Latest Server related questions

I am IT admin in the company. The developers ask to have sudo permission to execute sudo systemctl status/reload/start/stop serviceName to manage their app. But my boss doesn't want them to be able to run apt to install/remove/upgrade the package. Is there any way to do that?

I am very new to Linux, any help is appreciated!

My DMARC settings seems to not work as expected.

First, a few things to note:

• The domain is mydomain.com (not the real one obviously) ;
• The domain and mail provider is gandi.net ;
• I use Amazon SES to send emails from a website using [email protected] ;
• I use Gmail to send and receive emails for [email protected] ;

The SPF record is set as TXT on mydomain.com:

"v=spf1 include:_mailcust.gandi.ne ...

TOTP ((T)ime-based (O)ne-(T)ime (P)assword. is not working for any site that requires it, tried all major browsers, chrome, chormium, firefox. How to fix ?

Completed Troubleshooting:

1.  $ timedatectl status                               
           Local time: Tue 2022-10-25 14:29:32 +08
       Universal time: Tue 2022-10-25 06:29:32 UTC
             RTC time: Tue 2022-10-25 06:29:32
            Time zone: Asia/ ...

I have CentOS 7, Is there any option how to install python 3.8 on CentOS 7 ? Looks that no pkg found in all repos. So only option is to compile from source ? Why is not supported in EPEL... ?

yum install python38
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: bay.uchicago.edu
 * centos-sclo-rh: centos-distro.1gservers.com
 * epel: fedora.westmancom.com
 * extras: ...

I republished a Windows Service to change the name of the Event Viewer file it logs to. However it continues to use the old log.

I see the new one listed under Applications and Services Logs however it is empty. I see the both the new one and the old one listed under C:\Windows\System32\winevt\Logs and the old file is getting updates.

I triple checked the code and republished. The windows service wa ...

I had to update Kubernetes which broke some stuff. Load Balancers not accepting traffic. Cert-manager and Ingress-controller pods red so not running. I had to update cert-manager and ingress. Both the cert-manager pod and the ingress pod is not green and running. This managed to get one load balancer pool back online.

kubectl get all -n ingress-nginx
NAME                                             ...

We have a dedicated Windows 2016 server that hosts multiple websites. Each site uses the IIS6 SMTP server to send emails from the websites (enquiries, order confirmations, etc.) - each site has a unique IP address but messages sent from the server were always sent via the primary server IP. This IP was then used in the SPF records of the websites as being permitted to send emails on behalf of those site ...

I have an nginx server with ssl set up using certbot. Someone else set up the server originally. The main files are served at the root of the domain, and there is a node api running on port 4040. The problem is that while the SSL certificate for the root domain works fine (eg. https://example.com/some/path), the SSL certificate for the api is expired (https://example.com:4040/api/route). I di ...

Does ReFS do any kind of automated tasks (reindex, consistency check, something like that) and if so, what/where/when?

I have a Server 2019 system that locks up every Saturday at midnight due to ReFS-related processes taking up something like half the physical memory via the non-paged memory pool (i.e. the pool usage increases massively and most of the high-usage pool tags are directly connected  ...

I'm currently trying to develop a solution that would be trying to focus on Multi-Master Databases

So here is how it's supposed to operate

I want so that whenever an Agent makes a change to a database, changes are stored in the agent DB, and then propagated throughout the other DBs. As follows in the image.

But I'm having some issues with this. I'm using PostgreSQL and the publisher/subscriber model. ...

I am having issues onboarding multiple Windows Server 2016 to Defender ATP.

The initial installation of the Onboarding Package fails and rolls back.

The server I am focusing on currently is fully updated and has Windows Defender Antivirus installed and updated.

I turned on logging for the MSI installation and it doesn't show much but these are the errors listed.

MSI (s) (A0:64) [12:12:44:131]: The call to ...

Should I allow a hardware raid5 array rebuild to complete after swapping out a drive PRIOR to running an xfs_repair on the volume?

Currently xfs_repair keeps failing in Phase 7 at the same spot: Phase 7 - verify and correct link counts... Metadata corruption detected at 0x45bf78, xfs_dir3_block block 0x6a945ef98/0x1000 libxfs_bwrite: write verifier failed on xfs_dir3_block bno 0x6a945ef98/0x8 xfs ...

One of my clients suddenly started seeing ~40k requests a day for "/server.txt" to their webserver that result in an HTTP 404. This is expected behavior as the file doesn't exist and isn't part of the website. However, it appears at the top of the Application Insights Failures tab - which bothers them:

My question is: What is the purpose of "server.txt"?

• Is it a file like "robots.txt" that we sh ...

In Nginx I have been trying to mirror traffic from one web server to another as follows

 http://localhost:8008/var1/var2/  ->  http://localhost:8009/var3/var4/

this is my nginx mirror configuration.

location /var1/var2/ {
    mirror /;
    mirror_request_body on;
    proxy_pass http://localhost:8008;
}


location = / {
    internal;
    set $upstream_endpoint http://localhost:8009;
    rewrite ...

I am currently trying to figure out how I can divide one .pem file, containing several certificates to several new .pem files, but I do not know where to start...

The first .pem file looks like this:

-----BEGIN CERTIFICATE-----
bla bla bla
bla bla bla
bla lba bal
-----END CERTIFICATE-----
Bag attributes:
subject=blabla
issuer=bla
-----BEGIN CERTIFICATE-----
bla bla bla
bla bla bla
bla lba bal
-----END ...

Encountering an issue I've not seen before, hoping for some ideas.

Windows Server 2016 x64,Clean Install.

I'm trying to install a 3rd party EFT Server, but I can't complete setup as its showing Port22 is in use (SFTP).

Running netstat -ano I can see the Server is listening on all IP's : TCP22 as PID 4 which is SYSTEM.

Obviously I can't kill that process, but I cant see what is calling System to open TCP22 ...

I've got a real host, headless and Debian as OS. On this host I've got a few KVM machines and a few Docker Containers.

The KVM machines receive their IP from a PI-Hole DHCP in my network. Now I changed /etc/docker/daemon.json to use the same bridge as KVM which seams to work. docker0 is gone now!

However, the Docker Containers still receive the IPs from the old range. The Docker DHCP-Plugin is also  ...

We are working to set up a 2-tier pki with 2 issuing CAs in different regions/subnets. We were able to get everything looking right on pkiview.msc. We are still having trouble though with the second issuing CA, it doesn't seem to be communicating as online on the mmc snap in certificates. But in pkiview, it depends on which server I am testing. When I am on the south (1st issuing server), it shows the  ...

Asking myself this question because it took me very long to figure out and I hope I can help others, to be faster.

On my server https://example.com worked fine and I set up a redirect to make sure it would never be viewed as http://example.com -

Yet no redirect seemed to work. I tried numerous variations of Apache config.

Browsers timed out on http - I tried wget to make sure it wasn't cookies or som ...

I'm trying to create a playbook to update a few edge routers to current hotfixes, but I cannot find a way to get around the prompted yes/no question with the supported community.network.edgeos_command module parameters (wait_for, interval, commands, retries, match)

add system image https://www.ui.com/download/edgemax/edgerouter-x/default/edgerouter-er-xer-x-sfpep-r6er-10x-firmware-v209-hotfix4
Vers ...

I have private subnet for my EC2 instance, I use NAT Gateway for it to access internet. I created user-data script for my EC2 where I've created docker-compose.yml with postgres service defined. After defining this i have:

docker-compose up -d
# i use terraform for ${PGPASSWORD} template variable
export PGPASSWORD="${PGPASSWORD}"
psql -h localhost -U my_user -p 5432 -d my_db < ./mydump.sql

Insid ...

I'm trying to deploy a NodeJS websocket server to my Cent OS machine which running Nginx, I'm trying to make socket.mydomain.com for the socket and I used the following configuration for nginx

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    listen ip:80;
    server_tokens off;
    server_name socket.mydomain.com;

    add_header X-XSS-Protection "1; m ...

I run OpenLDAP 2.6.2. I could successfully add a new custom schema with ldapadd, but now I would like to remove the schema without stopping the OpenLDAP server. In other words I would like to use ldapdelete instead of stopping the server and manually removing the schema file. However I get a Server is unwilling to perform error.

$ sudo ldapdelete -Q -H ldapi:/// -Y EXTERNAL "cn={4}oauth,cn=schema,cn ...

Trying to run firewalld on a fresh AlmaLinux 9 VPS (OpenVZ). Only did the ff. so far:

dnf upgrade
systemctl start firewalld
systemctl enable firewalld
systemctl status firewalld

I am immediately greeted with these errors:

Oct 26 06:58:14 myserver firewalld[1097]: ERROR: '/usr/sbin/iptables -w10 -t mangle -X' failed: iptables v1.8.7 (nf_tables):  CHAIN_USER_DEL failed (Device or resource busy): chain POS ...

I would like to know which all Logs are enabled under my project Environments from Google Console at Service Level, I have multiple services on my Google Console. how can i check the same which logs are enabled for individual service level

If I try to login to mysql with mysql -u root -p and enter the wrong password, then I get "access denied".

However, if I use sudo mysql -u root -p and enter the wrong mysql password, then I get access.

Version: mysql Ver 15.1 Distrib 10.3.25-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

I am trying to use a file which contains load balancer iam policy for my AWS in terraform. However when i run the terraform script, i get an error stating:

 Error: "policy" contains an invalid JSON policy
│ 
│   with module.iam.aws_iam_policy.test-AWSLoadBalancerControllerIAMPolicy,
│   on ../resources/IAM/main.tf line 77, in resource "aws_iam_policy" "test-AWSLoadBalancerControllerIAMPolicy" ...

I had install redhat 6.10 on vmware. after I subscribed the redhat repos, it show me output as below: "Unable to find available subscriptions for all your installed products in redhat 6.10"

My target is simple : Build a high volume, fast, low latency soft switch using IP forwarding. I have a server test 'Server' and 2 test clients : 'Client1' & 'Client2'. 'Client1:c1' is sending udp packets to 'Server:s1' & 'Client2:c2' is sending udp packets to 'Server:s2'. I just wanna forward 'Client:c1' packets to 'Client:c2' and vice versa. Wouldn't mind if this is possible using only 1 port i ...

I installed Ubuntu Server 22.04 in a VirtualBox set up as Bridge.

ipv4: 192.168.55.226

ipv6: 2804:389:a09c:d31a:a00:27ff:feca:3cad

How do I remote access my virtualBox by ipv6?

2804:389:a09c:d31a:a00:27ff:feca:3cad