=== kjaer [n=kresten@ip2-224.vejen-net.dk] has joined #ubuntu-server === ivoks [n=ivoks@35-166.dsl.iskon.hr] has joined #ubuntu-server === [diablo] [n=diablo@unaffiliated/miles/x-000000001] has joined #ubuntu-server === h4wk0 [n=h4wk@89.241.226.239] has joined #ubuntu-server [03:13] Hi there, is it possible to do a limit on which commands 'sudo' can run? for example, I'd like the user to be able to run everything APART from passwd === CarlF1 [n=carl@c-76-29-9-184.hsd1.il.comcast.net] has joined #ubuntu-server === CarlF1 [n=carl@c-76-29-9-184.hsd1.il.comcast.net] has left #ubuntu-server [] === CarlF1 [n=carl@c-76-29-9-184.hsd1.il.comcast.net] has joined #ubuntu-server === kupesoft [n=dave@CPE00119583e9ae-CM0013718cb08a.cpe.net.cable.rogers.com] has joined #ubuntu-server === mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server === mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server === mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server === nictuku [n=yves@201-25-80-42.bsace706.dsl.brasiltelecom.net.br] has joined #ubuntu-server === amigamia [n=rio@216.141.226.187] has joined #ubuntu-server [07:09] morning. i installed ubuntu server ver 6 and i thought that it would have a gui for administration to setup the network characteristics? should i have used lamp option? [07:09] ? [07:10] i thought it would be a simple install and the network facilities would be setup at some point? [07:10] they dont have a interface to enter in the properties for your network? [07:10] ? [07:20] bah [07:23] i cannot believe there is no option during installation to enter in the domain, ip address, or anything. [07:23] or did i make an error somewhere? [07:23] whatever === ||arifaX [n=||arifaX@inetpop1.witron.de] has joined #ubuntu-server [07:36] hello [07:36] is anyone even alive or is this just a bunch of bots === amigamia [n=rio@216.141.226.187] has left #ubuntu-server ["Leaving"] === sahafeez [n=sahafeez@ip68-6-223-156.sd.sd.cox.net] has joined #ubuntu-server === fabbione [i=fabbione@conference/ubuntu-developer-summit/x-fe3ffaef77558a3d] has joined #ubuntu-server === Burgundavia [i=corey@ubuntu/member/burgundavia] has joined #ubuntu-server === fabbione [i=fabbione@conference/ubuntu-developer-summit/x-edf66f3516e0e1a3] has joined #ubuntu-server === EtienneG [i=etienne@ubuntu/member/EtienneG] has joined #ubuntu-server === [miles] [n=miles@bcn1.entorno.es] has joined #ubuntu-server [09:31] moin miles [09:34] <[miles] > hi buk [09:34] <[miles] > hows it going [09:34] good [09:35] <[miles] > im shattered... [09:35] <[miles] > was programming til late into the morning [09:35] heh [09:36] I'm tired as hell every evening [09:36] dunno why, dont sleep that well maybe [09:36] <[miles] > me also [09:36] <[miles] > buk: you been playing with Ubuntu server then? [09:42] nope [09:42] won't be able to until friday i guess [09:43] <[miles] > :O === YourMomsHero [n=cirish@ip24-251-191-203.ph.ph.cox.net] has left #ubuntu-server [] === ||arifaX [n=||arifaX@inetpop1.witron.de] has joined #ubuntu-server === Burgundavia [i=corey@ubuntu/member/burgundavia] has joined #ubuntu-server === fabbione [i=fabbione@conference/ubuntu-developer-summit/x-96a9b6c27201ef78] has joined #ubuntu-server === EtienneG [i=etienne@ubuntu/member/EtienneG] has joined #ubuntu-server === ivoks [n=ivoks@wall2.grad.hr] has joined #ubuntu-server === Burgundavia [i=corey@ubuntu/member/burgundavia] has joined #ubuntu-server === Burgundavia [i=corey@ubuntu/member/burgundavia] has joined #ubuntu-server === dj-fu [i=aj@fujin.junglist.gen.nz] has joined #ubuntu-server === fabbione [i=fabbione@conference/ubuntu-developer-summit/x-5e8e0e9d732d8cb5] has joined #ubuntu-server === dexem [n=dani@14.Red-88-26-177.staticIP.rima-tde.net] has joined #ubuntu-server === jsgotangco [n=jsg123@ubuntu/member/jsgotangco] has joined #ubuntu-server === Burgundavia [i=corey@ubuntu/member/burgundavia] has joined #ubuntu-server === Nafallo [n=nafallo@ubuntu/member/nafallo] has joined #ubuntu-server === fabbione [i=fabbione@conference/ubuntu-developer-summit/x-67d888c11e5ce3d1] has joined #ubuntu-server === dexem [n=dani@14.Red-88-26-177.staticIP.rima-tde.net] has joined #ubuntu-server === EtienneG [i=etienne@ubuntu/member/EtienneG] has joined #ubuntu-server === h4wk0 [n=h4wk@89.241.226.239] has joined #ubuntu-server [02:52] <\sh> ok..installing ubuntu dapper server on dl365 with a MSA60 attached === turox [n=chatzill@dslb-084-057-255-163.pools.arcor-ip.net] has joined #ubuntu-server [03:04] /win 21 === ivoks [n=ivoks@78-0-151-118.adsl.net.t-com.hr] has joined #ubuntu-server === fabbione [i=fabbione@conference/ubuntu-developer-summit/x-4431320f6a5a5c4f] has joined #ubuntu-server === r00tintheb0x [n=r00tinth@198.170.183.130] has joined #ubuntu-server === dexem [n=dani@228.Red-83-49-44.dynamicIP.rima-tde.net] has joined #ubuntu-server [04:51] <\sh> hmmm... === fabbione [i=fabbione@conference/ubuntu-developer-summit/x-51a48542927c056a] has joined #ubuntu-server [04:51] <\sh> why is dapper kernel not recognizing the external msa60 (which has 12x750GB Sata HDs with raid6 configured) [04:52] <\sh> I can see the 4 internal sas drives....(everything is hanging on a P800 SmartArray) [04:58] dell + suse on servers? ;( [04:59] suse on dell servers [04:59] :) [05:02] <\sh> hmm??? HP dl365 with P800 SmartArray SAS + 4 internal sas drives + msa60 with 12x 750GB drives === ivoks [n=ivoks@6-84.dsl.iskon.hr] has joined #ubuntu-server === fabbione [i=fabbione@conference/ubuntu-developer-summit/x-ecfb6329fdefb3aa] has joined #ubuntu-server === dexem_ [n=dani@14.Red-88-26-177.staticIP.rima-tde.net] has joined #ubuntu-server === EtienneG [i=etienne@ubuntu/member/EtienneG] has joined #ubuntu-server === ||arifaX [n=||arifaX@inetpop1.witron.de] has joined #ubuntu-server === YourMomsHero [n=cirish@ip24-251-191-203.ph.ph.cox.net] has joined #ubuntu-server === cirish [n=cirish@ip24-251-191-203.ph.ph.cox.net] has joined #ubuntu-server === mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server === cirish [n=cirish@ip24-251-191-203.ph.ph.cox.net] has left #ubuntu-server [] [06:11] Leave me alone you nasty little Gibbon Monkey. [06:11] oops, my bad. [06:12] . . . [06:13] why does that make me remember the monkey scene from Bruce Almighty? [06:13] hah === ivoks [n=ivoks@6-84.dsl.iskon.hr] has joined #ubuntu-server === slackwarelife [n=slackwar@host197-128-dynamic.5-87-r.retail.telecomitalia.it] has left #ubuntu-server [] === slackwarelife [n=slackwar@host197-128-dynamic.5-87-r.retail.telecomitalia.it] has joined #ubuntu-server === ivoks [n=ivoks@23-114.dsl.iskon.hr] has joined #ubuntu-server === gubluntu [n=gulbuntu@mail.ospreycap.com] has joined #ubuntu-server [07:56] does anyone know of a method to auto blacklist in hosts.deny anyone trying to ssh to me from any other user than root? [07:59] does it have to be hosts.deny? [08:00] no [08:00] it would be better to do it this way [08:00] i just want to stop these bruteforce attacks === sahafeez [n=sahafeez@ip68-6-223-156.sd.sd.cox.net] has joined #ubuntu-server [08:00] 'blacklist any host that tries to ssh more than 4 times in 60 seconds' [08:01] is that a better solution? [08:01] more then 4 failed attempts [08:01] right.. how do i go about this? [08:01] no, more than 4 new ssh connections [08:01] you can do it 4 in 30 seconds [08:02] it's unlikely that anyone would want to connect 5 times in 30 seconds [08:02] okay [08:02] how do do that? [08:02] iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 4 --rttl -j DROP [08:03] you can even do some logging about it [08:03] then you have to create rule (before that above): [08:03] iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 4 --rttl --name SSH -m limit --limit 2/sec -j LOG --log-prefix "SSH_brute_force:" [08:04] and beofre both of them: [08:04] iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH [08:07] thanks [08:07] do all three backwards in order? [08:07] yes [08:07] thanks [08:09] umm... [08:09] does it work? [08:11] probably not... this will work: [08:11] TRUSTED_SSH="127.0.0.1/32" [08:11] iptables -N SSH_WHITELIST [08:12] iptables -F SSH_WHITELIST [08:12] iptables -A SSH_WHITELIST -s $TRUSTED_SSH -m recent --remove --name SSH -j ACCEPT [08:12] iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH [08:12] iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST [08:12] iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -m limit --limit 2/sec -j LOG --log-prefix "SSH_brute_force:" [08:12] iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP [08:12] (sorry for flood) [08:13] note that this one is for 60 seconds, not 30 [08:23] iptables v1.3.3: Unknown arg `-j' [08:24] ivoks: PiNG :-D [08:24] -j? -j is in iptables from the begining === gubluntu shrugs [08:24] im just the messenger [08:25] iptables eludes me [08:25] modprobe ip_tables? [08:26] returned nothing [08:26] retry returns same error [08:26] that's ok [08:27] --jump -j target [08:27] target for rule (may load target extension) [08:27] its in my help [08:27] right [08:27] does it come before SSH ? [08:28] no [08:28] SSH is name [08:28] target is ACCEPT [08:28] oh [08:28] you mean DROP [08:28] i dont have DROP in there [08:28] i don't what rule you are talking about === gubluntu blushes [08:29] last one [08:29] done.. no error [08:29] typo? :) [08:29] ya [08:29] how do i see all of the rules i added? [08:29] so i can check them for errors? [08:29] iptables -L [08:31] http://pastebin.ca/475820 [08:31] can you take a look real quick? [08:31] do you mind? [08:33] yup, that's ok [08:33] thank you very much [08:34] now open ssh connection to it [08:34] and stay logged in [08:34] and in other terminal [08:34] open another ssh connection, close it, open again, close it and then try opening it again :) [08:34] how long will i be locked out for? [08:34] forever :) [08:35] but established connections will not be locked out [08:35] hmm.. [08:35] how do i remove blacklisted ips? [08:36] where do they end up? [08:36] clearing SSH chain [08:37] in kernel [08:37] firewall [08:38] hmm [08:39] i cant seem to figure it out [08:39] what? [08:39] clear ssh chain [08:40] http://www.debian-administration.org/articles/342 [08:40] maybe this is what you want... [08:46] time for me to go... [08:46] if you don't like those iptables rules, don't forget tu flush iptables [08:47] k [08:47] thank you [08:47] otherwise, you could end up locked out [08:47] s/tu/to [08:48] iptables -F [08:48] iptables -X === Kamping_Kaiser [n=kgoetz@gnewsense/friend/kgoetz] has joined #ubuntu-server === jpiccolo [n=sdfer@c-71-58-126-234.hsd1.pa.comcast.net] has joined #ubuntu-server [09:21] how would i install a smp kernel from the command line [09:24] sudo apt-cache search linux-image [09:25] pick appropriate kernel [09:25] sudo apt-get install some-linux-kernel === h4wk0 [n=h4wk@89.241.226.239] has joined #ubuntu-server [09:32] i am not seeing any with a -smb do i need to enable that [09:33] you should look at the ubuntu package manager for the kernels, it may tell you which kernel was compiled with what options [09:33] http://packages.ubuntu.com/ [09:34] what are you running? === ivoks [n=ivoks@ubuntu/member/ivoks] has joined #ubuntu-server === turox [n=chatzill@dslb-084-057-255-163.pools.arcor-ip.net] has joined #ubuntu-server === arturaz_ [n=arturaz@2002:57f7:4d58:0:0:0:0:3] has joined #ubuntu-server [10:40] I'm having some problems with mdadm, I want to delete a software mirror and I was able to fail /dev/md1 /dev/sdb5 and remove it from the array, but it will not let me fail / remove /dev/md1 /dev/sdc5. [10:42] when I try mdadm --set-faulty /dev/md1 /dev/sdc5 I get mdadm: set /dev/sdc5 faulty in /dev/md1 but when I try mdadm --remove /dev/md1 /dev/sdc5 I still get mdadm: hot remove failed for /dev/sdc5: Device or resource busy [10:42] Any suggestions? [10:45] and md1 is mirror of sdc5 and sdb5? [10:45] yes [10:45] so, you now have md1 in faulty state (without sdb5)? [10:45] correct [10:46] why is it strange that you can't delete other disk in raid while using apps which are on that disk? :) [10:46] State : clean, degraded, Not Started [10:46] not started? [10:47] i was under impression that you have "/" on md1 [10:47] is on md0 [10:47] ./ is on md0 [10:47] ok then [10:47] you don't have md1 mounted, right? [10:47] nope [10:48] as in, correct, not mounted [10:48] lsof /dev/md1? [10:49] none [10:49] lsof /dev/sdc5 [10:49] none [10:50] /etc/init.d/mdadm stop [10:51] then try [10:53] I'm mildly scared to try that heh [10:53] it may blow up this machine, we'll see [10:53] that's a monitor [10:54] oh [10:54] mdadm-raid is *don't* touch [10:54] heh [10:55] root@Dominus:~# mdadm --set-faulty /dev/md1 /dev/sdc5 [10:55] mdadm: set /dev/sdc5 faulty in /dev/md1 [10:55] root@Dominus:~# mdadm --remove /dev/md1 /dev/sdc5 [10:55] mdadm: hot remove failed for /dev/sdc5: Device or resource busy [10:56] hm [10:57] if I do a query / detail I still get [10:57] 1 8 37 1 active sync /dev/sdc5 [11:01] afk a bit, I'll check back in a bit, thanks [11:13] back [11:16] heh [11:17] meeting didn't take long [11:22] did you try -f? :) [11:23] ups... that for assemble === buk [n=buk@vserv.buks-island.org] has left #ubuntu-server ["*fump*"] [11:23] well, i don't see how you can remove all devices from running MD [11:24] only way you can do this is stoping MD [11:24] and then removing devices [11:24] mdadm -S /dev/md1 [11:24] I tried the --really-really-try-really-hard [11:24] but... you can't remove all devices from raid and expect it to be running :) [11:26] well, I understand that logic, I just don't care if that partition is running or not [11:26] right? [11:26] I'll have to reboot with the server cd [11:26] no [11:26] mdadm -S [11:26] mdadm -S /dev/md1 [11:26] mdadm: fail to stop array /dev/md1: Device or resource busy [11:26] hehe [11:26] mount | grep md1 [11:26] :) [11:27] none [11:28] clueless [11:28] are you using it for LVM too? [11:28] no [11:29] and other partitions on that disk [11:29] are used for something? [11:29] but... hm... that shouldn't matter [11:29] sd[b.c] 1 are in md0 [11:30] is m1 swap? === YourMomsHero [n=cirish@phx1.redefining-it.net] has joined #ubuntu-server [11:30] md1 [11:30] yes, but it's not mounted [11:31] Swap: 0 0 0 [11:31] # /dev/md1 [11:31] UUID=d007d467-7bbf-4821-a79e-dc535c2202a9 none swap sw 0 0 [11:31] try swapon /dev/md1 [11:31] then swapoff /dev/md1 [11:32] hrm [11:32] root@Dominus:~# swapon /dev/md1 [11:32] swapon: /dev/md1: Invalid argument [11:32] root@Dominus:~# swapoff /dev/md1 [11:32] swapoff: /dev/md1: Invalid argument [11:32] trying uuid, sec [11:33] root@Dominus:~# swapon -U d007d467-7bbf-4821-a79e-dc535c2202a9 [11:33] swapon: cannot stat /dev/disk/by-uuid/d007d467-7bbf-4821-a79e-dc535c2202a9: No such file or directory [11:33] that's an odd one [11:34] md1 should work [11:36] try mkswap [11:37] swapon -a [11:38] no error, but no swap space shows up either [11:39] mkswap /dev/md1 (if you are really sure it's for swap :) [11:39] interesting, md1 doesn't have a uuid listed in /dev/disk/by-uuid/ [11:40] mkswap /dev/md1 [11:41] mkswap: error: swap area needs to be at least 40kB [11:41] heeh [11:41] I'm boggled . . . [11:41] bring back sdb5 in md1 [11:41] FYI - this was set up through the server installer [11:43] rebuilding [11:44] FYI - it always works from me[TM] [11:44] for [11:44] I don't doubt it [11:46] mdadm --detail /dev/md1 [11:46] State : clean, Not Started [11:47] mdadm --run /dev/md1 [11:47] mdadm: failed to run array /dev/md1: Device or resource busy [11:48] check sizes of yoursdb5 and sdc5 [11:49] also check if you don't already have sdc5 in some other raid [11:53] interesting, from md0 [11:53] Raid Level : raid1 [11:53] Array Size : 74918976 (71.45 GiB 76.72 GB) [11:53] Device Size : 74918976 (71.45 GiB 76.72 GB) [11:53] Raid Devices : 2 [11:53] from md1 [11:53] Raid Level : raid1 [11:53] Device Size : 3228928 (3.08 GiB 3.31 GB) [11:53] Raid Devices : 2 [11:53] no array size [11:56] /dev/sdb5 9328 9729 3229033+ fd Linux raid autodetect [11:56] /dev/sdc5 9328 9729 3229033+ fd Linux raid autodetect [11:59] there you go... [12:00] ups... i misread that [12:00] hrm? [12:01] you should destroy that raid and recreate it [12:01] heh, that's what I'm trying to do [12:01] or... [12:01] even better [12:02] grow it [12:02] mdadm -G [12:02] afkhome, back later [12:03] and i'm of to bed