/srv/irclogs.ubuntu.com/2007/09/01/#ubuntu-server.txt

nealmcb	kshah: `sudo dpkg-reconfigure postfix` does simple configurations	12:25
kshah	the ubuntu server guide is bringing me through a crazy SMTP authentication config	12:25
kshah	i'm messing with ssl keys and whatnot	12:26
kshah	I did this before I believe.. (then the server aka laptop died)	12:26
kbrooks	kshah, huh? server == lappy? wtf.....	12:27
nealmcb	kshah: I have found that supporting email is getting increasingly tiresome over the years. keeping up in the war on spam et al is a nightmare. outsourcing to google apps or fastmail can be appealing	12:27
kshah	that'll probably be the end solution once things get going	12:28
kshah	kbrooks: not my choice	12:28
kshah	but it resulted in a proper server being bought	12:28
nealmcb	kbrooks: what do you mean? built-in ups that lasts for hours!! :-)	12:28
kbrooks	nealmcb, ups?	12:29
nealmcb	(aka battery)	12:29
nealmcb	how long does the UPS on your server last :-)	12:29
kbrooks	nealmcb, but laptops are prone to overheating due to their small size	12:30
nealmcb	note the smiley faces. but I bet they are a good choice in some circumstances....	12:30
kshah	yeah in mexico	12:36
Pyretic	it even has a built in console :)	12:37
=== mathiaz [n=mathiaz@dsl-207-112-92-37.tor.primus.ca] has joined #ubuntu-server
=== pteague [n=patrick@ip72-213-145-156.ok.ok.cox.net] has joined #ubuntu-server
=== osmosis [n=steven@cpe-76-80-127-252.socal.res.rr.com] has joined #ubuntu-server
=== raky [n=kent@24-197-132-105.dhcp.spbg.sc.charter.com] has joined #ubuntu-server
=== ubotu [n=ubotu@ubuntu/bot/ubotu] has joined #ubuntu-server
=== kupesoft [n=dave@CPE003018b02a53-CM0018c0c44e76.cpe.net.cable.rogers.com] has joined #ubuntu-server
Anarch	How can I tell whether `cat /proc/cpuinfo` is telling me about 2 physical CPUs or about a hyperthreaded CPU?	01:23
Kamping_Kaiser	look for an HT switch	01:23
Kamping_Kaiser	*flag	01:23
Kamping_Kaiser	iirc	01:23
=== rbrunhuber [n=Miranda@p54977683.dip.t-dialin.net] has joined #ubuntu-server
=== mdz_ [n=mdz@ip-81-1-103-136.cust.homechoice.net] has joined #ubuntu-server
=== justinwray [n=justinwr@c-68-34-224-91.hsd1.md.comcast.net] has joined #ubuntu-server
=== w0nder [n=gi_w0nde@ip68-1-184-254.ri.ri.cox.net] has joined #ubuntu-server
=== kshah [n=kunalash@ool-44c0ac9c.dyn.optonline.net] has joined #ubuntu-server
=== dendrobates [n=dendroba@adsl-065-005-186-012.sip.asm.bellsouth.net] has joined #ubuntu-server
pteague	could there be an issue with trying to install ubuntu server on an intel?	03:23
kshah	no bro	03:29
justinwray	pteague: Well, it is built for i1368, so doubtful, what sort of error?	03:30
kshah	what yous prob?	03:30
kshah	r	03:30
justinwray	i386* Sorry for the typo	03:30
pteague	i keep getting file corruption errors on deb packages when trying to install... the md5sum checks out & i've burned 3 CDs & all gave me the same error, but different deb files... the last i burned at 4x	03:41
justinwray	And you do the CD check on boot, which comes back fine?	03:42
justinwray	Run memtest on that system?	03:42
pteague	cd check? guess not	03:42
justinwray	When you boot, you have the option of checking the integrity of the CD.	03:43
pteague	k, checking disk	03:43
justinwray	Okay.	03:43
pteague	console-tools_0.2.3dbs-65ubuntu3_i386.deb failed the md5 checksum... why would the iso pass an md5 check, but then would corrupt the disk in different places when it's burned?	03:46
justinwray	Run memtest on that system?	03:46
=== YourMomsHero [n=cirish@ip24-251-191-203.ph.ph.cox.net] has joined #ubuntu-server
=== pteague [n=patrick@ip72-213-145-156.ok.ok.cox.net] has joined #ubuntu-server
pteague	ok, apparently i can't even burn a the small net installer for debian without it being corrupt	04:44
=== PanzerMKZ [i=Panzer@03-041.136.popsite.net] has joined #ubuntu-server
=== osmosis [n=steven@cpe-76-80-127-252.socal.res.rr.com] has joined #ubuntu-server
=== snook353 [n=lee@24-197-132-105.dhcp.spbg.sc.charter.com] has joined #ubuntu-server
=== snook353 is now known as raky
=== nandemonai [n=nandemon@ppp121-45-57-227.lns11.adl2.internode.on.net] has joined #ubuntu-server
=== jbrouhard [n=jbrouhar@24.121.169.166] has joined #ubuntu-server
=== AnRkey [n=AnRkey@host-83-146-42-229.bulldogdsl.com] has joined #ubuntu-server
=== kurosaki [n=nandemon@ppp121-45-28-166.lns10.adl2.internode.on.net] has joined #ubuntu-server
=== ivoks [n=ivoks@22-115.dsl.iskon.hr] has joined #ubuntu-server
=== ScottK2 [n=ScottK@ubuntu/member/scottk] has joined #ubuntu-server
=== kurosaki [n=nandemon@ppp121-45-66-168.lns10.adl6.internode.on.net] has joined #ubuntu-server
=== dexem [n=dani@212.97.172.119.dyn.user.ono.com] has joined #ubuntu-server
=== pschulz01 [n=pschulz0@ubuntu/member/pschulz01] has joined #ubuntu-server
=== Nicke [n=niclasa@ua-83-227-140-135.cust.bredbandsbolaget.se] has joined #ubuntu-server
=== fernando_ [n=fernando@189.0.148.64] has joined #ubuntu-server
=== PanzerMKZ [i=Panzer@09-046.136.popsite.net] has joined #ubuntu-server
=== SWAT_ [n=SWAT@swat.xs4all.nl] has joined #ubuntu-server
=== SWAT [n=SWAT@ubuntu/member/swat] has joined #ubuntu-server
=== kbrooks [n=kbrooks@d235-137-190.home1.cgocable.net] has joined #ubuntu-server
kbrooks	i have a question. i would like to monitor everything (only silently) that is sent over suspect ports. For example, if i type	03:21
kbrooks	telnet mail.server.com 25	03:22
kbrooks	i would like to see the normal stuff sent by the server, except logged	03:22
kbrooks	how would i do this?	03:23
soren	tcpdump	03:24
kbrooks	soren, What if a user has finished sending spam to the mail server when I run tcpdump?	03:25
soren	what?	03:25
Kamping_Kaiser	kbrooks, look in the mail server logs?	03:26
kbrooks	"suspect ports"	03:26
soren	kbrooks: Are you asking if Ubuntu saves all your network traffic so that you can look at it later?	03:26
kbrooks	soren, No. It doesn't. I would like it to.	03:26
soren	kbrooks: tcpdump	03:27
soren	kbrooks: But you need to start it before it does anything..	03:27
kbrooks	soren, Does tcpdump log user information like who connected to a particular server?	03:28
soren	kbrooks: It logs plain network traffic. You can look at it afterwards (e.g. with wireshark or something).	03:28
kbrooks	soren, what about the user info? Please don't evade questions	03:30
soren	kbrooks: Why would I be evading questions? I'm trying my best to ask your rather odd questions.	03:30
soren	kbrooks: First you call it suspect ports, then it's telnet, then it's spam.. What are you trying to do	03:31
soren	?	03:31
soren	kbrooks: I you want answers, you've got to ask proper questions.	03:31
kbrooks	soren, port 25 is a suspect port because it can be used to send spam.	03:32
soren	kbrooks: Well, I can choose to send nuclear missile launch codes over port 80 if I choose to. That's beside the point.	03:32
soren	kbrooks: What are you trying to do?	03:33
soren	kbrooks: Please don't evade the question.	03:33
soren	:)	03:33
kbrooks	soren, monitor specific inbound and outbpund ports for questionable content, and pinpoint the user who is sending or receiving the content at which port so that i can enforce rules	03:35
=== leonel [n=leonel@189.155.111.233] has joined #ubuntu-server
soren	kbrooks: You seriously want to sit around and stare at network traffic all day?	03:35
kbrooks	soren, No. hence the log request.	03:36
infinity	kbrooks: You realise that going from packet filtering to spam filtering is far from trivial, right?	03:36
soren	kbrooks: Ok, so you want to log it all day and stare at it all night. That's not much different.	03:36
infinity	ie: The contents of individual packets aren't all that interesting.	03:36
soren	kbrooks: Is it at all posibble that the question you want to ask is: "How do I avoid spam?"	03:36
soren	kbrooks: If so, please ask that instead.	03:37
infinity	And knowing when a message begins and ends, when you didn't initiate the connection, is. Special.	03:37
kbrooks	infinity, thats why there is wireshark.	03:37
infinity	Or, "how do I avoid untrusted users sending spam from my machine?"	03:37
kbrooks	soren, um, i think i want to ask that yes	03:37
infinity	To which the answer should almost surely be "don't let untrusted users use your machine".	03:38
infinity	Fighting spam (inbound or outbound) at the packet level seems very much the wrong way to go about things.	03:38
soren	kbrooks: Alright. Is this spam you want to avoid coming into your machine or going out from it? That seems to be a bit unclear.	03:38
kbrooks	soren, going out from my machine by a user.	03:39
soren	kbrooks: Wack him with a stick?	03:39
kbrooks	soren, how do i whack him when i don't know if he/she hasnt sent spam?	03:39
infinity	(We return to my "why are you allowing untrusted users access to your machine?" question)	03:40
kbrooks	because i am doing a free shell/web hosting service.	03:40
infinity	Ngh.	03:41
infinity	Alright.	03:41
soren	Do you use it as a mail server?	03:41
infinity	Block 25 outbound from all but the local MTA, forcing all users to send mail via the MTA, and do your spam filtering at the MTA level.	03:41
infinity	(filtering, monitoring, logging, whatever)	03:42
kbrooks	infinity, i would do that, and i will - in a second - but i don't have a local MTA. i would like one so that I can support checking e-mail via the CLI.	03:44
soren	kbrooks: You don't need and MTA to check e-mail from the cli.	03:44
soren	kbrooks: And if you don't have an MTA, just block outgoing connections to port 25.	03:44
kbrooks	OK.	03:44
kbrooks	thank you for breakig down my question earlier. noW, HOW do i block outgoin g connections to port 25?	03:45
soren	iptables -I OUTPUT -j DROP -p tcp --dport 25	03:46
kbrooks	also, ulimit didnt seem to work to stop fork bombs. i set the ulimit thru /etc/security/limits.conf	03:46
kbrooks	and logged out and in	03:46
kbrooks	but when i ran :() { : \| : &; }; :	03:47
kbrooks	the ulimit didnt kick in	03:47
soren	In the future, asking questions like: "I want to achieve X. I've thought doing that by doing B and C, but have run into problem D..." makes everything much easier for everyone.	03:47
soren	That would have saved us the first 15 minutes of this conversation :)	03:48
infinity	@untrusted hard nproc 20	03:48
infinity	^^ something like that?	03:48
kbrooks	infinity, where @untrusted means?	03:49
infinity	kbrooks: A UNIX group that you add your untrusted users to.	03:49
infinity	(was just an example)	03:49
kbrooks	* hard nproc 4000 # i did this, but this doesnt work	03:50
infinity	I'm sure it works fine.	03:50
infinity	4000 is a lot of forks.	03:50
soren	4000 is enough for a fork bomb to be quite annoying.	03:50
kbrooks	infinity, then why don't i think it works fine?	03:51
infinity	Because it's bringing the machine to its knees before it gets to 4000?	03:51
kbrooks	ok.	03:51
infinity	Have you ever had 4000 processes runniing on that machine?	03:51
kbrooks	no	03:51
infinity	Exactly.	03:52
infinity	Your users probably don't need more than 10 processes at a time, really. :)	03:52
soren	For the kind of users you're looking at, 20 should be plenty.	03:52
kbrooks	i set that limit, now i logout and in?	03:52
infinity	You don't want that as a global limit, though.	03:53
infinity	It'll choke apache and such, as well.	03:53
kbrooks	infinity, fair enough....	03:53
kbrooks	k good	03:56
kbrooks	works.	03:56
kbrooks	thanks!	04:02
=== ivoks [n=ivoks@ubuntu/member/ivoks] has joined #ubuntu-server
=== rbrunhuber [n=Miranda@p54975BBD.dip.t-dialin.net] has joined #ubuntu-server
kbrooks	sigh	04:29
kbrooks	okay. so in tcpdump, i see something about a IRC server IP	04:29
kbrooks	and i get suspicious	04:30
kbrooks	so i use netstat and notice that a user is possibly connected to the irc server (only a suspicion so far, dont know yet)	04:30
kbrooks	so i attempt to connect to the server and get kicked off bc of clones.	04:31
kbrooks	the lines in netstat i'm talking about are	04:32
kbrooks	tcp 0 0 192.168.0.101:4424 8.7.233.44:ircd ESTABLISHED	04:32
kbrooks	tcp 0 0 192.168.0.101:3367 ffneural.net:13333 ESTABLISHED	04:32
kbrooks	so i type something like, ps aux and notice that the user in question runs a eggdrop	04:33
kbrooks	and THEN i sudo as the user, cd to the configuration, read it, and notice that....	04:34
kbrooks	the bot is named fswh, and it connects to a hub	04:35
kbrooks	and the irc server ip	04:35
kbrooks	i dont know what the hub is for, maybe exploits? i dunno.	04:35
kbrooks	either way, i suspect abuse, and i will block the ports (except for IRC, which I will disconnect and talk to the irc server admin about) mentioned in the config file	04:37
=== kbrooks scrolls up
=== raky [n=kent@24-197-132-105.dhcp.spbg.sc.charter.com] has joined #ubuntu-server
=== dendrobates [n=dendroba@adsl-065-005-186-012.sip.asm.bellsouth.net] has joined #ubuntu-server
=== lamont [n=lamont@mix.mmjgroup.com] has joined #ubuntu-server
=== jbrouhard [n=jbrouhar@adsl-66-142-232-119.dsl.hstntx.swbell.net] has joined #ubuntu-server
=== dendrobates [n=dendroba@adsl-065-005-186-012.sip.asm.bellsouth.net] has joined #ubuntu-server
=== ivoks_ [n=ivoks@17-127.dsl.iskon.hr] has joined #ubuntu-server
raky	i have to make a decision on whether to install xen or vmware on my LUG server. its a compaq proliant with 2 P3s and 5x 19.2GB drives with 1 gig ram	07:09
=== jdstrand [n=james@mail.strandboge.com] has joined #ubuntu-server
raky	i have seen the virt. techniques - para vs. full virt, and of course i'm limited by the server.	07:11
raky	i just want to virtualize a linux distro or two	07:12
raky	personally, i would choose the vm software that looks like the market will choose, and that's probably vmware, but things change so often	07:14
raky	has feisty been fixed for xen and vmware yet?	07:31
ivoks	fixed?	07:33
ivoks	i would choose xen...	07:33
raky	i've seen tutorials on fixing ubuntu for vmware. i didn't know if xen was the same	07:33
ivoks	um... what's there to fix?	07:34
raky	just like 5 cli edits	07:34
raky	for vmware, that is	07:34
ivoks	do you have link for that tutorial?	07:35
raky	in a bit	07:35
raky	sorry, can't find it. i think the edits were before vmware was in the ubuntu repos	07:38
ivoks	vmware isn't in ubuntu repo	07:39
raky	ivoks, so for a noob, learning xen is not a whole lot more time consuming than learning vmware?	07:39
ivoks	eh... vmware is probably a lot easier for a beginer	07:40
raky	i have googled for plenty of tutorials over the past few weeks. is vmware easier because of the GUI, or the virtualization techniques?	07:40
ivoks	it's easier cause of the gui, of course	07:41
raky	hehe, of course, ok	07:41
raky	i have like 3 real days or 2.5 days worth of hours to get the vmsoftware working.	07:42
ivoks	http://www.ubuntugeek.com/how-to-install-vmware-server-from-canonical-commercial-repository-in-ubuntu-feisty.html	07:42
raky	ok, thanks, haha	07:42
ivoks	no fixing here	07:42
ivoks	i guess you won't be using vi for editing sources.list :D	07:43
raky	lol	07:43
ivoks	bbl bye	07:45
=== lamont [n=lamont@mix.mmjgroup.com] has joined #ubuntu-server
=== steve____ [n=steve@207.138.91.59] has joined #ubuntu-server
steve____	ok	08:47
steve____	something is really, REALLY messed up on my server.	08:47
steve____	whenever it boots up, it doesnt have a net connection	08:47
steve____	the cat5 is plugged in, its configured for a static ip	08:47
steve____	but ifconfig eth0 doesnt show any ip	08:48
steve____	/etc/init.d/networking restart doesnt do anything	08:48
steve____	it gets an ip if i say ifup eth0	08:48
steve____	but its still not connected to the net even then	08:48
steve____	it says network is unreachable	08:48
steve____	.......	08:48
steve____	ok scratch that	08:50
steve____	doing ifup eth0 makes it work	08:50
steve____	but why doesnt it do that from the start?	08:50
steve____	brb	08:51
=== stiv2k [n=steve@207.138.91.59] has joined #ubuntu-server
stiv2k	ok	08:51
stiv2k	ughhhhhh	08:56
stiv2k	anyone here???	08:56
=== stiv2k [n=steve@207.138.91.59] has joined #ubuntu-server
stiv2k	ok	09:02
stiv2k	sorry my server is going haywire	09:02
stiv2k	please help	09:02
kbrooks	stiv2k, ask	09:03
stiv2k	kbrooks: i asked already	09:03
stiv2k	ill ask it again	09:03
stiv2k	:P	09:03
stiv2k	hokay, so we just had a power outage at my apartment here	09:03
stiv2k	and when i booted my server back up, eth0 is down by default	09:04
stiv2k	and every tiem when i boot it up	09:04
stiv2k	eth0 is down	09:04
stiv2k	/etc/init.d/networking restart does nothing	09:04
stiv2k	i can only bring it up by saying ifup eth0	09:04
stiv2k	but sholdnt it be up when the machine boots	09:04
stiv2k	i dont want to have to manually bring it up every time	09:04
kbrooks	pastebin your /etc/networking/interfaces file	09:05
stiv2k	ok	09:05
stiv2k	kbrooks: its only 4 lines	09:05
stiv2k	ill paste it here if its ok	09:05
kbrooks	ok	09:05
kbrooks	go on	09:05
stiv2k	well i have these 2	09:05
stiv2k	auto lo	09:05
stiv2k	iface lo inet loopback	09:05
stiv2k	iface eth0 inet static	09:06
stiv2k	address 192.168.1.10	09:06
stiv2k	netmask 255.255.255.0	09:06
stiv2k	gateway 192.168.1.1	09:06
kbrooks	stiv2k, notice any differences?	09:06
stiv2k	auto eth0 ?	09:06
kbrooks	correct	09:07
stiv2k	yikes	09:07
kbrooks	add that and youre off to go	09:07
stiv2k	ok	09:07
stiv2k	straight	09:07
stiv2k	kbrooks: one more thing im not sure if you can help me w/ this	09:07
kbrooks	ask	09:07
stiv2k	my bopm wont start with this error	09:07
stiv2k	[Sep 01 19:07:47 2007] MAIN -> Error opening /var/run/bopm/bopm.pid: No such file or directory	09:07
ScottK	Does /var/run/bopm exist?	09:09
stiv2k	no	09:09
kbrooks	stiv2k, create it.	09:09
ScottK	mkdir /var/run/bopm and try again	09:09
stiv2k	but i was under the impression that it gets created by the program	09:09
ScottK	Sort of	09:09
ScottK	'/var/run is a tempfs in Ubuntu so it needs to get tested for at every start, not just install	09:09
ScottK	Is bopm from the Ubuntu repositories?	09:10
stiv2k	oh	09:10
stiv2k	um	09:10
stiv2k	yeah	09:10
ScottK	It's not a tempfs in Debian by default, so a lot of programs miss this.	09:10
ScottK	Assuming recreating the dir works, please file a bug against the package.	09:10
stiv2k	ok	09:12
stiv2k	wtf	09:13
stiv2k	it works if i start bopm directly with `sudo bopm -dd`	09:13
stiv2k	but it doesnt work if i call the script	09:13
stiv2k	sudo /etc/init.d/bopm start	09:13
ScottK	Right because the script tries to creat the PID file and can't. When you call it directly you don't do that.	09:13
stiv2k	ScottK: what should i do	09:14
ScottK	Did the init script work when you recreated the dir?	09:14
stiv2k	i dont know i have no way of looking at the debug output	09:14
stiv2k	when using the init script	09:14
stiv2k	-rw-r--r-- 1 root root 4 2007-09-01 15:12 /var/run/bopm/bopm.pid	09:14
stiv2k	it exists now though	09:14
ScottK	ps -AF\|grep bopm and see if it's running	09:15
stiv2k	steve@galatea:~$ ps -AF\|grep bopm	09:15
stiv2k	steve 4701 4589 0 720 748 0 15:15 pts/2 00:00:00 grep bo	09:15
stiv2k	pm	09:15
kbrooks	bbl	09:17
ScottK	look in the PID file for the process number and see if that process is running.	09:17
ScottK	OK. Gotta run for a bit too.	09:17
stiv2k	ScottK: it's not	09:18
ScottK	That's a separate problem then. Definitely file a bug on var/run/bopm not getting recreated by the init.	09:19
stiv2k	ScottK: file it to who?	09:19
ScottK	Not sure how much help I can be beyond that. I don't even know what bopm is....	09:19
ScottK	Launchpad	09:19
stiv2k	ScottK: it was working fine before my server lost power	09:19
stiv2k	ok	09:19
ScottK	Gotta run.	09:20
stiv2k	cya	09:20
=== danp [i=danp@elmer.glueless.net] has joined #ubuntu-server
=== mdz_ [n=mdz@ip-81-1-103-136.cust.homechoice.net] has joined #ubuntu-server
=== mdz_ [n=mdz@host217-44-142-215.range217-44.btcentralplus.com] has joined #ubuntu-server
=== kurosaki [n=nandemon@ppp121-45-66-168.lns10.adl6.internode.on.net] has joined #ubuntu-server
danp	does feisty preseeding support software RAID?	11:49
=== AnRkey [n=AnRkey@87-194-62-131.bethere.co.uk] has joined #ubuntu-server
=== danp [i=danp@elmer.glueless.net] has left #ubuntu-server []

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!