#ubuntu-eu 2010-12-15
<apollo13> zed: around?
#ubuntu-eu 2010-12-17
<EnTeQuAk-Work> zed: ping
<EnTeQuAk-Work> ups, sorry.  Did not read backlog, apollo just told me ;)
<zed> 2/clear
<zed> ratÃ©
<apollo13> zed: should I understand that?
<zed> apollo13: no :)
<apollo13> ok, so hows eshu :)
<zed> ahem... how do I say that, I rebooted eshu in "rescue" mode
<zed> and it seems like it has been rooter
<zed> rooted
<apollo13> yikes
<zed> yup
<apollo13> we should apply updates from time to time hm?
<zed> don't know how it got in (pop3 user apparently, but I don't know why there was a pop3 :p)
<zed> and then eshu : old kernel
<zed> root exploit
<apollo13> damn
<apollo13> okay, what do we do now
<zed> i'll get all the data I can
<zed> (mailman, exim config etc...)
<zed> and reinstall the machine
<apollo13> don't we have backups anyways
<apollo13> btw should we check the nfs
<apollo13> and wasn't backupman on eshu
<apollo13> backupppc
<apollo13> if yes that means ssh keys for every other machine
<zed> yup
<zed> we should check auth.log for remote logging from eshu since 13th
<zed> (with that particular key)
<zed> if none then we're lucky
<apollo13> ok starting that in 2 minutes
<zed> ok me too
<apollo13> zed: you don't happen to have a jabber id?
<apollo13> zed: 13th since when?
<apollo13> cause asa logins till 13. 01:02 backuppc
<apollo13> I am installing rkhunter and chkrootkit on all machines :Ã¾
<zed> apollo13: that might be the last time it was backupe
<zed> d
<apollo13> jupp
<apollo13> btw why does lastlog show jan for lastlogin
<apollo13> auth.log (last):
<apollo13> Dec 13 01:02:56 asa sshd[12967]: pam_unix(sshd:session): session opened for user backuppc by (uid=0)
<apollo13> lastlog:
<apollo13> backuppc         pts/2    eshu.ubuntu-eu.o Fri Jan  2 01:40:16 +0100 2009
<zed> that's funny
<apollo13> aside from beeing funny, got an explanation?
<zed> ntpq -p ?
<apollo13>  eshu.ubuntu-eu. .INIT.          16 u    - 1024    0    0.000    0.000   0.000
<apollo13> if you mean that
<apollo13> PID  5734(/proc/5734): not in readdir output
<apollo13> PID  5734: not in ps output
<apollo13> CWD  5734: /var/spool/nullmailer/queue
<apollo13> on dongo
<apollo13> nothing to worry about though I guess
<apollo13> zed: http://paste.pocoo.org/show/kaqvNz3rxUezh8RpwYay/ can you look over that?
<apollo13> oh and on lisa ntop is running :(
<zed> ok, if it's just rsync server that's file
<zed> it's the command backuppc should execute
<apollo13> jupp, at least I couldn't find any other commands around that
<apollo13> but might have overlooked something
<zed> for gu that's ok
<zed> (the packet sniffer is a false alert)
<Agafonov> zed: we (ubuntu.ru) need to change something in DNS records but ehsu is out of order and I cannot use nsset. Is there other way?
#ubuntu-eu 2010-12-18
<zed> I'm working on restoring eshu
<EnTeQuAk> thanks!
<zed> the machine is up, i'm recreating the RAID array it takes quite some time... :)
<zed> let's have a break
#ubuntu-eu 2011-12-13
<zed> well we got a replacement machine
<zed> but no news from the actual eshu
<encbladexp> ok
<encbladexp> smurf has moves DNS from eshu to lisa
<encbladexp> getting a Backup from Mailman & Mail maybe nice
<zed> well eshu was the backup machine... :/
<encbladexp> backup for what?
<zed> backup for web servers, mysql database
<encbladexp> MySQL is (afaik) a long time done by lisa and asa
<encbladexp> which web services are running on eshu?
<zed> there was only mailman
<encbladexp> ok
<zed> I can provide the replacement machine tomorrow in the morning is that ok ?
