Recent Questions - Server Fault most recent 30 from serverfault.tech 2020-09-29T00:08:18Z https://serverfault.tech/feeds https://creativecommons.org/licenses/by-sa/4.0/rdf https://serverfault.tech/q/1035663 0 Virtual Machine---- unstable internet speed connection Manuel Dam https://serverfault.tech/users/593544 2020-09-29T00:07:08Z 2020-09-29T00:07:08Z <p>I have rented a small Virtual Machine (n1-standard-2 (2 vCPUs, 7.5 GB memory) with Windows for to run a program on it....</p> <p>but i notice that the programm doesnt work stable as it does on other Computers... so i tryed to identify the Problem and saw in the Task manager under ,,Performance&quot; and then ,,EThernet&quot; that the Internet Speed graph is sometimes touching the Zero line or moves on very weak internet speed ..... This is causing in my opinion the problem..... the only reason why i rented a server is to ensure that it is in a Datacenter without electricity cuts and lack of Internet connection and speed ....</p> <p>please help me to fix the unstable internet speed connection...</p> <p>Thank You</p> https://serverfault.tech/q/1035661 0 How to do something like <location path="/"> in applicationHost.config to apply sslFlags to "/" but not the contents of the virtual directory"? rossmpersonal https://serverfault.tech/users/593542 2020-09-28T23:42:10Z 2020-09-28T23:42:10Z <p>On an IIS 10.0 server hosting exactly one website, mysite.com , which has an exactly one web application which contains exactly one virtual directory, &quot;/&quot; so mysite.com/ is effectively mapped to the physical path that virtual directory maps to, let's say C:\wwwroot\ . The default document for the virtual directory &quot;/&quot; is index.html . So mysite.com/ maps to C:\wwwroot\index.html . The entire contents of mysite.com requires providing a providing a client certificate to access with two exceptions:</p> <ul> <li>mysite.com/</li> <li>mysite.com/index.html</li> </ul> <p>Requiring a client certificate by default is easy. All I need to is add</p> <p>to ApplicationHost.config .</p> <p>Similarly, configuring mysite.com/index.html to not require a client certificate is easy:</p> <p>to ApplicationHost.config.</p> <p>How do I configure the URL mysite.com/ to not require a client certificate without inadvertently configuring the entire &quot;/&quot; virtual directory to not require a certificate without restructuring the site so there are separating virtual directories or other structures that separate content requiring a client certificate from content not requiring a client certificate or having to configure each file and sub-directory to require a client certificate which is not maintainable?</p> <p> is invalid in both ApplicatioHost.config and web.config. There has got to be easy way to do this.</p> <p>Would this be a more appropriate question for Stack Overflow?</p> https://serverfault.tech/q/1035660 0 Getting empty response from www.dhgate.com using curl gloom700 https://serverfault.tech/users/370738 2020-09-28T23:33:24Z 2020-09-28T23:33:24Z <p>When I run below command from my ubuntu system, I am able to get response from dhgate.</p> <p><code>curl &quot;https://www.dhgate.com/&quot; -H &quot;User-Agent:example.com&quot;</code></p> <p>But when I run the command from any cloud server(e.g. aws), response is not received.</p> <p>Does dhgate block web scraping requests from cloud servers ? Do I need to use different user agent in the header ?</p> https://serverfault.tech/q/1035659 0 Does `docker run --rm cli_command` destroy SSDs via constant writing? hopeseekr https://serverfault.tech/users/56309 2020-09-28T23:27:57Z 2020-09-28T23:27:57Z <p>I am running several PHP CLI apps (phpcs, phpunit, phpstan, to name a few) via <code>docker run -it --rm</code> against several hundred thousand packages.</p> <p>This means an equivalent of millions of <code>docker run</code>s over the course of a year.</p> <p>Does <code>docker run -it --rm</code> chew up my SSD drive?</p> <p>If so: Is there an alternative that keeps the containers alive but uses different $PWD and CLI arguments for each run?</p> https://serverfault.tech/q/1035658 0 Mysql 8.0 vs Mariadb 10.4 for low memory VPS Islam Mohamed https://serverfault.tech/users/593539 2020-09-28T23:13:54Z 2020-09-28T23:13:54Z <p>I have a vps with just 2Gb of memory and plan to just run wordpress on it and was wondering which is the best choice (Mysql 8.0 or Mariadb 10.4)?</p> https://serverfault.tech/q/1035657 0 Penguin Computing Arctica 4804x-r Factory Reset? user1213922 https://serverfault.tech/users/586333 2020-09-28T23:05:46Z 2020-09-28T23:05:46Z <p>I have several questions about this switch:</p> <ol> <li>What are the default login credentials?</li> <li>How to boot it into single-user mode?</li> <li>How to perform a factory reset?</li> </ol> https://serverfault.tech/q/1035655 -1 Cannot get past "realm: Couldn't join realm: Not Authoerized to perfrom this action" Zachary Walker https://serverfault.tech/users/593537 2020-09-28T22:50:26Z 2020-09-28T22:50:26Z <ul> <li>name: Add targeted machine to domain become_user: expect: command: /bin/bash -c &quot;/usr/sbin/realm join --user={{ prompted_user }}@domain.com domain.com responses: Password for .*: &quot;{{ prompted_pass }}&quot;</li> </ul> <p>fatal: []: FAILED =&gt; { &quot;changed&quot;:true, &quot;cmd&quot;: &quot;bin/bash -c &quot;/usr/sbin/realm join --user=promted_user@domain.com domain.com&quot;&quot;, &quot;delta&quot;: &quot;0:00:00.459430&quot; &quot;end&quot;; &quot;&lt;date_time&gt;&quot; &quot;invocation&quot; : { &quot;module_args&quot;: { &quot;chdir&quot;: null, &quot;command&quot;: &quot;bin/bash -c &quot;/usr/sbin/realm join --user=promted_user@domain.com domain.com&quot;&quot;, &quot;creates&quot;: null, &quot;echo&quot;: false &quot;removes&quot;: null, &quot;responses&quot; : { &quot;Password for .*&quot;: &quot;&lt;prompted_pass&gt;&quot; }, &quot;timeout&quot;: 30 } }, &quot;msg&quot;: &quot;non-zero return code&quot;, &quot;rc&quot;: 1, &quot;start&quot;: &quot;&lt;data_time&gt;&quot; &quot;stdout&quot;: &quot;Password for prompted_user@domain.com: \r\nrealm: Couldn't join realm: Not authorized to perform this action:, &quot;stdout_lines&quot;: [ &quot;Password for prompted_user@domain.com: &quot;, &quot;realm: Couldn't join realm: Not authorized to perform this action&quot; ] }</p> <p>The top is the task and the bottom is the output. I don't know why its not passing the password or, if it is I don't know why its not running sudo when I do these actions traditionally without ansible it works just fine. Defiantly need help.</p> <p>Thank you</p> https://serverfault.tech/q/1035653 0 Amanda Backup Skip Tape Matthew Allen-Goebel https://serverfault.tech/users/593536 2020-09-28T22:22:48Z 2020-09-28T22:22:48Z <p>Besides manually editing the tapelist, how can I skip a specified tape or make a specified tape the next tape that is run without changing the order of the tapes?</p> <p>This question is already asked here: <a href="https://serverfault.tech/questions/352786/amanda-how-to-skip-a-tape">Amanda: how to skip a tape?</a> . However the answers are less than optimal. I don't have the reputation needed to ask follow ups of the persons who have answered so I have to ask my own question.</p> <p>What Amanda admin tools will skip a tape that is still needed but have been passed over in the rotation? For example, the <code>daily_27</code> tape was missed due to system malfunction and downtime, but to keep with our onsite rotation scheme (where someone comes and physically moves tapes to an offsite location and brings back the next set of tapes) skipping a tape is the best option especially during a pandemic where our scheduled time to be at said offsite location is not easily changed.</p> <p><code>amadmin</code> can either make tapes reusable or not which isn't helpful if I don't remember to add the tape back into the rotation after it's been skipped, nor is it helpful if making a no-reuse tape reusable places it in the rotation out of numeric sequence. <code>amtape</code> seems like it might have worked except there isn't any stated functionality for skipping over a tape from the man page.</p> https://serverfault.tech/q/1035652 0 How do I configure Squid3 url_regex along with ssl_bump, so that I can partially proxy Python's pypi.org? EdwardTeach https://serverfault.tech/users/101821 2020-09-28T20:55:41Z 2020-09-28T20:55:41Z <p>I am trying to proxy <a href="https://pypi.org" rel="nofollow noreferrer">https://pypi.org</a> using Squid 3.5.27. Since pypi.org requires SSL, and I want to restrict which packages are available, I have enabled <code>ssl_bump</code>. I have also constructed an ACL using <code>url_regex</code>.</p> <p>See below for configuration and output for a working ACL with <code>url_regex</code>, vs. a non-working ACL. How do I write my Squid configuration to only allow access to certain packages/paths from the SSL pypi.org repository?</p> <p>Here is what <strong>works</strong> (note <code>TCP_MISS/200</code> at the end of the log output):</p> <pre><code># cat squid.conf | grep -v ^# | grep -v ^$ acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump bump all acl pypi_whitelist url_regex -i &quot;/etc/squid/pypi_whitelist.txt&quot; http_access allow pypi_whitelist http_access allow localhost http_access deny all http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid-cert/private.pem key=/etc/squid-cert/private.pem cache_dir ufs /var/cache/squid 100 16 256 coredump_dir /var/cache/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 30 20% 4320 reload-into-ims range_offset_limit 200 MB maximum_object_size 200 MB quick_abort_min -1 </code></pre> <pre><code># cat pypi_whitelist.txt pypi.org </code></pre> <pre><code>==&gt; /var/lib/docker/volumes/squid_log/_data/squid/cache.log &lt;== 2020/09/28 20:37:44| Reconfiguring Squid Cache (version 3.5.27)... 2020/09/28 20:37:44| Closing HTTP port [::]:3128 2020/09/28 20:37:44| Logfile: closing log daemon:/var/log/squid/access.log 2020/09/28 20:37:44| Logfile Daemon: closing log daemon:/var/log/squid/access.log 2020/09/28 20:37:44| Startup: Initializing Authentication Schemes ... 2020/09/28 20:37:44| Startup: Initialized Authentication Scheme 'basic' 2020/09/28 20:37:44| Startup: Initialized Authentication Scheme 'digest' 2020/09/28 20:37:44| Startup: Initialized Authentication Scheme 'negotiate' 2020/09/28 20:37:44| Startup: Initialized Authentication Scheme 'ntlm' 2020/09/28 20:37:44| Startup: Initialized Authentication. 2020/09/28 20:37:44| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2020/09/28 20:37:44| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP 2020/09/28 20:37:44| Initializing https proxy context 2020/09/28 20:37:44| Initializing http_port [::]:3128 SSL context 2020/09/28 20:37:44| Using certificate in /etc/squid-cert/private.pem 2020/09/28 20:37:44| Logfile: opening log daemon:/var/log/squid/access.log 2020/09/28 20:37:44| Logfile Daemon: opening log /var/log/squid/access.log 2020/09/28 20:37:44| Squid plugin modules loaded: 0 2020/09/28 20:37:44| Adaptation support is off. 2020/09/28 20:37:44| Store logging disabled 2020/09/28 20:37:44| DNS Socket created at [::], FD 11 2020/09/28 20:37:44| DNS Socket created at 0.0.0.0, FD 12 2020/09/28 20:37:44| Adding domain me.net from /etc/resolv.conf 2020/09/28 20:37:44| Adding nameserver 127.0.0.11 from /etc/resolv.conf 2020/09/28 20:37:44| Adding ndots 1 from /etc/resolv.conf 2020/09/28 20:37:44| helperOpenServers: Starting 5/32 'ssl_crtd' processes 2020/09/28 20:37:44| HTCP Disabled. 2020/09/28 20:37:44| Finished loading MIME types and icons. 2020/09/28 20:37:44| Accepting SSL bumped HTTP Socket connections at local=[::]:3128 remote=[::] FD 25 flags=9 ==&gt; /var/lib/docker/volumes/squid_log/_data/squid/access.log &lt;== 1601325472.953 36 10.10.0.28 TAG_NONE/200 0 CONNECT pypi.org:443 - HIER_DIRECT/151.101.192.223 - 1601325472.990 32 10.10.0.28 TCP_MISS/200 44282 GET https://pypi.org/simple/pip/ - HIER_DIRECT/151.101.192.223 text/html </code></pre> <p>However, as soon as I add the <code>/</code> character, it <strong>stops working</strong> (note <code>TAG_NONE/403</code> at the end of the log output):</p> <pre><code># cat pypi_whitelist.txt pypi.org/.* </code></pre> <pre><code>==&gt; /var/lib/docker/volumes/squid_log/_data/squid/cache.log &lt;== 2020/09/28 20:41:01| Reconfiguring Squid Cache (version 3.5.27)... 2020/09/28 20:41:01| Closing HTTP port [::]:3128 2020/09/28 20:41:01| Logfile: closing log daemon:/var/log/squid/access.log 2020/09/28 20:41:01| Logfile Daemon: closing log daemon:/var/log/squid/access.log 2020/09/28 20:41:01| Startup: Initializing Authentication Schemes ... 2020/09/28 20:41:01| Startup: Initialized Authentication Scheme 'basic' 2020/09/28 20:41:01| Startup: Initialized Authentication Scheme 'digest' 2020/09/28 20:41:01| Startup: Initialized Authentication Scheme 'negotiate' 2020/09/28 20:41:01| Startup: Initialized Authentication Scheme 'ntlm' 2020/09/28 20:41:01| Startup: Initialized Authentication. 2020/09/28 20:41:01| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2020/09/28 20:41:01| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP 2020/09/28 20:41:01| Initializing https proxy context 2020/09/28 20:41:01| Initializing http_port [::]:3128 SSL context 2020/09/28 20:41:01| Using certificate in /etc/squid-cert/private.pem 2020/09/28 20:41:01| Logfile: opening log daemon:/var/log/squid/access.log 2020/09/28 20:41:01| Logfile Daemon: opening log /var/log/squid/access.log 2020/09/28 20:41:01| Squid plugin modules loaded: 0 2020/09/28 20:41:01| Adaptation support is off. 2020/09/28 20:41:01| Store logging disabled 2020/09/28 20:41:01| DNS Socket created at [::], FD 11 2020/09/28 20:41:01| DNS Socket created at 0.0.0.0, FD 12 2020/09/28 20:41:01| Adding domain me.net from /etc/resolv.conf 2020/09/28 20:41:01| Adding nameserver 127.0.0.11 from /etc/resolv.conf 2020/09/28 20:41:01| Adding ndots 1 from /etc/resolv.conf 2020/09/28 20:41:01| helperOpenServers: Starting 5/32 'ssl_crtd' processes 2020/09/28 20:41:01| HTCP Disabled. 2020/09/28 20:41:01| Finished loading MIME types and icons. 2020/09/28 20:41:01| Accepting SSL bumped HTTP Socket connections at local=[::]:3128 remote=[::] FD 25 flags=9 ==&gt; /var/lib/docker/volumes/squid_log/_data/squid/access.log &lt;== 1601325675.090 0 10.10.0.28 TCP_DENIED/200 0 CONNECT pypi.org:443 - HIER_NONE/- - 1601325675.110 0 10.10.0.28 TAG_NONE/403 3891 GET https://pypi.org/simple/pip/ - HIER_NONE/- text/html </code></pre> https://serverfault.tech/q/1035650 -1 Strange Virus/Spyware blocked notification on frequently used vendor site McITGuy https://serverfault.tech/users/455933 2020-09-28T20:44:47Z 2020-09-28T22:10:53Z <p><a href="https://i.stack.imgur.com/S1cRG.png" rel="nofollow noreferrer"><img src="https://i.stack.imgur.com/S1cRG.png" alt="Strange malware warning" /></a></p> <p>See screen shot above.</p> <p>This Virus warning appears when a user attempts to download an .exe from a frequently used Vendor website. This just started a few days ago. As far as I'm aware we don't have any content filtering / A/V rules on our firewall device and the vendor domain is whitelisted there as well. I thought it may be Windows defender blocking it but I couldn't find where to whitelist downloads, I can only add exceptions for files/programs that are already on the machine. Is this being blocked by some kind of Group policy?</p> <p>This issue effects all PC's on the network and all users. It is a windows 10 pro environment at a Server 2012R2 domain level.</p> <p>If anyone has seen this error message or knows where it comes from, can you point me in the right direction? I'd like to whitelist the file or remove/edit the filter.</p> <p>Edit: the Firewall device is a Meraki Mx64. AMP is disabled.</p> https://serverfault.tech/q/1035648 0 How to remove deleted user account from Windows Server 2019 login screen? EinfoMail https://serverfault.tech/users/341784 2020-09-28T20:37:29Z 2020-09-28T20:37:29Z <p>During Windows Server 2019 installation, it’s asked me to create a user name.</p> <p>I created a user name, <em>Geek</em>.</p> <p>Once installation done, I signed in <em>Geek</em>, then signed out Geek and signed in with <em>Administrator</em> account which built-in-administrator account.</p> <p>I was able to sign in Windows Server 2019 with both accounts.</p> <p>Now I deleted Geek account and checked at …</p> <ol> <li>Windows Settings &gt; Accounts &gt; Other users</li> <li>Run &gt; regedit &gt; HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList</li> <li>Run &gt; netplwiz &gt; User Accounts</li> <li>Control Panel\All Control Panel Items\User Accounts\Manage Accounts</li> <li>C:\Users</li> </ol> <p>Deleted user account name or its folder (<em>Geek</em>) is not shown anywhere.</p> <p>However, after restart or when I turn on, I see deleted user account (<em>Geek</em>) name on login screen by default.</p> <p>With deleted user account name, I see, <em>The user name or password is incorrect. Try again.</em></p> <p>I click <em>Ok</em>. Then, I click another user account (<em>Administrator</em>) which is active.</p> <p>Then, I gone to <strong>Local Security Policy</strong>.</p> <p>1st I enabled, <em>Do not require CTRL+ALT+DEL</em>, then <em>gpupdate /force</em>.</p> <p>After restart, no change I noticed.</p> <p>Then I enabled, <em>Don't display last signed-in</em> then <em>gpupdate /force</em>.</p> <p>After restart, I see only deleted account i.e. <em>Geek</em> but don't see the active account i.e. <em>Administrator</em>.</p> <p>Then I manually typed username, <em>Administrator</em> and password. I singed-in and disabled, <em>Don't display last signed-in</em>.</p> <p>Please let me know, how to resolve this issue?</p> <p>With Regards</p> <p>EinfoMail</p> https://serverfault.tech/q/1035646 0 Adding a new VLAN to an existing VMware cluster zheka piterskiy https://serverfault.tech/users/593528 2020-09-28T20:31:10Z 2020-09-28T20:31:10Z <p>I need to add an additional VLAN to an existing VWware 6.7 cluster. There is an existing VDS available, however I am not sure what the proper process would be to accomplish that.</p> <p>I understand the main steps is going to be adding a new distributed port group for the VLAN setting the new VLAN number. There are currently some setup:</p> <p><a href="https://i.stack.imgur.com/o1H94.png" rel="nofollow noreferrer">vds port groups</a></p> <p>What about these networks though?</p> <p><a href="https://i.stack.imgur.com/oRSQu.png" rel="nofollow noreferrer">networks</a></p> <p>Thanks in advance!</p> https://serverfault.tech/q/1035645 1 Basics of moving from NAT ipv4 to no-NAT ipv6 JMain https://serverfault.tech/users/592818 2020-09-28T20:22:47Z 2020-09-28T20:34:13Z <p>Imagine a ipv4 setup like this, only on a much larger scale:</p> <pre><code>10.0.0.1 = Nat Router 10.0.0.2 = Business Server A 10.0.0.3 = Business Server B 10.0.0.4 = Workstation A 10.0.0.5 = Workstation B 10.0.0.6 = Workstation C </code></pre> <p>The workstations access the Servers with their IP address, easy. The workstations and servers access the router through the nat router, easy.</p> <p>Now, move to ipv6. No more nat. You have something like this:</p> <pre><code>xxxx:xxxx:xxxx:yyyy:yyyy:yyyy:yyyy:0001 = firewall xxxx:xxxx:xxxx:yyyy:yyyy:yyyy:yyyy:0002 = Business Server A xxxx:xxxx:xxxx:yyyy:yyyy:yyyy:yyyy:0003 = Business Server B xxxx:xxxx:xxxx:yyyy:yyyy:yyyy:yyyy:0004 = Workstation A xxxx:xxxx:xxxx:yyyy:yyyy:yyyy:yyyy:0005 = Workstation B xxxx:xxxx:xxxx:yyyy:yyyy:yyyy:yyyy:0006 = Workstation C </code></pre> <p>I understand that for the prefix, this is provided by your ISP. If you are using these to access your servers inside your location, and the prefix changes, you lose access (until you fix it). Or, assume that your modem or ISP is down for some reason and you lose the prefix because it can't hand it out. Or, maybe you watch to quickly switch to a backup ISP with a CradlePoint or similar.</p> <p>With ipv4, the ISP doesn't really matter, your internal devices never see your ISP provided addresses. You can fairly easily switch ISP in a moment by just swapping a cable around.</p> <p>With ipv6, at least the way I understand it, without NAT now the ISP controls your internal IP addresses. Outside addresses changing might not be a big deal, but internal addresses changing would cause a large mess.</p> <p>Many companies today use the solution to simply stay with IPv4.</p> <p>What is the IPv6 solution to this scenario? I know that NAT=bad in lots of cases, but in this scenario, it literally keeps the internal network running.</p> https://serverfault.tech/q/1035644 -1 LSI9210-8i raid controller not detected in HP DL380 G7 Alessandro Cossali https://serverfault.tech/users/593527 2020-09-28T20:22:34Z 2020-09-28T20:29:43Z <p>I have bought the LSI 9210-8i RAID controller configured in IT mode because the P410i controller on my HP DL380 G7 doesn't support the JBOD function. I'm having some troubles because the BIOS has detected it the first time that I connected it but then no more.</p> <p>I've tried also on my other server, a DL360 G5, but also it doesn't detect the controller.</p> <p>I've disable the integrated controller in the BIOS but I'm not understanding if it's a compatibility problem (I know that HP has some problems with non-HP hardware...) or if I've to enable something in the BIOS in order to see and use it.</p> <p>Anyone else with the same problem?</p> <p>Or can you suggest an LSI controller compatible with this server and with IT mode?</p> https://serverfault.tech/q/1035643 0 Q: Techniques for logging Apache requests to MySQL (on CentOS 7) Jemenake https://serverfault.tech/users/112018 2020-09-28T20:17:35Z 2020-09-28T20:49:26Z <p>I'm interested in logging my Apache logs to MySQL (for easier analysis, basically... and, to prevent the DB from getting huge, I was considering regularly purging requests older than XX months)</p> <p>Googling mostly suggests using <code>mod_log_sql_mysql</code>, but this package doesn't seem to be available for CentOS 7. I came across an interesting page <a href="https://escapequotes.net/save-apache-log-in-mysql-database/" rel="nofollow noreferrer">here</a> where the author uses Apache's custom-log module to write to the <code>mysql</code> client through a pipe, but that seems pretty inefficient (spawning a mysql client for each log entry? Or is there a way to get Apache to do log updates as less-frequent batches?).</p> <p>But that page gave me the idea of maybe writing a daemon to provide a unix socket or pipe that Apache could write to, and the daemon could maintain an open connection to the MySQL daemon <em>or</em> maybe just a daemon that uses inotify or fswatch to just watch for changes to the normal textual logs.</p> <p>But, before I embark on one of these projects, does anybody have any thoughts about:</p> <ol> <li><strong>Is there really no mod-log-ssl-mysql for CentOS 7?</strong></li> <li><strong>If not, does one of these approaches (calling mysql for each entry, using a daemon to monitor a pipe, or using a daemon to monitor normal textual logs) seem to be the better route?</strong></li> <li><strong>Is logging to a DB just a horrible idea, and I should forget that I ever had such a notion?</strong></li> </ol> <p>I guess one of the advantages of writing my own daemon is that I could do clever things with the DB... instead of logging everything to a single table, I could give each requested file-path (since those tend to be long) an entry in a separate table and just reference it by its primary key in the request log.</p> https://serverfault.tech/q/1035536 0 iptables string match, some packets still getting through Pr0n https://serverfault.tech/users/147655 2020-09-27T19:45:31Z 2020-09-28T22:31:35Z <p>I'm using fail2ban to police plain text http packets (SSL offload being used with load balancer) using a header added by the load balancer. fail2ban is complaining that it is seeing ip addresses in logs AFTER it bans them but the packet count on iptables is increasing, how can they possible be slipping past?</p> <p>My fail2ban log looks like this</p> <pre><code>2020-09-27 19:10:42,748 fail2ban.actions [1744]: NOTICE [jailprov] Ban 5.180.220.215 2020-09-27 19:11:34,478 fail2ban.actions [1744]: NOTICE [jailprov] 5.180.220.215 already banned 2020-09-27 19:12:08,097 fail2ban.actions [1744]: NOTICE [jailprov] 5.180.220.215 already banned 2020-09-27 19:12:21,119 fail2ban.actions [1744]: NOTICE [jailprov] 5.180.220.215 already banned 2020-09-27 19:12:50,088 fail2ban.actions [1744]: NOTICE [jailprov] 5.180.220.215 already banned 2020-09-27 19:13:08,609 fail2ban.actions [1744]: NOTICE [jailprov] 5.180.220.215 already banned </code></pre> <p>My iptables looks like this</p> <pre><code>[me@server log]# iptables -vnL Chain INPUT (policy ACCEPT 2917 packets, 368K bytes) pkts bytes target prot opt in out source destination 2751K 199M fail2ban-default tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 2749K 198M fail2ban-default tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 2952 packets, 530K bytes) pkts bytes target prot opt in out source destination Chain fail2ban-default (2 references) pkts bytes target prot opt in out source destination 18 6408 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 STRING match &quot;5.180.220.215&quot; ALGO name bm TO 65535 [other rules removed for brevity] 5499K 396M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 </code></pre> <p><a href="https://i.stack.imgur.com/jQpeN.png" rel="nofollow noreferrer"><img src="https://i.stack.imgur.com/jQpeN.png" alt="enter image description here" /></a></p> https://serverfault.tech/q/1035459 9 How can I redirect an entire site to a single page? Jim Miller https://serverfault.tech/users/77729 2020-09-26T21:42:42Z 2020-09-28T22:38:55Z <p>I'm in the process of shutting down a site, and have replaced the old site with a single &quot;nobody home&quot; page at the root level of the site. Now I need to set up some redirection, so that <em>any</em> request to any part of the site, no matter how complicated, ends up at the root page.</p> <p>I've tried what (I thought) ought to work: Creating an <code>.htaccess</code> file containing:</p> <pre><code>RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^(.*)$ https://www.example.com/ [L,R=301,NE] </code></pre> <p>but it mostly fails: Requests to <code>http://www.example.com</code> still get through, but <code>https://www.example.com/doesnotexist.html</code> throws a 404. (If there was no redirection going on, this would be correct, since that page doesn't exist on the site, but that's the point of the redirection: I want this request to be sent to <code>https://www.example.com</code>.)</p> <p>Arggh. The answer to this is probably obvious to everyone but me; can anyone help out?</p> <p>PS: I'm in a shared hosting situation, so I have to do this with a <code>.htaccess</code> file rather than hacking a full Apache configuration file.</p> https://serverfault.tech/q/1035331 1 What could cause high iostat await if a disk isn't overutilized? Ben Kuhn https://serverfault.tech/users/509195 2020-09-25T12:59:55Z 2020-09-28T20:29:13Z <p>I have a database running on GCP. Occasionally it gets very slow for a period of minutes (like average statement execution time spikes by 10x or more). The slowness is correlated with increases in the <code>await</code> output from <code>iostat</code> (<code>system.io.await</code> metric in the image below). Normally this is around 500µs, but during the outages it's spiked up to 20ms.</p> <p>My first guess was that this indicated the disk was saturated, but <code>{r,w}{,kb}_s</code> were all within the normal range that the instance has gracefully handled (with normal <code>await</code>):</p> <p><a href="https://i.stack.imgur.com/gfVTB.png" rel="nofollow noreferrer"><img src="https://i.stack.imgur.com/gfVTB.png" alt="metrics" /></a></p> <p>My second guess was that maybe we had a noisy neighbor on the persistent disk, but I failed over the database to a different VM and the problem persisted.</p> <p>What else could be causing the spikes in <code>await</code>? Also, what tools or tests would be best for diagnosing this?</p> https://serverfault.tech/q/1034595 0 NFTables: is it possible to forward traffic without masquerading it? Polizi8 https://serverfault.tech/users/582968 2020-09-19T23:59:54Z 2020-09-28T20:54:11Z <p>I have a remote server that forwards certain incoming traffic to another port of a different server.<br /> With &quot;masquerade&quot; I only see traffic coming from the forward server, is it possible to see traffic coming from the original sources? If I replace &quot;masquerade&quot; with &quot;accept&quot; I can't reach anymore port 8080 of destination.</p> <pre><code># define destination address define dest = 10.0.0.2 # table for smtp forwarding table ip smtp { chain pre { type nat hook prerouting priority -100 tcp dport 25 dnat to $dest:8080 } chain post { type nat hook postrouting priority 100 ip daddr $dest masquerade } } </code></pre> https://serverfault.tech/q/1028492 1 How do I restrict a Remote Desktop Client to a single application? Cary Jensen https://serverfault.tech/users/55504 2020-07-31T22:44:46Z 2020-09-28T22:29:43Z <p>I have an AWS Lightsail server running Windows Server 2016. I want Administrators to be able to log in via Windows Remote Desktop Client and access the desktop and all applications. However, I want to setup one or more users or groups who can connect to the server using a Remote Desktop Client (not Web), and upon login, automatically launch a single application. Furthermore, when they close that application they are signed out of the server. In addition, while they are in the application they have no access to the desktop or any other applications.</p> <p>I have been assured that this configuration is possible, but so far I have failed to find any combination of configurations that permit me to achieve this goal. So, I have two questions. First, is it true that I can configure my Lightsail server to achieve this result? And, if so, how do I do it?</p> https://serverfault.tech/q/947532 1 Run FreeRADIUS on FIPS enabled Redhat server? dutsnekcirf https://serverfault.tech/users/328621 2019-01-04T00:05:33Z 2020-09-28T23:00:49Z <p>I'm attempting to install a FreeRADIUS server on a RHEL 6.9 VM. This VM is operating in FIPS mode. I'm running into the problem described in a Red Hat bug report found <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1088778" rel="nofollow noreferrer">here</a>.</p> <p>According to that bug report from March of 2015 the RADIUS protocol requires MD5 support. FreeRADIUS (and RADIUS) can therefore not be supported in FIPS mode.</p> <p>I'm hoping that in the 3 years that have transpired since that bug report there's been a fix or workaround that I can implement to get around this issue. Unfortunately, I'm restricted to running in FIPS mode per DISA STIG requirements. Is anyone aware of a way to get FreeRADIUS to work on a machine that's operating in FIPS mode?</p> https://serverfault.tech/q/913866 0 setting reply-to in sendmail.mc René Martin https://serverfault.tech/users/471509 2018-05-25T23:55:00Z 2020-09-28T22:00:30Z <p>I'm using sendmail to send Mails from PHP and also forward some mails addressed to the server to a list of external mail-providers. The forwarding is done via an entry in /etc/mail/virtusertable:</p> <pre><code>test@domain.com testuser </code></pre> <p>In my /etc/aliases I include the mail list file:</p> <pre><code>testuser: ":include:/home/mail-list" </code></pre> <p>This setup works so far but I wanted to ask how it is possible to change the Reply-To Header of mails sent to the virtual user <code>testuser</code> via sendmail.mc? And if not is there another way to do this?</p> https://serverfault.tech/q/905437 2 pfSense and ESXI WAN Andy https://serverfault.tech/users/463279 2018-03-31T09:39:54Z 2020-09-28T21:05:25Z <p>I have a dedicated server which came with ESXI 6.5 pre-installed. There is just one IP dedicated to this, the management IP: 62.121.90.xx/27 from where I can log to ESXI. This instance had just one NIC installed at this IP. No NAT. I asked from my hosting provider to issue me a second IP which is of 83.159.147.XXX/26. What I want to do is the following: pfSense with two network interfaces one WAN where I can connect the internet and the second one I would like to use internally for NAT with other VMs.</p> <p>I have created the following as in the picture: <a href="https://i.stack.imgur.com/tvbB0.png" rel="nofollow noreferrer">vSwitch configuration</a></p> <p>Problem is that when I assign the new IP (83.159.147.XXX) to the WAN interface of pfSense I am not able to reach internet. </p> https://serverfault.tech/q/856116 1 Blank page (500 error) with nginx and php-fpm Madno https://serverfault.tech/users/279084 2017-06-16T00:54:55Z 2020-09-28T23:06:25Z <p>I am hosting more than one domain on the same server. I have the following configuration for nginx:</p> <pre><code>server { listen 80; root /var/www/mydomain.com; index index.php index.html index.htm; server_name mydomain.com; location / { try_files $uri $uri/ =404; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } </code></pre> <p>Which works with all the domains I have on the server. However, today, I added a new domain which I transferred its content from another server (I transferred from shared hosting into a VPS). And after adjusting the DNS, moving the files and migrating the database and finishing everything up, the new domain doesn't work. It just returns 500 error code. No log messages were shown in nginx's log files.</p> https://serverfault.tech/q/846872 3 ipmptool get the Board Serial using raw command charles.cc.hsu https://serverfault.tech/users/412647 2017-04-27T11:58:45Z 2020-09-29T00:00:40Z <p>I would like to use <code>ipmitool</code> to get the Board Serial Number, currently I can use <code>$ sudo ipmitool fru</code> to query the information as below:</p> <pre><code>$ sudo ipmitool fru FRU Device Description : Builtin FRU Device (ID 0) Chassis Type : Main Server Chassis Chassis Part Number : 01234567 Chassis Serial : 01234567890123456789AB Board Mfg Date : Wed Jan 7 13:07:00 2015 Board Mfg : GIGABYTE Board Product : MB10-DS4 Board Serial : GG3P8800012 Board Part Number : 01234567 Product Manufacturer : GIGABYTE Product Name : MB10-DS4 Product Part Number : 000000000001 Product Version : 0100 Product Serial : 01234567890123456789AB Product Asset Tag : 01234567890123456789AB </code></pre> <p>Because in my project, I need to use OpenIPMI API in C code to get the Board Serial, I think that should be unique. So, I use the raw command:</p> <pre><code>$ sudo ipmitool raw Not enough parameters given. RAW Commands: raw &lt;netfn&gt; &lt;cmd&gt; [data] Network Function Codes: VAL HEX STRING ============================================== 0 0x00 Chassis 2 0x02 Bridge 4 0x04 SensorEvent 6 0x06 Application 8 0x08 Firmware 10 0x0a Storage 12 0x0c Transport (can also use raw hex values) </code></pre> <p>Then, try to issue following command for to know more about the raw command format</p> <pre><code>$ sudo ipmitool raw 0 0 01 20 20 20 20 20 $ sudo ipmitool raw 0 1 21 00 00 70 $ sudo ipmitool raw 0 2 Unable to send RAW command (channel=0x0 netfn=0x0 lun=0x0 cmd=0x2 rsp=0xc7): Request data length invalid </code></pre> <p>I've googled for several days, but can not find any information, and I've downloaded the source code of ipmitool, maybe I'll try to read the source code more clearly.</p> <p>BTW, I've downloaded the IPMI utility 'IPMICFG' from SuperMicro, and follow the guide <a href="https://alnitech.com/news/supermicro-ipmi-device-configuration-using-ipmicfg/" rel="nofollow noreferrer">Supermicro IPMI Device Configuration</a> using IPMICFG, and read <a href="http://openipmi.sourceforge.net/IPMI.pdf" rel="nofollow noreferrer">A Gentle Introduction with OpenIPMI</a>.</p> <p>My Question is, what is the <code>netfn</code> code should I use, and what is the command to get the Board Serial, is this case, the value should be <code>GG3P8800012</code>.</p> <p>Any advice?</p> <p>Thanks in advance.</p> <hr> <p>Thanks @Lenniey</p> <p>Here is the output of <code>sudo ipmitool fru -vvv</code>:</p> <pre><code>$ sudo ipmitool fru -vvv Using ipmi device 0 Set IPMB address to 0x20 OpenIPMI Request Message Header: netfn = 0x6 cmd = 0x1 Iana: 15370 Running Get PICMG Properties my_addr 0x20, transit 0, target 0 OpenIPMI Request Message Header: netfn = 0x2c cmd = 0x0 OpenIPMI Request Message Data (1 bytes) 00 Error response 0xc1 from Get PICMG Properities Running Get VSO Capabilities my_addr 0x20, transit 0, target 0 OpenIPMI Request Message Header: netfn = 0x2c cmd = 0x0 OpenIPMI Request Message Data (1 bytes) 03 Invalid completion code received: Invalid command Acquire IPMB address Discovered IPMB address 0x0 Interface address: my_addr 0x20 transit 0:0 target 0x20:0 ipmb_target 0 FRU Device Description : Builtin FRU Device (ID 0) OpenIPMI Request Message Header: netfn = 0x6 cmd = 0x1 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x10 OpenIPMI Request Message Data (1 bytes) 00 fru.size = 2048 bytes (accessed by bytes) OpenIPMI Request Message Header: netfn = 0xa cmd = 0x11 OpenIPMI Request Message Data (4 bytes) 00 00 00 08 FRU DATA (9 bytes) 08 01 00 01 07 0e 00 00 e9 fru.header.version: 0x1 fru.header.offset.internal: 0x0 fru.header.offset.chassis: 0x8 fru.header.offset.board: 0x38 fru.header.offset.product: 0x70 fru.header.offset.multi: 0x0 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x11 OpenIPMI Request Message Data (4 bytes) 00 08 00 02 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x11 OpenIPMI Request Message Data (4 bytes) 00 08 00 21 Retrying FRU read with request size 25 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x11 OpenIPMI Request Message Data (4 bytes) 00 08 00 19 Retrying FRU read with request size 24 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x11 OpenIPMI Request Message Data (4 bytes) 00 08 00 18 Retrying FRU read with request size 23 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x11 OpenIPMI Request Message Data (4 bytes) 00 08 00 17 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x11 OpenIPMI Request Message Data (4 bytes) 00 1f 00 17 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x11 OpenIPMI Request Message Data (4 bytes) 00 36 00 02 Chassis Type : Main Server Chassis Chassis Part Number : 01234567 Chassis Serial : 01234567890123456789AB OpenIPMI Request Message Header: netfn = 0xa cmd = 0x11 OpenIPMI Request Message Data (4 bytes) 00 38 00 02 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x11 OpenIPMI Request Message Data (4 bytes) 00 38 00 17 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x11 OpenIPMI Request Message Data (4 bytes) 00 4f 00 17 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x11 OpenIPMI Request Message Data (4 bytes) 00 66 00 0a Board Mfg Date : Wed Jan 7 13:07:00 2015 Board Mfg : GIGABYTE Board Product : MB10-DS4 Board Serial : GG3P8800012 Board Part Number : 01234567 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x11 OpenIPMI Request Message Data (4 bytes) 00 70 00 02 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x11 OpenIPMI Request Message Data (4 bytes) 00 70 00 17 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x11 OpenIPMI Request Message Data (4 bytes) 00 87 00 17 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x11 OpenIPMI Request Message Data (4 bytes) 00 9e 00 17 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x11 OpenIPMI Request Message Data (4 bytes) 00 b5 00 17 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x11 OpenIPMI Request Message Data (4 bytes) 00 cc 00 04 Product Manufacturer : GIGABYTE Product Name : MB10-DS4 Product Part Number : 000000000001 Product Version : 0100 Product Serial : 01234567890123456789AB Product Asset Tag : 01234567890123456789AB OpenIPMI Request Message Header: netfn = 0x6 cmd = 0x1 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x20 SDR free space: 14864 SDR records : 25 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x22 SDR reservation ID 0002 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 00 00 00 05 SDR record ID : 0x0000 SDR record id mismatch: 0x0001 SDR record type : 0x12 SDR record next : 0x0002 SDR record bytes: 16 Getting 16 bytes from SDR at offset 5 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 00 00 05 10 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 02 00 00 05 SDR record ID : 0x0002 SDR record type : 0xc0 SDR record next : 0x0003 SDR record bytes: 11 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 03 00 00 05 SDR record ID : 0x0003 SDR record type : 0x01 SDR record next : 0x0009 SDR record bytes: 52 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 09 00 00 05 SDR record ID : 0x0009 SDR record type : 0x01 SDR record next : 0x000a SDR record bytes: 53 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 0a 00 00 05 SDR record ID : 0x000a SDR record type : 0x01 SDR record next : 0x000c SDR record bytes: 53 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 0c 00 00 05 SDR record ID : 0x000c SDR record type : 0x01 SDR record next : 0x000d SDR record bytes: 53 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 0d 00 00 05 SDR record ID : 0x000d SDR record type : 0x01 SDR record next : 0x003b SDR record bytes: 53 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 3b 00 00 05 SDR record ID : 0x003b SDR record type : 0x01 SDR record next : 0x003c SDR record bytes: 47 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 3c 00 00 05 SDR record ID : 0x003c SDR record type : 0x01 SDR record next : 0x003d SDR record bytes: 46 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 3d 00 00 05 SDR record ID : 0x003d SDR record type : 0x01 SDR record next : 0x003e SDR record bytes: 47 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 3e 00 00 05 SDR record ID : 0x003e SDR record type : 0x01 SDR record next : 0x0040 SDR record bytes: 51 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 40 00 00 05 SDR record ID : 0x0040 SDR record type : 0x01 SDR record next : 0x0041 SDR record bytes: 49 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 41 00 00 05 SDR record ID : 0x0041 SDR record type : 0x01 SDR record next : 0x0043 SDR record bytes: 53 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 43 00 00 05 SDR record ID : 0x0043 SDR record type : 0x01 SDR record next : 0x0047 SDR record bytes: 52 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 47 00 00 05 SDR record ID : 0x0047 SDR record type : 0x01 SDR record next : 0x0048 SDR record bytes: 53 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 48 00 00 05 SDR record ID : 0x0048 SDR record type : 0x01 SDR record next : 0x0049 SDR record bytes: 52 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 49 00 00 05 SDR record ID : 0x0049 SDR record type : 0x01 SDR record next : 0x004a SDR record bytes: 57 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 4a 00 00 05 SDR record ID : 0x004a SDR record type : 0x01 SDR record next : 0x0088 SDR record bytes: 56 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 88 00 00 05 SDR record ID : 0x0088 SDR record type : 0x01 SDR record next : 0x008a SDR record bytes: 51 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 8a 00 00 05 SDR record ID : 0x008a SDR record type : 0x01 SDR record next : 0x00b9 SDR record bytes: 51 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 b9 00 00 05 SDR record ID : 0x00b9 SDR record type : 0x02 SDR record next : 0x00ba SDR record bytes: 31 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 ba 00 00 05 SDR record ID : 0x00ba SDR record type : 0x02 SDR record next : 0x00bd SDR record bytes: 31 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 bd 00 00 05 SDR record ID : 0x00bd SDR record type : 0x02 SDR record next : 0x00ca SDR record bytes: 36 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 ca 00 00 05 SDR record ID : 0x00ca SDR record type : 0x01 SDR record next : 0x00cd SDR record bytes: 51 OpenIPMI Request Message Header: netfn = 0xa cmd = 0x23 OpenIPMI Request Message Data (6 bytes) 02 00 cd 00 00 05 SDR record ID : 0x00cd SDR record type : 0x02 SDR record next : 0xffff SDR record bytes: 30 </code></pre> <hr> <p>Follow the advice from @Lenniey, I issue following command:</p> <pre><code>$ sudo ipmitool -v raw 0xa 0x11 Running Get PICMG Properties my_addr 0x20, transit 0, target 0 Error response 0xc1 from Get PICMG Properities Running Get VSO Capabilities my_addr 0x20, transit 0, target 0 Invalid completion code received: Invalid command Discovered IPMB address 0x0 RAW REQ (channel=0x0 netfn=0xa lun=0x0 cmd=0x11 data_len=0) Unable to send RAW command (channel=0x0 netfn=0xa lun=0x0 cmd=0x11 rsp=0xc7): Request data length invalid </code></pre> <p>Here raises another question: How to get raw command clues from the output of <code>sudo ipmitool fru -vvv</code> ?</p> https://serverfault.tech/q/845199 2 Cannot connect to RDS from Elasticbeanstalk - Connection timed out Growler https://serverfault.tech/users/410029 2017-04-19T05:04:23Z 2020-09-28T23:06:25Z <p>I set up RDS (mysql) with Elastic Beanstalk/EC2 on AWS for my PHP API.</p> <p>The API is reachable through http and https, but it seems the connection to the DB is having troubles, as I'm getting error:</p> <blockquote> <p>"SQLSTATE[HY000] [2002] Connection timed out","error_data":</p> </blockquote> <p>What I've checked:</p> <ul> <li>My PHP app is load balanced, with a SSL cert attached, and served through https through cloudfront. The security group assigned to this EC2 instance is the same as I'm using for RDS, with inbound rules that accept http connection (it's also attached to the default RDS security group which allows it to be in <code>authorized</code> state)</li> </ul> <p><a href="https://i.stack.imgur.com/EysVZ.png" rel="nofollow noreferrer"><img src="https://i.stack.imgur.com/EysVZ.png" alt="enter image description here"></a></p> <ul> <li><p>RDS instance in authorized state given its security groups: <a href="https://i.stack.imgur.com/32mRTm.png" rel="nofollow noreferrer"><img src="https://i.stack.imgur.com/32mRTm.png" alt="enter image description here"></a></p></li> <li><p>I can connect to the DB instance through my credentials in sequel pro</p></li> <li><p>I've double checked my elastic beanstalk <code>env</code> variables, which are the same as I used to log in successfully to sequel pro on the server</p></li> </ul> <p>I checked the server logs and am not getting much more detail about why I cannot connect.</p> <hr> <p>EDIT: added inbound settings for MYSQL</p> <p><a href="https://i.stack.imgur.com/gpThP.png" rel="nofollow noreferrer"><img src="https://i.stack.imgur.com/gpThP.png" alt="enter image description here"></a></p> https://serverfault.tech/q/773313 1 How to preform a core dump on MongoDB Matt Clark https://serverfault.tech/users/146878 2016-04-27T15:06:15Z 2020-09-28T21:05:25Z <p>I am in the process of investigating a potential memory leak within MongoDB, last night I experienced an issue where the resident memory in use, had an unexpect climb to +10GB.</p> <p>I am trying to preform a core dump to examine the contents of the memory, but am having an issue doing so.</p> <p>I tried using the <a href="https://stackoverflow.com/q/6561194/1790644">procedure found here</a>, using <code>kill -SIGQUIT 9999</code>, however this does not seem to produce an actual core dump from <code>mongod</code>, instead, the only thing I can find is what appears to be a few useless lines at the end of my log file.</p> <pre><code>2016-04-27T14:28:01.413+0000 F - [initandlisten] Got signal: 3 (Quit). 0x1310252 0x130f189 0x130f992 0x349f40f500 0x349f0e0d03 0x12b4fc4 0x977f26 0x97a9bd 0x349f01ecdd 0x974881 ----- BEGIN BACKTRACE ----- {"backtrace":[{"b":"400000","o":"F10252","s":"_ZN5mongo15printStackTraceERSo"},{"b":"400000","o":"F0F189"},{"b":"400000","o":"F0F992"},{"b":"349F400000","o":"F500"},{"b":"349F000000","o":"E0D03","s":"__select"},{"b":"400000","o":"EB4FC4","s":"_ZN5mongo8Listener13initAndListenEv"},{"b":"400000","o":"577F26","s":"_ZN5mongo13initAndListenEi"},{"b":"400000","o":"57A9BD","s":"main"},{"b":"349F000000","o":"1ECDD","s":"__libc_start_main"},{"b":"400000","o":"574881"}],"processInfo":{ "mongodbVersion" : "3.2.4", "gitVersion" : "e2ee9ffcf9f5a94fad76802e28cc978718bb7a30", "compiledModules" : [], "uname" : { "sysname" : "Linux", "release" : "2.6.39-300.17.2.el6uek.x86_64", "version" : "#1 SMP Wed Nov 7 17:48:36 PST 2012", "machine" : "x86_64" }, "somap" : [ { "elfType" : 2, "b" : "400000", "buildId" : "5FD49352786BCEAEC14C2C99263D7EDCC9F681FD" }, { "b" : "7FFF433DF000", "elfType" : 3, "buildId" : "1E333CA5361BDB0097E9F47A6280B1AB5EEF4F0A" }, { "path" : "/usr/lib64/libssl.so.10", "elfType" : 3, "buildId" : "145F7FE3952D398F1580F65D309F7B84C170C46B" }, { "path" : "/usr/lib64/libcrypto.so.10", "elfType" : 3, "buildId" : "04B2B7E614BF9844F5191F8A81E15B0F60A1EF3A" }, { "path" : "/lib64/librt.so.1", "elfType" : 3, "buildId" : "A34F8F7191C98A2AAEC9150CD504EE6E3E1BA7CD" }, { "path" : "/lib64/libdl.so.2", "elfType" : 3, "buildId" : "15B0822C819020F18BBF0E0C0286373155E03BE2" }, { "path" : "/usr/lib64/libstdc++.so.6", "elfType" : 3, "buildId" : "1A4BC78E7DA0FA025262D516D00E04AFD1B0F429" }, { "path" : "/lib64/libm.so.6", "elfType" : 3, "buildId" : "4506D67E9AC196C2A4C51CF9804C469B5465AA89" }, { "path" : "/lib64/libgcc_s.so.1", "elfType" : 3, "buildId" : "CE152B8676517F23E7F54AD6408330979BE41443" }, { "path" : "/lib64/libpthread.so.0", "elfType" : 3, "buildId" : "7A688BCD17DD94352FD083FB9A64DCAF6296428E" }, { "path" : "/lib64/libc.so.6", "elfType" : 3, "buildId" : "9482B5DFEC6960CE8D5D90CECF6C77DC18A11272" }, { "path" : "/lib64/ld-linux-x86-64.so.2", "elfType" : 3, "buildId" : "CBC6E7266FCF291CEE239F38D1DD7B59D82AADBD" }, { "path" : "/lib64/libgssapi_krb5.so.2", "elfType" : 3, "buildId" : "5A849E6F82D34BFDF59D7B3ACD00BE9A7E24B6F1" }, { "path" : "/lib64/libkrb5.so.3", "elfType" : 3, "buildId" : "C2F73DA1AF5D07B0B72F82ED3690456C4EDF3E0E" }, { "path" : "/lib64/libcom_err.so.2", "elfType" : 3, "buildId" : "6A8EE2F10B2BB3A361B366DB93A0884E70A4D03B" }, { "path" : "/lib64/libk5crypto.so.3", "elfType" : 3, "buildId" : "2C7D5C2761C37E2B0B9F2719A8AF6ADA48D4895C" }, { "path" : "/lib64/libz.so.1", "elfType" : 3, "buildId" : "209A7EBEAB54483FED76E2A984B4AEAE29C66D69" }, { "path" : "/lib64/libkrb5support.so.0", "elfType" : 3, "buildId" : "DE4E1481ECA0ADF2F15A4D830CF2C43A29350087" }, { "path" : "/lib64/libkeyutils.so.1", "elfType" : 3, "buildId" : "8A8734DC37305D8CC2EF8F8C3E5EA03171DB07EC" }, { "path" : "/lib64/libresolv.so.2", "elfType" : 3, "buildId" : "E48B7A85C3EE7A22CBCAC817C407458CC0A9D47F" }, { "path" : "/lib64/libselinux.so.1", "elfType" : 3, "buildId" : "A287DC6B86A9823038F057105CE64671E0B392EC" } ] }} mongod(_ZN5mongo15printStackTraceERSo+0x32) [0x1310252] mongod(+0xF0F189) [0x130f189] mongod(+0xF0F992) [0x130f992] libpthread.so.0(+0xF500) [0x349f40f500] libc.so.6(__select+0x33) [0x349f0e0d03] mongod(_ZN5mongo8Listener13initAndListenEv+0x4B4) [0x12b4fc4] mongod(_ZN5mongo13initAndListenEi+0x1316) [0x977f26] mongod(main+0x15D) [0x97a9bd] libc.so.6(__libc_start_main+0xFD) [0x349f01ecdd] mongod(+0x574881) [0x974881] ----- END BACKTRACE ----- </code></pre> <p>Any idea how I can go about getting a core dump here?</p> https://serverfault.tech/q/752455 2 What is the correct way to generate /etc/audit/audit.rules on Centos7? Wayne Werner https://serverfault.tech/users/46824 2016-01-28T17:43:41Z 2020-09-28T23:43:58Z <p>At the top of <code>/etc/audit/audit.rules</code> on Centos7 it tells me:</p> <pre><code>## This file is automatically generated from /etc/audit/rules.d </code></pre> <p>Okay, so I went and looked, and found <code>/etc/audit/rules.d/audit.rules</code>. It had the following line</p> <pre><code># Feel free to add below this line. See auditctl man page </code></pre> <p>Which I did, and found what <em>looked</em> like maybe it was the option:</p> <pre><code> -R file Read rules from a file. The rules must be 1 per line and in the order that they are to be executed in. The rule file must be owned by root and not readable by other users or it will be rejected. The rule file may have comments embedded by starting the line with a '#' character. Rules that are read from a file are identical to what you would type on a command line except they are not preceded by auditctl (since auditctl is the one executing the file) and you would not use shell escaping since auditctl is reading the file instead of bash. </code></pre> <p>But I ran <code>auditctl -R /etc/audit/rules.d/audit.rules</code> which seemed to work, <em>however</em> it didn't do anything to <code>/etc/audit/audit.rules</code>.</p> <p>What's the right way to regenerate that file?</p> https://serverfault.tech/q/565122 0 smbclient -M nt_status_bad_network_name error Benjamin Jones https://serverfault.tech/users/187543 2014-01-05T05:05:54Z 2020-09-29T00:00:40Z <p>I am trying to send a test message (for a test project) from my <code>Ubuntu Virtualbox Guest</code> to my <code>Windows 8 host</code>. I am getting the error <code>nt_status_bad_network_name error</code>.</p> <p>What I know that works:</p> <p>I can ping from Host to Guest and vice versa by using computer host name. MSG Service (replace net send) is enabled on <code>Windows 8</code> side.</p> <p>NOTE: For LAN testing purposes, I did disable Windows firewall (thus is how I can ping from Ubuntu to Window host)</p> <p>So I wonder why I type <code>smbclient -M "computername</code>" in the terminal from the virtualbox guest OS, I get "<code>nt_status_bad_network_name error</code>" when I try to send the message to the Windows host?</p> https://serverfault.tech/q/225428 0 How to set the SPN for Postgres SSPI chotchki https://serverfault.tech/users/18888 2011-01-22T02:04:20Z 2020-09-28T22:00:30Z <p>I am trying to setup Postgres to support SSPI/Kerberos, however I think that I have not found out what the correct SPN that is needed to get it working.</p> <p>The background details:</p> <ul> <li>Service account for postgres: 'postgres'</li> <li>Domain Name: 'testdomain.com'</li> <li>Domain Controller: 'dc.testdomain.com'</li> </ul> <p>I have tried the following SPNs and have had zero luck:</p> <ul> <li><code>setspn -A HOST/testdomain.com postgres</code></li> <li><code>setspn -A HOST/testdomain postgres</code></li> <li><code>setspn -A POSTGRES/testdomain.com postgres</code></li> <li><code>setspn -A POSTGRES/testdomain postgres</code></li> <li><code>setspn -A POSTGRES/dc.testdomain.com postgres</code></li> </ul> <p>Does anyone have some suggestions?</p>