[02:03] <LaserJock> moquist: thanks
[02:06] <moquist> LaserJock: yep
[02:07] <LaserJock> moquist: does the 2nd one include the change from the first
[02:07] <moquist> yes
[02:07] <moquist> I just kept going with the same file. diff my v.2 against whatever you have.
[02:07] <LaserJock> k,good
[02:08] <moquist> Any word on my moodle package yet? :)
[02:08] <moquist> Sorry. I shouldn't nag...I know you're busy.
[02:18] <LaserJock> yeah, problem is inlaws are here for the weekend
[02:20] <LaserJock> moquist: Committed revision 4312.
[02:23] <LaserJock> moquist: what were you doing to test moodle?
[02:23] <LaserJock> install with mysql and install with postgresql?
[02:28] <LaserJock> moquist: I'll bbl going out for dinner
[02:34] <moquist> LaserJock: yes -- I installed moodle with mysql & postgresql. You then have to open a browser to http://localhost/moodle/ to complete the installation. (I forwarded localhost:80 to the remote system for that part.)
[01:12] <Nubae> hi there... I'm trying to set up a proxy server with some sort of filtering for students... what is recommended, Ideally I'd like something that works with Squid which I have some experience with
[01:12] <Kamping_Kaiser> dansguardian
[01:13] <Nubae> yeah I looked t that, but it set up nother firewall utility which screwed up my shorewall setup
[01:13] <Kamping_Kaiser> another utility?
[01:13] <Kamping_Kaiser> i dont know about shorewall, btw
[01:15] <Nubae> oh... well, I followed  guide I found, actually several, with dansguardian playing a central role
[01:15] <Nubae> but using some other firewall tool, cant remember now... firehol maybe?
[01:15] <Kamping_Kaiser> its working a treat for me... cant really say more then that :|
[01:15] <Kamping_Kaiser> on a dapper system, fwiw.
[01:16] <Nubae> ok, and what firewall are u using, or just iptables directly?
[01:16] <Kamping_Kaiser> using iptables to redirect 80 -> dans -> dans into squid
[01:17] <Nubae> oh... ok, that sounds pretty feasable... guess only need http child filtered
[01:17] <Kamping_Kaiser> well, i do have a 'drop anything not on 80' rule...
[01:18] <Nubae> ah... I'd need to remove that as this server is doing  lot of stuff, including ltsp
[01:18] <Kamping_Kaiser> i have a dedecated gateway
[01:18] <Nubae> so u just apt-get installed dansguardian and modified the config file?
[01:19] <Kamping_Kaiser> yes. the config doesnt need much tweaking at all
[01:20] <Kamping_Kaiser> you can optionally whitelist sites like .gov.au .edu.au
[01:20] <Kamping_Kaiser> um... your relevent TLD of course...
[01:20] <Nubae> hmmm... maybe I'm better of putting this on  seperate computer?
[01:20] <Nubae> so it doesnt interfere with the server
[01:20] <Kamping_Kaiser> *shrug* better i dont know... i like dedicated gateways myself
[01:21] <Nubae> ok, well I'll give it a go... if you dont mind, can I ask you some questions as I install it?
[01:22] <Kamping_Kaiser> no worries
[01:22] <Nubae> so email doesnt go through it?
[01:22] <Kamping_Kaiser> i have done squid+dans on Debian etch, but not confident. with dapper i can check against my settings (if that helps you)
[01:22] <Nubae> yeah, I'm on feisty
[01:23] <Kamping_Kaiser> through what, the gateway ?
[01:23] <Kamping_Kaiser> "just dont block smtp"
[01:23] <Nubae> k
[01:25] <Nubae> theres 2 conf files, dansguardian.conf and dansguardianf1.conf
[01:25] <Kamping_Kaiser> you want dansguardian.conf
[01:26] <Nubae> what reporting level do u use?
[01:26] <Kamping_Kaiser> 3
[01:26] <Nubae> so u created a custom html file
[01:26] <Kamping_Kaiser> i edited the default
[01:26] <Kamping_Kaiser> just rebranded basicly
[01:26] <Nubae> ah, makes sense, what kind of info does it give if it tells u why access was denied?
[01:27] <Kamping_Kaiser> hm?
[01:27] <Kamping_Kaiser> #  2 = report fully <- that optoin?
[01:27] <Nubae> yeah
[01:27] <Kamping_Kaiser> it tells you the exact line it banned you on
[01:28] <Kamping_Kaiser> eg "you have been denided because you tried to look up" <really bad things here>
[01:28] <Nubae> ah, maybe too much :-)
[01:28] <Kamping_Kaiser> yep :)
[01:28] <Kamping_Kaiser> 10,1 and 3 are good
[01:28] <Kamping_Kaiser> 2 is good for debugging
[01:28] <Kamping_Kaiser> but i use the logs for that, so i have 3 set, and look in logs
[01:29] <Kamping_Kaiser> Nubae, next option is language (for me)
[01:29] <Nubae> yeah, I just put English in
[01:29] <Nubae> uk
[01:30] <Kamping_Kaiser> just cd into the languagedir , cp -r ukenglish mycustom
[01:30] <Kamping_Kaiser> customise mycustom/index.html (or whatever the files called)
[01:30] <Kamping_Kaiser> then set language='mycustom'
[01:30] <Nubae> oh, cool
[01:31] <Kamping_Kaiser> its called template.html
[01:32] <Nubae> I leave the messages dir where it is?
[01:33] <Kamping_Kaiser> yea
[01:34] <Nubae> proxy settings leave as default? Squid runs on the same server
[01:34] <Kamping_Kaiser> yep
[01:35] <Nubae> whats filter groups... dont quite understand that
[01:35] <Kamping_Kaiser> dont worry about it
[01:35] <Kamping_Kaiser> well, i havent
[01:38] <Nubae> phrasefiltermode?
[01:38] <Nubae> leave default?
[01:38] <Kamping_Kaiser> i left default
[01:40] <Kamping_Kaiser> i didnt change a lot, which is one thing i liked about it - blocks everything without much effort
[01:40] <Nubae> yeah defaults look pretty good, but like knowing what its doing anyway :-)
[01:41] <Nubae> usexforwardedfor
[01:42] <Kamping_Kaiser> off
[01:42] <Nubae> k thought cause it says something about squid...
[01:43] <Kamping_Kaiser> you have dans between squid+clients, not squid between dans+clients
[01:44] <Nubae> ah... true... have u got it running as nobody?
[01:44] <Kamping_Kaiser> default
[01:45] <Nubae> ok virusscan?
[01:45] <Kamping_Kaiser> do you want it to?
[01:46] <Nubae> well, I've clamav already installed, running with postfix
[01:46] <Nubae> or is this not scanning email, but downloads?
[01:46] <Kamping_Kaiser> downloads - dansguardian is an http proxy only
[01:47] <Nubae> ah yes just read :-) need to be less impatient
[01:47] <Kamping_Kaiser> hehe.
[01:48] <Nubae> ok... that seems to be it then
[01:48] <Nubae> so just turn it on and its running?
[01:49] <Kamping_Kaiser> restart it, yeah
[01:50] <Nubae> ah, it does look for messages from the custom dir
[01:51] <Kamping_Kaiser> :)
[01:53] <Nubae> /var/log/dansguardian/access.log <--- what permissions u got on this file?
[01:54] <Kamping_Kaiser> -rw-r--r-- 1 dansguardian dansguardian  34K 2007-09-02 13:46 access.log
[01:54] <Nubae> wont run for me with the default... also tells me its running as dansguardian, seems to be ignoring the setting from the config file
[01:55] <Kamping_Kaiser> mines running as dansguardian too.
[01:55] <Kamping_Kaiser> what do you mean 'with the default' though?
[01:55] <Nubae> default permissions for the log file
[01:56] <Nubae> just relsed it doesnt exist
[01:56] <Nubae> never mind
[01:57] <Kamping_Kaiser> ok
[01:59] <Nubae> did u add anything special to squid?
[02:00] <Kamping_Kaiser> um.
[02:00] <Kamping_Kaiser> i've made lots of changes, i dont remember how many are dansguardian related though
[02:01] <Nubae> ok, nevermind, I'll figure that out myself... thanks for all your help
[02:01] <Nubae> really appreciate it
[02:01] <Kamping_Kaiser> np
[02:02] <Kamping_Kaiser> i can flood you config if you want
[02:02] <Kamping_Kaiser> httpd_accel_host virtual
[02:02] <Kamping_Kaiser> httpd_accel_with_proxy on
[02:02] <Kamping_Kaiser> httpd_accel_uses_host_header on
[02:02] <Kamping_Kaiser> ^^ check those settings
[02:02] <Kamping_Kaiser> acl our_networks src 192.168.1.0/24
[02:02] <Kamping_Kaiser> will need attention
[02:03] <Kamping_Kaiser> not sure if/what else, depends on your exact layout
[02:04] <Nubae> oh, with dansguardian, is there already a set of filters in place, or does that need to be extensively editted?
[02:05] <Kamping_Kaiser> its already got filters
[02:05] <Kamping_Kaiser> look in dansguardianf1.conf at the naughtynesslimit setting
[02:05] <Kamping_Kaiser> i left it on default
[02:06] <Kamping_Kaiser> but it gives you some idea whats going on
[02:07] <Nubae> ah yeah, I've got from 8-18 here
[02:07] <Nubae> guess I'll need the lowest setting
[02:08] <Kamping_Kaiser> # 50 is for young children,  100 for old children,  160 for young adults.
[02:08] <Kamping_Kaiser> naughtynesslimit = 50
[02:08] <Kamping_Kaiser> is what i have
[02:09] <Nubae> heh, where do old children end and young adults start, :-)
[02:09] <Kamping_Kaiser> no idea :)
[02:10] <Kamping_Kaiser> but i do know i'm using young children setting for a community centre of ages from ~15-80
[02:10] <Kamping_Kaiser> and with good use of whitelisting  its the perfect setting
[02:10] <Nubae> ok... so it blocks mostly porn content right?
[02:11] <Kamping_Kaiser> yes
[02:11] <Kamping_Kaiser> i'd flood you some blocking, but then people wouldnt be able to view the logs *grin*
[02:11] <Kamping_Kaiser> actually... want me to pm it? so you can ee
[02:11] <Nubae> great, thats the biggest problem...
[02:11] <Nubae> yeah sure y not
[02:12] <Kamping_Kaiser> oh, it also blocks extentions
[02:14] <Kamping_Kaiser> Nubae, check your pms
[02:25] <Nubae> are you forwarding squid to dans, or the other way round?
[02:25] <Kamping_Kaiser> clients -> dans -> squid -> internet
[02:27] <Nubae> :-) do people complain?
[02:28] <Kamping_Kaiser> not really.
[02:28] <Kamping_Kaiser> once i unblocked a few key TLDs and websites that 90% of our traffic goes to
[02:28] <Kamping_Kaiser> for example it blocks .doc and .deb by default - nota  good state of affairs
[02:29] <Kamping_Kaiser> whitelist our ISP ubuntu mirror and all of a suden we can dist-upgrade again.
[02:29] <Nubae> hep
[02:30] <Kamping_Kaiser> also with .edu.au and .gov.au whitelisted people could download thier work again
[02:30] <Kamping_Kaiser> you probalby get the idea anyhow :)
[02:31] <Nubae> hehe yeah
[02:32] <Nubae> so on the client side, nothing needs to be setup in the browser?
[02:32] <Nubae> auto proxy?
[02:32] <Kamping_Kaiser> not if you redirect port 80 on the gateway
[02:32] <Nubae> ok, yeah doh
[02:33] <Kamping_Kaiser> you'll have a line similar to `iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080` in your iptables config
[02:33] <Nubae> yeah redirect 80 to 8080
[02:36] <Kamping_Kaiser> Amaranth, hi mate
[02:36] <Amaranth> hi
[02:36] <Kamping_Kaiser> :)
[02:55] <raynerd> hello, can anyone help with editing a live CD ?
[02:56] <raynerd> I have an edubuntu CD, with the programs I want to use. I want to use it in class but I dont want the install option. I simply want a CD that boots without the install desktop icon or the menu install icon.
[02:56] <raynerd> anyone know how this can be done.
[02:56] <raynerd> ?
[02:57] <Kamping_Kaiser> not sure how the live cd stuff happens in ubuntu land
[02:58] <raynerd> im using edubuntu.
[02:59] <Kamping_Kaiser> same process
[02:59] <raynerd> Been trying to do it for last few days!
[02:59] <raynerd> but i`m a linux noob myself so .. its all a bit above me
[03:25] <sbalneav> Morning all
[03:26] <Kamping_Kaiser> hi mate
[05:11] <bddebian> Heya
[05:42] <raynerd> Hey, does anyone know how I could completely remove the install options, those being the desktop icon and menu install icon, off the Live Cd. I want to run it with students, but dont want them to "accidently" install it!
[06:19] <sbalneav> raynerd: You've have to custom cut youre own version of the cd.
[06:24] <raynerd> how is that done?
[06:26] <raynerd> i mean I was told to run live CD delete all install icons off the desktop and menu bar and then copy a image of the new CD and save as an iso.
[06:26] <raynerd> I can do the first bit but then don`t know where to go from there...how do i save the new CD image and how do i save as an iso>?
[06:45] <sbalneav> It's a rather long mastering process.
[06:46] <sbalneav> https://launchpad.net/reconstructor
[06:50] <raynerd> sbalneav: I tried to use that earlier today and yesterday, But when i boot i get a black screen and no options. It definately takes control and boots up, but like I say, I get a short script then a black screen
[06:52] <sbalneav> I'd check on their mailing list or help forums, then.
[07:08] <raynerd> ok :(
[09:10] <john_s> hello all, can anyone tell me how to save the output of dmesg to a text file if I do it within a chroot environment on the thin client? I am trying to capture debug info and I can't figure out how to move it to a place where I can email it to someone
[09:20] <stgraber> john_s: if you have an USB plug, you can use an usbkey, otherwise maybe using the floppy drive
[09:20] <john_s> stgraber: thanks, I am trying to debug my broken usbfs automount stuff so I can't use usb
[09:20] <john_s> These thin clients don't have floppies either
[09:21] <john_s> :-)
[09:21] <stgraber> hmm, so you have a problem :)
[09:21] <john_s> Yup
[09:21] <john_s> are you an edubuntu/ltsp guru?
[09:21] <john_s> please say yes!
[09:21] <stgraber> maybe using a nfs server, but I'm not sure that the nfs kernel module is in the thin client chroot
[09:22] <stgraber> sort of, I'm testing all new Edubuntu release and have already installed some networks
[09:23] <john_s> ok well briefly, I have been unable to get local usb keys to show up on users desktops
[09:23] <john_s> I have been working through the DebugLocalDev thing for about two weeks off and on
[09:23] <john_s> but not yet got it
[09:24] <john_s> if I go to a termianl on the thin client by doing ctrl+alt+f2 I can put the thumbdrive in and dmesg shows it getting added and it shows up in /etc/fstab
[09:25] <stgraber> ok, so in the terminal you could manually mount it ?
[09:25] <stgraber> are your users in the fuse group ?
[09:25] <john_s> but when I try the final step on the debug ssh -S /tmp/.ltspfs_socket server "/usr/sbin/ltspfsmounter /tmp add"   I get a complaint from the ssh server saying authenticity of host 'server can't be established
[09:25] <john_s> yup
[09:26] <john_s> I guess that's where I fail is manually mounting it
[09:26] <john_s> since that's where I encounter the complaint about ssh keys
[09:27] <john_s> I have changed the ipaddress of the external nic since I set this server up but would that mess up the ssh key of the nic on the ltsp lan?
[09:27] <stgraber> ok, and do you have a different result if you run this command with a logged on user ?
[09:27] <stgraber> shouldn't be a problem if the LAN ip didn't change
[09:28] <john_s> when you say logged on user, you mean if I go through to the gdm desktop and then open a terminal and follow all of those steps?
[09:31] <john_s> when I log on and open up a terminal and run the tests I don't see anything about usb devices in dmesg  and fstab doesn't show any usb devices
[09:32] <stgraber> I mean, on your thin client open a user session, then switch to tty2 (ctrl+alt+f2) and try the ltspfs cmd
[09:33] <stgraber> (sorry I'm doing wireless driver testing/debuging at the same time)
[09:34] <john_s> ok, well when I do ctrl+alt+f2 as a normal user I just get a black screen with a rapidly blinking curser in th upper left hand corner.
[09:34] <john_s> I appreciate your help!
[09:35] <john_s> so I can't seem to do anything unless I log in on tty1
[09:36] <john_s> and then only as root
[09:38] <stgraber> what's the exact ssh error you get ?
[09:40] <john_s> The authenticity of host 'server (192.168.0.254)' can't be established. RSA key fingerpirnt is 47:1c:55:fa:45:05:80:b0:a6:48:c1:aa:68:5a:d5:2d: are you sure you want to continue connecting?
[09:41] <stgraber> ok, can you have a look at files in /etc/ssh/
[09:41] <john_s> yes
[09:41] <stgraber> is 192.168.0.254 specified in one of them ?
[09:41] <john_s> yes, shall i clear it?
[09:42] <stgraber> no, but then it shouldn't ask this question ...
[09:42] <stgraber> that's weird
[09:42] <stgraber> and if you try replacing server by 192.168.0.254 in your cmd
[09:43] <john_s> lemme try
[09:43] <stgraber> does it helps ?
[09:43] <john_s> stand by
[09:44] <john_s> ok well the response was different anyway
[09:45] <john_s> I did it by ip and it asked for root's password at 192.168.0.254 which i provided then it complained that there was no file or directory called /usr/sbin/ltspmounter  (which is true but that's the nomenclature used on the debug)
[09:46] <john_s> I am doing this comand    ssh -S /tmp/.ltspfs_socket server "/usr/sbin/ltspfsmounter /tmp add"
[09:46] <stgraber> do you have ltspfs installed on the server ?
[09:47] <john_s> ummm
[09:47] <john_s> this is a stock edubuntu install
[09:47] <john_s> lemme see
[09:47] <stgraber> (according to apt-file that's the package you need to have ltspfsmounter)
[09:48] <john_s> I have /usr/bin/ltspfsd is that a good indication?
[09:48] <john_s> should I just do apt-get from within the chroot?
[09:48] <stgraber> dpkg -l | grep ltspfs
[09:49] <stgraber> it's a package to install on the server itself, not the chroot
[09:49] <stgraber> so : sudo apt-get install ltspfs on the server should do it
[09:50] <john_s> ltspfs is already the newest version.
[09:52] <john_s> as an aside all of my ubuntu based systems have been complaiing about multiverse sources lately
[09:55] <john_s> is it weird at all that I can't do ctrl+alt+f2 to get to tty2?
[09:58] <stgraber> no, I usually have a debug console on tty2 here but that can be personal tweak or gutsy
[09:58] <john_s> ok, so not integral to debugging this problem, I guess
[10:07] <raynerd> I know I asked this before but I`ll say again. Anyone know how to edit a live
[10:07] <raynerd> Cd
[10:13] <john_s> ok
[10:13] <john_s> I am leaving
[10:14] <john_s> stgraber thanks for the help!
[10:14] <john_s> I'll keep plugging away