serverfault.com

I can do basic ssh forwarding, but I get lost when the going gets tough. On a Linux host (MachineA) I setup the following forwarding and it works from MachineA: localuser@MachineA $ ssh -L 4840:MachineC:4840 remoteuser@MachineB Now that host also runs a Windows VM and it needs to access port 4840 on MachineC and I don't know how to do that. The VM has its network running as NAT (I can change it). How can I change the ssh command to allow the VM though ?

I am designing a deployment for a client with ~230 users transitioning into Microsoft Entra ID and Microsoft Intune. The Requirement: Standard Users:Must be strictly limited to enrolling exactly one PC and one Mobile phone. Exception Users:A small subset of users need the ability to register two personal devices. Shared PC Scenario:Some users share a single corporate email identity but log into different physical desktop PCs and separate mobile devices. Questions: What is the best architectural approach in Intune/Entra to enforce a 1-PC limit for standard users while excluding a specific group of power users? How should we handle the enrollment of the physical PCs used by the "shared email ID" users so they don't exhaust the individual identity quota? Can this boundary be securely enforced via Conditional Access policies without blocking mobile devi

I am using SCP to transfer a lot of date between my local computer and a remote server. I am using tmux, but the session is frozen. I used wireshark to know that the file transfers are still going, but there is a less convoluted way to know if the transfer is still going on? I do not care to know what is being transfer, just that something is being transfer and the connection is not dead.

I have Bind9 version 9.18.39 on Ubuntu 24.04 LTS. The Bind is frequently the target of denial of service attacks. I was managing it with Fail2ban jail for "refused+denied". To decrease the rate limit, I implemented two views, internal and external, with a tight rate limit of responses-per-second=2 in window=15. After switching to two views, the "security log" stopped recording events. But I still can see refused/denied messages in the "default-log". Why did the security log stopped recording events? It was writing when I didn't have any views, and hence the permissions are correct. The default-log does not match the Fail2ban filter, and hence I need to get the Security-log to write again. Any help will be appreciated. My Views configuration // Internal view for local clients (no rate limiting) view "internal" { match-clients { "internal-network"; };

I've logged into the Azure Command-Line Interface (CLI) via az login: how can I see when it'll sign me out? I.e., how can I see when when my authentication will expire?

Is it normal for Azure's Ubuntu Kernel (for example) to be so far behind when significant CVEs have been published? In particular, Copy fail (CVE-2026-31431) has not been patched on my Azure Ubuntu 22.04 VM, and there's no update for it (current Kernel version is 6.8.0-1052.58~22.04.1). Sure I can mitigate the threat manually, but is it normal for Azure to take this long (since April 22nd) to release a Kernel update when a known vulnerability like this exists and Ubuntu has released a fix? Am I missing something?

I have these 2021-2022 backup files (.pbd) made with Cobian Backup Gravity 11. Now I'm trying to restore its contents, but I'm getting "Hashed list of file names is invalid - Native error". At binwalk I can see files within, which seems to indicate a healthy unencrypted file. The hexdump shows head contains "FIMG" and "ADDI". Edit This post here (https://flammlin.com/blog/2022/11/06/hashed-list-of-file-names-is-invalid) shows this error, and his solution was to disable CRC after compression. My case is that files are already created, therefore I still don't know how to solve this.

I have very large log files and I often truncate them with: truncate -s 20M filename.log However, I also have some files that have been zipped and they are smaller, but I want to shrink them further or trim them further. Ideally I would have truncated them before they were zipped. filename.log.gz I have not tried to truncate directly on the file as I am not sure it is safe, and I also don't want to unzip the file as it might be too large to fit. Is there a way to truncate so it truncates the file in the zip to make the final final much smaller.

I am using Ansible roles to configure certain aspects of a wide variety of servers. A good example is the webserver. I have a playbook per server (e.g. server1.yml) which uses the role webserver if server1 should have a webserver configured. This works fine. But when I make a change to the webserver role, I want to update all servers which run a webserver. I struggle to convince Ansible to give me a list of the relevant servers (i.e. all servers that run a webserver, which is all servers that use the role webserver). The options I came up with until now are: have a group of all servers that run a webserver in the inventory -> I can use this group have a playbook to deploy the webserver (instead of or in addition to the "per server" approach I currently have?) find the hidden knob in Ansible that can do just what I want :) The issue with t

In Microsoft Entra, are equivalent timestamps for registered and last activity and signed on and last password reset an indication of a persistence play by an attacker or is it a normal activity? Example: Registered / Activity (phishing mail, eg. 5th May 07:00): BCC dispenser user account device: 5/5/2026, 08:27 and AM / 5/10/2026, 08:27 AM Some other user account device: 5/5/2026, 08:45 AM and / 5/10/2026, 08:45 AM ... etc, 1:1 matching timestamp, close proximity to sending phishing event. Looking at these user accounts properties, they all show timestamps like this: User 1 properties: Sign in sessions valid from date time: 5/5/2026, 07:21 AM Last password change date time: 5/5/2026, 07:21 AM User 2 properties: Sign in sessions valid from date time: 5/5/2026, 07:12 AM Last password change date time: 5/5/2026, 07:12 AM Lets assume the attack happ