Latest Server related questions

Please do advise if I am posting in the wrong place, I have not found this the easiest site to navigate (or maybe it is me...).

I have been tasked with auditing and fixing our privileged accounts after a Microsoft CSAT scan. I have inherited an absolutely shocking number of accounts that are 'affective domain administrators' - 293!

It seems the previous attitude has been security anethema - giive se ...

Trying to do this:

iptables -A INPUT -s (some-ip-address) -j DROP

But the ip address still connects to a application running in a docker service. I suspect this is because docker bypasses the firewall.

How can I block the IP address?

Edit, clarification:

I have docker running on a server. I have a PC that connects to one of the services running on the server. The PC needs to be blocked from connecting.

I have a node alpine docker container (hosted on Azure) which periodically reaches 100% CPU usage. However, running the top or htop command shows no threads having high CPU usage.

How do I find out what the cause is? It seams like the node process isn't causing the high CPU usage. I also ran the node profiler and the cpu profile from the times when CPU is 100% has no obvious change to a regular profi ...

imagine you create a cgroup that isolates n logical cores from the general Linux scheduler. then one at a time, you create and run m processes that together comprise n threads. so # of process threads == # of logical cores.

i'm trying to decide whether it's worth writing my own process/thread -> logical core scheduler in my container runtime which pins each thread to a specific logical core, e ...

After, configuring my WSUS to use SSL it either says connection error or reverts back to http. I have a week working on this and I implemented anything that might be the probable solution.

This is the first error I get:

"WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException:  ...

I have been trying to install openstack on centos7 but while building it gives error as "CantStartEngineError: No sql_connection parameter is established". The command I am using to build is "packastack --allinone"

I have this setup, which is basically a linux server with one physical interface connected to another device. On this physical interface there is 2 VLANs, 100 and 200. In VLAN100 there is an IP address x.x.x.0/31 configured and enslaved into VRF "TEST". In VLAN200 there is an IP address x.x.x.1/31 configured without any master VRF.

The other device would basically, like a physical cross-connect,  ...

We have a Windows Storage Server 2016 having some volumes with Storage Deduplication enabled.

Its OS crashed so we had to re-install the OS (couldn't restore from backup).

There are some files which seem to be deduplicated before reinstall. When we open folders in such volumes, we are able to browse the contents of Folder (files show up correctly). But we're unable to read the content of files (unab ...

I am currently facing a challenge with integrating Cockpit on my AMD64 machine for managing both AMD64 and ARM64 virtual machines.

I have successfully run an ARM64 machine on my AMD64 machine using QEMU, as demonstrated by the following command:

qemu-system-aarch64 -machine raspi3b -cpu cortex-a72 -dtb /mnt/raspios/bcm2710-rpi-3-b-plus.dtb -m 1G -smp 4 -serial stdio -kernel /mnt/raspios/kernel8.img -s ...

I have a two node failover cluster running SQL Server 2016 (Standard) using Availability Groups (DB1 and DB2). I turned DB2 off as a cost saving measure for COVID by switching all the roles to DB1, removing all the databases from the Availability Groups on DB1 and then turning DB2 off.

Three years later I brought DB2 back online and that seemed to have caused DB1 to fail. I managed to bring it ba ...

Previously I had vlan 10 (Wifi) and 20 (Management) already set and working correct for this setup: Mikrotik router RB2011iL, D-Link switch with trunk ports for both vlans, couple of Mikrotik CaPs and Ubiquiti APs. Now I need to add another Wifi SSID to vlan 30 (Video), and what I've done already:

1. Made all SFP ports, all AP ports and switch-to-router port trunk vlan10/20/ and now also 30

2. Added vlan i ...

I've installed openconnect server (ocserv) and works perfectly when I tunnel (SSH) to the server through another server that is inside country. But when I try to connect directly, the "client hello" message doesn't deliver to the server and retransmit it. I think the government detects "client hello" and drops it. I had a little success when I used a proxy and initial connection occurred and I entered u ...

I'm attempting to setup header anonymization on my mail server, running Postfix and Dovecot on Debian. I've setup some regular expressions to prevent certain meta data, like a client’s IP address, from being leaked.

My /etc/postfix/header_checks file currently looks as follows:

/^Received:.*/        IGNORE
/^X-Originating-IP:/  IGNORE
/^User-Agent:/        IGNORE
/^X-Mailer:/          IGNORE

It seems t ...

Please need your help. Unable to display the custom error 403 page for geoip restriction. It is always showing default error page 403 Forbidden.

Here are my Configurations.

/etc/nginx/nginx.conf

geoip2 /usr/local/GeoLite2-Country_DB_Nginx/GeoLite2-Country.mmdb {
  auto_reload 60m;
  $geoip2_metadata_country_build metadata build_epoch;
  $geoip2_data_country_code country iso_code;
  $geoip2_data_country_n ...

I am new to Kubernetes and I am trying to install it on an EC2 instance based on Ubuntu 22.04. Initially I was following the tutorial here. However, I believe it might be either misleading or outdated because at the very least, the Docker installation was giving me issues. I overcame those issues by installing Docker with these instructions instead. With that out of the way, I ran sudo kubeadm init

Issue : after server reboot apache2 won't automatically start (have to manually ssh and start via systemctl which starts without any issue)

Error message:

Feb 08 05:53:46 domain1_test.com systemd[1]: Starting The Apache HTTP Server...
Feb 08 05:53:47 domain1_test.com apachectl[834]: (99)Cannot assign requested address: AH00072: make_sock: could not bind to address [xxxx:xxxx::xxxx:xxxx:xxxx:xxxx]:80
F ...

Preface: I've boiled down a problem I'm having to this simple reproduction, which admittedly looks pretty strange out of context.

From powershell (PS), if I use Start-Process to start notepad and capture the process ID, I can kill it with Stop-Process, no problem:

PS > $x = Start-Process notepad.exe -PassThru
...
PS > Stop-Process $x.id

I can do the same with cmd.exe, again without problem: ...

I am struggling to find how to write this scenario 301 redirect to nginx:

https://mydomain/$

to be converted

https://mydomain/en_us/$

Actually I need to add "en_us" just after mydomain and just before my dynamic urls

What I tried is this:

location /
          {
             rewrite ^(/.*)/ $1/en_us/$ last;
          }

But no luck

Any help please?

Hello I have a GCP VM which is out of disk space (a 10 GB disk). I am using ncdu to figure out where all the space is being used.

--- / ---------------------------------------------
.   4.3 GiB [##########] /snap
.   3.2 GiB [#######   ] /var
    2.1 GiB [####      ] /usr
.   1.7 GiB [###       ] /home
...... 

--- /snap ---------------------------------------------
                         /..
    2 ...

I'm trying to configure prometheus alertmanager on Debian 11 with the following unit file:

[Unit]
Description= Prometheus Alertmanager
Wants=network-online.target
After=network-online.target

[Service]
User=alertmanager
Group=alertmanager
Type=simple
ExecStart=/usr/local/bin/alertmanager
--config.file /etc/alertmanager/alertmanager.yml
--storage.path /var/lib/alertmanager/

[Install]
WantedBy=multi-us ...

I have a Laravel app that works perfectly fine when running with php artisan serve but when trying to use nginx as the frontend I'm having all sorts of trouble getting this to work properly.

I basically have this structure:

root@server:/var/www/html# tree -d -L 4
.
`-- app
    |-- C4
    |   `-- www
    |       |-- sites
    |       `-- site-assets
    `-- prod
        |-- app
        |-- bootstrap ...

We are standing up a new environment and will be installing SIEM tools, etc. in the future. We have a few dozen Windows 2019 servers so far. I've been tasked with providing a solution for monitoring Windows Services and Event Logs in the near term until formal tools are put in place. Preferably free and Microsoft, but open to suggestions. This is a disconnected environment, no internet. Thanks in advanc ...

Apache CloudStack v4.17.2

I am trying to setup CloudStack Advance Zone with security groups.

I have two network bridges cloudbr0 (10.4.1.1/16) and cloudbr1 (10.6.1.1/16). I am using cloudbr0 for Management Network and cloudbr1 for the Guest Network.

I am trying to configure the first host and the management server on the same system. Below is configuration for Zone Setup

Zone:
    IPV4 DNS: 8.8.8. ...

I make few similar jails for different ports...

jail names: http_https_deny, dns_deny, ftp_deny, smtp_pop3_deny, ssh_deny

here firewalld and fail2ban settings for http_https_deny(other almost same, just different ports):

LOG_TAG1=HTTP-DENY_
LOG_TAG2=HTTPS-DENY_
F2B_NAME=http_https_deny

sudo firewall-cmd --zone=public --add-rich-rule="rule family=ipv4 port port=80 protocol=tcp log prefix=${LOG_TAG1} drop ...

I have a console application that can be run when a user executes it via the Windows Start Menu; however, if that same application is wrapped into a Windows Service and the same user account is used to run it the Service fails to start with the error "5: Access Denied".

Here are some additional details:

• User account has Log on as a service property set
• No log file is created so the error occurs before ...

I'm executing a crontab where it call the script of python and the crontab are executing very well, but when I execute the crontab I need its will create other file in another directory, but that doesn't do what I want.

But when execute manually script those create the file that i Need

I want know if with linux can I something more or i have check the code of script

this is the crontab

When attempting to access an intranet site, Chrome will ignore our DNS settings and navigate to a public page.

Our computers are referencing only our private DNS server. Last week, I disabled built-in DNS and DoH in Google Workspace Admin (Devices/Chrome/Settings/Users & Browsers) as seen here, and that rule is applied at the top most level, with no overrides at lower levels. That being said, another ...

Did found the similar question earlier but no solution there. How to create cloudwatch alarm for multiple ec2 instances?

Let's say I have 15 ec2 instances, I can group them with a tag, how to create single cloudwatch alarm for only these set of machines?

There are other solutions mentioned to create a script to create individual alarm for all these machines, but how to use a single alarm for all the ...

I have a Windows 11 Pro machine (192.168.2.40 - WiFi Intel Wireless-AC 9560) that having spotty access issue to a local Linux SAMBA server in (192.168.2.33 - wired to the router). Pinging sometime failed as if connection is lost.

The mentioned Windows 11 Pro machine can enjoy steady internet which provided by the router (192.168.2.1). What could be the cause of this?

Many times when the Windows 11  ...

I have a Django website running via nginx under user www-data and gunicorn under user myuser bound at /run/gunicorn.sock.

nginx works just fine; it acts as a proxy to the gunicorn Unix domain socket. I'm not having any problems with nginx.

redis-server also works just fine. It's domain socket is at /var/run/redis/redis-server.sock.

When I enable CACHES in my Django settings file, I get the following ex ...