similar to: compromising security

Just search online why in general that is insecure via CLI vs programmatic for first class automation.. there is a reason why snmp, rest, ... exist. On Thu, Mar 29, 2018 at 3:50 AM, Tomasz Chmielewski <mangoo at wpkg.org> wrote: > You've mentioned security issues in your previous email, but now you're > hopping to management issues. > > Have you tried Ansible, Chef or

Programmatic management with first class APIs is preferred for larger deployments.. On Mon, Mar 26, 2018 at 12:28 PM, Tomasz Chmielewski <mangoo at wpkg.org> wrote: > Could you elaborate on why CLI (SSH) managing is insecure? > > > Tomasz Chmielewski > https://lxadm.com > > > On 2018-03-27 04:23, al so wrote: > >> So, for remote manageability of Tinc, we

There is a reason most NMS systems used SNMP in the past and REST apis past 7+ years. They don't use CLIs except toy Expect type scripts.. Not just security but better error handling and more. Good luck learning! On Thu, Mar 29, 2018 at 9:03 AM, Tomasz Chmielewski <mangoo at wpkg.org> wrote: > SNMP is mainly used for monitoring, not _server_ automation. > > Also, it's

Al like any open-source or free sofware you need to put the leg work into what you want it to be. My company is actually creating something using TINC and we believe in it. If successful we'll be giving back to TINC monetarily in a big way to make TINC even better so if TINC isn't for you keep an eye on further developments in the future. Thanks, Rafael On Thu, Mar 29, 2018 at 12:03

I converted an ext4 filesystem with btrfs-convert, mounted it, and wanted to do "lzop -d ...". The result was an immediate Oops (btrfs is on LVM, on dm-crypt, on /dev/sdb which is USB-connected). mini-904.img.lzo dentry_open failed BUG: unable to handle kernel paging request at ffffffcd IP: [<c01b5f36>] fput+0x6/0x30 *pde = 00575067 *pte = 00000000 Oops: 0002 [#1] SMP last sysfs

What is the easiest way to allow normal users to install printers (which are available through a Samba server)? Normally, Windows 2000 and XP need to have a printer installed by the admin first on a given workstation - only the it can be used by the user. I want to allow the user to install own printers. Now, when one trises to right click on a printer on a server and "connect", he

I have the following appended to gluster logs at around 100kB of logs per second, on all 10 gluster servers: [2012-06-11 15:08:15.729429] I [dht-layout.c:682:dht_layout_dir_mismatch] 0-sites-dht: subvol: sites-client-41; inode layout - 966367638 - 1002159031; disk layout - 930576244 - 966367637 [2012-06-11 15:08:15.729465] I [dht-common.c:525:dht_revalidate_cbk] 0-sites-dht: mismatching layouts

At the beginning of August, Mikulas Patocka posted to linux-kernel mailing list about adding snapshot merging to LVM[1]. Basicaly, snapshot merging means that it is possible to turn a snapshot back into its origin. Using LVM, however, means that you need to have free place outside of the filesystem (i.e., in physical volume) to make snapshots, which is not always possible on workstations and

I have a share with a couple of symlinked files in it. On a Samba server, it looks like this for "addon" directory: # ls -l (...) acrobatreader7 (...) addon -> /home/samba/unattended-write/packages Now, if I mount it on a Linux client using smbmount, symlinks point to non existing directories locally (/home/samba/unattended-write/packages exist only on a Samba server): #

I'm using roaming profiles, and to logon, it often takes one-two minutes or so on a 100 Mbit network (no traffic), with profiles as small as 2-5 MB. Clients are Windows XP SP2 machines, Samba versions 3.0.11 and 3.0.14a (deiifernt networks). Can it be a DNS problem? Right now the DNS is on a separate machine (small router really), and doesn't really know what Samba is. -- Tomek

I have an asterisk box and SIP / IAX2 phones. To call out, users have to add 0 (zero) before a real telephone number. That means, that if they want to call someone that has a number 123456, they have to call 0-123456. Simple, right? This has a serious drawback though - when someone calls us from the number 123456, we see the callerID 123456, and we're unable to use the callback/redial

rsync in daemon mode is very powerful, yet it comes with one big disadvantage: data is sent in plain. The workarounds are not really satisfying: - use VPN - one needs to set up an extra service, not always possible - use stunnel - as above - use SSH - is not as powerful as in daemon mode (i.e. read only access, chroot, easy way of adding/modifying users and modules etc.) Why was encrypted

I''m trying to use this feature of qgroup: btrfs qgroup assign <srcid> <destid> <path> Assigns the lower level qgroup src to the higher level qgroup dest in the btrfs found in <path>. It is used to build qgroup hierarchies. However, I fail to understand how this feature should work, and I''m getting "ERROR: bad relation requested":

Hello, Is there a list of software phones which will work with Asterisk? For Linux and Windows? I don't have any hardware yet, and before I buy anything I would like to know how Asterisk really works (with software "phones" for example). Tomek

I have the following tinc setup: client -- tinc DC1 -- tinc DC2 -- 10.1.2.0/24 subnet It generally works well, however, there is one issue I'm not able to solve: *sometimes*, connectivity to *some* destinations does not work for the first few seconds. To demonstrate: $ mongo mongo.example.com:27017 MongoDB shell version: 3.2.12 connecting to: mongo.example.com:27017/test

Folks, We''re pleased to announce the official release of Xen 3.1! This represents a major milestone in the Xen project containing performance and stability enhancements, additional features for all architectures, and a brand new management API. Highlights of this release include: - XenAPI 1.0 support - XML configuration files for virtual machines; - VM life-cycle management

Folks, We''re pleased to announce the official release of Xen 3.1! This represents a major milestone in the Xen project containing performance and stability enhancements, additional features for all architectures, and a brand new management API. Highlights of this release include: - XenAPI 1.0 support - XML configuration files for virtual machines; - VM life-cycle management

I'm trying to join a Windows 2008 to a Samba4 domain. I'm able to ping Samba4 or browse its network shares. Unfortunately, I can't join Windows 2008 to this Samba4 domain - I'm not even asked for Administrator password. Windows 2008 errors with the below message, which roughly translates to: DSN-query for domain "samba4.my.domain" was successful. The query was for

On 2017-02-21 16:39, Tomasz Chmielewski wrote: > tshark shows "TCP Spurious Retransmission" for cases where curl is not > able to fetch any data. > > > Both tinc servers are running Ubuntu 16.04 (64 bit) with tinc 1.0.26. > > DC1 is Europe (Hetzner); DC2 is in USA (Amazon AWS). > > > > What's interesting, I don't have these timeouts when I

Hello folks, I reported a bug here: https://bugzilla.kernel.org/show_bug.cgi?id=63071 but I am not sure if that was the right thing to do. This is producing OOM issues and leading to system crashes (including eventual panics) with such alarming frequency that I wonder if perhaps there is something different about my setup than others. In a nutshell, I originally made the mistake of storing a