Latest Server related questions

When a virtual machine Linux host server is non-Internet facing and is used exclusively on a LAN and is using a relatively well tested distribution like Proxmox, how dangerous would it be to turn off all vulnerability mitigations via the kernel arg mitigations=off?

Additionally, has anyone tested what kinds of performance gains might be seen by turning off all such mitigations?

This recently came ...

I have a PBX (VOIP server) where phones connect in order to make phone calls. The pbx I am using is Asterisk. That server is not being used and it's only purpose is to analyze attacks.

The PBX service is not important if I wuold have a different service such as a mongodb I am sure bots on the internet will search for vulnerabilities to attack that database.

Anyways I am analysing all the packets t ...

I've installed FileZilla Pro Server on a VPS server, and have it working with SFTP.

At first, I just used the IP address to access the server, but I've since added an ftp.domain.com subdomain to my VPS. This is also working fine.

However, if instead of ftp.domain.com, I use any other domain or subdomain hosted on my server, that also works!

Is there any way to restrict SFTP access to only use ftp.dom ...

Good afternoon people.

The issue is that I was testing redirecting pages and I ended up having to repeat the code 11 times. But I believe there is a way to automate this. If anyone can help me.

What I want to do is access an address dominio.com/projeto/01/ and he rewrite to dominio.com/projeto/modulo/01 , but I wanted to automate the final part of the url to receive any number and apply that number  ...

I have multiple PHP workers and I need to set delay between startup each of them. How to handle it?

Start 1 process / Wait 20 secs / Start 2nd process / Wait 20 secs ... Keep 50 proccesses alive at same time.

[program:get_comments]
directory=/var/www/
command=/usr/bin/php post_request.php
user=root
autostart=true
autorestart=true
process_name=%(program_name)s_%(process_num)02d
numprocs=50
stdout_logfil ...

I am using Hetzner cloud where I created 2 servers in a subnet (10.1.0.0/24) - one only with local ip, another one has public IP and is used as a NAT gateway for the first server.

On private server I configured an ip route

ip route add default via 10.1.0.1 dev enp7s0 onlink

Here is a resulting list of routes

root:~# ip route show

default via 10.1.0.1 dev enp7s0 onlink 
10.1.0.0/16 via 10.1.0.1 dev  ...

I have another question about a pair of servers that I cannot turn off TLS 1.0/1.1. Even though IISCrypto showing them off and made right reg entries.

The servers run an IIS10/PHP7.4/MySQL8 stack. (I am not the person who set up the server builds - just trying to update it)

Anyway normally for mysql on apache I would add the following to make sure it wasn't using older TLS versions:

MinProtocol = TL ...

I'm connected to internet via a router and want to route UDP packets on a port, let's say 3000 to a VM inside KVM.

┌──────────────────┐    
│ router           │
│ 54.0.0.1 (public)│
│ 192.168.0.1      │
└────────┬─────────┘
         │
         │
  ┌──────▼──────┐
  │ pc    ...

To improve performance while still keeping redundancy, I am trying to convert the root file system of a NAS from a RAID 5 logical volume to a RAID 10 logical volume, while keeping the same number of disks used.

In this section of the lvmraid man page, it suggests converting RAID 10 and RAID 5 is possible with an indirect conversion.

The following takeover conversions are currently possible:

...

 ...

I once monitored the read/write iowait in my EC2 instance which is attached an EBS volume, the iowait column ouput of iostats is only 200 ~ 500us, as I known EBS is actually a network volume and I think local network latency should be at ~10ms level, how EBS achieve this <1ms latency?

The same question for EFS as well, I haven't tested EFS but in the performance page it shows the read latency can be  ...

I have Ubuntu 20.04 servers on AWS in autoscaling group with EFS mounted at /mnt/efs/fs1

I use codedeploy for deployment of a non-default website. The bitbucket pipeline creates a zip file containing the website config and the website content. Codedeploy deployment part is as follows:

#extract content
unzip -o frontend-qa.zip
#copy site config
sudo mv /mnt/efs/fs1/sites-enabled/* /etc/apache2/sites ...

I've got an ovpn config to connect to private network from Ubuntu 20.04 LTS. But every time after starting the vpn I have to run those commands

resolvectl dns tun0 10.0.0.255
resolvectl domain tun0 "~domain1.com"
resolvectl domain tun0 "~domain2.com"

to make dns work with private subdomains. Is it possible to include those commands into ovpn config and execute them automatically, when I connect to thi ...

I try to ssh from my local host to GCP cloud shell and get the error:

$ gcloud cloud-shell ssh --authorize-session
sign_and_send_pubkey: signing failed for RSA "/home/kossak/.ssh/google_compute_engine" from agent: agent refused operation
<USER>@<IP>: Permission denied (publickey).
ERROR: (gcloud.cloud-shell.ssh) [/usr/bin/ssh] exited with return code [255].

with debug option:

$ gcloud ...

I have a ubuntu 22.04 server, a list of ip addresses of users on my local network and I want to redirect http/https traffic from this list to a local informative html page. Similar to how a hotspot would. I have tried with apache2, squid, wpad (252 dhcp), iptables, but I have not been able to. https does not redirect.

how do i do it?

Currently, when user A logs in proftp, he comes at his home directory /home/A, when user B logs in proftp, he comes at his home directory /home/B. I want to let user A come at /dir1 and let user B come at /dir2, how can I do in proftpd's configuration file?

Good-day Folks,

I have a small OpenMediaVault (OMV) v6.0.46-5 deployment, running the Proxmox Kernel v5.19.17-1-pve (so I can have a ZFS filesystem) to support Windows 10 clients (primarily) in a Microsoft Active Directory environment. OMV is integrated with Active Directory and my goal is to create a non-public share, expose it to the Windows clients via SMB/CIFS, and then allow members of a certain ...

This may end up being related to my other question about hard limits and slots, but is there a way to set the total amount of usable RAM in Open Grid Engine (OGE), regardless of the number of slots?

For example, on one machine, some users want to submit sets of jobs which will at most use X GB, some wants sets of Y GB at most, and some users don't want to use OGE, and run their jobs independently ...

I have images of single paritions (not full disks) in vhdx format. I want to create VMs with Hyper-V with them. Since the images are only partitions the machines do not start.

How can I add the disk header or merge multiple vhdx partitions to a singe vhdx disk with header.

Notes: I have 2 use cases:

1. vhdx imags from WindowsServerBackup(/WindowsImageBackup)
2. linux ext4 partition created with dd from  ...

Using HAProxy APIs, can we add a new server configuration with a SSL certificate installed so that we can serve the new domains via https ?

Is this possible to achieve using HAProxy APIs only ? or a tool like Lets Encrypt is still needed?

On one machine, some users want to submit sets of jobs which will at most use X GB each, while other users want sets of up to Y GB each.

Can Open Grid Engine (OGE) create variable amounts of slots based on job load? For example, if Y >> X, and the total RAM on the machine can safely run 5 jobs of Y without overloading, I would want to have 5 slots open. But then let's say all the Y jobs hav ...

I'm not sure is this is an S3 issue or something with my website but would like to ask the community for some help.

Configuration: I have a static website (about 700KB) hosted on S3. My .css and .js is gzipped with the appropriate metadata set up. All objects in the bucket are using a cache-control with max-age equivalent to 7 days.

Issue: When I try to access my website from a private window in firefox,  ...

According to the documentation for Open Grid Engine (OGE), you can configure hard and soft limits for the allocated slots.

Further reading shows that tasks can run above the soft limit for a set consecutive amount of time, after which it is treated as a hard limit.

Now, perhaps I've missed a section, but I haven't come across what happens when you hit a hard limit. Does it kill your job? Is the job suspen ...

We got an IIS server with two sites: www.example.com and m.example.com (for mobile). The www site has this code in the web.config to redirect to mobile site:

<rule name="ignore png" stopProcessing="true">
      <match url="(.*)\.png" />
      <action type="None" />
</rule>
<rule name="ignore jpg" stopProcessing="true">
      <match url="(.*)\.jpg" />
      <act ...

So this is a noob question.

Why do we perform a clean up on a machine that has been infected with malware and not nuke it directly instead? I understand that in some situations this would not be possible(like large DB servers or when we don't have a backup). But many instruction videos and tools are designed for workstations and not large scale servers.

I think my workflow would probably be somethin ...

I have a Horde Groupware with a Dovecot IMAP Server on Debian Linux running.

Using the Web UI of Horde works well, but I have a problem using ActiveSync.

When using a client app like BlueMail on Android, I do not see the most recent e-mail messages in INBOX.

The activesync log says the following:

[163168][2022-11-11T15:08:44+00:00] >>>: INBOX IMAP PREVIOUS MODSEQ: 190086

This line shows that the  ...

We have a bind9 (version 9.18.4-2) DNS server called ns1.home.arpa at 10.100.200.1 running on Debian which acts as our primary DNS server for multiple local subnets (10.100.0.0/16 and 10.200.0.0/16) and manages different *.home.arpa zones.

We now also have a different (legacy :P) NS at 10.0.0.210 (which I do not have access to) that manages some other *.our-company.lan zones. Due to routing and firewalls  ...

I have compiled my Nginx package using lua module. Though the compilation was successful but I am getting the below error while starting the nginx server :

nginx: [warn] lua_load_resty_core is deprecated (the lua-resty-core library is required since ngx_lua v0.10.16) in /app/middleware/nginx/conf/nginx.conf:24
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations wil ...

I am trying to set up gitea using podman. I would like to have

• the data volume mapped to a host directory, because it allows me to easily inspect and backup the data
• the container process executed by a specific host user

Podman is executed by the root user, mostly because of the problems I had with podman generate systemd --new and rootless containers ( see systemd User= directive not supported, ...

I m on almalinux 8.7 with PHP8. Test ldapsearch with TLS is ok

ldapsearch -H ldap://xxxx -x -ZZ /etc/pki/tls/certs/xxxx.pem -D 'xxxxx' -w 'xxxx' -b 'cn=xxx,cn=users,dc=xxx,dc=xxxx'

But ldap_bind won't find ldap server. Error -1. Without ldap_start_tls($ldap_con);, it is ok.

- EDIT error message :

What am i missing?

if(empty(!$_POST["password"]))
        {
        // Configuration pour interface PHP de ...

This is kind of a theoretical question, and I guess it may be too broad or unclear.

Foobar is an application serving users across the internet. It relies on a CDN to improve its resiliency, speed, etc to serve people wherever they are.

• Are the HTTP headers (received by the client) defined by the CDN, or by the Foobar application (implying the CDN will forward them)?

• If both are possible, what are the pr ...