in May 2022 Microsoft changed the way that client certificates are mapped to AD accounts, causing 802.1X EAP-TLS computer account authentication to stop working. Here is an additional resource with detailed background info on the Schannel<=>Kerbers S4U2Self authentication

The solutions available for this were:

• Create strong mappings using the altSecurityIdentities mapping
• Using the new certifi ...

I have xt_geoip configured to block connections from various countries, but it appears that connections are still being allowed from those countries.

From my /etc/iptables/rules.v4 (reduced a little):

# Generated by iptables-save v1.6.0 on Wed Nov  2 13:24:59 2022
*mangle
:PREROUTING ACCEPT [369071910:1067035760562]
:INPUT ACCEPT [16801255:12655837207]
:FORWARD ACCEPT [352276285:1054380415082]
:OUTPUT ACC ...

I have a running EC2 instance and have the pem key to it. However when I ssh into the instance run curl localhost: I get the following message:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at ec2------.compute-1.amazonaws.com to inform them of the ti ...

I have a server (Debian 9.13) with several websites running in Docker containers with nginx (1.13.12) as a reverse proxy.

The websites are under two domain names : alchimie-web.com and lesamisdelachesnaie.fr

I have been using Let's encrypt certbot (with the Docker image) to issue and renew the certificates and it's been working just fine.

The certificates for alchimie-web.com were renewed on December 3 ...

I'm trying to configure rsyslog to send logs to logstash and then forward them to elasticsearch.

I have create a config file /etc/rsyslog.d/60-output.conf with the following content:

*.* @localhost:10514;json-template

and a template file /etc/rsyslog.d/01-json-template.conf with the following content:

template(name="json-template"
  type="list") {
    constant(value="{")
      constant(value="\"@timesta ...

My php test script for SSL connection to the LDAP server crashes.

When I run it from command line CLI crashes.

The message from the LDAP logging shows this before the crash:

Error 20080078:BIO routines:bio_write_intern: uninitialized.

Not sure how to debug further.

Also, I've seen one or two similar issues online where they had bug with specific PHP versions and the LDAP version installed: https:// ...

I've got some configs (docker-compose related files) which I like to store them via git on a private github repo.
The configs are owned by root.
Is there any reason to change the ownership of the files to do the git push and git pull and via another user other than root?

I want to do time request on an socket client. According to this time.nist.gov is on port 13

Does time.google.com have a similar service so that I can connect a socket client to it. just like I can connect to time.nist.gov on port 13

I wanted to do something like this

import java.net.*;
import java.io.*;
 
/**
 * This program is a socket client application that connects to a time server
 * to get the ...

I am looking to get load balancing for my load balancer.

We are looking to create a fully HA network. All of our servers are redundant, the databases are redundant, but above them is a single server running nginx as a reverse proxy to distribute requests.

I'm looking for a way to eliminate this danger hotspot, even though the others are all redundant, if this server goes down, no one will receive re ...

I'm running on ubuntu-2204 in GitHub Action to set up a simple web server using Nginx. I want to use Nginx as a reverse proxy to send requests to the backend PHP-FPM. However, when I set the root directive to $GITHUB_WORKSPACE, it doesn't work as expected. I have created a sample repository to demonstrate the problem. Even when serving a static index.html without PHP-FPM configuration. it still can't ...

In my access log I've got random a lot of query strings, it is something like this

    https://example.com/?rJWLuVR1=JXhedT2G
    https://example.com/?JuntjUsc=kfLAIJCx
    https://example.com/?c6wx3Tk4=aXDtGrKd
    https://example.com/?UEEwPi5r=q48ugHy0
    https://example.com/?HWDtubBC=TC4utO9p
    https://example.com/?Gqs8KzOp=klbC9t48
    https://example.com/?tTKR1vY0=knRAYtuG
    https://examp ...

I am trying to contact the organization's OpenLDAP server over SSL.

I am not sure if I am trying with the correct certificate, but I am using a .pfx file I found.

It is located at C:/cert/mycert.pfx

On my ldap.conf file I have the following:

TLS_REQCERT never
TLS_CACERT C:\\cert\\mycert.pfx

When I try to contact the LDAP server I get the following error:

TLS: could not load verify locations (file ...

Environment: CentOS 7.9, Sendmail 8.14, OpenLDAP 2.4

I'm trying to get sendmail to read its aliases from an LDAP database (this has worked with NIS for years, but NIS is fading into the twilight). My mail server is an LDAP client. In mailserver:/etc/mail/sendmail.mc:

define(confLDAP_DEFAULT_SPEC, `-H ldaps://ldap.myoffice.mycompany.org -b "ou=Aliases,dc=myoffice,dc=mycompany,dc=org" -d "uid=sendmai ...

I am trying to set up a server for the first time and while pulling image hello-world in docker, I receive the error:

Error response from daemon: Get "https://registry-1.docker.io/v2/": dial tcp 3.216.34.172:443: connect: no route to host

I have tried adding more nameservers as this post recommended, it doesn't seem to have worked.

I have changed the iptables to legacy which has not fixed anything

I'm deploying a django/nginx/gunicorn site and am following this guide while doing so. Following the subheading "Final Steps for Production Deployments", I've created a production gunicorn configuration file and am running it from the command line with gunicorn -c config/gunicorn/prod.py. However, I've noticed that gunicorn will just... stop running, and I'm not sure why. (Worker timeout?)

I'd like to kno ...

I can't change the owner of a file (I'm logged in as root).

Output of chown root Shrek.avi:

chown: changing ownership of 'Shrek.avi': Operation not permitted

Output of chattr -i Shrek.avi:

chattr: Permission denied while reading flags on Shrek.avi

Output of strace chattr -i Shrek.avi:

execve("/usr/bin/chattr", ["chattr", "-i", "Shrek.avi"], 0x7ffd5a2a56f0 /* 24 vars */) = 0
brk(NULL)                   ...

I am using CentOS Linux release v7.9.2009 (Core) with latest update.
First of all i installed latest version of OpenSSL there.
Here is the commands for that installation :

cd ~
wget https://www.openssl.org/source/openssl-3.0.7.tar.gz
tar -zxvf openssl-3.0.7.tar.gz
yum install -y perl-IPC-Cmd
cd openssl-3.0.7
./Configure
make
make install
ln -s /usr/local/lib64/libssl.so.3 /usr/lib64/libssl.so.3
ln -s ...

My Windows 10 client Routing throught vpn is working, pinging signal and other type of request (http, git, ...) also go through the VPN interface

only access windows sharing folder is not - it always go through default gateway , cause of my client's gateway is able to connect direct to the server.

If I delete the route to the default gateway, then the accessing to Shared folder is through the VPN

OK I am stumped...Why is it that fail2ban works perfectly fine on my ubuntu computer but on my aws bitnami stack it won't find the error_log file. It's like it hates the fact that bitnami puts the error logs in a non standard place. The access_log NO PROBLEMS fail2ban works fine but when I try anything that uses the error_log I receive the error "Have not found any log file" I can obviously verify that  ...

Assume you have two servers in a private network.

Server 1: ip: 10.0.0.10, lives in the /24 subnet 10.0.0.x.

Server 2: ip: 10.0.1.20, lives in the /24 subnet 10.0.1.x.

Assume these two servers cannot reach each other, there is no route. I would normally say "10.0.0.10 is not routable from 10.0.1.20" but I realize now that this might not be the proper terminology.

It seems like the term "routable" is act ...

I want to be able to edit my sites files without using sudo, so I symlinked /home/USER/project to /var/www/project with ln -sTf /home/USER/PROJECT /var/www/PROJECT However, Nginx displays 403 forbidden when visiting the site. /var/log/nginx/error.log is empty.

I tried giving execute permissions to /home, /home/USER, and even just trying 777 for the project folder, but it still gives the same error.

I need phpize binary for install memcache with pecl, when I try to install the php8.1-dev in a Digital Ocean server, I get this:

$ apt-get install php8.1-dev 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution ...

I have an IPv6 address, in this case 2603:c021:4004:7400:4bc5:c726:7f5a:1c31 in the subnet 2603:c021:4004:7400::/56.

I would like to assign that IP address to a Docker container, so that upon making a request from inside that container, the recipient would see the IP listed above.

I only need outgoing requests to function, incoming requests are not necessary.

I have tried enabling IPv6 by including

I have setup a Nginx server as proxy for a back-end. If the back-end is down, Nginx serves from a backup of the back-end. The proxy works when the URL ends with a trailing slash. If I omit the trailing slash, the URL shown becomes the name of the upstream block plus the port of the backup back-end.

• What works: www.chingu.asia, www.chingu.asia/, and www.chingu.asia/wiki/.
• What doesn't work: www.ch ...

This is my configmap.yaml file:

apiVersion: v1
kind: ConfigMap
metadata:
  name: mysql
  labels:
    app: mysql
    app.kubernetes.io/name: mysql
data:
  primary.cnf: |
    # Apply this config only on the primary.
    [mysqld]
    log-bin    
  replica.cnf: |
    # Apply this config only on replicas.
    [mysqld]
    super-read-only    

And the following is the mysql-depl.yaml file:

apiVersion: apps ...

I tried to install Proxmox 7.3 on my newly built homeserver. The install hanged for 10 minutes at the first step which was wiping the ssd, so I rebooted the system, thinking it was frozen indefinitely.

Now I cannot boot into ANY linux distro from USB, because a kernel panic happens almost instantly.

I tried the proxmox USB and an arch linux USB, which both work fine on my other machine.

The server is sel ...

I cannot kill redis-server no matter how many times I've tried.

ps -ef | grep redis-server gives

root 10592 1 0 01:10 ? 00:00:00 /snap/redis/658/usr/bin/redis-server *:6379

root 10846 8813 0 01:12 pts/1 00:00:00 grep --color=auto redis-server

I have tried:

• Using kill -9 [pid]
• Using service redis-server stop (in normal user with sudo and while in sudo su - root)
• Using ...

We have a requirement werein we need to keep each binlog files(like mysql-bin-changelog.025249, mysql-bin-changelog.025250, mysql-bin-changelog.025251....) of MYSQL RDS to minimum 24 hrs.

However, i see that binlog files are getting purged/deleted after 10-12 mins.

Below is the current setup in my RDS parameter group-: 1.binlog retention hours is set to 24 hrs. 2.max_binlog_size is set to 134217728  ...

I'm trying to define public and private subnets as input variables to the Terraform vpc module. How can I reference my private/public subnet variables in an iterative statement rather than hard-coding in the "list[x]" elements?

I have the vpc module (only two AZs at the moment) defined in main.tf.

module "vpc" {
  source          = "terraform-aws-modules/vpc/aws"
  name            = "my-vpc"
  cidr       ...

I'm trying to use the option external-check in haproxy, but after service restart in log I see:

Dec 30 10:41:34 1 haproxy[89540]: [WARNING]  (89540) : config : 'external-check command' will be ignored for proxy 'primary' (requires 'option external-check').
Dec 30 10:41:34 1 haproxy[89540]: [WARNING]  (89540) : config : 'external-check path' will be ignored for proxy 'primary' (requires 'option exte ...