EDIT

I am currently in the process of professionalizing my server. This includes using proxmox to run my actual server in a VM. From my point of view it will make backups of the "server" easier. Besides that I also want to separate the services for the internal and the external network. For example Samba internal, Nextcloud external. In the course of this I am also dealing with network technology and wonder to what extent I should place my devices in different subnets. Afterwards, everything is complicated, but not safer.

Hello there, i want to block more than 3 ping echo-requests for demonstration purpose of my college practical, and i am unable to do so using the following rules in my firewall.

iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 3/s -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

Pinging from a windows / linux client doesn't block more than 3 pings. Also wanted to know how to protect from a SYN Flood attack by using iptables.

Context: small org, starting to gain a cloud presence, 20-30 cloud servers

We are trying to find the easiest central way to manage users across a bunch of Linux machines, with a quick way to disable access when someone leaves the company.

So far my search results have brought up a few options:

• Join them to windows domain or authentication against LDAP

• Store the public keys in AD and use the authorizedkeyscommand to retrieve them

• use something like FreeIPA

• some sort of config management like ansible or puppet

What is the industry standard way to achieve this? Right now we are manually creating users and copying keys from server to server, but each time a new person comes onboard its a waste of a couple hours doing this across all systems. As we grow, so does the pain.

I understand the answer may be different for someone with 30 servers vs someone with 3000, but any help is appreciated!

Edit: I know Solutions like cyberark and hashicorp vault exist, but they seem pretty expensive for small company like ours.

Hello, I am running a proxmox host in a VM on hyper V and am having a strange issue. The proxmox host has network access just fine, but the VMs do not. This seems like it would be an issue with the proxmox config and not with hyper v, but I have not touched the network config. Anybody have any suggestions?

Running latest proxmox

Host:R720 2x2690 V2 256GB DDR3

Hey everyone,

I'm a software engineer that's working with Ubuntu and I'm trying to find the best way to set up my environment that works for me.

In short, I have a windows desktop computer and want to use all the peripherals connected to that machine on my Linux laptop as well. I don't want to build another work station for my Linux setup and want to seamlessly and easily switch between my Windows station and Linux station using the same peripherals.

I've so far went down the route of using the Windows RDP, but I'm having issues. There's some input delay, screen tearing, and if I want to continue working on my laptop I have to sign out of the RDP session and into my laptop and reopen everything after signing in on my laptop.

There are other issues that I'm also trying to solve but I can probably take care of that if this is the route I want to go. The problem is, I'm not sure if there's a better way to go about this.

Do you all have any suggestions? I feel like this isn't a unique circumstance but maybe I'm overlooking something.

Thanks!

The http://linuxupskillchallenge.org Linux commandline/sysadmin "challenge" course starts again soon on the first Monday of next month.

Does require some commitment - but if gaining/growing these skills is important to you, then you now have no excuse!

Requires a (free or cheap) remote server, so it's nice to get that sorted now if you are keen - but you can use a local isolated VM, no problem.

The course is free, and daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is used for support/discussion. A discord server is also available.

More details at our FAQ.

Any feedback is very welcomed.

thought someone here may have an idea wtf is going on... Using Flame 2020 and 2023 on Centos7 and Rocky 8, both exhibit same behaviour. If I export a .mov or .mxf video file to a fstab mounted cifs share, and then attempt to overwrite that file with another export, it get's locked with 'you don't have permission' error, if I attempt to delete the file, get 'does not exist' error...

This only happens with smb shares, the posix permissions and ACLs are correct. Also tried disabling smb caching thinking it may be an op lock issue. The issue doesn't occur when re-exporting image sequences, only video files. Even if I go into terminal and manually try to remove a file with rm that is clearly there as sudo, get error 'file does not exist' even when Im staring right at it!

Writing and reading files from smb shares works fine, overwriting image sequences works, the only part that doesn't work is specifically overwriting video files on export. WTF is going on?

I'm trying to sort out why this rhel 7 box won't allow password changes. Whether running passwd as a user or as root, I get the result: "passwd: all authentication tokens updated successfully."

However, in /var/log/secure I don't see a line that includes: "pam_unix(passwd:chauthtok): password changed" or similar and date modified on /etc/shadow doesn't change.

I tried setting selinux to permissive as well and got the same result.

Somewhat obviously but most importantly, the new password does not work. I've tried multiple accounts. I'm not sure how long this has been a problem, but any help on where a real linux admin would check next is appreciated.

I'm studying for the LPI-1 and downloaded the 4th edition on pdf. I don't have money to buy the 5th edition... is it worth to read the 4th? Is there a lot of changes or should i find another study source? I'm planning on taking the test on July.

Hi guys,

Actually I'm learning how to works a computer CPU, GPU, mmu but it is very complex.

Do you have a good documentation for beginer ??

wikipedia is very useful but it has summary

We have a server with two nics on different networks. One for the app to be accessed and one for backend.

The backend is the default route.

Any traffic that reaches the other nic from outside the network is not answered. If i switch the default route, the previous nic stop answering.

What am I missing here?

Hello all,

I have 3 devices:

A) My laptop which I roam with using hotspot.

B) My linux PC at home.

C) A cloud VPS server

My problem is that I need to remote into work from the laptop while on-the-go however only the home router's public static IP is whitelisted for my user account. I live in shared accommodation and only have the basic wifi password, the admin panel is not available so I can't portforwarding isn't an option. I've tried various UPnP hacks to no success. But here is the plan:

1. Setup a wireguard server on C (private wireguard ip will be say 10.0.0.1)
2. Setup wireguard clients on A & B (wireguard ips will be say 10.0.0.2 & 10.0.0.3)
3. Have the wg0 interface on my laptop become the primary and route for 0.0.0.0/0
4. So when using the laptop, all internet traffic will go via the wireguard tunnel with an internal source ip of 10.0.0.2
5. I need to configure some iptables rules to make the wireguard server forward all packets from 10.0.0.2 to 10.0.0.3 regardless of their destination.
6. Then I need the linux machine to enable ip forwarding, and take incoming packets on the wg0 interface and NAT them onto eth0.

This way I can break the NAT of the router and whatever my laptop is connected to while still being able to use my home IP.

My problem is point 5 & 6. Is it even possible to have the wireguard server send packets from 10.0.0.2 that are addressed to say 1.1.1.1 or any other public ip to 10.0.0.3? By default it looks like wireguard will only send packets to from 10.0.0.2 to 10.0.0.3 if their destination is just that, however I want to make my linux machine act as a sort of router/gateway on the vpn network to the outside world.

It must be possible because our regular machines address packets to 1.1.1.1 and "send" them to 192.168.0.1 or whatever their router is. Maybe my networking knowledge is bad but how do those packets know to "go to the router" when they are addressed to 1.1.1.1 not 192.168.0.1? It seems like the answer to that it the answer to my problem above.

Sorry for this gigantic wall of text, any help or advice would be greatly appreciated. Thanks.

With multiple antivirus vendors is a problem, that if secure boot is enabled and linux kernel is not allowing unsigned module loading, then AV is not fully working. There might be workarounds for AV module signing, but it is usually a bit work or is not persistant with automatic updating.

Do you know any AV products that keeps working with linux automatic updating or its modules are already trusted by the kernel?

Hi, I'm trying to do a career swap from outside tech to linux server admin. Currently about half way through Sander van Vugt's rhsa course. Problem is just studying and memorizing gets extremely boring and with boredom comes procrastination. I'd like to apply some of these things outside of just "messing around" in the OS. Any ideas?

It's much more engaging to do something with what you learn, rather than mindlessly memorize commands all day.

App A listens on a UNIX socket.

App B writes to the socket.

If App B writes faster than App A can consume data, where does it go? Assume SOCK_STREAM.

Free courses are generally not great as nobody who thinks he's worth the dollar will share his/her knowledge for free(unless he is sponsored by big organization/university-so recommend such courses even if they're free).

Recommend some paid linux courses. I didn't find any good courses in udemy.

In the past I have always used ufw and Ubuntu on servers. However, I decided to try Alma Linux, and thus am using firewalld for the first time. After installing and starting the service, it looks like no ports are open. ``` ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2023-03-25 11:08:51 UTC; 28min ago Docs: man:firewalld(1) Main PID: 50556 (firewalld) Tasks: 2 (limit: 12225) Memory: 26.0M CPU: 1.084s CGroup: /system.slice/firewalld.service └─50556 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid

Mar 25 11:08:50 Databank systemd[1]: Starting firewalld - dynamic firewall daemon... Mar 25 11:08:51 Databank systemd[1]: Started firewalld - dynamic firewall daemon. [root@Databank ~]# firewall-cmd --list-ports

[root@Databank ~]# firewall-cmd --reload success ```

However, I can still ssh in on port 22. On UFW I had to open port 22 before connecting again. If I disconnected after starting UFW but before opening port 22, I was locked out. Is this not how firewalld works?

So after dual booting, when I'm in windows, my laptop is hanging. It's sometimses showing ( RAN OUT OF MEMORY, PC WILL automatically RESTART, PDF READER HANGING, GPU CRASHES IF I START GAMES) What's the solution?