serverfault.com

I set up an SFTP server which uses local UNIX users (passwd) as SSH/FTP logins. One major drawback of my setup is that I have to generate, manage, and hand out passwords to FTP users, while I would like to let users manage their own credentials (obviously enforcing some minimum entropy rules). I have few users and I'd be OK sending new users a temporary password with an expiration for their first login. So, I'm looking for a web-based tool that users can log into with their browsers, and change their own passwords using a GUI. I do NOT want to roll my own password-managing app (I take this area quite seriously). I tried Cockpit that does exactly what I am looking for, but it also does many other things and, most concerningly, it gives way too much visibility to system information even to users with very little permissions. It even has a shell interface for users who have shell access disabled in sshd. Is there a way to restrict Cockpit so that users, e.g.

I'm looking to clamp down on my IoT devices, so I've put most of them in an IoT zone and network. Right now the IoT to Gateway policies allow mDNS and all traffic. Looking at the Zone Matrix, the Hotspot to Gateway looks like the policies that I need (minus radius). Am I on the right path? Are there other ports or concerns by restricting traffic to the Gateway zone from the IoT zone? Here's my current (default?) Hotspot to Gateway policies.

I work for a company with four office locations. We run several applications in the cloud that are accessible to employees at each of our locations. We are running into issues with 2 applications specifically: ScreenConnect (helpdesk software) and Microsoft PowerApps. Users are able to connect to these applications just fine from our main office location, but when they go to any of our other office locations, IT cannot connect to their devices using ScreenConnect, and the users cannot connect to our Microsoft Power Apps applications. When users try to connect to our PowerApps from these other office locations, they get this error: Hmm... can't reach this page. It looks like the webpage at [url] might be having issues, or it may have moved permanently to a new web address. Please help! It seems clear to me that the networks at our secondary office locations are somehow blocking users from using these applications. I'm not a network admin, so I

I try to use procrun to install a Java app as a Windows-Service ( using Windows 11). Running my setup from within an already elevated context, it works as expected. However, starting it as normal user, it triggers automatic elevation. What is the mechanism behind this auto-elevation? Some of my configurations are set like: SET "PR_STARTMODE=jvm" instead of putting them into the command-line. I guess those are not taken into account when procrun gets auto elevated. any idea?

Server hosts dante SOCKS5 proxy with the following configuration (dante.conf): logoutput: syslog user.privileged: root user.unprivileged: nobody # The listening network interface or address. # I also tried [external ip address] in place of `ens1` internal: ens1 port=1080 # The proxying network interface or address. # I also tried [external ip address] in place of `ens1` external: ens1 # socks-rules determine what is proxied through the external interface. socksmethod: username # client-rules determine who can connect to the internal interface. clientmethod: none client pass { from: 0.0.0.0/0 to: 0.0.0.0/0 log: error # connect disconnect } socks pass { from: 0.0.0.0/0 to: 0.0.0.0/0 command: bind connect udpassociate protocol: tcp udp log: error # connect disconnect } socks pass { from: 0.0.0.0/0 to: 0.0.0.0/0 command: bindreply udpreply protocol: tcp udp log: error } Now, I'd like to try this config and pi

I have a problem forwarding HTTPS traffic from an old domain to a new domain. What I need is clarification as to what is actually happening and why. I have looked at similar questions on ServerFault but none of them seem to clearly answer my specific question. My old domain, myolddomain.com is hosted on IONOS. It was pointing to an old website and this used HTTPS. On IONOS under the domain details it says that an SSL certificate is assigned. I set up forwarding to mynewdomain.com, which is on a different DNS provider and points to another website on which an SSL certificate is installed. I entered https://mynewdomain.com/ into the URL for the forwarded destination (see screenshot below). However, https://myolddomain.com/ in a browser now returns the error:

I exported a web site from IIS 8.5 (Windows Server 2012R2) using Web Deploy v4: msdeploy -verb:sync -source:metakey=lm/w3svc/18 -dest:archiveDir="c:\migr\www.mywebsite.com" When I import it on a different server (IIS 10/Windows Server 2025) with: msdeploy -verb:sync -source:archiveDir="C:\migr\www.mywebsite.com" -dest:metakey=lm/w3svc/18 -whatif The following error occurs (translated from Italian): Error: '.', hexadecimal value 0x00, is an invalid character. Line 16, position 140. This is line 16 of my archive.xml: <metaProperty name="ServerBindings" propertyId="1023" attributes="None" userType="1" dataType="MultiSz" value=":80:www.mywebsite.com:80:mywebsite.com:80:www.mywebsite.it:80:mywebsite.it:80:www.anotheraddress.com" MSDeploy.value="8" MSDeploy.MSDeployKeyAt

After some time, I decided to update my install server to the latest RHEL releases (8.10, 9.6, 10.0). There were no issues with releases 8.10 and 9.6, but with release 10.0 I encountered a problem. Initially, I did all testing on VMWare Workstation 16 (CPU AMD 1055t) and ran into issues, so I tried VMWare Workstation 17 (CPU i5-3470). Some issues were resolved, but RHEL 10.0 on both computers, after downloading the kernel and initrd from the HTTP server, immediately produced an error — with no sign that the kernel even attempted to run. Whatever I tried, the outcome was the same. I then attempted installation on real bare metal, and the result was exactly the same. From the TFTP server logs, I see that GRUB is downloaded into memory, but the screen does not show any signs that bootx64.efi runs. I tried iPXE and GRUB bootloaders, but the outcome is identical. I do not have a dual-layer rewritable DVD to attempt DVD-based boot. CPU / RHEL 10.0 Requ

We have a few domains, which are not expected to send emails, therefore I would like to know if there is a way to effectively forbid those domains to send emails to prevent spoofing my company various domains, preferably on the DNS level.

I have found some references around that debian is a close example to Alpine Linux, but the xml file is full of debian references/commands, so it's going to fail testing against a different OS flavor. My command is: oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard ssg-debian11-ds.xml The output is many of these all resulting as "nonapplicable". Title Install the ntp service Rule xccdf_org.ssgproject.content_rule_package_ntp_installed Result notapplicable Title Enable the NTP Daemon Rule xccdf_org.ssgproject.content_rule_service_ntp_enabled Result notapplicable Like other OS container scans, I would like to see a "failed" or "error" to report issues so I feel like its finding things to correct or otherwise. Are there any content files anywhere to scan against Alpine? I have looked in cisecurity.org, public.cyber.mil, lots of linux but no Al