Latest Server related questions

Do I have to enter the public IP of eth0 as HOME_NET in the suricata.yaml?

vars:
  # more specific is better for alert accuracy and performance
  address-groups:
    HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"

My understanding is that only private addresses belong in the variable HOME_NET

I am trying to configure a reverse proxy to my backend server.

This is my previous configuration which is working.

Define REMOTE_ADDR proxyserver.domain.com

<VirtualHost *:443>
    ProxyRequests Off
    KeepAlive On
    ProxyPreserveHost Off

    RewriteEngine On

    RewriteCond %{HTTP:Upgrade} =websocket
    RewriteRule /prefix/(.*) wss://${REMOTE_ADDR}/prefix/$1 [P,L]
    RewriteCond %{HTTP: ...

This is a general post not seeking a technical resolution to a precise problem. I just want to warn industry colleagues. My career focus has been on AD for 20 years. The precise niche I concentrate on is Migrations and Consolidation projects. I currently work at an organization where I'm migrating 4 domains into one larger one. We've had no end of issues. I've been dealing with a host of challenges for  ...

I am getting "Leaked GCP API Keys" error in my google play console. I have followed this article https://support.google.com/faqs/answer/9287711 . And my key is already restricted but still i am getting this error.

I want to disable NTLM completely. I don't want password hash to be stored in memory because of pass-the-hash attack (people don't have SeDebugPrivilege but anyway NTLM is not good)

But people connect to workspace via RDP from their homes. I can use VPN + RD Gateway, but still people will use passwords and NTLM for RDP.

Is there any way to fix it?

If no, can I configure RD gateway somehow to get Kerber ...

We're running a very time sensitive migration that requires a good number of VM's, but we hit our limit on the very first one and we can't continue with our configuration until this is resolved.

Resources required:

Current Use: VM's = 1 vCPUs = 8 vRAM = 16GB Persistent Balanced Boot Disk = 250GB

Additional Use: VM's = 10 vCPUs = 40 vRAM = 80GB Persistent Balanced Boot Disk = 2.5TB (250GB per VM)

We have CentOS 6.8 production machines and we had a plan to migrate to CentOS 8.0. Having come to know that CentOS Linux 8 EOL: 2021-12-31, also that, CentOS Project produces two variants: CentOS Linux and CentOS Stream, where CentOS Stream is the upstream, public development branch for RHEL. I wonder, in such a situation, for production machines, where we need a more reliable and stable OS, will CentO ...

I am on Debian 10.5 LAMP with ISPConfig, running PHPMYADMIN 4.9.0.1.

I installed phpmyadmin following this tutorial I can only guess that somehow ISPConfig may be interrupting something.

In any case, I am trying to setup the default phpmyadmin-syslog.conf filter for fail2ban to protect phpmyadmin.

Problem:
pma logging doesn't appear to work according to documentation.

I have tried 3 methods to enable log ...

I have example.com configured cPanel and I do not use it as mail server. I have created new subdomain in Cloudflare called mailer.example.com and installed Virtualmin on new Ubuntu server with hostname as mailer.example.com.

I have setup MX record for mailer.example.com in Cloudflare. It is working fine.

Now I have generated DKIM for my host called mailer.example.com.

Its selector is 202111.

Now I have ad ...

I have rsyncd version 3.1.2 listening on port 873 and I want to limit the bandwidth with which my files are downloaded by a client connecting to me. I added a bwlimit both in the config file:

uid = nobody
gid = nogroup

[data]
path = /var/data/files/
comment = Repo
read only = yes
bwlimit = 10

and tried it on the daemon config file

[Unit]
Description=fast remote file copy program daemon
Condition ...

For testing purposes I want to make the GKE API endpoint publicly available. However, I can't seem to be able to create a firewall rule to allow this. I receive the error "source_ranges": conflicts with destination_ranges with the following terraform code to create it.

Any idea why I can't allow internet traffic but filter on destination IP? Thanks.

resource "google_compute_firewall" "gke_api_allow ...

I need to start some services on another Win10 machine every day which is not available as Service, and requires that someone logs on to the windows machine. The only way to do this is to login to this win machine and then locks it.

Is there any way to create a scheduled task (on another machine) to connect and logon to remote computer?

I am in the process to migrate to separate Vlans from a single 10.1.0.0/16 subnet on VLAN1

In the existing /16 subnet is our Cisco Mail Security (ESA).

In a new Vlan Segment for clients (10.101.10.0/24, VLAN6 ) I can do pretty much everything but access the ESA. No ping and also no access via HTTP(s). Other servers and services are fully accessible like from VLAN1

The Cisco support said there is no iss ...

I am installing RC version..... on Debian .......

We are using PostgreSQL for authentication, ie all our email ids & passwords are in a Postgres table. We query local roundcube database as

<$config['db_dsnw'] = 'pgsql://roundcube:Password@tcp(localhost:5434)/roundcubemail';> It works, we are able to login & access email, send/receive, etc.

I have added Global Address Book as: <$config[ ...

Is that possible to tweak some settings that would make OpenLDAP always interpreting uid=username@domainname as uid=username,ou=domainname in authentication queries?

Of course, making the clients to do this job would be a much more ecological way, but this would be a less preferable option in my case.

I have a Windows Server 2019 intended to be a web server IIS running ASP.Net MVC applications that store data on Oracle 10g database.

The apps were developed on 32bit machines, and rely on existence of OracleOleDb provider.

When I tried to install ODAC on Win2019, the list of providers did not get updated.

Is it mandatory to install Oracle Client before installing ODAC?