Latest Server related questions

I'm trying to implement file access auditing on a Windows Server 2019 machine with mixed success.

The server in question is a member server, but not a domain controller.

I have enabled success auditing using a GPO in Computer Configuration | Policies | Windows Settings | Security Settings | Local Policies | Audit Policy | Audit Object Access

I know this is effective, because if I revoke this the File A ...

I have setup a server in Hyper-V on my work PC. This server needs to be accessed remotely and that is working fine. To set this up I created a new Virtual Switch for this Server as the default switch didn't work. Now my work PC will regularly give me the error message "Network change detected" in chrome when browsing to a site, and it will take a while to connect to other PC's in remote desktop or via a ...

I have a created new Nginx server which I am using for reverse proxy for my 2 NodeJS apps.

1. First app I need to run on example.com
2. Second app I need to run on endpoint.example.com

I created the file endpoint.example.com in sites-available as follows, enabled it and nothing worked (default "Welcome to nginx page kept showing"). As soon as I remove the default file from sites-enabled, my endpoint app s ...

I'm fairly new to SQL, and I'd like to do some quick testing.

I'm about to update a field in 81 records in a table. After each test, I'd like to get back where I started. I've saved off my query results to a CSV. I haven't been able to find how to import my CSV to update only the original records. I do have an id field, so I the records are unambiguous.

The table I'm applying this to is big enou ...

I have two servers running the same set of internally developed apps. One is the "production" server, the other is the "dev/test" server. As time has gone on, the config files for the two have become more and "out of order". They mostly contain the same lines, but he values for each are different.

Here's an examples... Prod server

siteUID = server-prod
backend = prod
node = prod1
system.default.tim ...

I am trying to stop recursion for all but our own internal network servers but when I try to start NAMED I get errors. I am trying different options:

Use ACLs The error is "unknown option 'acl'

If I don't use the term "acl" and just list the IPs I want to be able to use recursion, I get "undefined ACL"

I have also had errors like "unknown option 'recursion'" and "unknown option 'allow-recursion'"

Scenario: I have load balanced servers running a web application. To debug I'd like to see the output of the same log file (such as the nginx log) combined into a single stream, e.g. a tail -f on all servers in the same cluster, where one of them is the server I am currently logged in.

Here is a simple approach using background processes, for example with three servers app-server-01, app-server-02, app- ...

So I'm running a Virtual RHEL Server 6.0 as a lab server (Hosted on Hyper-V) to remember and practice. I managed to RPM install subscription-manager package since RHN Classic is no longer up.

To get this done in a clean RHEL 6.0 installation I did the following:

1. Downloaded, installed/upgraded the required dependencies to install the subscription-manager package.
2. Then downloaded and installed the la ...

for one project purpose I want following. On rpi I want make proxy in docker. I install privoxy and openvpn in docker. When I start docker and start privoxy, everything works normally (I configure firefox to use privoxy on its port). When I connect openvpn client in docker, I can't get to privoxy anymore.

I'm starting docker with this command

docker run --name ubuntuvpn -v /openvpnconfig/:/openvpn -p  ...

I installed policyd-rate-limit from ubuntu aptitude package manager
my distro is: ubuntu 22.04 server TLS on AWS
policy-rate-limit "version": 1.0.1.1-2
I provided mysql database details in configuration file I found in: /etc/policyd-rate-limit.yaml
and was sure mysql is selected in the variable backend: 1
then configured postfix (version 3.6.4-1ubuntu1.1) to use it as smtpd_client_restriction
I creat ...

I have frontend application that can be accessed from the outside and it uses HTTPS. I have backend application that is running on the same computer/server as frontend and it uses HTTP. I can't switch my backend to HTTPS, what are the security problems for my setup?

I think the answer should be yes, however these parts/cards are expensive, so would like to know from experts who have done this kind of things.

Will MIG be supported on this?

I have a python webex_bot application (https://github.com/fbradyirl/webex_bot) which uses websockets for webex cloud communication. The problem is that the server in which the bot is being hosted on, does not have direct reachability to the internet, you need to use a proxy server (10.13.140.88:3128).

WSS client -> HTTP/HTTPS Proxy -> Internet (WSS server)

After investigating, the bot does not acce ...

I'm running ElasticSearch 7.3.2 and I found this page documenting how to shut down a node: https://www.elastic.co/guide/en/elasticsearch/reference/7.17/put-shutdown.html

I tried running this command (with the right node id):

curl -X PUT "localhost:9200/_nodes/<MYNODEID>/shutdown?pretty" -H 'Content-Type: application/json' -d '{"type": "remove"}'

and I'm getting this error:

{
  "error" : "Incorrect  ...

I have 2 ipsets: friends (allow-list) and enemies (block-list).

My default zone (public) DROPs all traffic, except certain services (e.g. http).

I have edited the block zone that comes shipped with firewalld to add ipset:enemies as a source.

firewall-cmd --permanent --new-ipset=enemies --type='hash:net'
firewall-cmd --permanent --zone=drop --add-source=ipset:enemies

Firewalld looks at zones alphabet ...

I have OpenLDAP 2.5 configured with GSSAPI and Kerberos set up and working. By working I mean I can bind and search when I have a ticket. My question is can I do a bind when I don't have a ticket? Can I set userPassword to {SASL}userid@REALM and then bind with dn and Kerberos password? saslauthd is running and testsaslauthd works. Looking for direction if this is possible.

We have a very old (windows) software that is only capable of POP3 (without SSL). We cannot change it and we do still need to have it pulling down emails from several POP3 servers for some time. However, those servers slowly turn to SSL only connections.

Is there a piece of software which acts as POP3-to-POP3S gateway or proxy?

At my current company we're running an on-prem Exchange 2016 email server, and when we have to manage email forwarding for employee absences in certain departments that need coverage, we have users' Outlook clients set up with an automatic reply forwarding rule to forward emails to a shared mailbox for the department so emails from customers don't go unanswered. This is great for planned absences obviou ...

I'm new to TrueNAS and seeking advice on the optimal setup for my system.

I've built my system with the following specifications:

• AMD Ryzen 5 3400G CPU
• 16GB RAM
• 3x 3TB WD Red (I can install an additional 3TB WD Red drive in the future)
• 2x 2TB WD Red,
• 512GB m.2. SSD for TrueNAS.

My goal is to host personal files and a media collection for Jellyfin/Plex. Redundancy is crucial for personal files (I want to ...

I have been using WSL2 for almost a year now and was always able to run windows tools from it without any problems.

Today I have noticed I am unable to do it anymore:

mark@L-R910LPKW:~$ alias npp
alias npp='/mnt/c/Program\ Files/Notepad++/notepad++.exe'
mark@L-R910LPKW:~$ ls -l /mnt/c/Program\ Files/Notepad++/notepad++.exe
-r-xr-xr-x 1 mark mark 6629712 Apr  4 13:58 '/mnt/c/Program Files/Notepad++/not ...

is it possible at all, because I know that you can't do this with openconnect?
I have:

• gateway ip
• preshared key
• login
• password
• empty ipsec id (group)

I want to be able to route the traffic from my Azure Logic App (Standard) via my vnet to other resources on the vnet only. I've tried a lot of different things (current setup listed below), but the Logic App refuses to connect to my other resources over the vnet. According to Microsoft Support, Logic Apps will always have the outbound addresses found here. However, this really makes no sense to me. Why  ...

A year ago I moved one of my domains to a different server. since then I noticed mail deliverability issues to Korea so I recently checked my NS records, MX records but I noticed some countries include Korea and China was not yet (after 1 year) resolving my nameservers. I switched my nameservers to my old server and it start to resolve correctly, switch back to the new (existing server) and the problem  ...

I set basic auth in my nginx

location / {
            auth_basic "Restricted Area";
            auth_basic_user_file /etc/nginx/.htpasswd;
}

So after i saved and restart nginx. The browser uses the Authorization header to pass the basic auth

But my front application also uses this header (Authorization) to create http requests to the server, causing a conflict.

Is there anyway to let nginx use an ...

A client has Windows Server 2016 Essentials. He installed 128 GB RAM in his server. But Windows reports that it uses only 64 GB even if it sees the whole 128 GB installed

Why? What can be done to use the whole RAM available?

I am trying to access to Kubernetes API from a Pod using Java Client library. I have followed in cluster config example from below URL: https://github.com/kubernetes-client/java/blob/master/examples/examples-release-18/src/main/java/io/kubernetes/client/examples/InClusterClientExample.java

I am able to run it successfully locally but when I deploy it in GCP Kubernetes, and trying to invoke the service fro ...

I did a fresh install of OpenStack but am unable to connect them to the internet.

Some informations around the environment:

• 1 physical nic, one vlan configured to be used as second nic.
• Mac-Addresses are not allowed to be exposed to the outside world, since the provider does not allow that. (Thats why we created a bridge ontop of the vlan)
• The next issue is that we are not sure on how to configu ...

OS: Rocky Linux 9.2
Services: Dovecot, Dovecot-Pigeonhole, Postfix, Spamassassin, RoundCube

I'm trying to move emails flagged as spam by postfix and spamassassin to spam folder using Dovecot-Pigeonhole and RoundCube, I made these steps and the filters tab shown at RoundCube but the flagged emails still in the inbox.

P.S. I don't know which action is correct? Add post 4190 in Inbound Rules and block ...

I have been blessed to take over an old application that is now giving me a headache as part of hardening measures.

Function of the Perl application: Query active directory groups to the current NTLM authenticated user. Display of certain links depending on assigned AD groups.

The Problem:

• The Perl application is the only application running on the server. Therefore only one / default website configured ...

I installed a Ubuntu 22.04.3 LTS on a VirtualBox VM. After install process, I configured pbkdf2 as explained here https://help.ubuntu.com/community/Grub2/Passwords. I also verified grub.cfg after I ran update-grub, and it appeared correct. Anyway when the system boot, it doesn't ask me for any user/password, even if I don't use "--unrestricted" parameter. Here I paste my /boot/grub/grub.cfg :

# DO NOT  ...