Occasionally I need to roll a server that doesn't need 4GB or more of RAM. Is there a downside (performance or otherwise) to just using 64-bit Windows 2008 on everything? This way I'm still in good shape if I need to increase the RAM on the server later.
I've got 4 specific files that seem to keep disappearing from a user's home directory. As far as we know, there are no cronjobs or other automated tasks that would be removing them. I've setup auditd on them but the logs aren't really showing anything of interest. I can see our backup utility accessing them every night until the point they aren't there anymore, but nothing else. Is there anything that would be causing those files to be removed that would get around auditd?
The files in question are these:
/home/username/.bashrc
/home/username/.bash_profile
as well as a couple of files in that user's .ssh directory. Copies of these files placed into a subfolder called "keepers" get deleted at the same time as well. Changing the permissions on them to 000 and having them owned by root hasn't helped.
I've currently got inotifywait setup to log create,delete,move on that subfolder, so hopefully that will turn up something, although it doesn't log much aside from when it happened, not what caused it.
I've got nginx configured to do SSL termination for an apache webserver. It seems to be working, however all requests going to the webserver appear to be coming from the nginx server and not the original ip address. Is it possible for those to come through intact?
I'm wanting to restrict root ssh login coming from all but a single IP address.
I was under the impression that I just had to add this to /etc/pam.d/sshd:
account required pam_access.so
and this to /etc/security/access.conf:
-:root:ALL EXCEPT IPADDRESS
but that doesn't seem to be working.
I've got about 50 servers running a mix of RHEL and CentOS, and they all use local authentication. We are about to get these finally under a single unit's control, and we have a slew of local accounts all across these systems. I'm not sure if I want to authenticate off of LDAP from our existing Active Directory or use something like CentOS Directory Server, but either way.. Can I map a central account to different local accounts on these systems? I don't really want to have to worry about changing any existing permissions or anything.
Let's say I have joeuser1 on 3 different systems, and he has a different UID and his group has a different GID on each one. Is there a way to tie them all together with central authentication?
We currently use IBM Tivoli to back up our Linux servers and we are looking for suggestions on the best way to restore to bare metal. I've read IBM's doc on this issue. Is that still relevant or is there a better way? Also, how do you handle testing a restore to a vm or another piece of hardware on the same network that the original server lives?
I've got some services that I'd like to have prompt me on startup to disable them, and then continue starting up normally if no input is given after say 10 seconds. What's the best way to go about this? Can I just modify the init scripts to wait for input and then timeout and continue?