kgoetz | its installed, and has a file (+x) in /etc/cron.daily/00logwatch, but i dont get emails from it. when i run it manually i get mail from the script | 00:34 |
---|---|---|
kgoetz | s/its intalld/ i have logwatch installed | 00:34 |
soren | syslog tells you when cron runs something. Does it mention it? | 00:35 |
kgoetz | let me check | 00:37 |
kgoetz | holy heck, how has syslog hit 32mb :S | 00:40 |
kgoetz | Jan 4 09:17:01 moon CRON[13505]: Authentication service cannot retrieve authentication info | 00:41 |
kgoetz | looks like syslog/cron has been broken since 27th of september | 00:42 |
kgoetz | soren: looks like thats the problem :/ i'll try and work out this cron+syslog issue | 00:48 |
kgoetz | turns out shadow was misformed. fixed that and cron+other stuff starts working again. | 03:20 |
=== joerlend_ is now known as XiXaQ | ||
XiXaQ | I want to setup a shared folder on my ubuntu server so that windows clients can connect using only a password. I've been reading and reading, but I don't understand how it's possible. I don't want to duplicate all users usernames and passwords between all windows clients and ubuntu. | 04:18 |
XiXaQ | can someone explain this? I've tried setting security = share, but then it isn't password protected at all.. | 04:18 |
XiXaQ | I wonder if irc would be as popular if everyone was required to read the irc protocol before they were allowed to run the client.. :) | 04:21 |
XiXaQ | it feels like samba is doing something similar to me. | 04:21 |
PanzerMKZ | well I setup my samba install | 04:27 |
PanzerMKZ | and gave it one user | 04:27 |
PanzerMKZ | give it a valid user = username | 04:29 |
XiXaQ | I don't want to tie it to usernames. Everybody that knows the password should be able to read and write, just like in windows. Isn't that possible? | 04:30 |
PanzerMKZ | I have one username | 04:31 |
PanzerMKZ | panzer | 04:31 |
PanzerMKZ | so that line is set to valid user = panzer | 04:31 |
PanzerMKZ | and there is a password for user panzer | 04:31 |
PanzerMKZ | so I go to any of my windows boxen and pop that share and log in using panzer | 04:32 |
XiXaQ | ok, so if a friend comes over for tea, brings his laptop and wants to open a file, then he just has to create a new user in his system, log out and back in with that user, then connect to the share? | 04:32 |
PanzerMKZ | no | 04:32 |
PanzerMKZ | you come over to my pad | 04:33 |
PanzerMKZ | for tea | 04:33 |
PanzerMKZ | you got a windows box | 04:33 |
PanzerMKZ | you log in as you on your box | 04:33 |
PanzerMKZ | you go to start>run | 04:33 |
PanzerMKZ | type in //companion | 04:34 |
PanzerMKZ | companion in this case being my ubuntu file server running samba | 04:34 |
PanzerMKZ | up pops in a user/password window | 04:34 |
PanzerMKZ | and you put in the user panzer and my super secret password of lace | 04:35 |
PanzerMKZ | and bam you have access to all the file shares | 04:35 |
XiXaQ | so I'll have to setup one user per share? | 04:35 |
PanzerMKZ | is that not what you wanted? | 04:36 |
PanzerMKZ | one user | 04:36 |
XiXaQ | do you know how people share files in windows xp? | 04:36 |
PanzerMKZ | for all your shares? | 04:36 |
PanzerMKZ | there is a ten connection limit for xp file shares | 04:36 |
XiXaQ | I'd like to have a share with a password, another share with a different password. This means I have to create two different users, then share the resources as those users and give those usernames and passwords to the people who're supposed to access the shares? | 04:38 |
PanzerMKZ | but smb users don't have to be system users | 04:38 |
XiXaQ | they don't? | 04:38 |
PanzerMKZ | no | 04:38 |
XiXaQ | oh... | 04:39 |
PanzerMKZ | I could have smb user fred that is no where on my system | 04:39 |
XiXaQ | then how do I add this user? | 04:40 |
PanzerMKZ | first answer is man samba | 04:40 |
PanzerMKZ | which is what I am going to do now | 04:40 |
XiXaQ | you don't think I've been doing that for weeks? | 04:40 |
XiXaQ | everyone has been explaining how to install single-signon setups with directory controllers, and ldap, dhcp and god knows. I only want my damn directory to be available to those who know the password :) | 04:41 |
XiXaQ | the samba configuration guide has 47 chapters. | 04:42 |
PanzerMKZ | nice | 04:42 |
PanzerMKZ | man smbpasswd | 04:42 |
XiXaQ | well, actually, that's just the howto :) | 04:42 |
PanzerMKZ | it will talk about adding users | 04:42 |
XiXaQ | thanks :) | 04:42 |
PanzerMKZ | and changing passwords | 04:42 |
PanzerMKZ | the -a command adds a user | 04:44 |
PanzerMKZ | you need example of my smb.conf file? | 04:45 |
XiXaQ | that would be nice. | 04:45 |
PanzerMKZ | http://pastebin.com/d6421821c | 04:48 |
PanzerMKZ | is for a iso share I have | 04:48 |
XiXaQ | that's the kind of share I want to setup. :) | 04:50 |
XiXaQ | but panzer is a real user, right? | 04:51 |
PanzerMKZ | well on that box yes | 04:51 |
XiXaQ | panzer can login using ssh with that password, for instance? | 04:51 |
PanzerMKZ | but the passwd for panzer on smb is different then the system | 04:51 |
PanzerMKZ | so the answer is no | 04:52 |
XiXaQ | how do I do that? | 04:52 |
PanzerMKZ | setup the share | 04:53 |
PanzerMKZ | and then work your magic with smbpasswd | 04:53 |
XiXaQ | oh.. Ok. Normal user doesn't automatically have access to their own shares? You must use smbpasswd first? | 04:53 |
PanzerMKZ | to add users and passwords | 04:53 |
PanzerMKZ | yea | 04:53 |
XiXaQ | aha.. | 04:53 |
XiXaQ | does that make sense in anyway? | 04:54 |
PanzerMKZ | yea | 04:54 |
PanzerMKZ | basicly you are asking if you have a samba server up | 04:55 |
XiXaQ | pardon?! | 04:55 |
PanzerMKZ | and you add a new user to the system does the system users home dir get shared out automatically | 04:55 |
XiXaQ | no. If I make normal user. I then add that users home directory as a share in /etc/samba/smb.conf. That users password will be invalid, because I haven't set a sambapassword for him yet? | 04:56 |
PanzerMKZ | yea | 04:56 |
XiXaQ | ok.. Is that a requirement, or is it possible to use pam instead? | 04:58 |
PanzerMKZ | you can set it up different ways by changing the smb.conf | 04:59 |
PanzerMKZ | there should be things you uncomment | 04:59 |
XiXaQ | ok, that's fine for my setup. However, if I wanted to let other unix users share their folders at will.. I really don't want to make all admins? | 05:01 |
XiXaQ | it seems to me strange that shares should be spesified in the main configuration file? | 05:02 |
PanzerMKZ | there is parts for users to add | 05:02 |
XiXaQ | By default, \\server\username shares can be connected to by anyone with access to the samba server. Un-comment the following parameter to make sure that only "username" can connect to \\server\username This might need tweaking when using external authentication schemes | 05:08 |
XiXaQ | ;valid users = %S | 05:08 |
XiXaQ | does this mean that by default, all users can read from and write to other users homes? | 05:09 |
XiXaQ | PanzerMKZ, thanks. I think I got it. | 05:17 |
XiXaQ | it's the documentation that confused me. help.ubuntu.com's samba documentation seems to explain more about how Active Directory works and what LDAP is than how to setup a share. | 05:17 |
XiXaQ | think maybe I'll write a simpler guide when I get this right. | 05:18 |
c1|freaky | does anyone know if theres a tool for windows which can knock on port? because i want to secure ssh using knockd | 05:22 |
c1|freaky | and is there any good firewall solution for ubuntu server? | 05:23 |
c1|freaky | i mean, configuration, standard mechanisms etc.? | 05:23 |
c1|freaky | I also need some intrusion detection software ... | 05:30 |
ScottK | iptables is built into the kernel. That's your firewall. | 05:38 |
c1|freaky | ok | 05:39 |
ScottK | Is it just you connecting via SSH? | 05:39 |
c1|freaky | no | 05:39 |
ScottK | OK. I generally just rate limit SSH connections via iptables, but it doesn't scale well for lots of users. | 05:40 |
c1|freaky | i want to secure ssh logins using knockd ... but i dont know if theres any software for windows which can knock on ports | 05:41 |
c1|freaky | like knock does | 05:41 |
* ScottK doesn't use Windows. Sorry. Can't help on that. | 05:46 | |
c1|freaky | ok thanks | 05:56 |
c1|freaky | im waiting for my new server :D | 05:57 |
c1|freaky | 6GB DDR2, 2 750GB SATA II HDDs, AMD Athlon 64 X2 DualCore :D | 05:58 |
normanm | hi all | 06:20 |
normanm | We use ubuntu on some servers here. We need to support php4 because of some old CRM. I saw feisty dropped the php4 support. Any idea if there are some sources where we can get the needed debs ? | 06:22 |
ScottK | Run Dapper would be my suggestion. | 06:26 |
normanm | ScottK, dapper is really out of date :-/ | 06:26 |
ScottK | Yes, but you want to run PHP4. | 06:26 |
ScottK | I'm typing this on a Dapper desktop because it basically does what I need. | 06:27 |
ScottK | Debian is, I think, also dumping PHP4, so it's a losing battle I think. | 06:28 |
normanm | ScottK, Dapper not works on the x4100 servers with the "supported" kernel | 06:28 |
normanm | ScottK, well I don't want... I need :-/ | 06:28 |
ScottK | Ah. | 06:28 |
ScottK | I don't know enough about PHP to have a useful opinion then. | 06:29 |
normanm | The company i'm workin for is using a self devolped crm wich only support php4 | 06:29 |
normanm | btw.. Is dapper still getting security updates ? | 06:29 |
lamont | hrm... do I want to turn on IDN support in bind9, I wonder? | 06:35 |
lamont | normanm: only until june of 2011 (for ubuntu-standard portions), or June of 2009 (for desktop stuff) | 06:35 |
lamont | :-) | 06:35 |
normanm | lamont, hmm thats not bad.. | 06:36 |
normanm | So now i need to think about if i want to use dapper drake or i want to use freebsd | 06:36 |
normanm | on the webservers | 06:36 |
lamont | normanm: or stall until april and put hardy on, which will have server security support until april of 2013 :-) | 06:40 |
normanm | lamont, ;-) | 06:41 |
lamont | or I suppose you could just dist-upgrade from dapper to hardy once it's out. (That'll be tested/supported) | 06:41 |
normanm | lamont, well i don't think hardy will support php4 | 06:41 |
lamont | ah, there is that. | 06:42 |
normanm | lamont, :-P | 06:42 |
lamont | you do know that it stands for "Please Hack Promptly", right? | 06:42 |
normanm | I allready upgraded all servers except the webservers to gutsy | 06:42 |
normanm | lamont, tell me something new... But what should i do if my boss wants it :-P | 06:43 |
lamont | normanm: short term? do it. longer term? resume. | 06:43 |
normanm | lamont, yes. | 06:43 |
normanm | BTW, do you know if there is something like kernel security level planed for ubuntu ? | 06:44 |
lamont | ijiot circumstances require change... :-) | 06:44 |
lamont | as in C2 or B1 or such? | 06:44 |
lamont | orange-book levels? | 06:44 |
lamont | no clue on that one. | 06:44 |
lamont | security fixes? already happens | 06:44 |
normanm | Something like in freebsd which prevent modules to be loaded. don't allow the the time to be set more then 1 second in the past/future. Don't allow raw access to block devices etc | 06:45 |
lamont | ah. one could use selinux to do that, quite possibly could use apparmor (which is there by default in gutsy...) | 06:47 |
* lamont prefers selinux, wasn't consulted wrt what got turned on in gutsy's kernel | 06:47 | |
lamont | time to sleep | 06:50 |
kraut | moin | 08:57 |
_ruben | mornin | 08:57 |
=== tku is now known as kraut | ||
ScatterBrain | By default the snmp daemon runs as user "snmp". How can I give that user permissions to read the log files in /var/log? | 15:44 |
ScatterBrain | I've tried adding it to the "adm"group, but that doesn't seem to work. | 15:44 |
Kamping_Kaiser | why do you want them to? | 15:45 |
ScatterBrain | I need to run a script that greps the logs via snmp'd "pass" functionality so I can keep stats with Cacti. | 15:45 |
Kamping_Kaiser | unsure. night mate | 15:46 |
ScatterBrain | at this point, I'm looking to keep track of Postfix and Amavis. | 15:46 |
lamont | ScatterBrain: group adm should be sufficient. OTOH, it probably requires restarting the daemon | 15:47 |
ScatterBrain | lamont, yeah did that. | 15:48 |
ScatterBrain | I'm still getting permission denied trying to read /var/log/mail.log | 15:48 |
ScatterBrain | even with 644 permissions. | 15:48 |
ScatterBrain | Go figure. | 15:48 |
lamont | and what are the perms on /var/log :-) | 15:49 |
jetole | hey guys, I need to know how badly I have just fsck'd myself | 15:51 |
ScatterBrain | lamont: by default they are 640, with root/adm user/group ownership. | 15:51 |
jetole | root didn't look twice before hitting enter and did a rm -f /var/log | 15:51 |
ScatterBrain | When I change then 644, the script works. | 15:51 |
* jetole is currently waiting for the server to reboot | 15:52 | |
lamont | ScatterBrain: ls -ld /var/log :) | 15:52 |
lamont | it's not 640 by default | 15:52 |
jetole | hmmm, it looks like most the files recreated themselves upon reboot... I think | 15:52 |
lamont | jetole: mkdir /var/log; chmod 755 var/log; chown root:root /var/log | 15:53 |
lamont | (or reboot and everything should just do the right thing) | 15:53 |
ScatterBrain | lamont: mine was. | 15:53 |
lamont | except maybe /var/log/ would wind up 555 instead of 755... | 15:53 |
lamont | ScatterBrain: the directory had no execute permissions? | 15:53 |
lamont | that would explain why you couldn't open any file under it... | 15:53 |
lamont | (since exec is needed to open a file...) | 15:53 |
ScatterBrain | oh, the lod directory itself. | 15:54 |
lamont | er.. | 15:54 |
ScatterBrain | not the file. | 15:54 |
ScatterBrain | s/lod/log | 15:54 |
lamont | exec permission on a directory is needed to open files in the directory | 15:54 |
lamont | ScatterBrain: yes. | 15:54 |
jetole | lamont: rm -f /var/log/ | 15:54 |
lamont | jetole: that shouldn't do anything, should it? | 15:54 |
jetole | doesn't delete the directory or any subdirs | 15:54 |
jetole | just all flat files in /var/log | 15:54 |
lamont | mkdir x; rm -f x | 15:55 |
lamont | rm: cannot remove `x': Is a directory | 15:55 |
jetole | right, well I wasn't sure if all logs recreated themselves or not | 15:55 |
ScatterBrain | lamont: blue tmp # ls -ld /var/log | 15:55 |
ScatterBrain | drwxr-xr-x 8 root root 2048 2008-01-04 10:37 /var/log | 15:55 |
lamont | ScatterBrain: which is what it should be,. | 15:55 |
jetole | since I know logrotate has options for logs that need to be touched after an old one is moved | 15:55 |
ScatterBrain | so If I change the directory so that root/adm owns it will that be OK? | 15:55 |
lamont | ScatterBrain: anyone in the world is allowed to open files in that directory, depending on the permissions | 15:56 |
lamont | is apparmour bitching about anything? | 15:56 |
jetole | I have an apparmor dir in var/log so I am not sure why I would change perms on var/log for a file that has it's own var/log/apparmor | 15:57 |
lamont | jetole: if there are any logs that don't rebuild after a restart of the daemon (so that a reboot of the system is sufficient....), then it's a bug in the daemon | 15:57 |
jetole | lamont: any known bugs in server common packages that I may need to be aware of? ;) | 15:57 |
lamont | apparmor does all kinds of neat funky stuff with permissions totally independent of the filesystem permissions | 15:58 |
lamont | jetole: not personally, no | 15:58 |
jetole | alright, well thanks for the help | 15:59 |
lamont | ScatterBrain: if the file is mode 644 and you can read it but the snmp daemon can't, then it's something outside of FS permissions | 15:59 |
* lamont finally heads off to get to work for the dasy | 15:59 | |
ScatterBrain | lamont: like what? | 15:59 |
lamont | like apparmor | 15:59 |
lamont | or selinux | 15:59 |
ScatterBrain | the script works as root and if I set the perm to 644. | 15:59 |
ScatterBrain | on a dapper box? | 15:59 |
lamont | root skips all kinds of perm checks | 16:00 |
lamont | dapper. | 16:00 |
lamont | if the daemon can't open it, I | 16:00 |
lamont | 'm pretty sure it's FS perms somewhere. | 16:00 |
lamont | anyway, gotta run | 16:00 |
ScatterBrain | lamont: OK, I'll keep looking. | 16:00 |
ScatterBrain | thanks. | 16:01 |
=== rodneykk is now known as rodpod | ||
=== macd_ is now known as macd | ||
sergevn | Does anyone has any experience with denyhosts? | 18:19 |
=== Gamble6x is now known as gamble|fude | ||
nealmcb | sergevn: what's your question? | 19:21 |
=== gamble|fude is now known as gamble6x | ||
hangthedj | i just upgraded to hardy, how to i change the shell to say hardy instead of gutsy 7.10 Tribe 3? | 22:14 |
delphiuk | can someone help me with a 6.06 upgrade problem? I have an output if you need to see it? | 22:22 |
=== mindframe- is now known as mindframe | ||
Kamping_Kaiser | delphiuk, what is the problem? | 22:35 |
Kamping_Kaiser | hangthedj, not sure, try /etc/issue, but be sure you know what your doing before messing with stuff like htat | 22:35 |
hangthedj | ok thanks | 22:37 |
delphiuk | Kamping_Kaiser: http://paste.ubuntu-nl.org/50774/ | 22:46 |
Kamping_Kaiser | delphiuk, hm | 22:54 |
Kamping_Kaiser | are you using offical repositories? | 22:54 |
delphiuk | Kamping_Kaiser: Oh yes, nothing is "non standard" | 22:54 |
Kamping_Kaiser | BTW, try running `export LANG=C` to get rid of those locale/perl errors (makes things easier to read) | 22:55 |
Kamping_Kaiser | delphiuk, try `export LANG=C && apt-get -f install` | 22:57 |
Kamping_Kaiser | tell me what that outputs | 22:57 |
delphiuk | richard@sugar:~$ sudo export LANG=C && apt-get -f install | 22:58 |
delphiuk | sudo: export: command not found | 22:58 |
Kamping_Kaiser | `export LANG=C && sudo apt-get -f install` | 23:03 |
Kamping_Kaiser | export is a shell built in (see help export in the shell if you want to see more) | 23:03 |
delphiuk | Kamping_Kaiser: http://paste.ubuntu-nl.org/50778/ | 23:05 |
Kamping_Kaiser | try `sudo apt-get --purge remove apache2-utils` (it may remove a bunch of stuff, i'm not sure) | 23:07 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!