Recent Questions - Server Fault

---

• how to implement edns client tagoption code
• how to instert "x-forwarded-for" data to http header in physical l4 switch?
• VPN ports not opening on ubuntu server 22.04
• can't set a windows docker container hostname in the hosts file
• How Does Email Forwarding Works In Customer Support Ticketing Systems?
• suEXEC is disabled: Invalid owner
• iptables show chains without references
• Updated MX records: gmail, outlook, and proton work. iCloud and yahoo don't?
• fail2ban iptables returned 200, iptables 0 references
• Allowing docker to access local webhost Database
• Server performance tracker/collector
• the if statement is always show as true even my function run false
• Limit drag & drop mess
• How do I create an AD username with a dot in it via Powershell?
• Apache VirtualHosts not working/redirecting? (Reverse proxy)
• 301 redirect url based off of a category in the url
• Create subdomains under a single IP/domain in an Nginx Reverse Proxy?
• Unable to use YUM. RHEL 8.2 server hosted in Azure
• Fail2Ban not banning, Regex shows many fails in logs
• How to properly set-up ou DNS Zone delegation for the "_acme-challenge" subdomain?
• Windows server 2016 unable to complete update KB4103723 (roll back on 99%)
• systemd: setting dependencies between templated timer units?
• How to access LibreOffice running in a Docker container from a Windows system?
• Web app running on tomcat not updating when modified
• Getting "Can't create/write to file '/var/lib/mysql/is_writable'" using docker (inside vagrant on OS X)
• Elastic Search Unassigned Shards
• How to install/update/upgrade SSL certificate in Tomcat
• cannot useradd/adduser when /etc/{passwd,shadow,group} are symlink (debian squeeze)
• ejabberd send group message
• installing lots of perl modules

how to implement edns client tagoption code Posted: 30 Apr 2022 01:17 PM PDT I've been searching for edns and found these documents. They mention something called client tag and server tag. Is there any way I can implent those tags? Here is my use case: Our product teams have some services that want to query mydomain.com from public dns services. I mean, they want to reach our public IP address. Since all of their worker nodes are placed in the same network subnet, I cant use views. If I didn't misunderstand the documents below, edns has the capability of passing some keywords that are meaningless for the protocol, in that case it would be very useful for me. Otherwise I will have to spin up a recursive dns server and tell them to use the new dns server. https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml https://www.ietf.org/archive/id/draft-bellis-dnsop-edns-tags-01.txt

how to instert "x-forwarded-for" data to http header in physical l4 switch? Posted: 30 Apr 2022 01:02 PM PDT 0 In the L4 switch, there is an 'x-forwarded-for' function that puts the client source ip address in the http header. The l4 switch can only know layer 4 information, so I'm curious how to put the x-forwarded-for information http header(http header is in the layer 7!! ). Even in https, the http header is encrypted, how can L4 switch decrypt this encrypted http header, insert x-forwared-for information, and send a packet to the backend? Thanks!

VPN ports not opening on ubuntu server 22.04 Posted: 30 Apr 2022 12:28 PM PDT Im trying to set up an openvpn on my pc (which is running Ubuntu Server 22.04). I've used the quick install script listed here When i try to connect on my linux machine i get the following error: 2022-05-01 00:41:54 read UDP [ECONNREFUSED]: Connection refused (code=111) Which means that my port isn't open. I tried opening it with ufw and the guide listed on another similar problem: here The mini server is on my local network with a static ip. Doing sudo nmap -sU localhost Nmap scan report for localhost (127.0.0.1) Host is up (0.000075s latency). All 1000 scanned ports on localhost (127.0.0.1) are closed Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds Even tho i allowed the port with ufw. sudo ufw status: -- ------ ---- 22 ALLOW Anywhere 1194/udp ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6) 1194/udp (v6) ALLOW Anywhere (v6) Also my netplan config (just in case): version: 2 wifis: wlp2s0: access-points: NETSSID: password: 'pass' dhcp4: no addresses: [192.168.1.101/24] routes: - to: default via: 192.168.1.1 nameservers: addresses: [1.1.1.1, 1.0.0.1]

can't set a windows docker container hostname in the hosts file Posted: 30 Apr 2022 11:33 AM PDT I set a windows docker container to run some software (abbyy fineprint) that needs to match the docker name (abbydock) with the localhost ip (127.0.0.1). I'm starting the container with docker run -h abbydock.... What I've done is to add an entry in c:\windows\system32\drivers\etc\hosts with the following content: 127.0.0.1 abbydock It worked once, I ping to abbydock and the answer is 127.0.0.1 . The next times the container just ignores any information that I put on the hosts file if that name matches the container hostname, for example a ping will answer the container ip and no the loopback wrong ping answer Anyway, if I set any other hostname to localhost and then ping that any other name the answer will be 127.0.0.1 where or how can i set the wanted information? c:\Windows\System32\drivers\etc>ipconfig /displaydns Windows IP Configuration 1.0.0.127.in-addr.arpa ---------------------------------------- Record Name . . . . . : 1.0.0.127.in-addr.arpa. Record Type . . . . . : 12 Time To Live . . . . : 580106 Data Length . . . . . : 8 Section . . . . . . . : Answer PTR Record . . . . . : abbydock abbydock ---------------------------------------- Record Name . . . . . : abbydock Record Type . . . . . : 28 Time To Live . . . . : 1200 Data Length . . . . . : 16 Section . . . . . . . : Question AAAA Record . . . . . : fe80::e81b:c4e4:83d:a9b5 abbydock ---------------------------------------- Record Name . . . . . : abbydock Record Type . . . . . : 1 Time To Live . . . . : 1200 Data Length . . . . . : 4 Section . . . . . . . : Question A (Host) Record . . . : 172.22.54.104 A record should be 127.0.0.1, or at least I should get an extra A record

How Does Email Forwarding Works In Customer Support Ticketing Systems? Posted: 30 Apr 2022 11:46 AM PDT When you sign up for customer support ticketing systems like Zendesk they provide you with a unique email address something like support@mygoodshop.zendesk.com where you can forward emails from customers to this address and these forwarded emails are converted to tickets in Zendesk. How do they generate such unique emails to each business that signs up? Do they use some form of internal email server that generate these emails addresses? How do they receive the forwarded emails in the Zendesk application in order to convert them to tickets?

suEXEC is disabled: Invalid owner Posted: 30 Apr 2022 10:18 AM PDT I got apache server with ubuntu and direct admin, after move my website into this server, I wanted to set permission for public_html chown -R admin:admin / but accidentally pressed enter button and all my files in root owner became for admin! It should be root after that I run again this: chown -R root:root / but website got erro 502. after I check apache status it get: Starting The Apache HTTP Server... AH00526: Syntax error on line 42 of /etc/httpd/conf/extra/httpd-vhosts.conf: SuexecUserGroup configured, but suEXEC is disabled: Invalid owner or file mode for /usr/sbin/suexec httpd.service: Main process exited, code=exited, status=1/FAILURE httpd.service: Failed with result 'exit-code'. Failed to start The Apache HTTP Server. I check this file suexec it has 755 / root:root permission I don't know what should I do, any help?

iptables show chains without references Posted: 30 Apr 2022 08:50 AM PDT iptables -L -v -n gives me multiple chains but without references. Like this: Chain fail2ban-apache-auth (0 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Is it possible to add reference to iptables? It seemt that that is the problem why my fail2ban does not work. T.hank you

Updated MX records: gmail, outlook, and proton work. iCloud and yahoo don't? Posted: 30 Apr 2022 08:06 AM PDT I've updated MX records to point to gmail. I am able to receive email from Gmail, outlook, and proton almost immediately. Yahoo and iCloud still don't work after 24 hours. My TTL was very short. Why would some providers take so long to update? Am I completely helpless?

fail2ban iptables returned 200, iptables 0 references Posted: 30 Apr 2022 07:42 AM PDT I installed fail2ban but on start I got multiple error messages: iptables -n -L gives me 0 references for each jail. (should be 1?) Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-apache-auth (0 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-apache-badbots (0 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-apache-nokiddies (0 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-php-url-fopen (0 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 Also I m getting error messages like: fail2ban.actions.action: ERROR iptables -N fail2ban-ssh iptables -A fail2ban-ssh -j RETURN iptables -I <known/chain> -p tcp -m multiport --dports ssh -j fail2ban-ssh returned 200 2022-04-30 14:25:10,428 fail2ban.jail : INFO Jail 'skinlou_x' started 2022-04-30 14:25:10,429 fail2ban.jail : INFO Jail 'apache-auth' started 2022-04-30 14:25:10,430 fail2ban.actions.action: ERROR iptables -N fail2ban-php-url-fopen iptables -A fail2ban-php-url-fopen -j RETURN I tried to reinstall fail2ban but it is always same. Thank you for help.

Allowing docker to access local webhost Database Posted: 30 Apr 2022 07:30 AM PDT I am creating a webapp for my business using AppSmith, hosted on Docker. AppSmith requires access to a database in order to read/write information. Previously I have used MariaDB which is also hosted as a docker Image. However, because this is for business I would rather have the data hosted on an actual server/database rather than a docker image The address shown for the database is localhost:3306 which I cannot link a docker image/container to since the container is virtual and not actually on the system. I have also tried linking via ipaddress:3306 but it will not connect, I then tried HeidiSQL to check if it could connect to my Database and had no joy. After speaking with my hosting provider they have said that they block all external connections to the database and I would need to use SSH in order to open up the database to external connections, however there are a number of related security risks as well as coming with the potential to accidentally damage/corrupt existing databases. So what I am essentially looking for is a way for docker to open, so that it can allow containers access to my databases My hosting provider doesnt have much knowlege of docker but did mention Docker Gateway AFAIK172 My understanding is that this can be used to edit the defalt IP address of Docker Containers. Can this also be used to change the default IP of the docker container to run on the same IP as my webserver and thus allow it to then access the localhost:3306 database? If so, is there any advise as to where to access the relevant docs to help achieve this?

Server performance tracker/collector Posted: 30 Apr 2022 07:02 AM PDT I'm running Linux gaming server and I'm in need to collect a full day of worth server performance data, both global and app-specific. The issue is that I also need server to be actually operable and useable. I'm well aware that ANY kind of profiler running in the background will to some degree use extra resources and incur latency, but I need it to be tolerable and not that much noticeable to end-user. The basic minimum stats I want is CPU, Memory, Disk and Network usage, anything else is welcomed extra (some system latency, etc). Ideally, would be nice if there are any custom or 3rd party tools to visualize/graph the data (though if it is some simple plain-text data I could parse myself) I know there is stuff like atop but I really dont like its readability and its logs is not nice to parse/read in my opinion.

the if statement is always show as true even my function run false Posted: 30 Apr 2022 06:59 AM PDT I have an powershell script which removes the language pack but for some reason even function return false the last if statement still returns true function RemoveLangugae { $MarkedLangRemoved=$false "Set-WinUILanguageOverride " | Tee-Object -FilePath $logFile -Append Set-WinUILanguageOverride "Add Language Pack to User List" | Tee-Object -FilePath $logFile -Append $List = Get-WinUserLanguageList; $MarkedLang = $List | where LanguageTag -eq $LanguageTag if($MarkedLang) { $MarkedLang | Tee-Object -FilePath $logFile -Append Start-Sleep 2 $MarkedLangRemoved = $List.Remove($MarkedLang); Start-Sleep 2 $List.Insert(0, 'en-US'); Start-Sleep 2 Set-WinUserLanguageList $List -Force; } Write-Host $MarkedLangRemoved if( $MarkedLangRemoved ) { Write-Host "ssssss" Set-Culture en-US [Environment]::Exit(3010) return $true; } return $false; } #RemoveLangugae if( !(RemoveLangugae) ) { "Language Not Removed lets try it again" | Tee-Object -FilePath $logFile -Append RemoveLangugae }else { "Language has been removed succesffuly" | Tee-Object -FilePath $logFile -Append } enter image description here

Limit drag & drop mess Posted: 30 Apr 2022 06:27 AM PDT I have a Windows Server 2016 acting as a file server with thousands of files in a well-defined tree. Different people have different access to different parts of the tree. The problem is that some users, by mistake, sometimes do drag & drop, and a project folder appears somewhere else, mostly, anywhere, not related to the original place. I have snapshots in case of disaster, but I've never used them because the folder that disappears is always found with a search. I'm getting tired of this, and my boss is going to have a heart attack in the near future because the first thing he thinks is that the folder was deleted. The problem is that the users need read-write access, folder creation, and delete permissions so the tree can be in good shape. So, the question is: how can I solve this problem?

How do I create an AD username with a dot in it via Powershell? Posted: 30 Apr 2022 01:19 PM PDT I'm trying to change an existing script so that my username is firstname intial dot last name for example: John Doe's username will be j.doe Current script works (without the .) as: $firstname.substring(0,$i) + $lastname thank you.

Apache VirtualHosts not working/redirecting? (Reverse proxy) Posted: 30 Apr 2022 09:42 AM PDT I am trying to set up Apache as a reverse proxy on a new Ubuntu 22.04 virtual machine. We have an existing Apache reverse proxy on Ubuntu 18.04 where everything is working as intended. This new reverse proxy is supposed to replace our older one, but the virtual hosts don't seem to be working correctly. I have done the following: apt-get update apt-get upgrade apt-get install apache2 a2enmod proxy a2enmod proxy_http a2enmod proxy_balancer a2enmod lbmethod_byrequests I disabled the default page in sites-enabled. a2dissite 000-default.conf I then created a new virtual host and enabled it. vi 001-trupage.azmedien.ch.conf a2ensite 001-trupage.azmedien.ch.conf It looks like this: <VirtualHost trupage.azmedien.ch:80> ServerName trupage.azmedien.ch ProxyPreserveHost On ProxyPass / http://10.200.0.130/ ProxyPassReverse / http://10.200.0.130/ </VirtualHost> I then restarted & reloaded the Apache. systemctl restart apache2 systemctl reload apache2 I created a host file entry on my Windows PC to test if this very basic configuration works, it points to my Apache server. When I then try to reach trupage.azmedien.ch it leads me to the Apache default website instead of actually redirecting me to the correct server (which is defined with ProxyPass in the virtual host). It seems like it doesn't recognize the virtualhost for some reason? When I replace "trupage.azmedien.ch:80" with "*:80" and then open it in my browser the ProxyPass works. But obviously, that is not what I want as there will be multiple virtual hosts. <VirtualHost *:80> ServerName trupage.azmedien.ch ProxyPreserveHost On ProxyPass / http://10.200.0.130/ ProxyPassReverse / http://10.200.0.130/ </VirtualHost> Here is the output from apache2ctl -S, 213.146.11.131 is the IP of the old reverse proxy, but I have no clue where it's coming from or why it's showing up here: root@azprox10:~# apache2ctl -S AH00558: apache2: Could not reliably determine the server's fully qualified doma in name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress th is message VirtualHost configuration: 213.146.11.131:80 is a NameVirtualHost default server localhost (/etc/apache2/sites-enabled/001-trupage.azmedi en.ch.conf:1) port 80 namevhost localhost (/etc/apache2/sites-enabled/001-trupage.azm edien.ch.conf:1) port 80 namevhost opvsg.chmedia.ch (/etc/apache2/sites-enabled/002-opvs g.chmedia.ch.conf:1) ServerRoot: "/etc/apache2" Main DocumentRoot: "/var/www/html" Main ErrorLog: "/var/log/apache2/error.log" Mutex rewrite-map: using_defaults Mutex proxy: using_defaults Mutex default: dir="/var/lock/apache2" mechanism=fcntl Mutex watchdog-callback: using_defaults PidFile: "/var/run/apache2/apache2.pid" Define: DUMP_VHOSTS Define: DUMP_RUN_CFG User: name="www-data" id=33 Group: name="www-data" id=33

301 redirect url based off of a category in the url Posted: 30 Apr 2022 08:05 AM PDT Does anyone know how to redirect a url that contains a parent category of a product? Basically I want to redirect a ton of products to a simple landing page that I created, so instead of making redirects for each product, I want to target the parent category (manufacturer) and redirect it to my one landing page. So like these: https://example.com/product/baader/baader-600/baader-600-belts/belt-rubber/ https://example.com/product/baader/baader-600/baader-600-belts/belt-urethane/ https://example.com/product/baader/baader-600/baader-600-parts/cover/ https://example.com/product/baader/baader-600/baader-600-parts/washer/ Would all redirect to this one landing page: https://example.com/replacement-parts/baader/baader-600/ So I guess you would target anything that has "product/baader/baader-600/" and then ditch the last part of the url (/baader-600-belts/belt-rubber/) and redirect it to "/replacement-parts/baader/baader-600/" I have no idea how to make sus a RewriteRule.

Create subdomains under a single IP/domain in an Nginx Reverse Proxy? Posted: 30 Apr 2022 10:01 AM PDT I'd like to be able to create a subdomain in Nginx Reverse proxy. As it stands right now, I have a properly configured and usable reverse proxy that resolves properly. The problem arises when I try to get it to play nice with an apache server that I need multiple subdomains for. I'd like to create a subdomain such as johnsmith.example.com. My main domain example.com points to an apache2 server, which is currently up, pinging, and loads the default apache page. I'm currently unable to figure out the necessary reverse proxy configuration to point the reverse proxy to the subdomain properly. Am I supposed to create separate site-enabled configurations for the subdomain, as I have with example.com.conf? Or do I need to add subdomain configuration inside of example.com.conf in /etc/nginx/sites-available? Here is the nginx reverse proxy example.com.conf in /etc/nginx/sites-available (changed names for domains, assume everything EXCEPT for johnsmith.example.com resolves and is set up properly. Also ignore SSL stuff, as this isn't a certbot oriented problem/question): #example.com server { listen 443;# ssl http2; listen [::]:443;# ssl http2; server_name example.com; # reverse proxy location / { proxy_pass "http://internal.DNS.URL"; include nginxconfig.io/proxy.conf; } # additional config include nginxconfig.io/general.conf; } # HTTP redirect server { listen 80; listen [::]:80; server_name example.com; include nginxconfig.io/letsencrypt.conf; location / { return 301 https://example.com$request_uri; } } ##johnsmith.example.com server { listen 443;# ssl http2; listen [::]:443;# ssl http2; server_name johnsmith.example.com; # security include nginxconfig.io/security.conf; # reverse proxy location / { proxy_pass "internal.DNS.URL"; include nginxconfig.io/proxy.conf; } # additional config include nginxconfig.io/general.conf; } # HTTP redirect server { listen 80; listen [::]:80; server_name johnsmith.example.com; include nginxconfig.io/letsencrypt.conf; location / { return 301 https://johnsmith.example.com$request_uri; } } Note: I have created a seperate configuration (/etc/nginx/sites-available/johnsmith.example.com.conf) and it did not work. This is just what I've tried last. My DNS record for this subdomain is: Type: CNAME Record | Host: johnsmith | Target: example.com Type: CNAME Record | Host: www.johnsmith | Target: example.com Like I've said above, assume everything resolves except for this particular subdomain. Please let me know what other information would be useful for solving this problem. Thank you for your time. Edit: Output of curl -v https://johnsmith.example.com Expire in 3 ms for 1 (transfer 0x55f7da933e00) * Expire in 3 ms for 1 (transfer 0x55f7da933e00) * Expire in 4 ms for 1 (transfer 0x55f7da933e00) * Trying 97.113.101.68... * TCP_NODELAY set * Expire in 200 ms for 4 (transfer 0x55f7da933e00) * Connected to johnsmith.example.com (97.113.101.68) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=jellyfin.example.com * start date: Jan 3 20:38:41 2021 GMT * expire date: Apr 3 20:38:41 2021 GMT * subjectAltName does not match johnsmith.example.com * SSL: no alternative certificate subject name matches target host name 'johnsmith.example.com' * Closing connection 0 curl: (60) SSL: no alternative certificate subject name matches target host name 'johnsmith.example.com' More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.

Unable to use YUM. RHEL 8.2 server hosted in Azure Posted: 30 Apr 2022 01:01 PM PDT I have a Red Hat server hosted in Azure and when I try to use yum to install software or do a system update I get the below error, Errors during downloading metadata for repository 'rhui-rhel-8-for-x86_64-baseos-rhui-rpms': Curl error (28): Timeout was reached for https://rhui-1.microsoft.com/pulp/repos/content/dist/rhel8/rhui/8/x86_64/baseos/os/repodata/repomd.xml [Connection timed out after 30001 milliseconds] The system has been registered in subscription manager.

Fail2Ban not banning, Regex shows many fails in logs Posted: 30 Apr 2022 11:02 AM PDT I have the following jail defined in my /etc/fail2ban/jail.conf. For privacy/security I've replaced references to IPs with local 10.0.0.x addresses. [ssh-iptables] enabled = true filter = sshd banaction = iptables[name=SSH, port=ssh, protocol=tcp] logpath = /var/log/secure backend = auto findtime = 18000 bantime = 65535 maxretry = 5 Using the filter available here for sshd. I did attempt to add this line: ^.*authentication failure;.*rhost=<HOST> to the file as suggested by this answer When I run fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/sshd.conf I get many hits indicated as failures. Below is a sample based on 150 lines of /var/log/secure from earlier today. $ cat /tmp/output.txt Running tests ============= Use regex file : /etc/fail2ban/filter.d/sshd.conf Use log file : /tmp/failed3.log Results ======= Failregex: 56 total |- #) [# of hits] regular expression | 3) [42] ^\s*(<[^.]+ [^.]+>)?\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s(?:\[ID \d+ \S+\])?\s*(?:(?:error|fatal): (?:PAM: )?)?Failed \S+ for (?P<cond_inv>invalid user )?(?P<user>(?P<cond_user>\S+)|(?(cond_inv)(?:(?! from ).)*?|[^:]+)) from <HOST>(?: port \d+)?(?: on \S+(?: port \d+)?)?(?: ssh\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$) | 13) [14] ^\s*(<[^.]+ [^.]+>)?\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s(?:\[ID \d+ \S+\])?\s*(?:(?:error|fatal): (?:PAM: )?)?pam_unix\(sshd:auth\):\s+authentication failure;\s*logname=\S*\s*uid=\d*\s*euid=\d*\s*tty=\S*\s*ruser=\S*\s*rhost=<HOST>\s.*(?: \[preauth\])?\s*$ `- Ignoreregex: 0 total Summary ======= Addresses found: [3] 10.0.0.1 (Mon Feb 24 11:46:29 2020) 10.0.0.1 (Mon Feb 24 11:46:32 2020) 10.0.0.1 (Mon Feb 24 11:46:34 2020) 10.0.0.1 (Mon Feb 24 11:46:43 2020) 10.0.0.1 (Mon Feb 24 11:46:46 2020) 10.0.0.1 (Mon Feb 24 11:46:48 2020) 10.0.0.1 (Mon Feb 24 11:46:59 2020) 10.0.0.1 (Mon Feb 24 11:47:02 2020) 10.0.0.1 (Mon Feb 24 11:47:03 2020) 10.0.0.1 (Mon Feb 24 11:47:15 2020) 10.0.0.1 (Mon Feb 24 11:47:17 2020) 10.0.0.1 (Mon Feb 24 11:47:20 2020) 10.0.0.1 (Mon Feb 24 11:47:30 2020) 10.0.0.1 (Mon Feb 24 11:47:32 2020) 10.0.0.1 (Mon Feb 24 11:47:34 2020) 10.0.0.1 (Mon Feb 24 11:47:45 2020) 10.0.0.1 (Mon Feb 24 11:47:48 2020) 10.0.0.1 (Mon Feb 24 11:47:51 2020) 10.0.0.1 (Mon Feb 24 11:48:03 2020) 10.0.0.1 (Mon Feb 24 11:48:06 2020) 10.0.0.1 (Mon Feb 24 11:48:08 2020) 10.0.0.1 (Mon Feb 24 11:48:18 2020) 10.0.0.1 (Mon Feb 24 11:48:21 2020) 10.0.0.1 (Mon Feb 24 11:48:23 2020) 10.0.0.1 (Mon Feb 24 11:48:38 2020) 10.0.0.1 (Mon Feb 24 11:48:40 2020) 10.0.0.1 (Mon Feb 24 11:48:43 2020) 10.0.0.1 (Mon Feb 24 11:48:50 2020) 10.0.0.1 (Mon Feb 24 11:48:53 2020) 10.0.0.1 (Mon Feb 24 11:48:55 2020) 10.0.0.1 (Mon Feb 24 11:49:07 2020) 10.0.0.1 (Mon Feb 24 11:49:10 2020) 10.0.0.1 (Mon Feb 24 11:49:13 2020) 10.0.0.2 (Mon Feb 24 11:49:20 2020) 10.0.0.2 (Mon Feb 24 11:49:23 2020) 10.0.0.1 (Mon Feb 24 11:49:24 2020) 10.0.0.2 (Mon Feb 24 11:49:25 2020) 10.0.0.1 (Mon Feb 24 11:49:27 2020) 10.0.0.1 (Mon Feb 24 11:49:29 2020) 10.0.0.1 (Mon Feb 24 11:49:37 2020) 10.0.0.1 (Mon Feb 24 11:49:40 2020) 10.0.0.1 (Mon Feb 24 11:49:43 2020) [13] 10.0.0.1 (Mon Feb 24 11:46:27 2020) 10.0.0.1 (Mon Feb 24 11:46:41 2020) 10.0.0.1 (Mon Feb 24 11:46:57 2020) 10.0.0.1 (Mon Feb 24 11:47:13 2020) 10.0.0.1 (Mon Feb 24 11:47:28 2020) 10.0.0.1 (Mon Feb 24 11:47:44 2020) 10.0.0.1 (Mon Feb 24 11:48:01 2020) 10.0.0.1 (Mon Feb 24 11:48:16 2020) 10.0.0.1 (Mon Feb 24 11:48:35 2020) 10.0.0.1 (Mon Feb 24 11:48:48 2020) 10.0.0.1 (Mon Feb 24 11:49:05 2020) 10.0.0.2 (Mon Feb 24 11:49:18 2020) 10.0.0.1 (Mon Feb 24 11:49:22 2020) 10.0.0.1 (Mon Feb 24 11:49:35 2020) Date template hits: 2606 hit(s): MONTH Day Hour:Minute:Second Success, the total number of match is 56 However, look at the above section 'Running tests' which could contain important information. Increasing log level to 4 produces this output. 2020-02-24 12:33:24,612 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.10 2020-02-24 12:33:24,612 fail2ban.comm : DEBUG Command: ['add', 'ssh-iptables', 'auto'] 2020-02-24 12:33:24,613 fail2ban.jail : INFO Creating new jail 'ssh-iptables' 2020-02-24 12:33:24,633 fail2ban.jail : INFO Jail 'ssh-iptables' uses pyinotify 2020-02-24 12:33:24,647 fail2ban.filter : DEBUG Setting usedns = warn for FilterPyinotify(Jail('ssh-iptables')) 2020-02-24 12:33:24,652 fail2ban.filter : DEBUG Created FilterPyinotify(Jail('ssh-iptables')) 2020-02-24 12:33:24,653 fail2ban.filter : DEBUG Created FilterPyinotify 2020-02-24 12:33:24,653 fail2ban.jail : INFO Initiated 'pyinotify' backend 2020-02-24 12:33:24,654 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'usedns', 'warn'] 2020-02-24 12:33:24,654 fail2ban.filter : DEBUG Setting usedns = warn for FilterPyinotify(Jail('ssh-iptables')) 2020-02-24 12:33:24,654 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addlogpath', '/var/log/secure'] 2020-02-24 12:33:24,663 fail2ban.filter : INFO Added logfile = /var/log/secure 2020-02-24 12:33:24,663 fail2ban.filter : DEBUG Added monitor for the parent directory /var/log 2020-02-24 12:33:24,663 fail2ban.filter : DEBUG Added file watcher for /var/log/secure 2020-02-24 12:33:24,663 fail2ban.filter.datedetector: DEBUG Sorting the template list 2020-02-24 12:33:24,664 fail2ban.filter.datedetector: DEBUG Winning template: MONTH Day Hour:Minute:Second with 0 hits 2020-02-24 12:33:24,664 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'maxretry', '5'] 2020-02-24 12:33:24,664 fail2ban.filter : INFO Set maxRetry = 5 2020-02-24 12:33:24,665 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addignoreip', '127.0.0.1/8,'] 2020-02-24 12:33:24,665 fail2ban.filter : DEBUG Add 127.0.0.1/8, to ignore list 2020-02-24 12:33:24,665 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addignoreip', 10.0.0.0/8'] 2020-02-24 12:33:24,666 fail2ban.filter : DEBUG Add 10.0.0.0/8 to ignore list 2020-02-24 12:33:24,666 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'findtime', '18000'] 2020-02-24 12:33:24,666 fail2ban.filter : INFO Set findtime = 18000 2020-02-24 12:33:24,667 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'bantime', '65535'] 2020-02-24 12:33:24,667 fail2ban.actions: INFO Set banTime = 65535 2020-02-24 12:33:24,667 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?[aA]uthentication (?:failure|error|failed) for .* from <HOST>( via \\S+)?\\s*(?: \\[preauth\\])?\\s*$'] 2020-02-24 12:33:24,670 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User not known to the underlying authentication module for .* from <HOST>\\s*(?: \\[preauth\\])?\\s*$'] 2020-02-24 12:33:24,681 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?Failed \\S+ for (?P<cond_inv>invalid user )?(?P<user>(?P<cond_user>\\S+)|(?(cond_inv)(?:(?! from ).)*?|[^:]+)) from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?(?: ssh\\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)'] 2020-02-24 12:33:24,685 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?ROOT LOGIN REFUSED.* FROM <HOST>\\s*(?: \\[preauth\\])?\\s*$'] 2020-02-24 12:33:24,696 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?[iI](?:llegal|nvalid) user .*? from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?\\s*$'] 2020-02-24 12:33:24,699 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because not listed in AllowUsers\\s*(?: \\[preauth\\])?\\s*$'] 2020-02-24 12:33:24,703 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because listed in DenyUsers\\s*(?: \\[preauth\\])?\\s*$'] 2020-02-24 12:33:24,714 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because not in any group\\s*(?: \\[preauth\\])?\\s*$'] 2020-02-24 12:33:24,718 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?refused connect from \\S+ \\(<HOST>\\)\\s*(?: \\[preauth\\])?\\s*$'] 2020-02-24 12:33:24,729 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?Received disconnect from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?:\\s*3: .*: Auth fail(?: \\[preauth\\])?\\s*$'] 2020-02-24 12:33:24,733 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because a group is listed in DenyGroups\\s*(?: \\[preauth\\])?\\s*$'] 2020-02-24 12:33:24,746 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', "^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\\s*(?: \\[preauth\\])?\\s*$"] 2020-02-24 12:33:24,750 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?pam_unix\\(sshd:auth\\):\\s+authentication failure;\\s*logname=\\S*\\s*uid=\\d*\\s*euid=\\d*\\s*tty=\\S*\\s*ruser=\\S*\\s*rhost=<HOST>\\s.*(?: \\[preauth\\])?\\s*$'] 2020-02-24 12:33:24,766 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?(error: )?maximum authentication attempts exceeded for .* from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?(?: ssh\\d*)? \\[preauth\\]$'] 2020-02-24 12:33:24,771 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^(?P<__prefix>\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*)(?:(?:error|fatal): (?:PAM: )?)?User .+ not allowed because account is locked(?: \\[preauth\\])?\\s*$<SKIPLINES>^(?P=__prefix)(?:(?:error|fatal): (?:PAM: )?)?Received disconnect from <HOST>: 11: .+(?: \\[preauth\\])?\\s*$'] 2020-02-24 12:33:24,788 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^(?P<__prefix>\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*)(?:(?:error|fatal): (?:PAM: )?)?Disconnecting: Too many authentication failures for .+?(?: \\[preauth\\])?\\s*$<SKIPLINES>^(?P=__prefix)(?:(?:error|fatal): (?:PAM: )?)?Connection closed by <HOST>(?: \\[preauth\\])?\\s*$'] 2020-02-24 12:33:24,794 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^(?P<__prefix>\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*)(?:(?:error|fatal): (?:PAM: )?)?Connection from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?(?: \\[preauth\\])?\\s*$<SKIPLINES>^(?P=__prefix)(?:(?:error|fatal): (?:PAM: )?)?Disconnecting: Too many authentication failures for .+(?: \\[preauth\\])?\\s*$'] 2020-02-24 12:33:24,808 fail2ban.comm : DEBUG Command: ['start', 'ssh-iptables'] 2020-02-24 12:33:24,808 fail2ban.jail : INFO Jail 'ssh-iptables' started 2020-02-24 12:33:24,812 fail2ban.filter : DEBUG pyinotifier started for ssh-iptables. 2020-02-24 12:33:26,493 fail2ban.filter : DEBUG Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/secure pathname=/var/log/secure wd=2 > 2020-02-24 12:33:26,493 fail2ban.filter.datedetector: DEBUG Matched time template MONTH Day Hour:Minute:Second 2020-02-24 12:33:26,494 fail2ban.filter.datedetector: DEBUG Matched time template MONTH Day Hour:Minute:Second 2020-02-24 12:33:26,498 fail2ban.filter.datedetector: DEBUG Got time using template MONTH Day Hour:Minute:Second 2020-02-24 12:33:26,498 fail2ban.filter : DEBUG Processing line with time:1582559963.0 and ip:PROBLEM-IP 2020-02-24 12:33:40,959 fail2ban.comm : DEBUG Command: ['status'] 2020-02-24 12:33:45,745 fail2ban.comm : DEBUG Command: ['status', 'ssh-iptables'] The line 2020-02-24 12:33:26,498 fail2ban.filter : DEBUG Processing line with time:1582559963.0 and ip:PROBLEM-IP corresponds with the first entry in my secure log currently (the file has been truncated since it hadn't been rotated in awhile). However there are several hundred similar lines in the secure logs: $ sudo grep "Failed password" /var/log/secure | grep 10.0.0.1 | wc -l 1182 Pyinotify has been installed (sudo yum install pyinotify -y) and NTP is configured and active, my logs dates/times are in sync with the time given by date. $ ntpstat synchronised to NTP server (209.51.161.238) at stratum 2 time correct to within 26 ms polling server every 512 s $ date Mon Feb 24 12:56:34 EST 2020 $ tail /var/log/secure -n1 Feb 24 12:56:37 localhost sshd[24764]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.1 user=root Other info: Fail2Ban v0.8.10 Copyright (c) 2004-2008 Cyril Jaquier, 2008- Fail2Ban Contributors Copyright of modifications held by their respective authors. Licensed under the GNU General Public License v2 (GPL). Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>. Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>. fail2ban-client -d output $ sudo fail2ban-client -d WARNING 'action' not defined in 'ssh-messages'. Using default one: '' ['set', 'loglevel', 4] ['set', 'logtarget', '/var/log/fail2ban.log'] ['add', 'ssh-iptables', 'auto'] ['set', 'ssh-iptables', 'usedns', 'warn'] ['set', 'ssh-iptables', 'addlogpath', '/var/log/secure'] ['set', 'ssh-iptables', 'maxretry', 5] ['set', 'ssh-iptables', 'addignoreip', '127.0.0.1/8,'] ['set', 'ssh-iptables', 'addignoreip', '10.0.0.0/8'] ['set', 'ssh-iptables', 'findtime', 18000] ['set', 'ssh-iptables', 'bantime', 65535] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?[aA]uthentication (?:failure|error|failed) for .* from <HOST>( via \\S+)?\\s*(?: \\[preauth\\])?\\s*$'] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User not known to the underlying authentication module for .* from <HOST>\\s*(?: \\[preauth\\])?\\s*$'] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?Failed \\S+ for (?P<cond_inv>invalid user )?(?P<user>(?P<cond_user>\\S+)|(?(cond_inv)(?:(?! from ).)*?|[^:]+)) from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?(?: ssh\\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)'] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?ROOT LOGIN REFUSED.* FROM <HOST>\\s*(?: \\[preauth\\])?\\s*$'] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?[iI](?:llegal|nvalid) user .*? from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?\\s*$'] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because not listed in AllowUsers\\s*(?: \\[preauth\\])?\\s*$'] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because listed in DenyUsers\\s*(?: \\[preauth\\])?\\s*$'] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because not in any group\\s*(?: \\[preauth\\])?\\s*$'] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?refused connect from \\S+ \\(<HOST>\\)\\s*(?: \\[preauth\\])?\\s*$'] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?Received disconnect from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?:\\s*3: .*: Auth fail(?: \\[preauth\\])?\\s*$'] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because a group is listed in DenyGroups\\s*(?: \\[preauth\\])?\\s*$'] ['set', 'ssh-iptables', 'addfailregex', "^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\\s*(?: \\[preauth\\])?\\s*$"] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?pam_unix\\(sshd:auth\\):\\s+authentication failure;\\s*logname=\\S*\\s*uid=\\d*\\s*euid=\\d*\\s*tty=\\S*\\s*ruser=\\S*\\s*rhost=<HOST>\\s.*(?: \\[preauth\\])?\\s*$'] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:(?:error|fatal): (?:PAM: )?)?(error: )?maximum authentication attempts exceeded for .* from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?(?: ssh\\d*)? \\[preauth\\]$'] ['set', 'ssh-iptables', 'addfailregex', '^(?P<__prefix>\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*)(?:(?:error|fatal): (?:PAM: )?)?User .+ not allowed because account is locked(?: \\[preauth\\])?\\s*$<SKIPLINES>^(?P=__prefix)(?:(?:error|fatal): (?:PAM: )?)?Received disconnect from <HOST>: 11: .+(?: \\[preauth\\])?\\s*$'] ['set', 'ssh-iptables', 'addfailregex', '^(?P<__prefix>\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*)(?:(?:error|fatal): (?:PAM: )?)?Disconnecting: Too many authentication failures for .+?(?: \\[preauth\\])?\\s*$<SKIPLINES>^(?P=__prefix)(?:(?:error|fatal): (?:PAM: )?)?Connection closed by <HOST>(?: \\[preauth\\])?\\s*$'] ['set', 'ssh-iptables', 'addfailregex', '^(?P<__prefix>\\s*(<[^.]+ [^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*)(?:(?:error|fatal): (?:PAM: )?)?Connection from <HOST>(?: port \\d+)?(?: on \\S+(?: port \\d+)?)?(?: \\[preauth\\])?\\s*$<SKIPLINES>^(?P=__prefix)(?:(?:error|fatal): (?:PAM: )?)?Disconnecting: Too many authentication failures for .+(?: \\[preauth\\])?\\s*$'] ['set', 'ssh-iptables', 'addaction', 'iptables'] ['set', 'ssh-iptables', 'actionban', 'iptables', 'iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>'] ['set', 'ssh-iptables', 'actionstop', 'iptables', 'iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>'] ['set', 'ssh-iptables', 'actionstart', 'iptables', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>'] ['set', 'ssh-iptables', 'actionunban', 'iptables', 'iptables -D fail2ban-<name> -s <ip> -j <blocktype>'] ['set', 'ssh-iptables', 'actioncheck', 'iptables', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"] ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'blocktype', 'REJECT --reject-with icmp-port-unreachable'] ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'protocol', 'tcp'] ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'name', 'SSH'] ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'chain', 'INPUT'] ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'port', 'ssh'] ['start', 'ssh-iptables'] iptables -L $ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-SSH (1 references) target prot opt source destination RETURN all -- anywhere anywhere Of note if I run fail2ban-client set ssh-iptables banip IPADDR the given will be added to iptables, and is displayed using the rDNS name of the given IP (at least for server I am testing with). $ sudo fail2ban-client set ssh-iptables banip 10.0.0.10 10.0.0.10 $ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-SSH (1 references) target prot opt source destination REJECT all -- REVERSE-DNS-NAME-FOR-10.0.0.10 anywhere reject-with icmp-port-unreachable RETURN all -- anywhere anywhere I'm fairly new to fail2ban and probably missing something obvious but I'm struggling to determine what at this point. From what I can parse given the output above it seems like it should be working but I am getting 0 bans despite watching dozens of failures scroll by from the same IP in the secure log.

How to properly set-up ou DNS Zone delegation for the "_acme-challenge" subdomain? Posted: 30 Apr 2022 11:02 AM PDT We have hard times setting up a DNS Zone Delegation for one of our subdomains. We have one DNS record "_acme-challenge" that will change frequently, and this DNS record is defined directly on our server, which acts as a SECONDARY Name Server only for this record. Our need is to have this record delegated to our SECONDARY Name Server, instead of having to change it manually in our MAIN DNS zone. Please note that our SECONDARY Name Server is the same domain "example.com". Our domain name is registered at OVH : example.com Our MAIN DNS Servers are at OVH : ns15.ovh.net dns15.ovh.net Our example.com content is hosted on a web server (not on OVH) having the following IP : 212.123.456.789 We do not have any problem with this DNS zone : our domain and emails are working correctly. Our MAIN DNS zone is defined at OVH like this (shortened for brevity) : $TTL 3600 @ IN SOA dns15.ovh.net. tech.ovh.net. (2019111705 86400 3600 3600000 300) IN NS ns15.ovh.net. IN NS dns15.ovh.net. IN A 212.123.456.789 ftp IN CNAME example.com. mail IN A 212.123.456.789 www IN CNAME example.com. Our second DNS Server have these always existing records : example.com. NS ns1.example.com. ns1.example.com. A 212.123.456.789 example.com. NS ns2.example.com. ns2.example.com. A 212.123.456.789 Our second DNS Server will regularly update the following record in its zone : _acme-challenge.example.com TXT HereIsTheTextContent We tried to add the following records to our MAIN DNS zone at OVH, in order to delegate this record to the SECONDARY Name Server, but had no success : _acme-challenge.example.com does not ping at all. ns1 IN A 212.123.456.789 ns2 IN A 212.123.456.789 _acme-challenge IN NS ns1.example.com. _acme-challenge IN NS ns2.example.com. We guessed that some kind of records are missing, but where ? Did we forget to add some records to ou MAIN DNS zone ? (defined at OVH) Did we forget to add some records to ou SECONDARY DNS zone ? (defined on our "example.com" hosted on our server) I would be happy if you could pinpoint the error, and give us a clue to make it work :-) Thanks

Windows server 2016 unable to complete update KB4103723 (roll back on 99%) Posted: 30 Apr 2022 08:07 AM PDT i'm on a strange problem for the last 12 hours unable to update the KB4103723, it rolls back every time. I have tried all of these: sfc /scannow: finish 100% but with error for windows protection error. i have looked at the CBS file and the only error is for the IIS MANAGER.LNK file that is corrupted: the path it says is c:\programdata\microsoft\windows\start menu\programs\ administrative tools \iis manager.lnk in my server the path is changed where administrative tools is actually windows administrative tools i couldn't find any solution for that so i thought maybe i will change all registry to the right path and restart my server (it is a cloned VM so i can play with that) i did several changes but then got to Computer\HLM\SOFTWARE'MICROSOFT\WINDOWS\CURRENTVERSION\SHELLCOMPATIBILITY\INBOXAPP if i try to change something there i get this error message: Cannot edit F2F852BA90DD4456_IIS_MANAGER_LNK_AMD64.LNK: ERROR WRITING THE VALUE'S NEW CONTENTS what can i do?

systemd: setting dependencies between templated timer units? Posted: 30 Apr 2022 09:03 AM PDT I am using some templated timer units to run sets of templated services. There are backup jobs and associated maintenance tasks that require an exclusive lock on the backup repository and cannot run at the same time as the backup jobs. I am trying to figure out how to set up the units so that the jobs are sequenced correctly. For example, I have the following service templates: backup@.service clean@.service I have the following timer templates: backup-daily@.timer backup-weekly@.timer clean-daily@.timer clean-weekly@.timer Where the backup-daily@.timer unit starts the corresponding backup@.service instance and might look something like: [Unit] Description=daily backup of %i [Timer] OnCalendar=daily Unit=backup@%i.service [Install] WantedBy=timers.target If I run... systemctl enable --now backup-daily@foo.timer clean-daily@foo.timer ...I need to ensure that the clean@foo service does not run until after the backup@foo service has completed. The only solution I've come up with so far is to drop OnCalendar=daily and instead use explicit start times so that I can guarantee the backup jobs start first (e.g., start the backup jobs at 1AM and the maintenance jobs at 2AM), and then utilize some sort of locking (e.g., the flock) command to ensure that the maintenance jobs don't start until after the backup jobs have completed. That works but it's a little hacky. If there's a bettery way to solve this using systemd I would like to figure that out.

How to access LibreOffice running in a Docker container from a Windows system? Posted: 30 Apr 2022 12:02 PM PDT I am not able to deploy LibreOffice on my virtual machine using docker. I run my container with : docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=<your-dot-escaped-domain>" --cap-add MKNOD libreoffice/online:master That seem to run, because when I type docker ps my terminal return : CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d3b8849cf74c libreoffice/online:master "/bin/bash" 14 minutes ago Up 14 minutes 127.0.0.1:9980->9980/tcp modest_ardinghelli but when I go to the URL, Firefox only show a "connection failed" message

Web app running on tomcat not updating when modified Posted: 30 Apr 2022 12:02 PM PDT I'm modifiying a web app coded by another guy with AngularJS. This app is fed by csv data files and is running fine in the first place. However, when I'm trying to change some data in the csv files, every part of the app that relies on data taken from those .csv gets broken. I first suspected this problem to be related to the fact Excel was recognizing the .csv files as SYLK files when I tried to modify them. However, when I tried to replace the new .csv by the old ones, it didn't change anything. Even more, removing the whole app overall and putting the old one in place instead didn't change anything to the problem. So now, I'm suspecting there is some cache problem with the Tomcat server (8.0 under windows) I'm running the app on. I tried deleting the localhost folder in work/Catalina from the Tomcat installation folder as suggested in another question on Serverfault, but it doesn't change anything either (neither Under IE, nor Chrome). The only way I can go back to a working app is reboot my computer, but obviously I don't want to reboot each time I'm doing a modification. Any idea to what could be causing the problem?

Getting "Can't create/write to file '/var/lib/mysql/is_writable'" using docker (inside vagrant on OS X) Posted: 30 Apr 2022 09:03 AM PDT I am trying to use docker-compose/docker inside a vagrant machine hosted on OS X. Running 'docker-compose up' always fails with mysqld: Can't create/write to file '/var/lib/mysql/is_writable' (Errcode: 13 - Permission denied) I can manually create the file just fine, however. (Using touch and sudo -g vagrant touch) Does anyone know where to look to debug this? Log: db_1 | Initializing database db_1 | mysqld: Can't create/write to file '/var/lib/mysql/is_writable' (Errcode: 13 - Permission denied) db_1 | 2016-05-21T22:55:38.877522Z 0 [ERROR] --initialize specified but the data directory exists and is not writable. Aborting. db_1 | 2016-05-21T22:55:38.877799Z 0 [ERROR] Aborting My docker-compose.yaml: version: '2' services: db: privileged: true image: mysql volumes: - "./.data/db:/var/lib/mysql" restart: always environment: MYSQL_ROOT_PASSWORD: wordpress MYSQL_DATABASE: wordpress MYSQL_USER: wordpress MYSQL_PASSWORD: wordpress My Vagrantfile: # -*- mode: ruby -*- # vi: set ft=ruby : # All Vagrant configuration is done below. The "2" in Vagrant.configure # configures the configuration version (we support older styles for # backwards compatibility). Please don't change it unless you know what # you're doing. Vagrant.configure(2) do |config| # The most common configuration options are documented and commented below. # For a complete reference, please see the online documentation at # https://docs.vagrantup.com. # Every Vagrant development environment requires a box. You can search for # boxes at https://atlas.hashicorp.com/search. config.vm.box = "ubuntu/trusty64" # config.vm.box = "debian/jessie64" # Disable automatic box update checking. If you disable this, then # boxes will only be checked for updates when the user runs # `vagrant box outdated`. This is not recommended. # config.vm.box_check_update = false # Create a forwarded port mapping which allows access to a specific port # within the machine from a port on the host machine. In the example below, # accessing "localhost:8080" will access port 80 on the guest machine. # config.vm.network "forwarded_port", guest: 80, host: 8080 # Create a private network, which allows host-only access to the machine # using a specific IP. # config.vm.network "private_network", ip: "192.168.33.10" # Create a public network, which generally matched to bridged network. # Bridged networks make the machine appear as another physical device on # your network. # config.vm.network "public_network" # Share an additional folder to the guest VM. The first argument is # the path on the host to the actual folder. The second argument is # the path on the guest to mount the folder. And the optional third # argument is a set of non-required options. # config.vm.synced_folder "../data", "/vagrant_data" # Provider-specific configuration so you can fine-tune various # backing providers for Vagrant. These expose provider-specific options. # Example for VirtualBox: # # config.vm.provider "virtualbox" do |vb| # # Display the VirtualBox GUI when booting the machine # vb.gui = true # # # Customize the amount of memory on the VM: # vb.memory = "1024" # end # # View the documentation for the provider you are using for more # information on available options. # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies # such as FTP and Heroku are also available. See the documentation at # https://docs.vagrantup.com/v2/push/atlas.html for more information. # config.push.define "atlas" do |push| # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" # end # Enable provisioning with a shell script. Additional provisioners such as # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the # documentation for more information about their specific syntax and use. # config.vm.provision "shell", inline: <<-SHELL # sudo apt-get update # sudo apt-get install -y apache2 # SHELL ##################################################################### # Custom Configuration config.vm.define "dev" do |dev| # if File.directory?("~/Dev") # dev.vm.synced_folder "~/Dev", "/vagrant/Dev" # end # custom: above does not work for symlinks dev.vm.synced_folder "~/Dev", "/home/vagrant/Dev" # dev.vm.synced_folder "~/Dev/docker", "/docker" dev.vm.provider "virtualbox" do |vb| vb.gui = false vb.memory = "2048" end dev.vm.provision "shell", run: "always", inline: <<-SHELL pushd /vagrant/conf chmod 755 setup.sh && ./setup.sh popd SHELL dev.ssh.forward_x11 = true # Install the caching plugin if you want to take advantage of the cache # $ vagrant plugin install vagrant-cachier if Vagrant.has_plugin?("vagrant-cachier") # Configure cached packages to be shared between instances of the same base box. # More info on http://fgrehm.viewdocs.io/vagrant-cachier/usage config.cache.scope = :machine end end end

Elastic Search Unassigned Shards Posted: 30 Apr 2022 10:01 AM PDT my cluster state was green and after restart of service one shard remains UNASSIGNED and status goes to yellow. I have 2 machines with 5 shard and 1 replica set settings. I am using default config with multicast off and uni cast enabled.I did rerouting using for shard in $(curl -XGET http://localhost:9201/_cat/shards | grep UNASSIGNED | awk '{print $2}'); do echo "processing $shard" curl -XPOST 'localhost:9201/_cluster/reroute' -d '{ "commands" : [ { "allocate" : { "index" : "wall", "shard" : '$shard', "node" : "node1", "allow_primary" : false } } ] }' sleep 5 done Which gives following output { "acknowledged":true, "state":{ "version":48, "master_node":"Ar7UpWUQSpSlYcje-u6bgA", "blocks":{ }, "nodes":{ "EtQ9mOrLQbiUbHGqeQgMvQ":{ "name":"node2", "transport_address":"inet[/XXX.XXX.XX.XXX:9300]", "attributes":{ } }, "Ar7UpWUQSpSlYcje-u6bgA":{ "name":"node1", "transport_address":"inet[/XXX.XXX.XX.XXX:9301]", "attributes":{ } } }, "routing_table":{ "indices":{ "wall":{ "shards":{ "2":[ { "state":"STARTED", "primary":false, "node":"EtQ9mOrLQbiUbHGqeQgMvQ", "relocating_node":null, "shard":2, "index":"wall" }, { "state":"STARTED", "primary":true, "node":"Ar7UpWUQSpSlYcje-u6bgA", "relocating_node":null, "shard":2, "index":"wall" } ], "0":[ { "state":"STARTED", "primary":true, "node":"EtQ9mOrLQbiUbHGqeQgMvQ", "relocating_node":null, "shard":0, "index":"wall" }, { "state":"INITIALIZING", "primary":false, "node":"Ar7UpWUQSpSlYcje-u6bgA", "relocating_node":null, "shard":0, "index":"wall" } ], "3":[ { "state":"STARTED", "primary":false, "node":"EtQ9mOrLQbiUbHGqeQgMvQ", "relocating_node":null, "shard":3, "index":"wall" }, { "state":"STARTED", "primary":true, "node":"Ar7UpWUQSpSlYcje-u6bgA", "relocating_node":null, "shard":3, "index":"wall" } ], "1":[ { "state":"STARTED", "primary":false, "node":"EtQ9mOrLQbiUbHGqeQgMvQ", "relocating_node":null, "shard":1, "index":"wall" }, { "state":"STARTED", "primary":true, "node":"Ar7UpWUQSpSlYcje-u6bgA", "relocating_node":null, "shard":1, "index":"wall" } ], "4":[ { "state":"STARTED", "primary":false, "node":"EtQ9mOrLQbiUbHGqeQgMvQ", "relocating_node":null, "shard":4, "index":"wall" }, { "state":"STARTED", "primary":true, "node":"Ar7UpWUQSpSlYcje-u6bgA", "relocating_node":null, "shard":4, "index":"wall" } ] } } } }, "routing_nodes":{ "unassigned":[ ], "nodes":{ "EtQ9mOrLQbiUbHGqeQgMvQ":[ { "state":"STARTED", "primary":false, "node":"EtQ9mOrLQbiUbHGqeQgMvQ", "relocating_node":null, "shard":2, "index":"wall" }, { "state":"STARTED", "primary":true, "node":"EtQ9mOrLQbiUbHGqeQgMvQ", "relocating_node":null, "shard":0, "index":"wall" }, { "state":"STARTED", "primary":false, "node":"EtQ9mOrLQbiUbHGqeQgMvQ", "relocating_node":null, "shard":3, "index":"wall" }, { "state":"STARTED", "primary":false, "node":"EtQ9mOrLQbiUbHGqeQgMvQ", "relocating_node":null, "shard":1, "index":"wall" }, { "state":"STARTED", "primary":false, "node":"EtQ9mOrLQbiUbHGqeQgMvQ", "relocating_node":null, "shard":4, "index":"wall" } ], "Ar7UpWUQSpSlYcje-u6bgA":[ { "state":"STARTED", "primary":true, "node":"Ar7UpWUQSpSlYcje-u6bgA", "relocating_node":null, "shard":2, "index":"wall" }, { "state":"INITIALIZING", "primary":false, "node":"Ar7UpWUQSpSlYcje-u6bgA", "relocating_node":null, "shard":0, "index":"wall" }, { "state":"STARTED", "primary":true, "node":"Ar7UpWUQSpSlYcje-u6bgA", "relocating_node":null, "shard":3, "index":"wall" }, { "state":"STARTED", "primary":true, "node":"Ar7UpWUQSpSlYcje-u6bgA", "relocating_node":null, "shard":1, "index":"wall" }, { "state":"STARTED", "primary":true, "node":"Ar7UpWUQSpSlYcje-u6bgA", "relocating_node":null, "shard":4, "index":"wall" } ] } }, "allocations":[] } } But 0th shard is still unassigned and status is yellow. Thanks

How to install/update/upgrade SSL certificate in Tomcat Posted: 30 Apr 2022 01:01 PM PDT I am about to install/update/upgrade a SSL certificate in one of the servers which has the following configuration Server information: Sever version: Apache Tomcat/6.0.35 OS version: Linux 2.6.18-371.6.1.el5 Architecture: amd64 JVM version: 1.6.0_30-b30 JVM Vendor: Sun Microsystems Inc. Tomcat location: /user/local/apache-tomcate-6.0.35 Generate new SSL certificate request: I created a folder name keystore (/user/local/apache-tomcate-6.0.35/keystore) To create a key : sudo keytool -storepass keypassword -keyalg RSA -keysize 2048 -keystore mydomain.keystore -genkey -alias mydomain To create SSL certificate request: sudo keytool -storepass keypassword -keystore mydomain.keystore -certreq -keyalg RSA -file mydomain.csr -alias mydomain.com After successful executing both the commands I got two files keystore folder mydomain.keystore mydomain.csr The following files are attached into email I received yesterday: Cabundle.cert (What is this? No mention of it in the Wiki) Zip file a. mydomain.crt b. root_certificate.crt c. Trend_Micro_CA.crt d. Affirmtrust_Networking.crt Installing the certificate: As per information from other source I downloaded two other files into keystore folder http://secure.globalsign.net/cacert/ct_root.der http://secure.globalsign.net/cacert/sureserverEDU.pem Import the root certificate 'ct_root.der' : [root@ mydomain keystore]# sudo keytool -keystore mydomain.keystore -storepass keypassword -importcert -file ct_root.der -trustcacerts -alias globalsignroot Outcome: Certificate already exists in system-wide CA keystore under alias <3getcybertrustsolutionsincgtecybertrustglobal root> Do you still want to add it to your own keystore? [no]: yes Certificate was added to keystore Import the sure server education certificate 'sureserverDDU.pem': [root@ mydomain keystore]# `sudo keytool -keystore mydomain.keystore –storepass keypassword -importcert -file sureserverEDU.pem -trustcacerts -alias sureserveredu` Outcome: Certificate was added to keystore Import the certificate from email: As per wiki I need to import certificate.pem file {{{sudo keytool -keystore mydomain.keystore -storepass keypassword -alias mydomain -import -file mydomain.pem}}}. I don't have any .pem file in the email I have received and if I run [root@ mydomain keystore]# sudo keytool -keystore mydomain.keystore -storepass keypassword -alias mydomain -import -file mydomain.crt. I get an error, Keytool error: java.lang.Exceptoin: Failed to establish chain from reply Problem: This is where I am stuck and don't know what to do, I assume I have to create a chain.pem with all the received certificates inside it. If this is the case in which order I should copy and paste the certificates? To be honest I don't want to try anything which I am not sure about it because it is a live server. I will really appreciate if someone could help me/providing instruction on how to proceed beyond step #5 to successfully install the certificate. I am also confused what is cabundle.crt that comes with the email.

cannot useradd/adduser when /etc/{passwd,shadow,group} are symlink (debian squeeze) Posted: 30 Apr 2022 09:43 AM PDT i'm having trouble with useradd when im moving /etc/passwd /etc/shadow /etc/group from /etc to /home and create a symlink in order to have /etc/{passwd,shadow,group} respecively pointing to /home/{passwd,shadow,group} i cannot create any user and have useradd outputing: root@client:/home# useradd testuser Adding user `testuser' ... Adding new group `testuser' (1000) ... groupadd: cannot open /etc/group btw useradd output is root@client:/home# adduser testuser useradd: cannot open /etc/passwd

ejabberd send group message Posted: 30 Apr 2022 08:07 AM PDT I have ejabberd setup with a few shared rosters ("groups"). I need to be able to send messages to the entire group. I was able to do this with the built-in announce mod by sending a message to jabber.myserver.com/announce/online. This works great but it acts like a server broadcast and does not show which user the message came from. I imagine I'm not the only one that needs to send out group messages on ejabberd, but I was surprised of the lack of documentation and solutions that I've found on this. What would be a good way to accomplish this?

installing lots of perl modules Posted: 30 Apr 2022 06:47 AM PDT I've been landed with the job of documenting how to install a very complicated application onto a clean server. Part of the application requires a lot of perl scripts, each of which seem to require lots of different perl modules. I don't know much about perl, and I only know one way to install the required modules. This means my documentation now looks this: Type each of these commands and accept all the defaults: sudo perl -MCPAN -e 'install JSON' sudo perl -MCPAN -e 'install Date::Simple' sudo perl -MCPAN -e 'install Log::Log4perl' sudo perl -MCPAN -e 'install Email::Simple' (.... continues for 2 more pages... ) Is there any way I can do all this one line like I can with aptitude i.e. Type the following command and go get a coffee: sudo aptitude install openssh-server libapache2-mod-perl2 build-essential ... Thank you (on behalf of the long suffering people who will be reading my document) EDIT: The best way to do this is to use the packaged versions. For the modules which were not packaged for Ubuntu 10.10 I ended up with a little perl script which I found here ) #!/usr/bin/perl -w use CPANPLUS; use strict; CPANPLUS::Backend->new( conf => { prereqs => 1 } )->install( modules => [ qw( Date::Simple File::Slurp LWP::Simple MIME::Base64 MIME::Parser MIME::QuotedPrint ) ] ); This means I can put a nice one liner in my document: sudo perl installmodules.pl

You are subscribed to email updates from Recent Questions - Server Fault. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States