Questions tagged as ['linux']

GCP VM with 99,8% full disk has not resized its file system after increasing the disk capacity in google console.

I have a small VM on GCP based on public image ubuntu-2004-focal-v20220419. There was a 10GB disk with root partition and file system. Some logs occupied 99,8% of the disk capacity. I am able ssh the VM because GCP can still copy ssh keys to it, but to detect a heavy folder I had to use a ...

I'm thinking about doing some online projects as a Developer/IT Technician, and I have some concerns regarding security.

I'm unable to host my servers locally for my project and I thought why not to host the servers in datacenters using hosters like Hetzner. My plans are also hosting an active directory server on one of these servers and join the others to that domain to have a better management  ...

I have a particular drive that is failing (/dev/sdb)

I need to replace the failed drive but I am not sure which it is... I should have documented what drives were in what slots and what their devs were but I did not and it will be very troublesome should I need to shut it down.

I am running proxmox on the metal and the drive is part of a ZFS Pool. I would ideally have a command to make a particul ...

When a virtual machine Linux host server is non-Internet facing and is used exclusively on a LAN and is using a relatively well tested distribution like Proxmox, how dangerous would it be to turn off all vulnerability mitigations via the kernel arg mitigations=off?

Additionally, has anyone tested what kinds of performance gains might be seen by turning off all such mitigations?

This recently came ...

Good-day Folks,

I have a small OpenMediaVault (OMV) v6.0.46-5 deployment, running the Proxmox Kernel v5.19.17-1-pve (so I can have a ZFS filesystem) to support Windows 10 clients (primarily) in a Microsoft Active Directory environment. OMV is integrated with Active Directory and my goal is to create a non-public share, expose it to the Windows clients via SMB/CIFS, and then allow members of a certain ...

We have a linux workstation that is used by a group of users via Internet. For security, users must connect to our private network by VPN and then can ssh to the workstation.

The job they run on the workstation needs Internet connection, so the workstation is connected to Internet via NAT.

However, then it is possible that any normal user can use port forwarding to bypass VPN. For example, by runnin ...

I have a network with several file servers, workstations and application servers. For simplicity we can consider it all attached to a single switch, say Dell 4032F with maximum Jumbo MTU size of 9216. I would appreciate your help with some questions related to MTU. So my first question is:

1. What is this (9216) - HW MTU or IP MTU according to classification (in other words, does it include 14-bytes fra ...

I'm not sure why it isn't starting or why its preventing me from connecting, i get this error:

root@vmi: "# sudo service ssh status
ssh.service OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2022-11-27 09:47:47 CST; 4min 58s ago
Docs: man: sshd (8) man: sshd_config(5)
Process: 446 ExecStartPr ...

I have VirtualMachine with freeradius server (3.0). I am using the authorization file which contains my PPPoE users. The problem seems to be the username: the login is in UPPER CASE which collides with the incoming username.

I can't manually change this because my config file is generated by LMS (Lan Management System - I won`t change anything in code). Is there any method to turn off case-sensit ...

The configuration I have set (below) works for localhost but not for my domain. The goal is to access port 3000 externally with basic auth so only I can access it. When I go to localhost, it is upgraded to https, I have to complete the authentication, and then port 3000 is shown, just as it's meant to. However, going to api.example.com does not prompt authentication, does not upgrade the connection, and  ...

What are the advantages and disadvantages of running a process with a dedicated (non root) user versus with SELinux (where a SE user may be bound to a Linux user) ?

I came across an interesting thing: on BSD systems a new file will have group set to the group of the directory. On System V systems it will have the primary group of the user that created the file. As for BSD systems, what is the purpose of such behavior and does it mean that SGID bit is useless there?

Would you please help me . I have a 2 vps (Ubuntu) I want to forward all traffic from one vps(1.1.1.1) to another (2.2.2.2) vps except ssh port on A vps(1.1.1.1) A server is 1.1.1.1 B server is 2.2.2.2

1st try:

sysctl net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -i eth0 -d 1.1.1.1 -j DNAT --to 2.2.2.2
iptables -A FORWARD -i eth0 -d 1.1.1.1 -p tcp  --dport 22 -j REJECT
iptables -A FORWARD  -i et ...

i have set up a Fedora 37 Gnome box, as well as Fedora 32 Gnome box and a Fedora 37 KDE box (this one upgraded since about 5 years)

All PCs are part of a AD-domain, login with AD-users on local Desktop works fine, also login with AD-user via SSH works fine on ALL PCs.

But when it comes to log on via XRDP, it is only working with the "old/upgraded" Fedora 37 KDE box.

On Fedora 37/32 Gnome access via XR ...

I've created a script from what ive found on the web to notify a SA of users being added to a server. I have it setup with a cron to run the script every 5 mins to monitor differences in the /var/log/secure file but it still sends a blank email if nothing has changed. How can i edit it to not email if no changes are made. Script is below:

file="/var/log/secure"

while cmp "$file" "${file}_bkp"; do
 ...

I'm trying to connect in ssh on port 22 (with client putty,mobaxterm..) on a remote machine with Linux, the connection sometimes works and other no. My pc run on win10 and if I try on cmd the command ssh "host" I get the following error:

C:\Users\User>ssh kex_exchange_identification: banner line contains invalid characters

Can somebody help me? Regards.

I moved my blog to AWS Lightsail for Wordpress instance. I have Ezoic CDN enabled + DNS management proxied with Cloudflare. Domain name redirects to HTTPS from HTTP.

example.com --> https://example.com

but, but all of my hyperlinks within the articles are replaced by HTTP static IP automatically.

https://example.com/article1 --> hhtp://1.123.456.78/article1

what could be the reason? As it happ ...

I have Windows Server 2019 AD and Samba Winbind joined to the AD. The Samba is technically used for home directories and a shared folder between all domain users.

How to force Samba to create directory seems to the same issue. However, when I log into the account I just created in the Windows AD, Samba doesn't create automatically home directory. I think the script is not even executing. What is  ...

I'm running AlmaLinux and Samba Winbind joined into Windows Server 2019 AD. The domain users have home directories and a pccommon directory (shared folder).

When I create a new domain user in the active directory, I have to create a new folder on the linux machine in /home and change its owner to that user's name.

mkdir -p /home/newaccount
chown IIT\\newaccount: /home/newaccount

/etc/samba/smb.conf

I have a server with only one network card (enp2s0) and I would like to have two IP addresses on two different networks. However, I would like to have one static IP and one using DHCP.

The first network on which I want a static IP is: 128.10.100.1/24. This first network is only composed of 2 servers: this one and an other one, which has a static IP as well 128.10.100.11 The second network on which I  ...

I am trying to setup chrony client server on local and try to add chrony server and delete on the fly

I am able to add without needing to restart chrony using this command 'chronyc add server iburst prefer' and i can check chronyc tracking show time is in sync

But when i delete 'chronyc delete ' then it deletes successfully from sources but chronyc tracking show time is still in sync

I have a spare server (yes, it's powerful enough) that I would like to repurpose by selling webhosting to a few clients. Ideally I'd like a distro that includes tools for this type of administration - i.e. adding new clients/domains to the web server, setting up a cpanel account, etc. Presumably I'd be selling VPS hosting to a few clients with websites that don't generate a ton of traffic (I'm not worri ...

What does that error even mean? I have tzdata package. I run yum update --security and I get this:

[dada@dada-dada-dispatcher aem]# yum update --security
Failed to set locale, defaulting to C
Loaded plugins: search-disabled-repos
 --> tzdata-2022f-1.el7.noarch from rhui-rhel-7-server-rhui-rpms removed (updateinfo)
 --> tzdata-2022e-1.el7.noarch from @rhui-rhel-7-server-rhui-rpms removed (upda ...

I'm capturing tcpdump packets. Even though, when I want to see the output by tcpdump -r I see destination hostname instead of address IP and service name instead of port number.

Example:

tcpdump -w /home/backup/out.bin -nn -i ens192 '(dst port 80)'

After a minute Ctrl + C to stop the process

Then:

tcpdump -r /home/backup/out.bin

It shows:

12:01:28.079940 IP 192.168.1.20.50704 > app.server.http: Fl ...

I have this bash script of ipset v7.15 (run in ubuntu 22.04), courtesy of Martin (that I have made some modifications for this question):

ipset create -! blacklist hash:net family inet hashsize 1024
ipset save -! > /tmp/ipset.txt

cat list.txt | sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n -k 5,5n -k 6,6n -k 7,7n -k 8,8n -k 9,9n | while read line; do
    echo "add blacklist $line" >> /tmp/ip ...

I've been struggling for 4 days and according to the information I have stated below, I can't access the linux os (debian) joined in AD to users with different UPN suffixes. What kind of config (sssd smb or krb5) should I make, can you help me?

domain name = TEST.COM
DNS domain name = test.com
NETBIOS = FACTORY
ADDC1 = msdc1.test.com
ADDC2 = msdc2.test.com

users: admin ...

There are various services which are being run on our machines, e.g. cassandra, datadog, etc.

Occasionally, we need to change the configuration, and we wish to automate the propagation of the config files and restarts.

We use Jenkins for automate the workflow for our application software, and were thinking of using this for services as well. We do not wish the server Jenkins runs on to have remote  ...

I'm profiling a data-processing program that I wrote and I want to understand the theoretical throughput of the machine I'm on. Specifically, I want to measure what disk read speed my g4dn EC2 instance is providing my application. This particular instance has an ephemeral NVMe drive, which is what I want to benchmark.

I notice that it takes quite a few runs of hdparm until the throughput it reports stop ...

I am trying to create stacked VLAN interface on a debian 10 server. Here is what I have placed in the /etc/network/interfaces:

iface enp34s0.300 inet manual
        address 0.0.0.0
        netmask 0.0.0.0

auto enp34s0.300.1239
iface enp34s0.300.1239 inet static
        address X.X.X.X
        netmask X.X.X.X

The first interface is going UP without any problem:

:~# ifup enp34s0.300

But the second o ...

EDIT: this Sticky bit enabled Script can't write to a root file appears to be a similar problem

EDIT: How can I use SetUID on a shell script to run as a non-root user? is very similar as well.

I have a script, let's call it read.sh. I have a file, lets call it secret.

# cd /home/normie
# echo "some stuff" > secret
# echo "#!/bin/bash" > read.sh
# echo "cat secret" >> read.sh
# chmod 600 s ...