はてなブックマーク

I went to /var/log/cron but this file is empty. How to check if crontab is enabled or is running properly or not in ubuntu thanks

I am going to introduce Ansible into my data center, and I'm looking for some security best practice on where to locate the control machine and how to manage the SSH keys. Question 1: the control machine We of course need a control machine. The control machine has public SSH keys saved on it. If an attacker has access to the control machine, it potentially has access to the whole data center (or t

Every time I try to make a mysqldump I get the following error: $> mysqldump --single-transaction --host host -u user -p db > db.sql mysqldump: Couldn't execute 'SELECT COLUMN_NAME, JSON_EXTRACT(HISTOGRAM, '$."number-of-buckets-specified"') FROM information_schema.COLUMN_STATISTICS WHERE SCHEMA_NAME = 'db' AND TABLE_NAME = 'Absence';': Unknown table 'COLUMN_STATISTICS' in information_schema (1109)

I have a NGINX acting as a reverse proxy for our sites and is working very well. For the sites that need ssl I followed raymii.org to make sure to have as strong of a SSLLabs score as possible. One of the sites needs to be PCI DSS compliant but based on the latest TrustWave scan is now failing because of TLS 1.0 being enabled. On the http level in nginx.conf I have: ssl_protocols TLSv1 TLSv1.1 TLS

I have no strace skill and knowlegde, but im trying to work through a problem where my clients application is awfully slow. And im trying to find out where the bottleneck / problem may lie. So I ran /etc/init.d/apache2 stop && strace -Tf -o /tmp/trace.txt /etc/init.d/apache2 start And going through /tmp/trace.txt, im seeing quite a lot of the following. 2540 poll([{fd=21, events=POLLIN|POLLPRI}],

I'm able to use limit_req to rate-limit all requests to my server. However I'd like to remove the rate restriction for certain IP addresses (i.e. whitelist) and use a different rate restriction for certain others (i.e. certain IPs I'd like as low as 1r/s). I tried using conditionals (e.g. if ( $remote_addr = "1.2.3.4" ) {}) but that seems to work only with rewrite rules, not for rate-limit rules.

I'm trying to get my Pelican blog working. It uses lftp to transfer the actual blog to ones server, but I always get an error: mirror: Fatal error: Certificate verification: subjectAltName does not match ‘blogname.com’ I think lftp is checking the SSL and the quick setup of Pelican just forgot to include that I don't have SSL on my FTP. This is the code in Pelican's Makefile: ftp_upload: $(OUTPUTD

Nginx is running on port 80, and I'm using it to reverse proxy URLs with path /foo to port 3200 this way: location /foo { proxy_pass http://localhost:3200; proxy_redirect off; proxy_set_header Host $host; } This works fine, but I have an application on port 3200, for which I don't want the initial /foo to be sent to. That is - when I access http://localhost/foo/bar, I want only /bar to be the path

I'm trying to get these 2 location directives working in Nginx but I'm getting some errors back when booting Nginx. location ~ ^/smx/(test|production) { proxy_pass http://localhost:8181/cxf; } location ~ ^/es/(test|production) { proxy_pass http://localhost:9200/; } This is the error I'm receiving: nginx: [emerg] "proxy_pass" cannot have URI part in location given by regular expression, or inside n

Stack Exchange Network Stack Exchange network consists of 183 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. Visit Stack Exchange

I'm running my own NAT instance inside of an AWS VPC. I want to make sure that the NAT instance will not be a bottleneck and to that end would like to set my own expectation for when to scale to a secondary NAT (if ever). I understand that instance type (currently an m1.medium if that's important) is an important aspect of this but would like to know how to check that the NAT instance is starting

What does the keys_zone=myCache:8m mean? As documentation said, nginx will keep all active keys and information about data are stored in a shared memory zone, whose name and size are configured by the keys_zone parameter. As a matter of completeness, lets break down per part /var/cache/nginx is the place where the actual cache stored. Inside the folder, cache file was binary file but you can easil

I've started using Nginx as a reverse proxy for a set of servers that provide some sort of service. The service can be rather slow at times (its running on Java and the JVM sometimes gets stuck in "full garbage collection" that may take several seconds), so I've set the proxy_connect_timeout to 2 seconds, which will give Nginx enough time to figure out that the service is stuck on GC and will not

My business's web site uses the AWS platform. I want the site's visitors to be able to reach my content using the IPv6 protocol. How can I add an IPv6 address?

We recently found a bug in a hardware vendor's ability to port aggregate to a monitoring port. They have given us an estimate og at least 6 months of development to get a fix. As this is an operational requirement for us, we need to figure out another way to get access to this packet data. Is there any way to mirror all traffic from a network interface in linux to another interface (both in and ou

One thing that annoys me no end about Windows is the old sharing violation error. Often you can't identify what's holding it open. Usually it's just an editor or explorer just pointing to a relevant directory but sometimes I've had to resort to rebooting my machine. Any suggestions on how to find the culprit?

I'm using Nginx to serve static files in response to CORS requests using the technique outlined in this question. However, when the file doesn't exist the 404 response does not contain the Access-Control-Allow-Origin: * header and so is block by the browser. How can I send Access-Control-Allow-Origin: * on 404 responses?

I have a set of Nginx servers behind an Amazon ELB load balancer. I am using set_real_ip (from the HttpRealIpModule) so that I can access the originating client IP address on these servers (for passing through to php-fpm and for use in the HttpGeoIPModule). It seems that set_real_ip_from in the nginx configuration can only accept an IP address. However, with regard to ELB machines Amazon say: Note

Stack Exchange Network Stack Exchange network consists of 183 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. Visit Stack Exchange

Stack Exchange Network Stack Exchange network consists of 183 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. Visit Stack Exchange

Since the beginning of time (or as long as I remember anyway) linux systems have had a "sys" and an "adm" group. What is the canonical use for them? Would it be appropriate to use either for a "super user" group? (Group permissions on directories, in sudoers, etc).

I'm trying to set up nginx as a reverse proxy, with a large number of backend servers. I'd like to start up the backends on-demand (on the first request that comes in), so I have a control process (controlled by HTTP requests) which starts up the backend depending on the request it receives. My problem is configuring nginx to do it. Here's what I have so far: server { listen 80; server_name $DOMAI

The previous SF questions I've seen have lead to answers that produce MD5 hashed password. Does anyone have a suggestion on to produce an SHA-512 hashed password? I'd prefer a one liner instead of a script but, if a script is the only solution, that's fine as well. Update Replacing previous py2 versions with this one: python3 -c "import crypt;print(crypt.crypt(input('clear-text pw: '), crypt.mksal

I have a server with apache and I recently installed mod_security2 because I get attacked a lot by this: My apache version is apache v2.2.3 and I use mod_security2.c This were the entries from the error log: [Wed Mar 24 02:35:41 2010] [error] [client 88.191.109.38] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Wed Mar 24 02:47:31 2010] [e

Stack Exchange Network Stack Exchange network consists of 183 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. Visit Stack Exchange