Locally, I've turned on the SSH agent and I've added my key:

1. $ eval $(ssh-agent)
   Agent pid 80
   

2. $ ssh-add
   Identity added: /c/Users/...../.ssh/id_rsa (.....@........)
   

In my ~/.ssh/config, I have this:

Host example
    User root
    HostName 123.45.678.912
    ForwardAgent yes

Once I run ssh example, I am successfully connected and if I make a remote test connection to GitHub, I can see that I'm aut ...

I am facing an issue regarding openldap 2.6 running on rhel 8.

PasswordMustChange Attribute is affecting the bind user.

Whenever I change the PasswordMustChange to TRUE then bind dn user password having expired so not able to contact client machines.

The configuration I have set (below) works for localhost but not for my domain. The goal is to access port 3000 externally with basic auth so only I can access it. When I go to localhost, it is upgraded to https, I have to complete the authentication, and then port 3000 is shown, just as it's meant to. However, going to api.example.com does not prompt authentication, does not upgrade the connection, and  ...

is it possible to enable safe search using bind9 without rpz?

The point is I don't want to get nslookup results like this image enter image description here

Because it shows that what is being accessed is forcesafesearch.google.com, not google.com

Can you help me, if my question is difficult to understand, I'm sorry.

I am tasked with converting (or attempting to convert) some legacy Apache virtual host configuration to Nginx, in Google Cloud (GCP). It is thought that Nginx might solve some performance issues. The ngnix (Debian11) VM will sit in front of (replacing the Apache in LB role) several Tomcat servers (Debian10) and perform reverse-proxy and load-balancer functions. In the legacy Apache LB configuration, th ...

What are the advantages and disadvantages of running a process with a dedicated (non root) user versus with SELinux (where a SE user may be bound to a Linux user) ?

I have an website which is running using httpd on Centos 7.

I have 8 cpus and 32 GB ram.

When we have more than 500-600 users in the same time on the website, the server response is getting higher. Even that, cpu load is about 20-25% and RAM is also not used.

What can we configure in order to increase the performance or what I am missing? Our pages are 100% cached and we do not run database queries or  ...

It is Nov 27, 2022 now. The environment is below:

user@domain:~$ date
Sun Nov 27 00:32:12 HKT 2022
user@domain:~$ gpg -K --keyid-format long --with-fingerprint --with-subkey-fingerprint --with-keygrip user
sec   rsa4096/CCCCCCCCCCCCCCCC 2022-03-31 [C] [expires: 2022-11-30]
      Key fingerprint = BBBB BBBB BBBB BBBB BBBB  BBBB BBBB BBBB BBBB BBBB
      Keygrip = DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD ...

I moved the datadir of mariadb to a USB-stick, subsequently mariadb won't start anymore at boot time, because the stick is mounted after mariadb was started. I tried to modify the start order by adding

[Unit]
After=remote-fs.target local-fs.target

to /etc/systemd/system/mariadb.service.d/tp.conf, but it does not work. What have I forgotten?

I am experiencing issues with my sata connection. Thus, I want to change /sys/class/scsi_host/host*/link_power_management_policy to max_performance.

For that, I execute on boot a script:

cat /etc/openmediavault/sata_power.sh
for i in /sys/class/scsi_host/host[012345]/link_power_management_policy; do echo max_performance >$i; done
cat /sys/class/scsi_host/host*/link_power_management_policy

I see tha ...

Background

I have an ubuntu server running laravel that needs to connect to a different server of ours running mssql.

Linux server:

• Ubuntu 20.04
• php 8.1

I created a laravel test query to help me debug the process. As expected it gave a could not find driver exception as expected.

Next I attempted to follow the Microsoft instructions. These are at:

• https://learn.microsoft.com/en-us/sql/connect/php/insta ...

I need to deploy the ingress-nginx helm chart twice, once for private and once for public services. The chart for private ingresses is already deployed, in namespace=kube-system and with release-name=nginx-ingress-private.

When I run the installation command I get this error that indicates a conflict with the installed version for private ingress:

george@devops:~/ $ helm -n ingress-nginx-public  ...

I deployed a container with MongoDB on the server. The container has its own volume where MongoDB data is stored. The database is very small, 6 collections and no more than 40 documents (some removed, some added).

Every time I view the size of the volume, I see it increase (about once in 10 minutes):

520MB   0B (0%)
520.1MB   0B (0%)
520.2MB   0B (0%)

If I make a backup of the database, delete the volume ...

SonarQube is unable to start on Synology NAS Docker due to the CONFIG_SECCOMP not being present on Synology NAS. Is there an option to ignore SECCOMP for SonarQube while it's starting ElasticSearch?

2022-11-26T11:00:50.430590094Z  stdout  java.lang.UnsupportedOperationException: seccomp unavailable: CONFIG_SECCOMP not compiled into kernel, CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed
2022-11 ...

I configured an Outline VPN Server and everything is ok and VPN connected very well but on another VPS I can connect but no data transfer between the server and the user. how can I check outline logs or possible errors? also, I flush all iptables rules to make sure there isn't any issue with the firewall

I came across an interesting thing: on BSD systems a new file will have group set to the group of the directory. On System V systems it will have the primary group of the user that created the file. As for BSD systems, what is the purpose of such behavior and does it mean that SGID bit is useless there?

Hi guys I have hosted my react app on apache. And I have configured the fallback to be passed to my index HTML file.

So /home would work

but /home/1 doesn't work

The apache server returns a status of 500 internal error. I do not know how to fix this, please help. Here is the config:

 DocumentRoot /var/www/html/notify
    <Directory /var/www/html/notify>

            Options Indexes FollowSym ...

I am trying to setup new AWS Application Load Balancer with EC2 instances. Followed all steps outlined in AWS website but ALB is not responding.

I did AWS Reachability Analyzer from ALB Network interface to EC2 instance and was successful. Healhcheck with Target group were successful as well. So, I am assuming the security group and all network permissions are good.

Is there anything else that can g ...

nginx site config
    server {
    listen 80;
    server_name _;
    server_tokens off;
    gzip_static on;

    location ~* \.(html)$ {
        add_header 'X-XSS-Protection' '1';
    }

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
        try_files $uri $uri/ /index.html;
    }
}

it works perfect with docker image node:14.19.3 (nginx/1.14.2), but with

i have a server and it has installed CSF (firewall). I run docker in the server and the docker-CSF config is enabled, I can reach the containters via nginx reverse proxy.

But i have a problem, the container cannot reach external urls, ex: google.com or facebook.com

When a task inside docker try to consume a external url, I got and error, like the next: Failed to open TCP connection to graph.facebook ...

I'm trying to forward a VPN port to the open internet to create remote office network. My VPN connects properly when I'm inside the Office network, however the VPN does not properly connect outside of the Office network. I have a Fresh Tomato (2022.6) router using AT&T (Fiber) ISP which supports port forwarding to the open internet.

For the sake of example, I want to forward the HTTPS protoco ...

I have added a openvpn client to my router. This works but all my devices are using the vpn.

I want some devices to use the vpn and others not to.

To illustrate

A (phone) => no vpn regular traffic

B (TV) => vpn traffic

C (computer) => no vpn regular traffic

Can this be achived with only the openvpn file config? I can't use software for devices to configure vpn settings.

(I dont have access to th ...

I have an existing openldap server on Ubuntu Server 22.04 and am trying to set up a kerberos server with it, following this guide: https://ubuntu.com/server/docs/service-kerberos-with-openldap-backend

The accounts are created and tested, they work fine (I reference them by cn, but they have a uid; I just created them in apache directory studio first). I've done "dpkg-reconfigure krb5-config" and edi ...

Would you please help me . I have a 2 vps (Ubuntu) I want to forward all traffic from one vps(1.1.1.1) to another (2.2.2.2) vps except ssh port on A vps(1.1.1.1) A server is 1.1.1.1 B server is 2.2.2.2

1st try:

sysctl net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -i eth0 -d 1.1.1.1 -j DNAT --to 2.2.2.2
iptables -A FORWARD -i eth0 -d 1.1.1.1 -p tcp  --dport 22 -j REJECT
iptables -A FORWARD  -i et ...

I have already present domain on host-tracker.com

Using this POST /api/web/v1/tasks/http I can create a domain monitoring with DNS exp, SSL check, etc...

Using PUT, I should update a domain, according to the HT API documentation. But it doesn't work for me.

I have got message Same task allready exists

Can someone share some experience on how I can edit or change the already added domain using their API? ...

I have a website hosted behind 2 reverse proxies running Apache on Debian. The client is an automated script and it's not easy to know what config/software they're using.

When both reverse proxies were running Debian 10 (Apache/2.4.38 (Debian) OpenSSL/1.1.1n) the client was able to connect fine. When I upgraded one proxy to Debian 11 (Apache/2.4.54 (Debian) OpenSSL/1.1.1n), the client started hav ...

I need to setup a mail server with a bit unusual requirements:

1. OpenBSD is a must. Probably latest version, 7.2.
2. All mails have to be stored in aa Mailbox file located in user's home directory.

Well, it does not look difficult, as I did it before using other systems. But I used Postfix for this task, as I'm quite familiar with it and I just like Postfix.

Taking OpenBSD's top security into account, I s ...

i have set up a Fedora 37 Gnome box, as well as Fedora 32 Gnome box and a Fedora 37 KDE box (this one upgraded since about 5 years)

All PCs are part of a AD-domain, login with AD-users on local Desktop works fine, also login with AD-user via SSH works fine on ALL PCs.

But when it comes to log on via XRDP, it is only working with the "old/upgraded" Fedora 37 KDE box.

On Fedora 37/32 Gnome access via XR ...

I've created a script from what ive found on the web to notify a SA of users being added to a server. I have it setup with a cron to run the script every 5 mins to monitor differences in the /var/log/secure file but it still sends a blank email if nothing has changed. How can i edit it to not email if no changes are made. Script is below:

file="/var/log/secure"

while cmp "$file" "${file}_bkp"; do
 ...

I'm trying to connect in ssh on port 22 (with client putty,mobaxterm..) on a remote machine with Linux, the connection sometimes works and other no. My pc run on win10 and if I try on cmd the command ssh "host" I get the following error:

C:\Users\User>ssh kex_exchange_identification: banner line contains invalid characters

Can somebody help me? Regards.