Latest Server related questions

We are seeing a large number of DMARC rejects from google from emails that have both a valid DKIM signature and a valid SPF sender. We have validated this by sending the same emails to other ISPs and these arrive and the headers agree with our findings. It appears that google are rejecting those emails, but they are also not sending us any dmarc reports, whereas we are getting reports (for the same doma ...

I'm encountering an issue where I have a physical server PowerEdge R740 and I have a hyper-v server where I host multiple machines, all these machines I've been seeing the errors: The IO operation at logical block address 0x1458a30a for Disk 0 (PDO name: \Device\00000037) was retried - Hyper-v virtual machine errors Warning 7/17/2023 3:41:12 AM disk 153 None Event ID:153 Log Name: System.

I did c ...

I'm learning about iptables and I want to set up a GNS3 (network emulation) host on a public IP and limit the access to only one IP address.

This one IP address should be able to connect with all protocols and ports.

Now from what I understand I'd usually go with an approach like this on a fresh host:

sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -A INPUT -i lo -j ACCEPT
sudo ip ...

I need to be able to record all print requests to a printer physically connected via USB to a PoS like system. There is no need for me to manipulate the print job, I just need a "copy" of the print request and will send it to a remote machine in regular intervals in small batches. It is essential, that the printer is always available - independent of the network status. I have spied the BeagleBoard Blac ...

I found a couple of other serverfault questions where rewrite www to non-www in nginx was answered, however it seems like with the nginx config my webdock.io server has the solutions I have tried seem to always cause problems or simply don't work. I suspect it has to do with the order or a conflict with what is already there.

Here is the current config

server {

root /var/www/html;
client_max_body_siz ...

I have a domain served by nginx. nginx logs have this format:

178.128.120.151 - - [19/Jul/2023:20:27:25 +0200] "GET /favicon.ico HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
178.128.120.151 - - [19/Jul/2023:20:27:25 +0200] "GET /1.php HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKi ...

I am currently determining VLAN/dACL assignment based off of group membership of the computer authenticating and would like to instead switch to determining VLAN/dACL assignment based off of the OU location of the computer. I seem to be unable to acquire the UserDN. Any assistance or hints as how I can achieve this would be greatly appreciated.

How to achieve what I'd like to do using Aruba Cle ...

I'm trying to learn why OPTIONS method requests (presumably CORS preflight requests) are logged as 200 status while all GET method requests are logged as the expected 301 (moved permanently). The only thing being returned at that address is a Response.RedirectPermanent with the new address.

For context, the 301 has been in place for a few weeks, and in many cases the Referer URL has been gone a l ...

Problem Description:

When I open up dsa.msc, navigate to my LAPS controlled OU, right click on a target system, goto Properties>LAPS>Expire Now and click "Apply" it displays the message You may not be authorized to administer LAPS related state on this computer

Info:

• The LAPS administrative template has been installed and configured per this Microsoft Tech Community Post
  • A GPO has been pushed ...

Certbot is a free and open-source utility mainly used for managing SSL/TLS certificates from the Let’s Encrypt certificate authority. When using Certbot to obtain a certificate through the DNS-01 challenge, Certbot will provide you with instructions to manually update a TXT record for the domain in order to proceed with the validation. The name of the TXT record is usually in the format “_acme-chall ...

Moving from a FreeBSD server to Ubuntu. I copied the /etc/passwd file across with no problems, but hand-copying one of the hashes from /etc/master.passwd (FreeBSD) to /etc/shadow (Linux) didn't seem to work. The hashes certainly seem to be in the same format, but no joy.

Is this possible to do? Did I make a mistake, or is there something I missed?

Edit: I tried again, and hand-copying seems to have worke ...

I have a uwsgi.ini file. It works perfectly, but if I add strict=true it fails with the message

[strict-mode] unknown config directive: inifile

however the word inifile doesn't even exist in my inifile.

In order to reproduce the error I went so far, that I created a uwsgi.ini file with only two lines.

[uwsgi]
strict=true

If I run uwsgi --ini uwsgi.ini I get above mentioned error

If I set strict t ...

I'm using iptables and fail2ban to secure server connections. Currently I have connections filtered via a router passing only ports for email and webserver access and fail2ban adding restrictions based on login failure attempts.

I'm trying to understand how iptables iterates through rules. From my understanding, it goes line by line until the incoming connection fails a rule. Is that correct?

For ...

Host: 192.168.1.144/24
VMs(routed) network: 192.168.122.0/24

I have VMs connected to libvirt's routed network.

<network>
  <name>routed-122</name>
  <uuid>86ca64a6-7fea-4cf8-9625-fa45fe944c2c</uuid>
  <forward mode='route'/>
  <bridge name='virbr1' zone='public' stp='on' delay='0'/>
  <mac address='52:54:00:0e:84:40'/>
  <domain name='routed_nat'/ ...

I have a host that runs qemu vms.

Every restart will leave the qemu pidfile around, showing its process wasn't properly terminated but possibly killed ...question here is exactly how to find out what happened.

$ journalctl -b -1
...
systemd[1]: [email protected]: Deactivated successfully.
systemd[1]: Stopped User Manager for UID 1000.
...
systemd[1]: Stopped Create Static Device Nodes in /dev.
systemd ...

Occasionally (I can't figure out any pattern when it works and when it doesn't), when a user (Mail Contact) on my org's MS 365 Distribution Lists sends an email to the list, email will not be delivered to (I believe) all the gmail.com addresses on the list. The sender receives a non-delivery notice about 2-3 days after the email is sent. This has only happened to users on the list outside of our org; us ...

We completely host a constellation of services in AWS (no external dependencies as far as these services go). We periodically receive healthcheck failures (502 as public services try to contact the internal service ALBs), as frequent as every hour or two. The services experience no disruption whatsoever.

I've tried all manner of healthcheck settings (long and short durations, high and low counts  ...

I have setup a container apps environment that is sitting within a VNET. Containers within need to be accessed externally through application gateway. Following steps in this learn.microsoft page has not given me the results I need:

https://learn.microsoft.com/en-us/azure/container-apps/waf-app-gateway?tabs=default-domain

When setup, the application gateway does its job, if I follow its public IP I get ...

I have VPS with server OpenVPN. iptables rules on VPS:

iptables -A PREROUTING -t nat -i ens3 -p tcp --dport 54000 -j DNAT --to 10.8.0.2:8080
iptables -A FORWARD -p tcp -d 10.8.0.2 --dport 8080 -j ACCEPT

Actually it works like that:

• I connect to OpenVPN from PC
• Port 8080 from PC is forwarded to VPS and i can connect it via web: 51.xx.xx.xx:54000

What i need:

• I connect to OpenVPN from PC
• Port 80 ...

I have an nginx that proxies requests to a couple of third party APIs (using proxy_pass), for caching purposes. One of the APIs is always returning 200 responses with the error status code buried inside the JSON response body. This causes nginx to cache the error responses, which is not desired.

Question is: is there a way to intercept the response from the API from the proxy_pass, extract the er ...

I observed this failure : FS on Datastore corrupted after volume on storage was FULL, actually it happened twice, and only option was to recreate again new datastore.

Here is what happened in time order:

• datastore disconnected (re-exported to ESXi hosts)
• volume on storage array was FULL on 100%
• FS on Datastore corrupted (data lost )

Do you have any idea what can be root cause ? Unfortunately I have n ...

I am currently trying to load an external plugin into an application that is deployed on IIS.

I am getting this error:

Refused to load the script 'https://cdn.babylonjs.com/loaders/babylon.glTFFileLoader.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-DAIQxlrJrGSnAtLW'". Note that 'script-src-elem' was not explicitly set, so 'script-s ...

I am currently setting up a system that is composed of different Docker containers that somehow have to communicate with each other.

One Docker container is dedicated to a XMPP server (prosody). This container is started by following docker-compose.yml:

version: "3.8"

services:

  prosody_server:
    container_name: prosody_server
    build:
      context: ./
      dockerfile: Dockerfile
    ports:
 ...

I am able to jail specific commands execution by a proxy script to a user whose sudo privilege is only this script sodo check here for how to. Also the sodo script logs whatever critical commands they ordered:

sodo:

#!/bin/bash
# pass command by non-sudoers who can only run some command via this script
case $1 in
  firewall-cmd|ip|systemctl)
    #echo $*
    eval $*
    ret=$?
    ;;
  *)
     echo  ...

Dangerous commands like rm , kill and systemctl stop can be hidden outside bash inputs - i.e. - a malicious user can easily hide them inside a python script using os module and just run the python script as a proxy to hide what they really intended to harm, and the bash history or anything like that will only leave the record that they run python3 [the malicious script].py before they delete that  ...

We need to restrict user access to certain mailboxes (Outlook/MAPI) based upon the user's location within our site. All mailboxes exist within the same on-premise Exchange server - all mailbox access is via Outlook/MAPI connections.

Certain mailboxes are designated "secure" must only be accessible from within a secure area & not outside that area. Non-secure mailboxes must not be accessible ...

Currently I have a architecture inside GCP (Google Cloud Plataform) of a Wordpress application that works this way

Cloud DNS -> Load Balancer (with Cloud CDN enabled) -> Compute Engine (with wordpress application inside)

All components is inside GCP. I need to redirect to a specific URL when someone visit my wordpress application when Wordpress application becomes unresponsive or return errors ...

I have coded AWS instances that can serve as nodes where my containers will run. So by default each of these instances have docker installed. This part is working fine.

Eventually i would like to have all these containers managed by Kubernetes - preferably EKS. I don't have experience yet with EKS as yet but i think it would require that the instances im building have some kubernetes agent or  ...

So I have a small Raspberry Pi on my local network that I use to host a server. It is a fairly simple setup, with nginx and my npm-hosted server stood up in containers using docker-compose.

my npm server listens to port 30000.

Here is my nginx setup

   server {
        # Listen on port 80
        listen 80;
        listen [::]:80;
    
        # Sets the Max Upload size to 100 MB
        client_max_body_ ...

==Summary==

I installed "Routing and Remote Access" role on Windows Server 2016 so I can use it as a VPN gateway(L2TP/IPsec with pre-shared key). The authentication is handled by a RADIUS server. On trying to connect a Windows 10 host to the VPN gateway I got "emphasized textThe remote connection was denied because the user name and password combination you provided is not recognized, or the sel ...