Orphans's questions

I have created a jumphost/bastion, that will act just as that - a jumphost to certain hosts:ports.

I am aware of that I can limit users/groups with the following:

Match User Alice
   PermitOpen some.host.tld:80 another.host.tld:22 third.host.tld:443

And due some requirements, I need to be able to utilize SOCKS-proxies. This is enabled by the following:

   PermitTTY yes
   PermitTunnel yes
   AllowTcpForwarding yes

This works as expected.

However.. How do I ensure that only the application that the client specifically allowed is the only application (such as Firefox) is using the SOCK-proxy and not some random other application on the client? Can I limit the sessions/applications using the connection on the SSH-server?

I did try with "MaxSessions 1", but sadly it does not seems to apply on SOCKS-proxies.

I am running Illumos on a production system that is getting the DNS-settings from DHCP, and I would like to use Unbound as a local resolver to resolve hosts over DNS-over-TLS.

However, I am not sure about how to automatically start Unbound at boot, or even configure the host to use the Unbound DNS-resolver (except modifying resolv.conf). I am not able to reconfigure the DHCP-server to my needs.

How do I do the following:

1. Configure Unbound to start automatically
2. Configure the system to permanetly use the local Unbound resolver as resolver

Thanks!

I have a reverseproxy that proxies HTTP/HTTPS traffic between webbservers and I have set up Suricata in order to find and block malicious traffic to it.

Is there any way to trigger a alert via a CURL-request? Does the EICAR-test work?

I have done some googling but I could not find something straight-forward in order to trigger Suricata with curl.

I am having trouble with a some software, that only can mount NFSv3 and NFSv4 share - it can not mount NFSv4.1 or NFSv4.2.

Since I do not have access to the server itself, I cannot determine what exact version of NFS is being used.

I am aware of the rpcinfo command:

rpcinfo -p server

which print out the version of the shares like this:

   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
      7507    1   tcp   7507
    100024    1   udp  20049  status
    100024    1   tcp  20049  status
    100003    3   tcp   2049  nfs
    100005    1   tcp  20048  mountd
    100005    3   tcp  20048  mountd
    100003    4   tcp   2049  nfs
    100021    4   tcp  20050  nlockmgr

Or the following:

rpcinfo -u server nfs 3
rpcinfo -t server nfs 4

That prints:

program 100003 version 3 ready and waiting

and

program 100003 version 4 ready and waiting

However, how do I determine in NFSv4.1 or NFSv4.2 is being used by the server from the client?

I have installed updates on my Windows 2012r2 Machine and as usual, I did a reboot. However, it seems that the machine has hung itself during the reboot process and does not do a proper shutdown. I can initiate a connection via RDP, but not connect to the machine, I can also send commands via powershell, so I have tried sending a Force reboot:

Restart-Computer -Force -Credential domain\adminuser -ComputerName COMPUTERNAME

The reply from the server is the following:

Restart-Computer : Failed to restart the computer 10.250.35.16 with the following error message: A system shutdown is in progress.

Is there a way to force the reboot and kill the processes?

I am running a emailserver with two milters:

OpenDMARC and OpenARC - both has worked very well and has been stable. I have defined both milters like this:

smtpd_milters = inet:localhost:8893,inet:localhost:8991
non_smtpd_milters = inet:localhost:8893,inet:localhost:8991

When I turn off one of the milters (for example OpenDMARC), all the incoming emails is rejected (as expected).

Is it possible to tell postfix to still deliver the emails even if the milters is down?

After a successfully implementation of OpenARC on a Linux enviroment I have now started to look at the possibility to implement it on a Exchange environment.

I am fully aware that the draft is subject to change, but providers like Google has already implemented it. Therefore, I would like to deploy it on a Exchange 2013 server.

So my question is, what is the best approach to deploy ARC (Authenticated Received Chain) on a Exchange 2013 environment? Is it even possible yet? Or should I relay the mails throu another server which signs the messages with the ARC header and DKIM?

This question is kind of related to this Why is ALPN not supported by my server?

But in my case, the same test does say that ALPN is supported even if I am not using OpenSSL1.0.2 and only OpenSSL1.0.1t

I am currently using Apache2.4.25 with h2 activated. But it still bothers me that ALPN is supported even if my OpenSSL is supposed to not support it?

My http2.conf in conf-enabled:

Protocols h2 h2c http/1.1
H2Push          on  
H2PushPriority  *                       after  
H2PushPriority  text/css                before  
H2PushPriority  image/jpeg              after   32  
H2PushPriority  image/png               after   32  
H2PushPriority  application/javascript  interleaved
SSLProtocol all -SSLv2 -SSLv3  
SSLHonorCipherOrder on  
SSLCipherSuite 'EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384       EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS'

Output from LDD:

╰─➤  ldd /usr/sbin/apache2                                                                                                                                                 1 ↵
linux-vdso.so.1 (0x00007ffc4d593000)
libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007fa1c2492000)
libaprutil-1.so.0 => /usr/lib/x86_64-linux-gnu/libaprutil-1.so.0 (0x00007fa1c2269000)
libapr-1.so.0 => /usr/lib/x86_64-linux-gnu/libapr-1.so.0 (0x00007fa1c2034000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fa1c1e17000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fa1c1a6c000)
libuuid.so.1 => /lib/x86_64-linux-gnu/libuuid.so.1 (0x00007fa1c1867000)
librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007fa1c165f000)
libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 (0x00007fa1c1428000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fa1c1224000)
libexpat.so.1 => /lib/x86_64-linux-gnu/libexpat.so.1 (0x00007fa1c0ffb000)
/lib64/ld-linux-x86-64.so.2 (0x00007fa1c29a5000)

Counterquestions is appreciated!

I am running a couple of websites on different server on a local network. All websites are Proxied via one server where HTTPS is added and the trafic is monitored.

Currently, if someone makes a:

curl -I subdomain.domain.tld

The result is:

curl -I https://subdomain.domain.tld
HTTP/1.1 200 OK
Date: Fri, 13 Jan 2017 09:19:02 GMT
Server: Jetty(8.y.z-SNAPSHOT)
Content-Type: text/html
Content-Length: 2379
Last-Modified: Tue, 10 Jan 2017 11:15:29 GMT

How can I "override" the response the server behind the proxy gives with another respons from the ReverseProxy?

For example, I want my output to look something like this (if possible)

curl -I https://dubdomain.domain.tld
HTTP/1.1 200 OK
Date: Fri, 13 Jan 2017 09:19:02 GMT
Server: Apache24 (or even something else)
Content-Type: text/html
Content-Length: 2379
Last-Modified: Tue, 10 Jan 2017 11:15:29 GMT

Is this achievable?

Please excuse any formatting or grammatical errors.

I am currently using automysqlbackup to take local backups of my mySQL database. I recently started to having problems that is connected to that automysqlbackup (or in fact mysqldump) does lock the tables before dumping.

I have not access to any mySQL user or the root user, only the /etc/mysql/debian.cnf.

I would need to add the parameter "--lock-tables=false" so automysqlbackup does'nt lock the tables. I am aware of the risks that follows.

I have set up a working SMTP relay together with MailScanner. This SMTP relay is not — and will not be — able to relay email from the outside, only local email.

We are providing a SMTP relay for our customer so they can get notification from for example their Wordpress site. But sometimes - as you all know, the sites will be hacked and could start spamming emails (10k/ hour). I want to use fail2ban to block a server to do so.

For example: Customers site has been hacked and one of their vhost is spamming alot of emails. Fail2Ban detects the flood and block all trafic on port 25 from that server - and send me a email that "Server B has been blocked due to smtp-flood".

How can this be achieved?

I have set up a working SMTP relay together with MailScanner. This SMTP relay is not — and will not be — able to relay email from the outside, only local email.

Is it possible to send a malicious email with the terminal? I have googled around but could not find anything that could answer my question. For example, I want to use:

echo "{malicious-string}" | mail [email protected]

What could the "{malicious-string}" be?