I can't start my lxc/lxd containers anymore. I get the error : Error: Storage pool "default" unavailable on this server.

I am on debian sid.

The root issue seems to be that the command losetup --find --nooverlap --direct-io=on --show /var/snap/lxd/common/lxd/disks/default.img fail saying that default.img doesn't exist (but it does).

See this terminal session :

root@debian-pocket3:~# lxc list
+-------- ...

Is it possible to use any MITM attacks (including ssh-mitm) if I'm connected to a VPN? OpenVPN connects me via tun0 interface with some IP in 10.0.0.0/8 and gateway at some IP 10.0.0.0/8. I know that TUN is third layer, so ARP spoofing prorably won't work, but what about TAP layer?

I'm having some problems with the mounting of a ceph-cluster on debian machines, don't know if I'm doing something wrong, if it's a version problem or anything else.

I'm using the ceph cluster from OVH, and then mounting with fstab on around 20 vm's ( 2 bare metal servers with a proxmox instance on each one ).

The problem appears when there is some network failure between the ceph cluster and our ba ...

MacOS 13.4.1

I'm trying to capture 802.11 management packets with a real 802.11 headers (not just Ethernet header) with tshark. So trying to use

% sudo tshark -i wifi0 -I -L                 
Data link types of interface wifi0 when in monitor mode (use option -y to set):
  IEEE802_11_RADIO (802.11 plus radiotap header)

Then trying to use as suggested

% sudo tshark -i wifi0 -I -y IEEE802_11_RADIO    ...

1. A user from the Internet requests any site whose IP refers to nginx proxy manager
2. If the site name is not found in the nginx proxy manager list, then nginx proxy manager redirects the request to another web server with which it is located in the same lock network.

Client enter brouser site.com -> nginx proxy manager (if not found site) -> Apache+nginx+ssl server

**Apache+nginx+ssl server**
tcp 0  ...

We use a dual network card server with bond in 802.3ad mode.

# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v5.14.21

Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer3+4 (1)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0

802.3ad info
LACP rate: slow
Min links: 0
Aggregator selection po ...

I have an AWS EC2 server running with a PHP website and a Wordpress blog in a subfolder, both served with apache.

Structure:

• Website: https://website.com
• Blog: https://website.com/blog

I would like to rebuild the website with Sveltekit and Server-Side-Rendering.

Is it possible to run Sveltekit (most likely as a node-server) together with the blog (still under /blog) on the same server? Or is ther ...

We use Kubernetes with Nginx Ingress Controller to run our platform with various backend services. We also use New Relic (& Prometheus, Grafana) for our Observability dashboards & alerts. Nginx Ingress Controller is the entrypoint for all our requests.

As we keep getting requests, if all threads of our Backend services are busy, then I am assuming that the requests start getting queued up and t ...

TLDR

How can I understand and overcome xrandr errors such as

X Error of failed request:  BadMatch (invalid parameter attributes)
  Major opcode of failed request:  140 (RANDR)
  Minor opcode of failed request:  7 (RRSetScreenSize)
  Serial number of failed request:  39
  Current serial number in output stream:  40

?

How I got there

I'm trying to use a television as an external monitor. Yesterday, when I ...

I have a subnet 192.168.0.0/24.

I want to create a new virtual IP address (VIP) in pfSense at 192.168.0.2.

What difference does it make what subnet mask I use for the VIP?

Should I set the VIP to 192.168.0.2/24 so it matches my subnet or to 192.168.0.2/32 since the VIP is just a single IP address?

My domain (on Google domains) has published custom NS records that match a Google Cloud DNS zone. This domain example.com has DNSSEC on which is published in Google Domains along with the NS records (in the custom DNS section). I also have a subdomain beta.example.com that I would like to distinguish in a separate Cloud DNS zone where I conduct my "beta" testing.

The problem is, Google Domains only allo ...

An answer exists for querying AD with password auth, which is working fine locally. What about Kerberos auth? Running ldapsearch with GSSAPI auth yields the following error:

$ ldapsearch -ZZ -Y GSSAPI -H ldap://ad.server.fqdn/ -b "CN=Caleb,CN=Users,DC=samdom,DC=example,DC=com" cn
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind: Local error (-2)
    additional info: SASL(-1): generic failur ...

How can I convert:

iptables -t mangle -A OUTPUT -m owner --uid-owner root -j MARK --set-mark 1

iptables -A OUTPUT -m owner --uid-owner root -m quota2 --name 10mb_quota --quota 10240000 -j MARK --set-mark 1

for use in INPUT?

I tried it like this:

iptables -t mangle -A INPUT -m owner --uid-owner root -j MARK --set-mark 1

iptables -A INPUT -m owner --uid-owner root -m quota2 --name 10mb_quota --quota ...

Currently, I have an Apache web server configured to respond to myserver.com. Additionally, I have a second web server application listening on port 4321 in localhost on the server. I want this web server to respond to api.myserver.com.

If possible, I would prefer to rely solely on .htaccess present on public_html/api.myserver.com.

Currently, I have both http and https working with the following

What exactly happens on file system level (ext4) when you mv one file over another file?

Accidentally mved quite a lot of files over one other file. I wonder if it is possible to somehow restore the "lost" files.

0

I have an Azure Virtual Gateway connection from 10.29.64.128/26 to another Local Gateway that works fine.

I need some additional address space in order to outbound connections and I decide to pair another Vnet to the existing one.

As soon as I add a Vnet paired network for example to 10.29.64.0/26 to the previous one Virtual Gateway connection changes from "Connected" to "Not Connected".

Both address sp ...

BTRFS (or ZFS, which I have no experience of) has checksum functionality "built-in", which seems like a very good feature. My Synology NAS gives me the option of enabling it for any given folder, so it begs the question of: should I enable it for data that I don't really care that much about?

Which leads to the actual question: What is the cost of enabling BTRFS checksum's? Does it take up more s ...

I've seen many more or less related topics, but all I found discuss how to color awk output. I need to preserve the color that was provided as awk input. For example, now I have:

./some_command
(red_text) (blue_text) (green_text)

./some_command | awk -F' ' '{print $1}'
(red_text) # < but the color is standard terminal color, not red anymore

How to keep the original coloring in the awk output?

recently set up a Windows 2019 Essentials machine, standalone server, simple local area network with a handful of Win10 workstations

The server is the Domain Controller and runs Active Directory

Now, when I go into DNS Manager, it shows 2 DNS servers - is this normal? I simply ran through the wizard when adding a DNS server. Didn't realise I created two. Wondering if this could be a problem, moving  ...

I want to track users activities in a k8s cluster. for example I want to get k8s username of a user that executes a command in a pod. there is a tool named Tetragon. it can uses k8s api. following log is a sample output from Tetragon on a k8s cluster:

    {
  "process_exec": {
    "process": {
      "exec_id": "bWluaWt1YmU6NzAyMDQ2ODIyNTEwNDg6MTE5MDk1MQ==",
      "pid": 1190951,
      "uid": 0,
    ...

suddenly openvpn lost connection to server. The logs are following:

server logs:

Jul 21 00:07:40 openvpn 29858 100.90.2.29:62306 TLS Error: Auth Username/Password was not provided by peer Jul 21 00:07:40 openvpn 29858 100.90.2.29:62306 TLS Error: TLS handshake failed Jul 21 00:07:40 openvpn 29858 100.90.2.29:62306 Fatal TLS error (check_tls_errors_co), restarting

Jul 21 00:06:17 openvpn 29858 Could not ...

When I request certificate from Letsencrypt, put key and fullchain.cer in nginx config - everything works fine.

The same for Active Directory is not working.

-I generate key (tried rsa 2048 or 4096 bits, ec with default curve and settings)

-Then generate CSR

-Upload CSR to local PKI site

-Get PEM certificates (certnew.cer - certificate , certnew.p7b - fullchain)

-Convert from PKCS #7 to PEM

openssl pkcs7  ...

After upgrading Ubuntu from 20.04 to 22.04 I'm having a problem with starting dovecot and I'm getting the following error:

$ sudo dovecot -F
doveconf: Fatal: execvp(/usr/sbin/dovecot) failed: Argument list too long

After some searching I found out that you have to raise the ARG_MAX variable, but I don't know how.

I have tried finding solutions in ulimit, sysconf and exec.

$ sudo getconf ARG_MAX
2 ...

I saw a lot of other questions around this topic, but none of the issues those other people had seem to apply to my case. I have this ufw config:

23                         ALLOW       Anywhere                  
22                         ALLOW       Anywhere                  
32270                      ALLOW       Anywhere                  
34088                      DENY        Anywhere           ...

I have a postfix + dovecot + spamassassin setup which works great, but I would like to bypass all outgoing messages (sasl authenticated) from spam filtering. I must do something wrong, because I already implemented permit_sasl_authenticated in my main.cf but looks like it does not work.

My main.cf relevant part:

# SASL Auth for SMTP relaying
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_s ...

We use a dual network card server with bond in 802.3ad mode. The outgoing bandwidth on both network cards is balanced, but the incoming bandwidth is concentrated on one network card. This issue is resolved by modifying the kernel code to make it broadcast the ETH_P_ARP package in __bond_start_xmit function.

So I have questions about how the ARP protocol works in bond mode and why it affects the dis ...

I have an Linux Debain 10 server running an web project. The project (parent) folder is as follows:

ls -la:

drwxrwxr--+   7 some_user some_group       4096 Jul 21 11:01 .

getfacl:

# file: .
# owner: some_user
# group: some_group
user::rwx
user:some_user:rwx
group::rwx
group:www-data:rwx
group:some_group:rwx
mask::rwx
other::r--
default:user::rwx
default:user:some_user:rwx
default:group::rwx
default: ...

In the journal of my Debian 12 kernel linux-image-6.1.0-10-amd64 version 6.1.37-1 I discovered the following lines:

…
… hostname systemd[1]: Starting systemd-journald.service - Journal Service …
… hostname kernel: device-mapper: core: CONFIG_IMA_DISABLE_HTABLE is disabled. Duplicate IMA measurements will not be recorded in the IMA log.

The last line is yellow, i.e., a warning. The machine exh ...

Deploying new Windows Server 2022 VM. Our application - classic ISAPI with no managed code - writes events to the Application Event Log to track progress of certain processes, for debugging and troubleshooting purposes.

Application Event log is showing appropriate entries for a given time, but the event log text is always "The system cannot find the file specified". Although the application write ...

I'm trying to setup a squid proxy that will accept multiple inbound connections on one IPv4 across a range of ports, and for each port connection to connect out on a unique IPv6 address.

I can actually connect to proxy but when I check my IP on a browser it says the IPv4 address of the server.

Please help me to understand the issue

There is my squid.conf (ubuntu 22)

access_log none
cache_store_log ...