Search Results

Search found 4217 results on 169 pages for 'central administration'.

Page 102/169 | < Previous Page | 98 99 100 101 102 103 104 105 106 107 108 109 | Next Page >

Hacking prevention, forensics, auditing and counter measures.

- by tmow

Recently (but it is also a recurrent question) we saw 3 interesting threads about hacking and security: My server's been hacked EMERGENCY. Finding how a hacked server was hacked File permissions question The last one isn't directly related, but it highlights how easy it is to mess up with a web server administration. As there are several things, that can be done, before something bad happens, I'd like to have your suggestions in terms of good practices to limit backside effects of an attack and how to react in the sad case will happen. It's not just a matter of securing the server and the code but also of auditing, logging and counter measures. Do you have any good practices list or do you prefer to rely on software or on experts that continuously analyze your web server(s) (or nothing at all)? If yes, can you share your list and your ideas/opinions?

Read the article
Can a 32-bit RHEL4 userland work with a 64-bit kernel?

- by James

Is there a way to change an i386 RHEL4 machine to run an amd64 kernel, but ensure that it still builds software into same i386 binaries? On Debian this seems quite straightforward: just install an amd64 kernel (worst case, build one like this guy: http://www.debian-administration.org/users/jonesy/weblog/1) and prefix everything with "linux32". Then everything that considers uname -m will be unchanged, I just need to handle the few cases that consider uname -r. What is the Red Hat equivalent? Is the only way a full 64-bit installation on another disk and then chrooting back to the 32-bit system before anyone builds anything? (Even the best examples of that seem to be Debian-based.) Background: We make a large system that runs on (a variant of) i386 RHEL4. However, some of the larger RHEL build machines now have enough RAM that they might benefit from going 64-bit (for the kernel and maybe some of the bigger build steps). Our build system doesn't support cross-compilation.

Read the article
RODC password replication and A/D sites and subnets

- by Gregory Thomson

I work at a school district with about 30 school sites. Windows 2008 A/D setup - all central at the district office. In A/D, all is under one site, and no subnets defined. One A/D forest and only one domain under that. We're now looking to start putting RODCs at the schools to put the authentication and DNS out there closer to them. I haven't worked with A/D sites and subnets, and only a little with RODC password replication. But just got an invite to a meeting to talk about this tomorrow... If we start breaking down the A/D pieces into sites/subnets, can we also use that as a way to help apply an RODC password replication policy in a way that matches so that only each school sites' users passwords are replicated/cached on their RODC?

Read the article
Server freeze - how to debug

- by Petr Peller

I am running a Debian virtual server with Apache, PHP, MySQL. There is just 1 website with very low traffic running but the server very often (almost everyday) freezes and does not respond. When this happens the server is unreachable from web browser or by SSH and I have to go to administration of my provider and perform server hard reset after this the server seems to work fine. How can I find out what is causing the freezes? Linux vm2797 2.6.32-5-amd64 #1 SMP Tue Jun 14 09:42:28 UTC 2011 x86_64 GNU/Linux

Read the article
Upgrading Fedora on Amazon to 12 but getting libssl.so.* & libcrypto.so.* are missing

- by bateman_ap

I am upgrading to Fedora 12 on a Amazon EC2 using help here: http://www.ioncannon.net/system-administration/894/fedora-12-bootable-root-ebs-on-ec2/ I managed to do a 64 bit instance OK, however facing some problems with a standard one. On the final bit of the install from 11 to 12 I am getting an error: Error: Missing Dependency: libcrypto.so.8 is needed by package httpd-tools-2.2.1.5-1.fc11.1.i586 (installed) Error: Missing Dependency: libssl.so.8 is needed by package httpd-tools-2.2.1.5-1.fc11.1.i586 (installed) This is referenced in the comments from the link above but all it says is: Q: Apache failed, or libssl.so.* & libcrypto.so.* are missing A: These versions are mssing the symlinks they require. Easy fix, go symlink them to the newest versions in /lib However I am afraid I don't know how to do this. If it is any help I tried running the command locate libssl.so and got: /lib/libssl.so.0.9.8b /lib/libssl.so.6

Read the article
anti-virus / malware solution for small non-profit network

- by Jason

I'm an IT volunteer at a local non-profit. I'm looking for a good AV/malware solution. We currently use a mishmash of different client solutions, and want to move to something centralized. There is no full time IT staff. What I'm looking for: centralized administration - server is Windows Server 2003 minimal admin overhead ability to do e-mail notification/alerts/reporting would be very cool 10-25 XP Clients (P3/P4 hardware) free or discounted solution for non-profits We can get a cheap license for Symantec Endpoint Protection. My past experience with Symantec has been bad, but I've heard good things about this product. However, I've also read that it's kind of a nightmare to setup and administer, and may not be worth it for the size of our network.

Read the article
How does geolocation based on IP address work?

- by Martin

As all Internet users, I've visited web sites which appear to know in which country and city I'm located. I understand that these web sites typically look up my IP address in a database which maps IP address to country / city which works fairly well. I've also seen companies selling this type of database. How is this database, which maps an IP address to a country / city, created in the first place? Is there a central database somewhere where each ISP registers the link between IP address and country/city? Or does the companies selling geolocation databases contact different ISP's and purchase the mapping information from them? Or is there some organization 'above' ISP's who keeps track of this?

Read the article
how can I git-revise configs in my /etc/ dir? (sudo has different keys..)

- by Dean Rather

I'd like to keep some of the folders in my /etc/ dir git-revised, cause I'm quite new to server administration and am constantly messing around in my /etc/nginx/ and /etc/bind/ directories. I've heard of people git-revising their either /etc/ directories, but that seems a bit like overkill, as at this point I'm only messing in those 2 subdirectories. The problem I'm having is that if I sudo my git operations, I don't have the right pubkeys to push to my remote repo (bitbucket). But if I don't sudo, I need to mess around with all the permissions (again, not very pro at this). Does anyone know best practices for managing their configs? or how I should solve this problem? Thanks, Dean. PS. It's Ubuntu 12.04, Git, nginx, bind9, amazon aws, bitbucket...

Read the article
Rewriting to address on postfix local aliases

- by Wade Williams

I was running into the common problem that mail for "root" on my system was having $mydomain appended, and because $mydomain is not in $mydestination, the mail was being sent to our central mail server as "root@domain." I cannot add $mydomain to $mydestination, because if I understand it correctly, that would mean all mail addressed to $mydomain would be looked up locally, and if an alias does not exist, delivery would fail. So, I followed these instructions: Delivering some, but not all accounts locally which seems to have resolved the problem. Mail for "root" is now expanded according to /etc/aliases and delivered to the non-local address I desire. The one oddity however is that the "To:" address still reads "root@domain." Is there any way I can get the "To" address to be the one that the alias directed its delivery? So for example, if my alias says that mail for "root" should go to "hostname-admin@domain" is there any way the "To" address can be rewritten as "hostname-admin@domain?" Currently it still shows as "root@domain."

Read the article
HP-UX -> Linux incremental remote backup

- by stack_zen

Hi. I've the need to setup a differential backup process from a range of remote HP-UXes to a central RHEL5 server. I'd happily go with rsync, problem is, stock HP-UX 11.11 has no built-in rsync and I don't have permissions to install any software on the remote stock HP-UXes. How should I approach this? HP-UX provides: fbackup (HP-UX exclusive) cpio (available in RHEL5, allows backing up only the files which changed, but always grabs the totality of the file) ssh remote_user@remote_host 'find /u01/engine/logs/ -type f -name "*.log" | cpio -o | gzip -' | cpio gunzip - | -idmv Those solutions don't really answer my incremental (bandwidth efficiency) problem do they?

Read the article
Immediate Propagation in Active Directory

- by squillman

It's been a while since I've done any large-scale AD administration so I'm reaching back a bit here. I remember that there are certain security related attributes on a user account object that, due to their nature, are flagged for immediate propagation to other sites. I have a case where passwords resets are not being propagated until scheduled replication happens. I had thought that was a case of immediate propagation. Am I just remembering incorrectly? Domain function level is 2003.

Read the article
Can admins monitor my activity locally even when I use a VPN?

- by Arjun Create

My school has one of those super overreacting web blockers (specifically Fortisnet) that blocks things that should be accessible by a high-school senior trying to research projects. Despite many students' complaints the administration's hands are tied due to parents' complaints. I have setup a VPN account from http://www.vpnreactor.com. With this I am able to bypass the blocker. I know this service hides my IP from websites and servers on the web. I also know that the school pays an IT guy just to monitor sites and network traffic that the students are using. Basically, will he be able to see my network traffic? More importantly, will he be able to trace it to my computer or its MAC address? I am connecting over Wi-Fi, not ethernet.

Read the article
Create a share on iscsi drive in Windows Server 2012

- by Crash893

I am brand new to server administration but I don't belive im trying to do anything to exotic I have a windows server 2012 (standard) and a drobo 800i My goal is to setup company shares on the iscsi target I have setup on the drobo So far I have: initialized the iscsi and connected made the iscsi disk read/write(it default started as read only) formatted and mounted it (as drive E:) from the server local desktop I can see and write files to the E:\ drive in shares wizard I do not see it as a volume option when I view the volumes window I see (e: drobo Fixed 16tb 16tb) I'm new to everything but I would think since its a mounted drive I should be able to share a folder on it but it appears its not that straight forward suggestions?

Read the article
DFS replication initial step problem

- by vn.

I just setup DFS on my network and it's working fine, and now I'm trying to setup DFS-R on a test folder, but then at the end of the procedure (all went fine, selected my 2 folders, primary folder, replication topology and such) I get this error message (roughly translated from french) : Unable to define security on the replicated folder. The shared administration folder doesn't exist. I'm also wondering if there's any required security on the folders to replicate so that DFS-R can access it. I was trying to add SYSTEM in the security, but it won't find it/allow me. The folder has many many files and folders on the primary DFS pointer, but none on the 2nd, just created it with quite the same rights. Note that the primary DFS pointer is on a 2008 server and the DFS service and the secondary DFS pointer are on a 2008r2. Any help is very appreciated, thanks.

Read the article
How do I backup my Ubuntu 9.10 system and then restore it to a new machine with different hardware?

- by EricJLN

I have a nicely configured Ubuntu 9.10 machine, with crossover linux (from Codeweavers) installed. I have the Nvidia drivers installed. Everything is just as I want it. Now I want to move to a new machine with different hardware: different sized hard drive, different size RAM, different video card, etc. I tried the technique suggested on Ubuntu forums, "Howto: Backup and restore your system!". The results: New system complains about swap not being found New system complains about not finding Nvidia hardware, and I can't open the System-Administration-Hardware Drivers application (i.e., /usr/bin/jockey-gtk) to fix the problem. As result of nvidia, X-Windows is throwing errors, and the on screen process for fixing X-Windows isn't working. How do I restore a backup of my old system, including my Crossover Linux installation, to a new machine with different hardware installed?

Read the article
Excel graph: turn stacked bar chart into part bullet chart

- by Mike

I've a simple data file that has one column of actuals and another of target against categories. I would like to turn the TARGET figure into a 'Bullet marker'. I've seen it done on other graphs but I'm struggling with the category column being overwritten with the xy axis values. Or if I get close to doing it then the xy markers are not central. I've checked out Peltier but his examples are based on even more comlicated data than mine, so the steps required didn't seem to match up. Help greatly appreciated. Thanks Mike. Example Data: Cat Actual target A 10 15 B 10 12 C 20 17

Read the article
Canadian English on Apple products

- by thepurplepixel

Apple is an American company. As many of you probably know, Canadian English is different from American English, and closer to British English (e.g. colour instead of color). I use iWork and Microsoft Office for Mac (along with many other applications on OS X), and OS X, nor my iPhone, have an option to switch to Canadian English. Yes, you can select Canadian English as an input language in the language bar, but any program that uses the central OS X spell checking (from Mail to Office to iWork to Chrome) will check words against an American English dictionary. I know asking a question that involves an iPhone component is borderline off-topic, but I know on my iPhone I can select British English, but that turns my $ into £ and has a few other weird spelling quirks. Simple question: Is it possible to make OS X (and maybe the iPhone) use a Canadian English dictionary for its spell checking? Because British English just doesn't cut it anymore. Thanks!

Read the article
Distribute terrabyte files to the public from web server

- by MarkJ

Hi We need to set up a website which makes two or three large files publicly available - the files will be 1 or 2 terrabytes each. Although they will be public, in practise I expect only a relatively small number of scientists will want to download them. What is the best way to allow this? I've had a quick talk to a web-hosting provider (rackspace) and they suggested a hybrid solution. An entry-level managed server (we predict fairly low traffic for the website, but we do need to install some custom CGI software). Some cloud storage which hooks into Limelight Networks. This would host the large files, for download by FTP. It sounded OK to me but I know relatively little about server administration. Does it make sense? Thanks in advance, Mark

Read the article
How do I install and run Tomcat on port 80 as my only web server? (Rooted Ubuntu box)

- by gav

Hi All, tl;dr - I have a rooted linux box that I want to run tomcat on as a server (No Apache Web Server) how would you set this up avoiding common security pitfalls? I've written a Grails App that I want to run on a VPS I rent. The VPS has very little memory and I am using it for the sole purpose of running this application so I don't need the apache web server. This is my first venture into Server administration and I'm sure to fall into some well known traps. Should I use iptables to redirect requests from port 80 to 8080? Should I run tomcat as root or as it's own user? What configuration settings would be good for a low memory system expecting less than 10 concurrent users? Hopefully an easy one for you! Anyone who could link to a tutorial would be a personal hero destined for great things no doubt. Gav

Read the article
IT Inventory Tracking

- by DrStalker

What is a good tool to keep track of IT inventory? Systems that are installed and running, parts being ordered, that sort of thing. I'd love a central, web based system (preferably something we can customize) but my searching so far has resulted in a lot of dead open source projects that havn't been updated in a few years and poorly created commercial websites that don't do a very good job describing their product. The software doesn't have to be free or open source - a good commercial alternative is fine. It doesn't even need to be a web-based tool, that's just what I thought would be simplist to find and easiest to deploy. The number of assets that it will be tracking will be in the dozens, so it doesn't have to be a super high-end enterprise solution but it does need to do a better job than an excel sheet in a shared folder (which is our current "solution")

Read the article
What are the benefits of running a app server in user space, like Unicorn, as opposed to as sudo?

- by dan

I've been using Phusion Passenger + Rails/Sinatra for a lot of projects. Passenger runs under the main Nginx or Apache process. But I'm interested in Unicorn, partly because it runs in user space. You just set up Nginx to proxy_pass requests to a unix socket that is connected to Unicorn processes that you fire up under a normal user account. Is there anything to be said as far as advantages and disadvantages of these two alternative approaches to running an web app? I mean in terms of ease of administration, stability, simplicity, etc.

Read the article
How to properly store dotfiles in a centralized git repository

- by asmeurer

I'd like to put all my dotfiles (like .profile, .gitconfig, etc.) in a central git repository, so I can more easily keep track of the changes. I did this, but I would like to know how to properly handle keeping them in sync with the actual ones in ~/. I thought that you could just hard link the two using ln, but this does not seem to work as I expected, i.e., if I edit one file, the other does not change. Maybe I misused the ln command, or else I misunderstand how hard links work. How do people usually do this? Judging by GitHub, it's a pretty popular thing to do, so surely there's a seamless way to do it that someone has come up with. By the way, I'm on Mac OS X 10.6.

Read the article
Load Balancing a UDP server

- by Hellfrost

Hello StackOverflow, I have a udp server, it is a central part in my business process. in order to handle the loads I'm expecting in the production environment I'll probably need 2 or 3 instances of the server. The server is almost entirely stateless, it mostly collects data, and the layer above it knows how to handle the minimal amount of stale data that can arise from the the multiple server instances. My question is, how can I implement load balancing between the servers? I would prefer to distribute the requests as evenly as possible between the servers. I would also would like to have some fidelity, I mean if client X was routed to server y, then I want all of X's subsequent requests to go to server Y, as long as it is sensible and not overloads Y. By the way it is a .NET system... what would you recommend?

Read the article
Encrypt tar file asymmetrically

- by DerMike

I want to achieve something like tar -c directory | openssl foo > encrypted_tarfile.dat I need the openssl tool to use public key encryption. I found an earlier question about symmetric encryption at the command promt (sic!), which does not suffice. I did take a look in the openssl(1) man page and only found symmetric encryption. Does openssl really not support asymmetric encryption? Basically many users are supposed to create their encrypted tar files and store them in a central location, but only few are allowed to read them.

Read the article
What permissions are needed to do an LDAP bind to an Active Directory Server

- by DrStalker

What permissions are needed to perform an LDAP bind to an active directory server? I have a central domain (call it MAIN) that has two-way trusts to domains in other forests (call then REMOTE and FARAWAY) Using MAIN\myaccount as the username and my password I can bind to REMOTE fine, but not to FARAWAY; I get an invalid credentials response 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893 In all other ways the trusts seem to work fine. What permissions do I need to check to figure out why the bind is failing? My understanding is that anyone in AUTHENTICATED USERS should be able to bind to LDAP, but that only seems to hold true for some domaians and not others.

Read the article

< Previous Page | 98 99 100 101 102 103 104 105 106 107 108 109 | Next Page >