serverfault.com

I am facing a memory-related issue on Debian Trixie VMs running on Ganeti. These VMs are used exclusively as PostgreSQL database servers. The same Puppet configuration works fine on Debian Bullseye and Bookworm, but consistently fails on Trixie. Environment Hypervisor: Ganeti Guest OS: Debian Trixie VM RAM: 4 GB (fails), works only at 8 GB Workload: PostgreSQL + Puppet agent Puppet version: Puppet 7 PostgreSQL version: 14 Problem When running Puppet (runpuppet), I get multiple failures like: Error: Could not evaluate: Cannot allocate memory - fork(2) Error: Could not prefetch mount provider 'parsed': Cannot allocate memory - fork(2) Error: Could not prefetch sysctl provider 'augeas': Cannot allocate memory - fork(2) Example full output: Error: /Stage[main]/Ssh/Exec[/bin/systemctl enable systemd-networkd-wait-online.service]: Could not evaluate: Cannot allocate memory - fork(2) Error: /Stage[main]/Profiles::Monitor

My boot disk is 40GB, but my server's actual disk space is only 30GB.

I am looking for a solution to use PowerShell with the AGPM Module commands to list GPOs that are in the recycle bin in AGPM. The AGPM PowerShell module is loaded but very limited on commands. Get-ControlledGpo | select name, state | sort state Works good to list GPOs name and State in AGPM as Checked In or Checked out, unfortunately, it will not display GPOs in the Deleted state (GPOs that have been deleted and live in the recycle bin) Get-Command -Module Microsoft.AGPM only lists the following commands available: Add-ControlledGpo Get-ControlledGpo Lock-ControlledGpo Publish-ControlledGpo Remove-ControlledGpo Unlock-ControlledGpo Any help would be greatly appreciated.

I am running a Debian server which hosts two different web applications running on apache2 that both need to be able to send emails from specific email addresses. Those addresses are actual email accounts from my provider with my domain name, so I am trying to implement SMTP with postfix. In order to test I am trying to send this email using sendmail in CLI: email.txt: From: [email protected] Subject: test test test test sendmail [email protected] < ./email.txt However it doesn't work. Here's what /var/log/mail has to say about it (I trimmed the timestamps for readability): postfix/pickup[1130256]: 075FC37CE43: uid=0 from=<root> postfix/cleanup[1133097]: 075FC37CE43: message-id=<20260326142453.075FC37CE43@myhostname> postfix/qmgr[1130257]: 075FC37CE43: from=<root@myhostname>, size=272, nrcpt=1 (queue active) postfix/smtp[1133100]: 075FC37CE43: to=<[email protected]>, relay=send

I read this blog: https://www.haproxy.com/blog/using-haproxy-with-the-proxy-protocol-to-better-secure-your-database but am confused as the author uses some addresses to indicate the problem and different addresses within the solution. If someone could provide a little clarity about it. We have 4 percona (MYSQL) servers: 2 in datacentre A and 2 in datacentre B. The user entry point is via haproxy, where we have 1 in both datacentres It looks to me like the author suggests that every possible source for access on the client side would need to be added to the database: mysql> CREATE USER 'haproxy'@'192.168.122.64'; which, I assume would have to be both source user and host. But what if there are multiple users on each host? How to cater for DHCP hosts? Would we have to then have global wildcards declare

I want to setup a conditional sudo access rule to a host. I understand adding a sudo schema, and then adding a user to group that gives sudo powers. But I want to distinguish somehow hosts by custom ldap groups, and allow users sudo access if they belong to same ldap group too. Example picture: Imagine Host1 belongs to groupA, and Host2 belongs to groupB. I would like to add Alice to groupA and to groupSudo - so she can execute sudo commands on Host1, while she would not have sudo access on host2, but she can still login there as simple user. Similarly I want to assign Bob to groupB and groupSudo - that would give him sudo only on Host2. And Cynthia to all 3 groups so that she gets sudo everywhere. I'm struggling to finding this solution though. I did find a solution where I would restrict Alice login to Host2 entirely, by configuring sssd to not allow logins if not in groupB. H

I’m currently preparing for the CISSP and focusing on key security areas like access control, network security, risk management, and security operations using official study resources. To strengthen my understanding, I’ve been using Pass4Success scenario-based questions for these topics to clear confusion and see how concepts apply in real-world situations. This approach is helping, but I’d appreciate input from professionals here. Am I on the right track, or should I refine my strategy further?

I have deployed an N150 based proxmox 9.1.6. home server. To speed up my NAS vm I bought a Ugreen 2.5G USB ethernet adapter. However it only connects at 1G. To my suprise both the interface and the switch show 2.5G capabilities, but that speed is not advertised This is from the proxmox shell: # ip link [..] 14: enx6c1ff7044e92: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 link/ether 6c:1f:f7:04:4e:92 brd ff:ff:ff:ff:ff:ff # ethtool enx6c1ff7044e92 Settings for enx6c1ff7044e92: Supported ports: [ TP MII ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Half 1000baseT/Full 2500baseT/Full Supported pause frame use: No Supports auto-negotiation: Yes Supported FEC modes: Not reported

The HAProxy documentation states that a named defaults is possible. The anonymous defaults are always used if a named version is not called. If we have errorfile xxx /etc/haproxy/errors/errorsxxx.http for various error codes in our defaults (or even in a separate defaults http), and if we also have defined (eg) defaults impala with various settings for that specific service, could defaults impala contain defaults http? Or even specify more than one defaults collective within the proxy config? Otherwise a lot of duplication is likely to occur.

I have a group with users in LDAP. I want them to be added to shared roster of all users in this group. What I tried: mod_shared_roster_ldap: ldap_base: "dc=domain,dc=tld" ldap_filter: "(objectClass=*)" ldap_rfilter: "(objectClass=ipausergroup)" ldap_gfilter: "(&(objectClass=ipausergroup)(cn=staff))" ldap_groupattr: "cn" ldap_memberattr: "member" ldap_memberattr_format: "uid=%u,cn=users,cn=accounts,dc=domain,dc=tld" ldap_ufilter: "(&(objectClass=inetorgperson)(uid=%u))" ldap_useruid: "uid" ldap_userdesc: "cn" ldap_userjidattr: "mail" ldap_auth_check: false Ejabberd finds all groups in SearchResultEntry including cn=staff,cn=groups,cn=accounts,dc=domain,dc=tld 2026-03-24 17:45:45.574594+00:00 [debug] <0.651.0>@eldap:recvd_packet/2:836 {searchResEntry,