[03:34] hi all. has anyone here tried no-TLS postfix under gutsy? [03:35] we've disabled it in the configuration, but its still been requested somehow [03:37] kgoetz: That's a very good question. [03:37] kgoetz: We are having the same problem here. [03:37] guess i'll have to wait then ;) [03:57] pschulz01: its smtpd_tls_security_level = encrypt [03:57] just comment it out :P [04:34] hey i have 4 ethernet adapters in my box which is acting as a bridge, 1 is wireless and connects to the router for the internet, i can ping it from the box, i can ping my bridge from my client but i cant ping the router from my client [05:11] i would like to install virtual machine at ubuntu-server, but i confuse to choose between VMware-server or VirtualBox, which one do you recommend ? [07:41] moin === fernando_ is now known as fernando === dendro-away is now known as dendrobates [13:16] Is there anyway to install an encrypted server? If so, will that prevent it from getting hacked, or have better preventative measures against getting hacked? I'm running a LAMP server, and I think I got hacked becuuse it's not working proper. And looking at exim, 2 IP's have been download content, I don't think when viewing a website that a regular user would pull 8+mb of data. [13:17] ? [13:17] what is encrypted server? [13:17] you can encrypt filesystem, you can provide cypted service [13:17] but crypted server? [13:18] WELL, obviously you know A BIT more than me, so rather than flame. SUGGEST something that I would have ment. [13:18] or could [13:18] whatever [13:20] SO YES, encrypted filesystem is what I ment. [13:21] I guess that was your effort. FLAME someone, then don't suggest anything. [13:22] * J-_ chuckles [13:22] ? [13:22] J-_: where did i flame? i asked [13:23] and encrypted filesystem is an option during install [13:23] J-_: It's probably not the most productive thing to whine at the people that are trying to help you. [13:23] * ScottK was too late. missed it by that much. [13:24] and encrypted filesystem won't save you from net attacks [13:24] and i'm not sure how exim could provide logs about LAMP :) [13:26] oh, he left :) [13:26] didn't notice that :D [13:28] <_ruben> heh [13:28] <_ruben> minor detail [13:28] has anyone tested the latest server images on real metal (or vmware even). It still doesn't boot in virtual box [13:28] installs fine though === zobbo_ is now known as zobbo [15:26] hiya, trying to migrate samba accounts from one machine to the next. what files do i need to copy? using the smbpasswd backend [15:27] found /var/lib/samba/passdb.tdb, but is that the only file needed? [15:28] zeasier: don't forget /var/lib/samba/secrets.tdb [15:28] and /var/lib/samba/group_mapping.tdb [15:29] if you have issues you might copy all the files in /var/lib/samba [15:29] hmm [15:30] that sounds promising but i'd still like to find some documentation about this online [15:30] those files names will help a lot [15:32] zeasier: you can look through the samba docs: http://samba.org/samba/docs/man/Samba-HOWTO-Collection/index.html [15:33] I'm not sure how much you'll find on replicating accounts though. [15:33] that might be faster than searching for keywords across the web, thanks [15:35] np... if you don't need the second machine up right away the best thing may be just to copy the files and see if the accounts are there. [15:35] if not copy another file, and so on [15:35] actually maybe we should switch to pam auth [15:36] that way we won't have to deal with multiple passwords anymore [15:36] that works too, also using LDAP works too [15:37] one of these days i'd like to get a centralized authentication system going [15:37] even for plain user accounts [15:38] IMHO LDAP is the way to go [15:39] yeah i need to bite the bullet the figure it out one of these days === heno_ is now known as heno [16:05] what's the default windows workgroup for xp? [16:06] i forget if it's WORKGROUP or MSHOME [16:06] zeasier: I think workgroup [16:06] workgroup [16:07] Really? [16:07] "I think"... been a while since I've used XP [16:08] perhaps it varies per flavor of xp, but I just installed xp on a machine a week ago and I swear it was workgroup [16:08] ah yes, browsing our network all our unconfigured boxes are there [16:08] so it's workgroup [16:08] We changed our default (in Samba) to MSHOME to match Windows. [16:08] Did they change it at some point? [16:08] maybe it depends on what eddition of xp you have [16:09] perhaps on XP Home it is MSHOME and on XP Pro or the Corp install it is WORKGROUP [16:09] is it MSHOME for vista? [16:09] not on ultimate [16:10] switching to WORKGROUP that's what 2k used by default and that's the best version of windows anyway [16:10] even if no one uses it anymore [16:11] I still deploy it ;) [16:12] if you have to use windows it's the best if you can get away with it [16:12] doesn't support ie7 but then again you shouldn't using ie at all anyway [16:13] btw looks like those tdb files worked [16:13] just copied all of them [16:13] looks like they all were needed according to the docs [16:18] zeasier: party! [16:19] http://samba.org/samba/docs/man/Samba-HOWTO-Collection/install.html#tdbpermfiledesc [16:24] thanks for the help [16:25] np === zobbo_ is now known as zobbo [18:06] hey, i just did a dist-upgrade from feisty to gutsy 32bit and now my machine does not boot properly anymore. it seems like the boot process is not running as root. when it should mount the partitions it tells me "you need to be root to do that". did anyone else experience this problem and maybe knows a solution? === nxvl_work_ is now known as nxvl_work [20:16] anyone else order one of those OLPC XO laptops? [21:22] okay, i'm not sure, but I think someone keeps trying to ssh into my server that shouldn't be there, i just happened to find /var/log/auth.log and found hundreds of login attempts from the same ip [21:22] my server is not at all secure [21:22] this is the first time i've ever had to administrate my own server [21:22] what do I do? how do I secure this box [21:23] its all from 62.205.163.157.. like a billion attempts to login [21:24] what does "sendmail: fatal: open /etc/postfix/main.cf" no such file or dir mean? it pops up everytime i try to run a sudo command [21:26] kshah: if you have ssh open to the Internet I'd add this config option to /etc/ssh/sshd_config: AllowUsers username [21:27] AllowUsers is a space seperated list, then restart ssh [21:27] okay [21:27] I mean, I don't know *anything* about what i'm doing [21:27] this is my first time using linux letting alone administrating a server let alone securing one [21:27] what are the general measures I should be taking [21:27] kshah: you can also look into hosts.deny, I've never used it, but I know people do. [21:27] firewalls, all that good stuff [21:29] Anyone? [21:29] should i change my ssh port for the hell of it? [21:29] kshah: sure iptables is the firewall shipped with Linux [21:29] i've never used that, learning curve? [21:30] what is pam_unix [21:30] kshah: can be a little steep, but there are gui "editors" that can help you create configs... I think firestarter and shorewall are a couple [21:30] i'm not running x on the server [21:31] that would be bad, right? [21:31] pam_unix is the authentication system (Pluggable Authentication Module... I believe) [21:31] l [21:31] kl [21:31] kshah: if you're running a ubuntu desktop I believe you can install firestarter on it then copy the script to the server. [21:31] win:( [21:32] AllowUsers user, will only allow that user to login? [21:32] here's an iptables guide: https://help.ubuntu.com/community/IptablesHowTo [21:32] do I have to enabled the Allow only option somewhere? [21:32] kshah: only allow that user/s to login using ssh... any user can still login from the console [21:35] thank you sommer [21:36] i'm going to play around [21:36] its a bit scary when you see a hundred failed login attempts [21:37] np... another quick precaution is to change your password, making sure it's hard to guess symbols, numbers, upper case and all that [21:40] hrm, I thought sshd_config had PermitRootLogin set to no by default [21:42] sommer: i typically randomly generate an 8 character pass [21:42] what does "sendmail: fatal: open /etc/postfix/main.cf" no such file or dir mean? it pops up everytime i try to run a sudo command [21:43] do you have a mailbox filled with unauthorized access attempt notes? :) [21:44] I dont even have a mailbox [21:44] this is a new install [21:45] nijaba, soren - where do we stand on getting the iso to work with qemu or xen? Last I tried in qemu, I got stuck at an initramfs prompt [21:46] nealmcb: for 7.10, no go [21:46] dmesg [21:46] oops [21:47] nealmcb: but for 8.04 it should and will be solved. I think soren is working on it [21:47] kshah any idea? [21:47] did you install mail? [21:48] mailx [21:48] sudo apt-get install mail [21:50] can the problem at least be documented? what sort of fix is soren looking at? === heno_ is now known as heno [21:52] kshah Im really not sure [21:52] DM| what happens when you type 'mail' [21:53] kshah lemme try [21:53] no mail for dmserver [21:53] sommers: so iptables seems straightforward enough, but when I specify --dport ssh, i'm not specifying the port (which is not longer 22 btw :) [21:53] nijaba: or can the build script be referenced so folks can fix it themselves? I just hate the idea of 6 months of saying to folks "our chosen virtualization target platform doesn't run our iso (since we decided that either qemu or xen is the platform of choice - did we ever get back to that discussion? I recall a posting to the devel list being the next thing to do?) [21:53] sommers: does it just figure it out from the service, or should I actually specify --dport xxx instead of --dport ssh [21:54] kshah i removed mailx for now.. but still giving me that error [21:54] nealmcb: AFAIK that's our choice for Hardy, right? [21:54] DM|: i wish I could help you but I am far far far from someone knowledgable, maybe someone here can help [21:54] : ( [21:55] kshah ok do you know about sudoers though? [21:55] yeah, i know of the file, and how to edit it [21:55] sudo visudo [21:56] nijaba: well I'm still digging for more info, but the choice I'm thinking of for gutsy is telling folks how to make a fixed iso. can isos go in ppas? [21:56] is there an open bug for this? [21:56] nealmcb: The problem was getting the ends to meet, i.e. making the kernel and qemu agree on a usable driver for things. [21:56] are you guys core developers or something? [21:57] kshah: Some of us are. [21:57] qemu works great with the linux-virtual kernel for what I've done [21:57] it is the iso that seems to stop dead [21:57] woah [21:57] on reboot, after install [21:58] Er.. Why do you boot the iso after you've installed? [21:58] kshah lol it doesnt complete and gives that same error message [21:58] I'm not booting the iso, I'm booting the disk I installed it on [21:58] 22:57:27 < nealmcb> it is the iso that seems to stop dead [21:58] ? [21:58] DM| are you logged in as the user you first created when you installed? [21:58] (after installing from iso in that case) [21:58] yep [21:59] nealmcb: Oh... [21:59] so I can run kvm or qemu with the virtual kernel and ubuntu-jeos-builder just fine. but when I install from iso, I can't boot the disk I installed to [21:59] DM|: your sendmail error means that sudo is attempting to send mail without bothering to see if it should. [21:59] DM| you have something far wronger with your system than I (will ever) know how to fix [21:59] lamont so how do i get rid of it [21:59] nealmcb: that's really... odd. [22:00] nealmcb: They ought to be just the same. [22:00] kshah: --dport xxxx you can use --dport ssh because ssh is listed in /etc/services I believe [22:00] kshah: so if you change it you'll need to specify [22:00] sommer: okay, yeah, i saw it automatically associated 80 with www, slick [22:00] of course I might have done the install wrong or something - it is such a slow pain to try again.... [22:00] lamont i want to just get rid of mail for now, but im new to the server world, so can you offer your help [22:01] ln /bin/true /usr/sbin/sendmail :) [22:01] nijaba, soren - does a wiki page https://wiki.ubuntu.com/JeOS-Builder make sense for me to work on? [22:01] or install a mailer and configure it [22:02] nealmcb: IMO, yes, definitely ! [22:02] nealmcb: Apart from the fact that it'll get renamed real soon, sure. [22:02] i.e. the name, and choice of the wiki since it is pre-release [22:02] soren: that's what I'm asking..... [22:02] nealmcb: We can rename pages on the wiki, no problem. [22:02] nealmcb: should not prevent you from working on it :) [22:02] but we can't re-point links - what name are you thinking of? [22:03] lamont since im not that exp yet, im not going to attempt to configure a mailer, [22:03] nealmcb: yes, but we can maintain a redirect page... [22:04] of course - I just prefer to get it right and avoid confusing folks [22:04] nealmcb: the naming issue is still something we have to figure out. It should not prevent us from working on the tool [22:05] what is the process for figuring it out? [22:05] nealmcb: discussion? [22:06] nealmcb: and a bit of marketing of course... [22:06] Well, there are two options: [22:06] a) Come up with a good, flashy name [22:06] or [22:06] b) rename it to ubuntu-vm-builder (because I say so) [22:06] :) [22:06] lamont same error [22:07] If a) doesn't happen within... um... let's say two weeks, I'll go with b). [22:07] how is virt-manager looking? [22:07] soren: even though I think ubuntu-vm-builder makes sense, I think we should bring it up with other people, such as gerry... [22:08] virt-install etc [22:08] nijaba: Indeed. [22:08] nealmcb: virtinst just got built an hour ago. [22:08] soren: do you want me to put it in my todo list for monday? [22:08] :-) [22:08] nijaba: That would be much appreciated. [22:08] soren: will do then [22:08] soren: finish default-mta packaging yet? :-) [22:08] nealmcb: It took a while for it to go trough NEW, but now we're getting somewhere. [22:09] soren: is there a chance we'd just go with it? [22:09] nealmcb: Not if I have any say in it. [22:09] built in a ppa, or for hardy alpha 1?? [22:09] nealmcb: alpha 1 was yesterday. [22:10] soren: and who would give YOU any say in it? [22:10] :-) [22:10] nealmcb: Er... Sorry, I got confused, apparantly. [22:10] nealmcb: "is there a chance we'd just go with it?" what is "it"? [22:10] lamont: gah... /me looks [22:11] I think you got it right - q was if adapting virt-install would be preferable to ubuntu-jeos-builder [22:12] soren: so did it build for hardy? or still just in your ppa? [22:12] nealmcb: The source is in the official archive now. [22:12] nealmcb: The binaries are in the NEW queue. [22:12] sounds good [22:13] lamont: My biggest problem right now is the long description. I've rewritten it three times and I'm still not happy with it. [22:13] and how would you compare what it can or should be able to do with your very nifty builder script? [22:14] I'm just thinking that pushing a whole free virtual machine infrastructure is a big job, and wondering where it makes sense to invest time and effort [22:15] Quite. I need to look into it a bit more. I've been blocked by a few bugs in it, so I haven't been able to look too much at it. [22:15] * nealmcb needs to just look at it more himself, but has lots of other things still cooking.... [22:16] soren: you do manage to get an amazing amount of stuff done..... [22:16] soren: feel free to toss it at me and I'll mess with it and upload it and we can deal with the inevitable bug reports. :) [22:17] lamont: Should it just depend on exim4 or something more specific? [22:17] nealmcb: It doesn't feel that way. [22:17] Where might I go to gather more info about this bothersome initramfs prompt? I haven't found much relevant documentation. or might I just ship you the vm that I built from the iso for qemu? [22:17] for debian, I think it's exim4... not sure. [22:17] nealmcb: I've ticked *one* think off on my todo list this week. [22:17] s/think/thing/ [22:18] nealmcb: Er.. I can probably look into it some time early next week. [22:18] can you be more specific about the mismatch between the kernel and qemu you were talking about? [22:19] i.e. which driver might be an outage for qemu? [22:20] * nealmcb needs to just do a proper bug report, like he should have done weeks ago, rather than just posting on the forum thread about it [22:21] nealmcb: I forget the exact details. Gutsy is old hat. :) [22:23] should I file the iso reboot bug on ubuntu-jeos? or on the kernel somehow? or ??? [22:23] That's a might good question. [22:24] installer? initramfs? [22:24] The trouble is that it's unlikely to be severe enough to warrant an SRU anyway. [22:25] lamont: http://people.ubuntu.com/~soren/dmta/ <-- The current stuff [22:25] well, getting it documented for hardy is a good start.... [22:25] nealmcb: Hopefully, the problem won't exist in hardy :) [22:26] well it still needs a bug.... [22:27] nealmcb: I suppose. [22:28] soren: you seem unsure - I'm confused [22:29] nealmcb: It's just that there's a lot of focus on exactly these things.. qemu and kvm and the kernel running inside them.. It's unlikely to not be fixed regardless of whether you spend time reporting the bug. [22:30] my point is just that qemu and the existing kernel seem fine - it is just the iso that is having problems. xen may be a whole different issue - I haven't tried it [22:30] iso or install process or whatever [22:32] nealmcb: Ah. [22:33] nealmcb: Erm.. I'm not sure what I'd report it against. [22:33] any good doc on the initramfs busybox prompt? [22:33] nealmcb: Not that I know of. [22:33] and how to figure out how I got there [22:34] nealmcb: You land there if the early userspace stuff fails to get you a proper root. [22:34] I just just run it in a vm and watch what happens. oh yeah - I am.... [22:34] nealmcb: This can be for any number of reasons. [22:35] nealmcb: So to reproduce this, I just take which iso and do what? [22:36] install jeos iso via qemu, reboot, ignore error, restart qemu with the new disk, see initramfs prompt [22:36] (ignore the "you've still got a cdrom loaded" error) [22:38] nealmcb: Added to my todo list. I'll figure out what to report it against. [22:39] :-) [23:18] Hello. Could someone point me in the right direction in terms of installing a shorewall package from 7.10 on a 7.04 box? Or just in getting shorewall updated to 2.3.2 or better? [23:38] how do I go about using Prevu to try a 7.10 .deb on 7.04 ? === Drazha739 is now known as Drazha