Following scenario:
Question: Is there any added value in this scenario to also have an IPS / Deep Package Inspection solution in place? From all I understand: No. But I didn't find any clear answer out there.
I have one network share that I mount in fstab. This is working fine.
Then, I have a second mount which binds on the folder from the first mount. Something like this:
//my-cifs-share/foo /mnt/foo-share cifs _netdev,dir_mode=0777 0 0
/mnt/foo-share /my/binded/folder none bind
Now, my problem is that apparently the second mount is executed before the first mount. Hence, the folder /my/binded/folder will empty after boot. When I then log in and execute mount -a just once, it gets created all fine.
So, is there any way to enforce the order or to make one mount depended on another one?
Thanks a lot!
//edit: As discussed in the comments there seems to be no real save path. Hence I decided to go with this: Leave fstab as it is above. Use crontab to run mount -a every 5 minutes. Seems to be good enough for now.
I am trying to white-list certain SFTP requests so that a user can only open and read files and folders. Currently I have this, based on this thread:
Subsystem sftp internal-sftp
Match User my-read-user
ChrootDirectory /sftp/%u
ForceCommand internal-sftp -p open,close,read,opendir,stat,readdir,fstat,lstat,statvfs,fstatvfs,readlink,realpath
This seems to work fine - with one exception: I can create files though I cannot put any content in them. Kind of like touch would work?!
Any ideas are appreciated! Also any better approach would be fine :) Thanks!
I am using iptables redirection to make a Tomcat on RHEL7 accessible on port 443 (for https traffic) as described here. The important rules should be those three:
iptables -A INPUT -p tcp --dport 443 -i eth3 -j ACCEPT
iptables -A INPUT -p tcp --dport 8443 -i eth3 -j ACCEPT
iptables -A PREROUTING -t nat -p tcp --dport 443 -j REDIRECT --to-port 8443
iptables -A INPUT -m state --state ESTABLISHED,RELATED -i eth3 -j ACCEPT
# Drop all other incoming packets on the interface eth3
iptables -A INPUT -i eth3 -j DROP
So what I do not understand is why I need the rule to open port 8443 to the outside? When I close it and only open 443, it does not work. To my understanding the redirection should happen internally, doesn't it? Or can this be somehow configured differently?
Remark: eth3 is the one interface I actually do need to protect. There are others as well, but those are only internal ones.
I have a RedHat 7 server with a couple of network interfaces. One of those is DHCP enabled.
DEVICE=eth4
BOOTPROTO=dhcp
ONBOOT=yes
USERCTL=no
IPV6INIT=no
My problem is that it can happen that the DHCP server for that network is not reachable at the time the server boots up. From my understanding, a retry time can be configured?! Is that correct in the first place?
From what I read so far this should be possible in the dhclient-conf (as described here or here).
However: I do not find any such config file on my RHEL7. I am not using NetworkManager (uninstalled it). Can anyone share some advice how to configure dhcp client options in RHEL7?
Thanks a lot!
I have a couple of RHEL 7.2 systems, which do not have any online connection - also not through any proxy or satellite. I do have subscriptions which I could attach to the systems as described by RedHat here.
Now, my question is: What is the benefit of doing so? I could still not track the system status online or automatically download any patches. From my understanding, I can manually download any packages from the RHN website as long as I have at least one subscription, correct?
Thanks for any advice!
I have a - rather complex - PowerShell script running on a Windows Server 2008 R2. When executing the script in the ISE or also in the console, everything runs fine. No errors or anything else that would stand out.
However, in the Windows Event viewer lots of Warnings are being generated without any specific reason that I can see.
Log Name: Microsoft-Windows-PowerShell/Operational
Source: PowerShell (Microsoft-Windows-PowerShell)
Event ID: 4100
Task Category: Executing Pipeline
Error Message = System error.
Context:
Severity = Warning
Host Name = Windows PowerShell ISE Host
Host Version = 4.0
Host ID = cec010f3-ea0f-44b0-8d2e-449a6c1eb3e6
Engine Version = 4.0
Runspace ID = b2e8d39c-4fa1-4a3f-b33e-b42f8b552c3d
Pipeline ID = 17
Command Name =
Command Type =
Script Name =
Command Path =
Sequence Number = 92
User = [the executing user]
Shell ID = Microsoft.PowerShell
User Data:
Google did not reveal anything. Does anyone have an idea what this could mean? As I said, there are hundrets of those entries. Let me know if I should post anything more.
Thanks a lot!
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-PowerShell" Guid="{A0C1853B-5C40-4B15-8766-3CF1C58F985A}" />
<EventID>4100</EventID>
<Version>1</Version>
<Level>3</Level>
<Task>106</Task>
<Opcode>19</Opcode>
<Keywords>0x0</Keywords>
<TimeCreated SystemTime="2015-03-16T14:06:07.066866300Z" />
<EventRecordID>1994921</EventRecordID>
<Correlation ActivityID="{01EC0C48-F800-0001-6B28-234CAE5DD001}" />
<Execution ProcessID="6528" ThreadID="5376" />
<Channel>Microsoft-Windows-PowerShell/Operational</Channel>
<Computer>[host]</Computer>
<Security UserID="S-1-5-21-1482476501-1450960922-725345543-2410959" />
</System>
<EventData>
<Data Name="ContextInfo">Severity = Warning Host Name = Windows PowerShell ISE Host Host Version = 4.0 Host ID = cec010f3-ea0f-44b0-8d2e-449a6c1eb3e6 Engine Version = 4.0 Runspace ID = b2e8d39c-4fa1-4a3f-b33e-b42f8b552c3d Pipeline ID = 36 Command Name = Command Type = Script Name = Command Path = Sequence Number = 7665 User = [user name] Shell ID = Microsoft.PowerShell</Data>
<Data Name="UserData" />
<Data Name="Payload">Error Message = System error.</Data>
</EventData>
</Event>
PS D:\Autonomy\cd_provisioning_client> ($PsVersionTable)Name Value
---- -----
PSVersion 4.0
WSManStackVersion 3.0
SerializationVersion 1.1.0.1
CLRVersion 4.0.30319.34209
BuildVersion 6.3.9600.16406
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0}
PSRemotingProtocolVersion 2.2
powershell_ise.exe.config<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup useLegacyV2RuntimeActivationPolicy="true">
<supportedRuntime version="v4.0" />
</startup>
</configuration>