Latest Server related questions

I often see that there are some stateful matching rules in a iptables' chain such as INPUT.

I known what they are doing, and I'm interested in that

Should I do the same for the chains of the table NAT?

For example, in my home router, I want it accepts ssh, and also acts as a NAT router.

If we have:

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tc ...

I would like to check if the given ip address is already in the config file. But /etc/ can only be accessed by root, and I'm running the a script as admin. It seems I can't just do sudo

#!/bin/bash
CLIENT_WG_IPV4="10.66.66.1"

DOT_EXISTS=$(sudo grep -c "$CLIENT_WG_IPV4/22" "/etc/wireguard/wg0.conf")
if [[ ${DOT_EXISTS} == '0' ]]; then
   ...
fi

I get the error message:

grep: /etc/wireguard/wg0.conf: P ...

is it possible to manage nsd dns with terraform? i keep getting a NOTINT error but per man page there is an option to accept UPDATE opcodes. when i set drop-updates: no nsd starts fine but i get the same error.

given option is in the man page it seems like it should be supported but doesnt seem to be.

https://man.openbsd.org/nsd.conf

is there some other setting i need for the terraform dns provider to wo ...

Am using the DigitalOcean OpenLiteSpeed NodeJS image from marketplace for setting up the Droplet, for running my NextJS app.

I have setup everything and when tested, the home page was displaying properly. When I clicked the Login button (that uses NextAuth v4) it was throwing an issue because of another package. So using yarn, I removed the package and re-installed it.

So after installation, I ran the

I have the following directive in my apache2_site.conf file:

        CustomLog "|/home/me/myjlog.py %h \"%r\"" common

which should create a log in my MySQL server. myjlog.py starts with:

#!/usr/bin/python3
import pymysql
import sys

ip=sys.argv[1]
req=sys.argv[2]
...

However, for each request to my site, the logging in my database isn't done.

What appears in /var/log/apache2/error.log is:

AH00106: pip ...

I got enthusiastic about the last exploitations of ESXI CVE-2021-21974 (heap overflow exploitation). After researching the SLP service, which is the weak point in this CVE, I tried to turn it off, after which everything still was working perfectly fine, so I had a logical question, what kind of services SLP port on ESXI advertises about?

In addition, I would like to ask how is it possible to send ...

Story

I have a VPN wireguard virtual interface wg0 (can be anything else) and a physical interface eth0. I want to route packets from the VPN to my LAN, or from an interface to another interface.

Almost all the blogs, articles, tutorials advice using MASQUERADE or Source NAT only: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Moreover, IP masquerade is simply a SNAT (Source NAT), it doesn't chan ...

LTO 6 Tapes contain a ID tag within the casing (I assume its RFID). Is it possible to read the tag via mt commands?

I would like to identify the tape that is currently loaded in the tape drive. I'm not using a tape loader. Thus the barcode scanner is not relevant here.

I'm using the free version of Ansible at the moment. What is the maximum hosts a single Ansible controller can manage? I would assume it depends on the resources provisioned on the server but can't seem to find the docs for the free ver.

Also, in a segmented network like the example below (with a mix of Windows and Linux machines), I wasn't too sure but I assume that I need a controller for each  ...

I'd like to route / to a.sock and /(.*) to b.sock.

I tried

    location / {
        proxy_pass http://unix:/tmp/a.sock;
        proxy_read_timeout 30;
        proxy_connect_timeout 30;
        proxy_redirect off;
        proxy_set_header Host               $host;
        proxy_set_header X-Real-IP          $remote_addr;
        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
         ...

To configure sssd to connect AD server. I set id_provider to ldap

As AD server cannot accept TLS, so I closed it by:

1. ldap_id_use_start_tls = false
2. set ssl off in ldap.conf

When I use login ftp via domain account, it works. But it failed for ssh.

I compared the TCPdump between ftp and ssh. I found the password are different in bindrequest between ftp and ssh. It seems ssh encrypted the password, so that  ...

I have an Ubuntu Server 20.04 installed on a Raspberry Pi 4. I am trying to mount a hard drive that should be accessible by two different samba users (user1, uid=1001 and user2, uid=1002). I created a group that contains these two users (gid=1007) and added the following entry in fstab

LABEL=WINHDD /mnt/winhdd ntfs-3g defaults,nls=utf8,dmask=077,fmask=177,gid=1007 0 0

My smb.conf has the share listed  ...

I have an ansible playbook which looks roughly like the following. I need Zero Downtime Upgrade start and Zero Downtime Upgrade completed steps. will run once to put\remove cluser into upgrade mode. in addition I need all the tasks into Block will be run only on one node on same time and continue to next node once we get HTTP 200

Could you please review the yml file ? currently I get ERROR! 'uri'  ...

I'm setting up a VPN tunnel for some services. I created a vpntunnel/vpntunnel user/group that is routed to the tun0 interface based on the group ID. That works quite fine. Commands below run as regular user:

curl -4 ifconfig.io <= returns my public IPv4 ip
curl -6 ifconfig.io <= returns my public IPv6 ip

Because my VPN provider doesn't support IPv6 yet, my IP could be exposed. So I added an ip6 ...