CVE-2024-6387 | Ubuntu

This may enable remote code executionn with root privillege.

If you have your OpenSSH server exposed to Internet, please pay attention to this, and update is recommended.

Note: this bug does not only affect Debian/Ubuntu. It is related with sshd, so every Linux distro might be impacted. At lease, RHEL is confirmed to be impacted and they are pushing fixes to sshd on RHEL, see: CVE-2024-6387- Red Hat Customer Portal

Ok folks, my homelab is in a soundproofed "closet", so it has some fans (2 intake on bottom 3 outtake on top) to dump the heat in the room. They are 33 CFM fans each. At the moment, if I run around 250W (at the wall) of load, the cabinet gets up 25 degrees F (using a raspberry Pi sensor near one of the of fans, it goes from 75 ambient to 100, that's from 24 to 38 C for us in metric lands). The cabinet is 10 cubic feet (0.3 M3).

I want to understand how to make it cooler (A/C is not an option - only fans), but something doesn't add up and I don't understand why: 250W is not a lot, and already 100 CFM of out take and 66 of intake are running full time. I tried multiple ways of calculating this. For example, the CFM = BTU/(1.08 * DeltaF), which says that given 250W, to keep it within 5 F from room temperature, I would need exactly 160 CFM.

Am I using the wrong formula? How do I figure out how much fanning do I need? My final goal is to get to a temperature + watt load -> pwm controlled fan that minimizes noise.

Hi all,

Due to lack of space in my house, I'm basically limited to placing some of my homelab equipment in a wardrobe once I can successfully run my cable to the office. With that in mind I was hoping to get a couple of Noctua NF A20 fans and cut in some intake and exhaust vents into the side panel of the wardrobe to keep the equipment cool.

Unfortunately I'm very much struggling to find any brackets that would work for this. I'm basically trying to make an AC Infinity type setup but just DIY.

Any help would be very much appreciated if someone could point me to where I might be able to get some mounts for the fans.

Thansk

Anyone have recommendations for cost effective rackmount cases you can convert a tower case . I have a truenas system setup in a tower style case and I kinda want to mount it, it just sits on top of my rack. I figure any of the 100-200 dollar ones would work, but just curious if any stand out for anyone.

Hello fellow homelabbers,

I'm sure I'm not alone in this, and it's also hard to explain, so let me now if you need me to elaborate on it.

I started my homelab journey with an old PC, later on replaced the old PC with a newer one, upgraded the parts and so on.
I'm not at point where I'm rack mounting things and it's all nice and good.
Except, that I'm spending quite a lot of time with consumer hardware, handling parts, doing partially upgrades, looking for second hand and cheap options all the time. Which is starting to bug me out a bit, and the power consumption has exploded.
It's fun and good learning, but it's also frustrating the way I've built it.

Have any of you just put an end to it, saved up some more, and went with proper enterprise hardware, and managed it all properly, or how did you get around this "problem", and what would you suggest going forward with this?

I have a single domain - mysite.com

I want to run an on-prem bind server that resolves all of my on-prem servers / services, but I ALSO want to use the same domain in google's cloud dns to resolve some stuff i'm dorking with up there on a free trial, just trying to learn the ecosystem.

so, on-prem would have things like ubiquiti.mysite.com, or proxmox.mysite.com as single sites. Then in the cloud I would have mysite.com as just a static web page, and nextcloud.mysite.com, etc.

I'm using ephemeral IPs on google, so what I want to happen is instead of adding dns entries for everything in my bind server, I want it to forward the request to google dns if it can't resolve it on-prem, even if it's in the zone that is configured.

does that make sense? (not asking if it's best practice, asking if its possible)

I've looked at split DNS, but it doesn't seem that that's what I want.

Hi all,

I've had a dl360p gen 8 around my lab for quite a number of years. Yes it's old and I should probably replace it, but I'm way more curious now that it's started giving me troubles...brain chemicals and whatnot.

Anyway, the system started having random reboots happen and 8 times out of 10 wouldn't address the entire 128GB of memory. Stripped the thing down and inspected it, bent CPU pins. No worry, now is my time to upgrade the two E5-2660 (v1) processors. Ended up buying two E5-2680 v2's. Swapped the system board out, fresh as it can be and left the 2660's in because of the hoard of updates that needed to be done prior to getting the v2's in and the new system board hadn't been updated in a decade it seems.

iLO4 was updated to the newest version (2023), system ROM/BIOS was updated to the latest version. Also had to run an Ivy Bridge arch update (hp-ivb_update-1.80-2) from 2014 that I suppose opens up the possibility of v2 CPU's.

After all updates had been completed I went ahead and swapped in the E5-2680 v2's. During post I'm met with a message of "259 - Unsupported Processor configuration detected. All installed processors do not have the same model number". Pulled the CPU's out just to double check and both of them have the exact same text on the front and indeed appear to both be E5-2680 v2's.

I confirmed that I could post successfully with one of the 2680 v2's instead of two, I double checked this for each processor just to make sure one of them wasn't bad. I went down the rabbit hole of processor stepping and confirmed they are each showing "stepping: 4" catting out /proc/cpuinfo. I reset the system bios/rom to default settings using the dip switches, still getting the same error. I've tried disabling turbo boost and hyperthreading with no luck. The only difference I've been able to ascertain was when I was in the linux terminal and catted out /proc/cpuinfo. One of the processor "cpu MHz" was reading 3600.000 and the other was showing "2783.429" which is closer to the base clockspeed of 2.8GHz, this was when I still had turbo boost and hyperthreading on.

I'm really out of ideas at the moment, other than trying to order another batch of E5-2680 v2's or maybe even step it down to the 2670 v2 or something. Any ideas would be much appreciated!

So I am currently learning how LXCs work and one of the things i dont really understand is how it isnt a security issue that multiple LXCs are mapped to the same host users.

From my understanding a user inside an unpriviledged container gets mapped to its container user id +100000 on the host, so user 1000 inside the lxc is going to be user 101000 on the host.
Doesnt that also mean if i got multiple LXCs that all have the inside user of 1000 they all get mapped to the same user (101000) on the host?

Doesnt that mean if there is a container break out on one of the containers all other containers that have a user with the same id could be accessed too? (and all the resources they have access to?

THanks & sorry if this is a dumb question, but couldnt find much on that exact situation :)

Hello labbers,

I'm curious if anyone has found and used any open source website builder software and if they're any good. I found a site to build a page and export the html code but its pretty basic. I'm looking for something that can build multiple pages, add photos, links, side bars, etc.

I don't feel like paying hundreds of dollars to build a website only to not be able to export the html file.

I have a basic site that I've created in html but it's very lackluster and do not feel like learning html yet.

Edit: I have my own fqdn and prefer to host it myself

Hi, I'm searching for the following requirements in a MOBO:

• Double 10G Ethernet
  
• IPMI with Ethernet
  
• AMD socket
  
• ECC RAM
  
• SSI-CEB max size

I've seen ASRock Rack EPYCD8-2T, or Supermicro H11SSL-NC but they only support PCIe 3.0, I'd like to get something better, any tip from you?

Hi, does anyone know if there is a possibility to use MSLab without internet access?

I want to deploy a simple AD Lab to test some things but my environment has no network connectivity...

GitHub - microsoft/MSLab: Azure Stack HCI, Windows 10 and Windows Server rapid lab deployment scripts

So, I've got TrueNAS fine with 8x SAS drives in a Fractal Design 804 with a 9211-8i HBA and another TrueNAS with a bunch of spare stuff and 2008 HBA doing backups with 4x SAS drives.

12x SAS drives in total over two machines, both have additional SSD doing booting. No problems.

However, I've never dabbled in Enterprise and have just been given a HP DL380e - 12x 3.5" bays at the front, 2x 3.5" bays at the front.

Thing has been wiped, BIOS reset to defaults and comes with a bunch of spinners but wondering what the possibility is of getting two SSD's in the backplane and my own 12x SAS drives up front?

Already surprised to see that there is talk of license keys in the BIOS - of which I have nothing, puchased a iLO key to see if I can atleast get somewhere with that and will start off with trying to put TrueNAS on the SSD and get it to boot and then move onto see what state the front drive plane is in.

So far random Googling has not left me optimistic about the whole thing with talk of the P420 controller, B320i controller, HPE Smart Array SAS License Key to support SAS drives, supported drives, supported memory... being used to Desktop stuff figured I'd just have to get the HBA in IT mode and off I'd go.

Power hungry and loud is already a known factor - so outside of that any good places to start or anything encouraging?

Hello there,

my homelab currently consists of a windows server (22) hosting:

• a Windows Domain Controller (for login accross services and pcs)
• a Windows Remote Apps Service (with RDWeb Client enabled)
• a SMB Fileserver
• a WSL Docker Engine with all my linux based Services

I often use the RDWeb Client to use windows exclusive programms from Linux/Android Devices. (i know of wine but my it doesn't make sense in my distro configuration; my homelab has also specs for that purpose).

For the web-native services (e. g. VaultWarden, VSCode, Nextcloud, Homeassistant, Mailcow, Gitlab...) i have a dashboard (Homarr) and can access them via subdomains through Nginx reverse proxys. The Remote Apps are accessed via the windows RDWebclient Resources Page.

I am now looking for a alternative dashboard that can serve both the web-native services as well as the windows-remote apps so i can have a central access to all my programms and tools. It is important to me that the dashboard is also compatible with my identity provider service (via oauth or ldap).

Alternatively I was wondering if there was a way to access single RDWeb App individualy by URL (the Browser URL does not change when I open a app). That way i would also be able to add it to my current dashboard.

A third option would be to figure out how to add own shortcuts to the webapps that than open in seperate tabs in the local browser instead of the remote machine.

Hi all!

I have a single server (12 cores, 24 threads, 64GB RAM, 2.5 TB storage for OS-related stuff and stuff running on virtual servers, 8TB dedicated for a virtual file server), running ESXi/vCenter and a bunch of other virtual servers.

I have a domain and Active Directory running, with Group Policies and DNS roles as well. Some other stuff too, to run and manage my domain on my home network.

I have a file server based of a Windows Server 2019 server, containing all important stuff of the people in my household, running a backup to cloud storage every other day with smart retention set up.

Besides the above I run a VMware homelab, well not exactly besides this, as the virtual servers mentioned above run on the ESXi Hypervisor and are managed through vCenter, which are part of my homelab setup. I also run a Workspace ONE stack with Horizon Instant Clone pools and so on.

Recently, also because of the Broadcom/Omnissa stuff happening regarding VMware products and myself looking to other employers that are less likely to run much VMware stuff, I am starting to wonder how solid my homelab solution is, I have subscriptions for the products I use for some 10 months until they expire and if the VMUG Advantage program is still alive I could just renew that.

Thing is, you never know if VMUG Advantage will still be a thing next year, and if I do switch employers and stop working with VMware products, I am unsure if it is very wise to stay with this setup I run now. But when I deside to quit the VMware stuff I have to find something else, and more importantly, migrate or rebuild all the virtual server on another hypervisor. I think it would have been wiser to have seperated the servers, deploying the stuff managing my home environment (AD, Fileserver, Home Assistant) with the homelab (VMware stuff) I use for a bit of professional learning and hobby at the same time. Now whenever I quit VMware/ESXi I will have a challenging migration ahead of me, I think?

So now I'm looking at a few scenario's:

1. Find an alternative for ESXi and set all of it up kind of in the same way I have it running now.

2. Find an alternative for ESXi, setup virtual servers that runs AD, Fileserver and all that other stuff. Keep a seperate server for homelab/hobby projects.

3. Find an alternative for ESXi, setup virtual servers that runs AD, Home Assistant, Plex and other stuff on it. Buy or build a NAS or other file server system for my fileserver so it get's seperated from the before mentioned servers. Also get a seperate server for homelab/hobby.

4. A mix of the two above.

5. Keep it going as it is and only jump into action once VMware isn't an option anymore (which might not even become a thing, who knows)

What would you guys recommend?

Also, if you have any fun things to do with my server/homelab, some interesting hobby projects to run on them, please tell me :)