Configure networking to select best route for VPN hosts

I have an OpenVPN server and some clients that connect to it, for example:

  • host1 (at location1)
  • host2 (at location2)
  • laptop (my travel machine)

Is it possible to configure routing in such a way that when I’m at a remote location and connect to the VPN, I can access host1 and host2 through the VPN connection, but when I’m at location1 access to host1 is direct and does not go through the VPN? Similarly, when I’m at location2 access to host2 is on the local network without having to traverse the VPN and access to host1 continues to be through the VPN?

Is there a DNS, or some naming convention, to make this possible?

Virtual hosts on Apache not applying 301 redirect

I have a Ubuntu 18.04 server on an Amazon EC2 instance running Apache 2, with an SSL certificate installed, which I use exclusively to host virtual hosts for .tld variations of the policymakr.com domain, sharing the same fixed IP.

I want the configuration to achieve the following:

  1. the main domain (policymakr.domains, which has a index.html page and is meant to be accessible on the server by SSL) to be accessible on the server;
  2. all the other tlds to redirect via a 301 redirect to https://www.policymakr.com which is hosted separately by a managed WordPress host;
  3. redirect all http inbound policymakr.domains traffic to https, and all policymakr.domains traffic to www.policymakr.domains.

(The reason I’m doing this is because I want to remap the tlds via a 301 for SEO purposes, and this can’t be achieved by the host of my WordPress site because the site is hosted on a shared server.)

I started setting up the tlds, and they redirected fine. The .conf files for the tlds (.net, .org, .info and .io) are all identical and look like this:

<VirtualHost *:80>    ServerAdmin webmaster@policymakr.com    ServerName www.policymakr.[tld]    DocumentRoot /var/www/html/policymakr.[tld]/    ErrorLog /var/www/logs/error.log    Redirect 301 / https://www.policymakr.com/ </VirtualHost> 

After I set up the tld virtual hosts, the 301 Redirects all started working flawlessly.

I kept setting up the virtual host for policymakr.domains to last, owing to the slight extra complexity of needing to install an external SSL certificate (Amazon certificates don’t seem to be able to be attached to EC2 instances).

The policymakr.domains virtual host I set up looks like this:

<VirtualHost *:80>    ServerAdmin webmaster@policymakr.com    ServerName www.policymakr.domains    ServerAlias policymakr.domains    DocumentRoot /var/www/html/policymakr.domains/    ErrorLog /var/www/logs/error.log    RewriteEngine on    RewriteCond %{HTTP_HOST} ^policymakr\.domains    RewriteRule ^(.*)$   http://www.policymakr.domains/$  1 [R=permanent,L] </VirtualHost>  <VirtualHost *:443>    ServerName www.policymakr.domains    ServerAlias policymakr.domains    DocumentRoot /var/www/html/policymakr.domains/    SSLEngine on    SSLCertificateFile /etc/apache2/ssl/[crt file name]    SSLCertificateKeyFile /etc/apache2/ssl/private/[private key]    SSLCertificateChainFile /etc/apache2/ssl/[bundle file]    RewriteEngine on    RewriteCond %{HTTPS_HOST} ^policymakr\.domains    RewriteRule ^(.*)$   https://www.policymakr.domains/$  1 [R=permanent,L] </VirtualHost> 

After this, the redirections for policymakr.domains are functioning exactly as I wanted (i.e., non-www to www, http to https), but the 301 Redirects for the other tlds have stopped working. Instead, they all now redirect to https://www.policymakr.domains.

I basically don’t know what I’m getting wrong here.

Highly available virtualized SQL Server on 2 ESXi hosts and one SAN storage

I have two ESXi hosts. I am planning on installing a SQL Server instance on each hosts and make them highly available. The two hosts are connected to one SAN storage. The storage is Dell EMC PowerVault and it supports both Dynamic Disk Pools and RAID.

Now, in order to use AlwaysOn Availability Groups with SQL Server instances, how would I arrange the storage? Should the disks be VMFS or RDM?

Note: I am using vSphere 6.7

Nagios Passive Check – Discover Hosts Submitting Then

I have inherited a Nagios environment and we are looking to move some of the functions into other tools.

There is approx 20 Passive Checks, the ‘host’ is 127.0.0.1. Of the 20, it looks like there are 10 different hosts performing the check (some sort of file check). I am unable to find which hosts are submitting these results, it’s not included in the service, status info, etc. How can I find out these hosts?

Thanks!

Ansible: how to manage hosts if they are not always online?

My apologies if this question has been asked before, but I may not be using the correct terminology in my searches…

In my spare time I’m managing a limited amount of hosts (desktops and laptops running Debian Stretch) with Ansible. My ‘installer playbook’ creates a single configuration on all those hosts with different hardware to make management much easier. I’m now manually running an updater role from time to time and every once in a while I find a useful tweak that I then deploy to those hosts that are online. But: some of them rarely come to the office, and if they are available for an update, it’s always a hassle to determine which tweaks I still have to deploy on that machine…

Sure, I can:

  • write an epoch timestamp ({{ ansible_date_time.epoch }}) to a file on each host that can be retrieved and set as a fact
  • create a new task for each new tweak, adding a tag with the epoch timestamp and a conditional to check whether the epoch-fact > epoch-tag
  • update the epoch timestamp on the host after a successful playbook run

Is this how it should be done?

Why did hosts get infected if the endpoint protection product has a signature for that malware?

Multiple hosts were attempting CNC communication that is specific to a threat from at least 2013, H-worm.

However, endpoint protection is deployed on these hosts and functioning but no malicious files were recently detected. The endpoint protection product is even specified in the malware’s CNC. But this threat is very old and my vendor seems to have signatures for it. I queried some file hashes (from the FireEye article I linked above) in VirusTotal to see if my vendor detects them and it does. Scheduled antivirus scans were also running as they should but nothing was detected.

My main question is, why did the endpoint protection miss these infections?

Right now I have 3 guesses:

  1. A product malfunction has taken place and I need to contact my vendor;
  2. There exist (new?) instances of H-worm that are not detected by my vendor
  3. These infections are not reflected in endpoint protection logs for some legitimate reason