml --graph
@all:
  |--@aws_ec2:
  |  |--xx.xxx.xx.xx
  |  |--xx.xxx.xx.xx
  |  |--xx.xxx.xx.xx
  |--@nonprod_uat:
  |  |--xx.xxx.xx.3
  |  |--xx.xxx.xx.1
  |  |--xx.xxx.xx.2
  |--@uat_auth:
  |  |--xx.xxx.xx.xx
  |--@uat_web:
  |  |--xx.xxx.xx.xx
  |--@ungrouped:

Now if I  ...

So far I have this for my reverse proxy settings:

 server {
        server_name subdomain1.DOMAIN.net;
        location / {
            proxy_pass       http://192.168.1.156:9090;
        }
 }
 server {
        server_name subdomain2.DOMAIN.net;
        location / {
            proxy_pass       http://192.168.1.156:9091;
        }
 }

How ever it's just reporting back a 502 bad gateway when I check the ...

I have an OpenWRT box that has 2.4ghz, and 5ghz AC. Should I set up the same "Mobility Domain" for both radios to enable 802.11r?

I installed Fedora 37 XFCE spin on my Lenovo Yoga 4k laptop. The Grub options during the startup looks so small. So I installed sudo dnf install grub-customizer to easily change the grub config through a UI.

With the grub-customizer I can change the text to a larger font. I can even change the text color. Great. But no matter what I do I cannot set a background image. How do I put in an image?

So the

Setup: 2 host-only ints each connected to a separate host on a separate network PFsense VM routing between 2 networks (implicit accept on both networks, no other rules)

Can receive normal, syn,syn/ack,rst/ack, ACK, etc, essentially all the normal traffic you'd expect to see, but when I do a NULL/FIN or XMAS scan on nmap (nmap -sX ), I get an ICMP request, reply, timestamp, and a syn & rst/ack ...

I am looking to update my postfix configuration so it restricts the domains to which emails can be sent. I am thinking of using smtpd_recipient_restrictions with check_recipient_access, based on this solution: https://serverfault.com/a/412805 Does this allow for regex? I want to say, only send emails to *@mydomain.com and block everyone else. Something like this:

smtpd_recipient_restrictions = che ...

I'm trying to get OpenTelemetry container to pass spans along to my Jaeger container, but haven't quite figured out, and can't tell what's wrong, either.

I have confirmed that:

• my app is generating and passing along spans to OTel
• Otel is receiving the spans

But beyond that, I see nothing that might denote that errors are occur during export to Jaeger, but no spans ever appear there. It is also hard t ...

I have email delivery issues, and MXtoolbox says "Reverse DNS is not a Valid Hostname". I have A and AAAA records for domain.com and mail.domain.com. The data center has set up reverse DNS to domain.com. I have found this and this thread where users reported similar issues and it appears the issues were resolved by 'changing the hostname' from 'domain.com' to 'something.domain.com'.

I am not comf ...

I'm creating a service that makes use of sshd (aka OpenSSH.Server). However, although I know that all the Windows versions we need to support can run sshd, I can't guarantee that it'll actually be installed on every machine the service will run on.

I'm a little confused by the various concepts surrounding Windows services and how they get installed, but ideally what I'd like would be for the serv ...

On Ubuntu server 20.04, I am running spammassassin/spamd, postfix/dovecot. In my mail logs at /var/log/mail.log I am getting a spamd

internal error, python traceback seen in response

error as shown below:

Mar  2 12:28:52 mail spamd[26377]: spamd: connection from 127.0.0.1 [127.0.0.1]:34916 to port 783, fd 5
Mar  2 12:28:52 mail spamd[26377]: spamd: using default config for user123: /var/vmail// ...

I'm following this tutorial exactly line by line: https://docs.meilisearch.com/learn/cookbooks/running_production.html#step-4-run-meilisearch-as-a-service

It has a step to setup the Meilisearch as a service using this config:

cat << EOF > /etc/systemd/system/meilisearch.service

[Unit]
Description=Meilisearch
After=systemd-user-sessions.service

[Service]
Type=simple
WorkingDirectory=/var/li ...

I have added two additional IP addresses following this guide: https://docs.ovh.com/ie/en/dedicated/network-ipaliasing/#debian-9-ubuntu-1704-and-arch-linux_1

cat /etc/systemd/network/50-default.network

[Match]
MACAddress=08:(...)

[Network]
Description=network interface on public network, with default route
DHCP=no
Address=37.187.90.XX/24
Gateway=37.187.90.254
IPv6AcceptRA=no
NTP=ntp.ovh.net
DNS=1 ...

I have a Azure VM that I've joined to my Azure AD, works great. I've installed (Development Edition SQL Server 2022) SSAS Tabular on this server using the local admin account and would like to use this to create and access cubes with my external AzureAD guest users (of which I have many).

First problem, when I attempt to add Azure AD users to a tabular cube role, I cannot find them in the "Select User ...

The %SystemRoot% environment variable contains the path to the Windows directory. (e.g. c:\windows)

SystemRoot is not configured in Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment, it is automagically set.

Now, typically on Windows 10 this directory has the caseing C:\Windows on NTFS disk.

After a script test(*) broke, we noticed:

• With same OS version Wind ...

we have RHEL 7.6 server , and we noticed about the following kernel messages.

[1065085.048872] EDAC sbridge MC0: PROCESSOR 0:406f1 TIME 1676989040 SOCKET 0 APIC 0
[1065086.052107] EDAC MC1: 0 CE memory read error on CPU_SrcID#1_Ha#0_Chan#0_DIMM#0 (channel:0 slot:0 page:0x2ae958e offset:0xa00 grain:32 syndrome:0x0 -  area:DRAM err_code:0000:009f socket:1 ha:0 channel_mask:1 rank:0)
[1065166.234239]  ...