Is it possible to exclude certain IP addresses from Nginx's access.log, for example where lots of the requests come from a monitoring server?
How to configure Ubuntu 12.04 Server to dynamically adjust CPU frequency during quiet times?
I've found a set of instructions at http://ubuntuforums.org/showthread.php?t=944190, suggesting to add acpi-cpufreq to /etc/modules, modprobe it, and then put one of (powersave, performance, ondemand, conservative) into the /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor files.
But on my system, those files don't exist:
user@pc:~$ ls /sys/devices/system/cpu/cpu0/
cache microcode subsystem topology
crash_notes power thermal_throttle uevent
There's an empty directory at /sys/devices/system/cpu/cpufreq, but
user@pc:~$ sudo echo conservative > /sys/devices/system/cpu/cpufreq/scaling_governor
gives error:
-bash: /sys/devices/system/cpu/cpufreq/scaling_governor: No such file or directory
Intel Atom CPU, if that makes a difference.
What combination of UFW rules would deny all outbound connections except for those which are required to install Ubuntu security updates?
When using RAID1, is it best practice to buy spare disks at the same time as the original disks to ensure you have the identical type in case they become unavailable in future?
Say you want to be able to easily see who's logged in to a system recently.
auth.log has this information, but it's very cluttered with crontab entries and you have to use sudo to read it.
Proposed solution:
- Write a script to parse /var/log/auth.log looking for interesting things
- Make root the owner of that script
- Create a user who can't login
- Add that user to the "adm" group, thus giving them read-only access to logfiles
- Put the script in that user's crontab
What are the security risks of that solution? Adding someone to adm group seems risky, but if all they can do is run a script that's been checked to not do anything bad.
How to allow only certain users to login to an SSH server from a particular network interface?
e.g.
- eth0 is "outside", eth1 is "inside".
- user1 is trusted to login from anywhere
- user2 is only allowed to login from "inside"
Can't use AllowUsers user1@eth0 because AllowUsers takes a hostname not an interface name.
Other answers on this site suggest something like:
Match address 1.2.3.4/16 # eth0's network
AllowUsers user1
Match address 2.3.4.5/16 # eth1's network
AllowUsers user1,user2
Match address 0.0.0.0/0 # Match's equivalent of a closing brace?
However if eth0 is using a DHCP server to get its address, then it doesn't know in advance that 1.2.3.4 is the right address to put in sshd_config.
(OpenSSH on Ubuntu 12.04 if that makes a difference)
In IIS7, we have an application which comes supplied as a .dll file. Application is known to work in II6 on a different server.
When browsing the URL of this application, it sends the .dll itself as a binary file (giving prompt of "Download: do you want to open or save this file" in the browser). For the application to work, we want ISAPI to run the DLL and send the resulting HTML.
What could be the problem? What needs to be configured to make this work? We've tried adding the specific .dll file to both IsApiFilters or to a Script Map in HandlerMappings (using handler IsApiModule). Module list shows that IsApiModule is Loaded.
The server-wide list of Handler mappings shows ISAPI-dll in the Disabled section with Path:"*.dll", Path type: "file". Is this entry relevant? Can it somehow be moved into the Enabled section?
[using IIS Manager GUI to edit settings]