[00:02] <mathiaz> jdstrand: well... there isn't so much documentation. It should just work
[00:02] <mathiaz> jcastro: ^^
[00:03] <mathiaz> jcastro: obviously it doesn't...
[00:04] <jcastro> mathiaz: I will confirm with the new ppa version tomorrow and get back to you
[00:05] <jcastro> I have a few friends with AD/Linux setups and I just sent them a mail to get a hardy vm ready to test likewise.
[00:07] <mathiaz> jcastro: awesome. That is going to be of great help.
[00:08] <jcastro> mathiaz: I did AD integration in the past at my last job, and that was so painful I am taking an interest in getting feedback for this feature.
[03:09] <antdedyet> any known new efforts going into the recent openness of the M$ Exchange protocol?
[03:10] <antdedyet> Also, while I'm fishing for info ... Has there been sign of new efforts on the public domain release of DJB software?
[03:11] <antdedyet> on the latter question, I've have not seen new events as of earlier today on a few of the qmail community pages.
[03:12] <kgoetz> which protocol?
[03:18] <antdedyet> kgoetz: looks like the licensing agreement was for Samba related communications only, not Exchange.
[03:19] <kgoetz> antdedyet: as i understand it yeah :/
[03:21] <antdedyet> The mental note on Exchange being opened was a wishlist during a conversation I had with a sysadmin buddy about the file and printer sharing protocols.
[03:22] <antdedyet> We both hate Exchange, except he gave in so he could use the mobile PDA stuff.
[03:22]  * antdedyet just uses an old brick for a phone
[03:30] <^Elfboy> how do u kill a program when kill #### dont work
[03:30] <antdedyet> ^Elfboy: "kill -9 $pid" doesn't work?
[03:31] <^Elfboy> mark@thesource:~$ ps x
[03:31] <^Elfboy>   PID TTY      STAT   TIME COMMAND
[03:31] <^Elfboy>  3943 ?        S      0:00 ./psybnc
[03:32] <^Elfboy> no
[03:32] <^Elfboy> need the -9 ?
[03:32] <kgoetz> in what way does it 'not work'?
[03:33] <^Elfboy> ok
[03:33] <^Elfboy> well i added it with the -9 and it work
[04:39] <lando> anyone here know how to get an ubuntu server working with godaddy
[04:39] <lando> im not sure if i need to install dns software
[04:40] <^Elfboy> ok  how do i move 1 folder too another folder
[04:40] <^Elfboy> in tem
[04:40] <kgoetz> mv
[04:40] <kgoetz> lando: 'working with'?
[04:40] <^Elfboy> mv wiith foldername to other foldername
[04:41] <lando> well.. i just bought a domain from godaddy... and im wondering if it is as simple as adding my ip to the godaddy domain management
[04:41] <^Elfboy> like mv x to a
[04:42] <seanh_> lando: what do you mean?
[04:42] <seanh_> you want to use your box as a dns server?
[04:42] <lando> no
[04:42] <lando> i want to host my site from my box but have a godaddy domain name
[04:43] <seanh_> if you're using godaddys dns servers then all you need on your server is apache
[04:43] <seanh_> and probably a firewall
[04:44] <faulkes-> lando: yes and no
[04:44] <faulkes-> the A record will work
[04:45] <faulkes-> the PTR record likely won't as that is assigned to provider specific DNS
[04:45] <faulkes-> well, actually, the A record may create problems with lame delegations, I can't remember if bind only does that for PTR's though
[04:45] <lando> mgm
[04:46] <lando> i mean mhm
[04:46] <faulkes-> so, for instance, if you try to send mail out via your domain, the reverse (ptr) won't resolve and many sites will reject the mail (although that is dependent on a number of factors)
[04:48] <faulkes-> lame delegations though are generally more bothersome messages than drop dead non functioning issues
[04:48] <lando> ah... u make no sense to me faulkes- ...
[04:49] <lando> i have added my ip to the a record.
[04:49] <kgoetz> lando: short answer is yes, but may not work as you expect
[04:49] <faulkes-> correct
[04:51]  * faulkes- is so glad he has access to a portable /23
[04:51] <faulkes-> solves so many issues when you have your own ip space
[04:51] <kgoetz> nice
[04:55] <faulkes-> anyways, it's late here, so off to bed I go, night people
[04:55] <kgoetz> later mate
[06:20] <^Elfboy> man u guys are going to get sick of me
[06:21] <^Elfboy> what would i need to get to show server info like hd ram and all that stuff
[06:22] <kgoetz> theres a few tools.
[06:22] <kgoetz> df -h/ free -m for example
[06:23] <Iulian> It's more better to read the manula.
[06:23] <Iulian> s/manula/manual
[06:24] <^Elfboy> :)
[06:25] <Iulian> Also I bet you didn't read the topic.
[06:26] <^Elfboy> yes i did
[06:26] <Iulian> Aww, by the way, good morning all.
[06:26] <^Elfboy> lol
[06:27] <Iulian> ^Elfboy: Then you should be fine :)
[06:27] <Iulian> Yea, I just woke up.
[06:27] <^Elfboy> and if ubuntu server use gentoo portage this wold be ezer:)
[06:28] <Iulian> Ubuntu is ubuntu and gentoo is gentoo.
[06:28] <^Elfboy> :)
[06:28]  * Iulian *yawns*
[06:28] <kgoetz> checking your ram is easier with portage?
[06:28] <^Elfboy> i wnet with ubuntu server cose i did not fell like taking the time to set up netwoing and all that
[06:29] <^Elfboy> everthing is ez
[06:29] <^Elfboy> emerge is better the apt-get
[06:29] <^Elfboy> :)
[06:29] <kgoetz> *cough* troll
[06:29] <^Elfboy> lol
[06:30] <^Elfboy> i was just statin my point
[06:30] <^Elfboy> :)
[06:30] <^Elfboy> not "troll"
[06:30] <^Elfboy> my server is ubuntu
[06:30] <^Elfboy> for a reason
[06:44] <pschulz01> Question about /etc/network/if-ip.d
[06:45] <pschulz01> Do all of the scripts get called everytime an interface is brought up?
[08:03] <Gargoyle> mormin all
[08:31] <_ruben> g'day
[08:33] <kraut> moin
[09:32] <nijaba> hello
[09:38] <Iulian> Hey
=== `6og is now known as Kamping_Kaiser
[10:31] <ivoks> how about moving some parts of bacula to main, and leave some in universe?
[10:31] <ivoks> like GUI console; we could leave that in universe
=== \sh_away is now known as \sh
[11:49] <spiekey> hello!
[11:50] <spiekey> any comments how i best upgrade libnss_ldap on dapper to a higher version?
[11:50] <spiekey> i need to get libnss_ldap version 245 on my box
[11:50] <Kamping_Kaiser> you can try backporting, but it may be a bit core to backport safely
[11:51] <spiekey> that sounds liek a real manual task?! :)
[11:51] <Kamping_Kaiser> i expect it will be. (being part of libnss)
[11:52] <spiekey> damn
[11:53] <Kamping_Kaiser> spiekey, do you need 245 specifically?
[12:03] <spiekey> anythign above would be fine
[12:04] <Kamping_Kaiser> whats special about it?
[12:05] <spiekey> i have this problem: http://osdir.com/ml/ldap.padl.nss/2006-09/msg00014.html
[12:06] <Kamping_Kaiser> i suspect you'll have to go with option 1.
[12:06] <Kamping_Kaiser> but hang around, someone else might know otherwise :)
[12:07] <Kamping_Kaiser> night mate :)
[12:07] <Kanashimi> Hey there. Trying to install bw_mod by compiling it with apxs2, I have apache2-prefork installed on the system as well as installed the apache2-prefork-dev package. When I try to load the module though I get the error: /usr/lib/apache2/modules/mod_bw.so: undefined symbol: apr_atomic_cas      Is there some additional dev package I need to still install?
[12:08] <Kamping_Kaiser> Kanashimi, you have to install hte module against the source of the apache version you have installed
[12:08] <Kamping_Kaiser> but really gnight ;)
[12:08] <spiekey> Kamping_Kaiser: removing groups from nsswitch is not possible, whats the point in my ldap auth system then? ;)
[12:08] <Kanashimi> Hmm, I'm using the normal apache2 package and the normal dev package.
[12:09] <Kamping_Kaiser> spiekey, to auth users :)
[12:09] <spiekey> only the bloody vmware seems to have problems with it
[12:09] <Kamping_Kaiser> but i do understand what your saying
[12:09] <Kanashimi> Good night though if you're on your way out.
[12:10] <Kanashimi> Shouldn't the apache2 package and the dev package be the same given that both are of the most up to date version?
[12:19] <soren> spiekey: Backporting the package is not that hard.
[12:19] <soren> spiekey: I'm off to lunch now, I can help you afterwards.
[12:27] <spiekey> thanks! That would be great!
[12:27] <sigma_1234> where can i get the pdf version of the ubuntu server handbook?
[12:32] <spiekey> http://www.google.de/search?hl=de&q=where+can+i+get+the+pdf+version+of+the+ubuntu+server+handbook%3F&btnG=Google-Suche&meta=
[12:35] <sigma_1234> which link do you recommend from there?
[12:37] <spiekey> i dunno :)
[12:40] <sigma_1234> i found one for 6.10 . how different is the latest version?
=== joerlend__ is now known as XiXaQ
[16:38] <jjesse> i hate that i always miss these mtgs
=== \sh is now known as \sh_away
[16:58] <mathiaz> hi jjesse
[16:59] <ScottK> jjesse: re your mail...  Yes.  We've defined some roles. We need to do more of it.
[17:03] <jjesse> hello mathiaz and ScottK
[17:03] <jjesse> yes i agree we ned to do more of it, wish i had more time to help and learn
[17:03]  * faulkes- yawns
[17:04] <faulkes-> time to grab a coffee
[17:04] <ScottK> Hello jjesse
[17:33] <dendrobates> jcastro: are you around?
[17:47] <faulkes-> ScottK: the roles that have been defined, is this in a doc somewhere?
[17:47] <mathiaz> faulkes-: on the GettingInvolved page
[17:48] <ScottK> faulkes-: I have no idea.  I pay as little attention to documented process and procedure stuff as I can get away with.  mathiaz would be a better person to ask.
[17:48] <faulkes-> ok, so just there
=== ScottK changed the topic of #ubuntu-server to: Ubuntu Server discussion and support || For general (not server specific) support visit #ubuntu || Get involved: https://wiki.ubuntu.com/ServerTeam/GettingInvolved || Guide to asking questions on IRC: http://www.sabi.co.uk/Notes/linuxHelpAsk.html || Ask questions that get answered: http://www.catb.org/~esr/faqs/smart-questions.html ||  Be patient.  Don't ask to ask, just ask.  || server guide: https://help.ubuntu.com/7.10/server/C/ || https://wik
[17:51] <ScottK> Urgh. Need to shorten it.
[17:51] <mathiaz> ScottK: yeah... that'd be a good idea ;)
=== ScottK changed the topic of #ubuntu-server to: Ubuntu Server discussion and support || For general (not server specific) support visit #ubuntu || Get involved: https://wiki.ubuntu.com/ServerTeam/GettingInvolved || Guide to asking questions on IRC: http://www.sabi.co.uk/Notes/linuxHelpAsk.html || http://www.catb.org/~esr/faqs/smart-questions.html ||  Be patient.  Don't ask to ask, just ask.  || server guide: https://help.ubuntu.com/7.10/server/C/ || https://wiki.ubuntu.com/ServerTeam
[17:51] <ScottK> That fits.
[18:00] <faulkes-> mathiaz: will do re: second draft to list and w/ your comments
[18:37] <jcastro> dendrobates: yep
[19:23] <sommer> jdstrand: around?
[19:24] <jdstrand> yep
[19:24] <sommer> I whipped up a short ufw section, and was wondering if you'd be willing to take a look at it?
[19:24] <jdstrand> sure!
[19:25] <jdstrand> wehere?
[19:25] <sommer> it's pretty short, covers some examples from the man page
[19:25] <sommer> cool, I can email it to you since I haven't committed it yet
[19:26] <sommer> is it cool to send it to your address in lp?
[19:26] <jdstrand> yep
[19:26] <sommer> cool, thanks
[19:26] <ScottK> jdstrand: Did you see what we did for the security status of clamav in Dapper today?
[19:26] <jdstrand> ScottK: no
[19:27] <ScottK> jdstrand: Look at the top line https://launchpad.net/ubuntu/+source/clamav/+publishinghistory
[19:27] <ScottK> That wiped out at least a dozen CVEs.
[19:28] <jdstrand> \o/
[19:29] <jdstrand> that's fantastic
[19:29] <ScottK> That was a multi-month project to get all the rdepends updated and testing.
[19:29] <ScottK> testing/ed
[19:29] <jdstrand> great! :)
[19:29] <ScottK> If you want to show up and cheer for my core-dev application at the Tuesday tech board meeting ...
[19:30] <jdstrand> I can cheer-- but you should know I'm not core-dev yet ;)
[19:30] <jdstrand> keescook: is though
[19:30] <jdstrand> s/://
[19:31] <zul> ill bring my pom poms
[19:31] <ScottK> Heh.
[19:31] <jdstrand> ScottK: did you document all that went into that?  I'd be happy to look at it and comment (somewhat) intelligenty on it for core-dev
[19:32] <ScottK> Yes I did
[19:32] <ScottK> Just a sec for links
[19:34] <ScottK> https://wiki.ubuntu.com/MOTU/Clamav?action=show https://launchpad.net/~ubuntu-clamav/+archive https://bugs.launchpad.net/ubuntu/dapper/+source/clamav/+bug/190187
[19:34] <ubotu> Launchpad bug 190187 in clamav "Dapper clamav has multiple security issues that require upgrade to new version to fix" [High,Fix released]
[19:34] <ScottK> That didn't work out very well
[19:34] <ScottK> https://wiki.ubuntu.com/MOTU/Clamav?action=show - https://launchpad.net/~ubuntu-clamav/+archive - https://bugs.launchpad.net/ubuntu/dapper/+source/clamav/+bug/190187
[19:35] <ScottK> I've removed the Dapper packages from the PPA because they are in the archive now, but they're listed in the bug.
[19:38] <dendrobates> jcastro: when you tried likewise yesterday, was in on ubuntu-desktop or ubuntu server?
[19:39] <jdstrand> ScottK: cool, I made a note of it and will read through it
[19:39] <ScottK> jdstrand: Thanks.
[19:39] <jdstrand> I may need reminding on Tuesday ;)
[19:39] <ScottK> Got it.
[19:39] <jcastro> dendrobates: desktop
[19:40] <dendrobates> jcastro: there is a known bug when using network-manager.  Jerry is working on a fix.
[19:41] <jcastro> dendrobates: ah ok, thanks.
[19:50] <mathiaz> jdstrand: you can also stop by to support my core-dev application
[19:50] <jdstrand> mathiaz: sure :)
[19:53] <jdstrand> sommer: just read through your ufw section
[19:53] <jdstrand> shall I respond here or in email?
[19:53] <jdstrand> or diff?
[19:57] <sommer> jdstrand: either works for me
[19:57] <jdstrand> ok, how about here :)
[19:57] <jdstrand> first-- thanks!
[19:57] <sommer> np
[19:57] <sommer> thank you
[19:57] <jdstrand> your quote in the manpage doesn't format properly in yelp (on gutsy)
[19:58] <jdstrand> that wasn't right
[19:58] <jdstrand> your manpage quote isn't formatted properly in yelp
[19:58] <jdstrand> (that's better)
[19:58] <sommer> ya, I played with it a little to fit in the grey box
[19:59] <sommer> there may be a better way to represent that... I didn't do too much digging
[19:59] <jdstrand> this should be changed 'replace _port 22_ with _ssh_'
[19:59] <jdstrand> to 'replace _22_ with _ssh_'
[19:59] <jdstrand> ie 'port' is required in either case
[20:00] <sommer> ah, I'll change that
[20:00] <jdstrand> (it's only not required when using the simple syntax)
[20:01] <jdstrand> two other ideas:
[20:01] <sommer> sure
[20:01] <jdstrand> 1. ufw will support custom rules in its /etc/ufw/*.rules files, so it is not mutually exclusive to iptables
[20:02] <jdstrand> (ie you can add a NAT rule in there, but still use ufw for everything else if desired)
[20:02] <jdstrand> 2. you might mention the 'ufw logging on' and 'ufw logging off' in the Logging section
[20:02] <jdstrand> "If using, ufw..." or some such thing
[20:03] <sommer> ya, I was thinking about that too :)
[20:04] <jdstrand> I don't know if you want to use '1' or not, but the whole point of ufw is to make things easier, but without getting in the way of the admin
[20:04] <sommer> I think it could be mentioned, maybe in context with the section on masquerading
[20:04] <jdstrand> it has a robust way of dealing with chains and startup, so using just the files that are there without the cli would likely be quite useful for people
[20:05] <sommer> gotcha, I'll make those adjustments
[20:06] <sommer> thanks for the feedback, great stuff
[20:06] <jdstrand> you are really good at docs, so keep up the good work.  another idea might be, since ufw is now installed by default, is to reorganize a bit
[20:06] <jdstrand> that is up to you of course
[20:06] <sommer> reorganize?  the firewall section?
[20:06] <jdstrand> ie, if ufw were higher up, it would be easier to talk about the iptables rules on their own, or in the context of ufw
[20:07] <jdstrand> Tools would like become 'Other Tools
[20:07] <jdstrand> but then, maybe I am biased-- it's just an idea
[20:07]  * jdstrand knows he is biased :)
[20:07] <ScottK> jdstrand: We ought to think about backporting ufw when you think it's ready.
[20:08] <sommer> sure, I'll take a look at it, I don't think the firewall section has really had any attention since it was first written
[20:08] <jdstrand> ScottK: it works fine on gutsy
[20:08] <jdstrand> it does need python 2.5 though
[20:08] <ScottK> jdstrand: So feisty and edgy should worl
[20:08] <ScottK> work
[20:09] <jdstrand> there are just a couple of python 2.5 things, so going to dapper wouldn't be horrific...
[20:09] <jdstrand> I'd have to think about that
[20:10] <jdstrand> ScottK: I imagine once we get closer to hardy release, we can revisit backporting
[20:10] <ScottK> sommer and jdstrand: One question I'm having right now is "I've got my iptables rules already, is UFW better or can I just ignore it"
[20:10] <mathiaz> I agree with jdstrand idea to put ufw first in the documentation
[20:10] <ScottK> jdstrand: Yes.  When you're ready.  Although backporting to Gutsy sooner is one way to get more testing.
[20:10] <mathiaz> it's the default and preferred way to handle firewalling.
[20:10] <jdstrand> ScottK: simple answer is if your firewall configuration is already working for you, don't change it
[20:10] <mathiaz> presenting iptables later on for customization makes sense.
[20:11] <jdstrand> (that is the sysadmin in me)
[20:11] <sommer> mathiaz: agreed, I'll give it some lovin this weekend
[20:12] <jdstrand> sommer: you may want to check out the /etc/ufw/*rules files to see how they work with custom rules
[20:12] <sommer> jdstrand: sure
[20:12] <jdstrand> sommer: the manpage only casually references it
[20:12] <jdstrand> I can change that if needed
[20:14] <sommer> jdstrand: I'll dig into them, but I think for now the man page covers them enough
[20:14] <jdstrand> sommer: also, especially if talking about FORWARDing stuff, look in /etc/default/ufw
[20:15] <sommer> roger that
[20:16] <faulkes-> question: are there likely to be any interactions between ufw and virt support
[20:16] <faulkes-> I know that at least in some cases, rules get added, such as with dnsmask and what not
[20:16] <jdstrand> sommer: NAT and segmented network firewalling are not supported in the cli, but everything is in place to allow an admin to do this with the ufw chains
[20:16] <faulkes-> so that virt networking (dhcp, other stuff) works
[20:17] <jdstrand> faulkes-: how is it added?
[20:18] <faulkes-> as I havent seen the virt stuff on gutsy yet, I know that at least on centos, when I boot up xen, rules get added to iptables to allow networking to the virtuals
[20:18] <jdstrand> faulkes-: if just added to the INPUT chain, shouldn't be a problem
[20:18] <jdstrand> the current chain setup is:
[20:18] <faulkes-> iirc, no, it's not added to the input chain
[20:19] <jdstrand> INPUT -> ufw-before-input -> ufw-user-input -> ufw-after-input -> policy of INPUT
[20:19] <mathiaz> faulkes-: you may wanna check kvm in hardy to figure out how things are done
[20:19] <jdstrand> faulkes-: testing in this regard would be great
[20:20] <mathiaz> faulkes-: the state of virtualization in gutsy isn't going to change.
[20:20] <mathiaz> faulkes-: it's on hardy that things can get fixed.
[20:20] <jdstrand> but if you simply do -A INPUT, it traverse all those chains and if no match, then hits this rule
[20:20] <faulkes-> http://paste.ubuntu.com/4356/
[20:21] <faulkes-> that's from one of my centos boxen running xen's
[20:21] <jdstrand> faulkes-: ufw currently doesn't do anything with FORWARD
[20:21] <jdstrand> except set the policy in /etc/default/ufw
[20:21] <faulkes-> granted, I should be comparing apples to apples
[20:21]  * faulkes- nods
[20:21] <jdstrand> faulkes-: flip that from 'DROP' to 'ACCEPT' and no worries
[20:22] <jdstrand> but testing is great!
[20:22] <faulkes-> was just a question because I know last meeting someone mentioned they needed to get dnsmasq working
[20:22] <faulkes-> and other stuff, related to virt/kvm stuff
[20:22] <faulkes-> and yes, testing would be great
[20:23] <faulkes-> I'm working to try and get soe suitable hardware available on which I can do that
[20:23] <faulkes-> s/soe/some
[20:23] <jdstrand> faulkes-: ufw doesn't help, but it also doesn't hinder in this regard
[20:23]  * faulkes- nods
[20:24] <jdstrand> (I forgot to mention, you'd need to flip ip_forward in the normal way)
[20:24]  * faulkes- nods
[20:26] <jdstrand> sommer: oh, not sure if it's worth mentioning in the docs, but ufw also supports ipv6
[20:27] <sommer> jdstrand: ya, I thought about that, but personally I have 0 experience with it... been meaning to setup up an ipv6 network :-)
[20:27] <sommer> I'll add something about it
[20:27] <jdstrand> I have 1 experience
[20:27] <jdstrand> heh
[20:27] <sommer> personally I think it's just a myth... ;-)
[20:28] <jdstrand> I got a bug report on it
[20:28] <jdstrand> there is at least 1 user
[20:28] <sommer> heh, but it didn't work for him?
[20:28] <faulkes-> yes, I was here when he was encountering the issue iirc
[20:28] <jdstrand> no-- but I didn't expect it to when he filed
[20:29] <ScottK> I know at least one person running a Debian Lenny server on IPv6 without issue.
[20:29] <ScottK> All the stuff I'm upstream for I wrote to work equally well with IPv6 (although I've no proof it does).
[20:30] <ScottK> For Hardy, but LTS, we really do need to be thinking IPv6.
[20:30]  * faulkes- would concur
[20:30] <sommer> it always seems like one of those things that people mean to do, but until they are forced to it's just put off
[20:30] <sommer> or maybe it's just me...
[20:31] <faulkes-> sommer: no, it's not just you
[20:31] <ScottK> Well the forced to part is likely to come up during Hardy's lifetime.
[20:31] <faulkes-> although the root servers recently started ipv6 support
[20:31] <ScottK> Some, not all.
[20:31]  * jdstrand was truly planning to implement it, and had various hooks to do it, but the report came in too soon ;)
[20:32] <faulkes-> yes, some not all of the root servers
[20:32] <faulkes-> I think what we're saying is that we want to be forward looking on the ipv6 issue, rather than reacting to it
[20:32] <faulkes-> just my opinion though
[20:33]  * jdstrand nods
[20:33] <faulkes-> iirc isn't there a mandated switch-over to ipv6 for the u.s. gov?
[20:33] <ScottK> "You don't need to become an expert in IPv6 stuff to be safe if you use UFW." would be a killer angle for uptake.
[20:34] <jdstrand> heheh
[20:34] <jdstrand> easy there-- it only handles firewalling
[20:34] <faulkes-> ease of use tends to trump most cards
[20:34] <ScottK> Right.
[20:35] <faulkes-> jdstrand: just you wait, we'll have it replacing init and xinetd as well
[20:36] <ScottK> But from an IPv4/6 security perspective I'd think firewall is the key thing I have to figure out.
[20:36] <faulkes-> but I agree with ScottK, it is a killer angle which would help adoption
[20:37] <ScottK> jdstrand: Do you support rate limiting?
[20:37] <jdstrand> ScottK: no qos type stuff yet
[20:37] <jdstrand> hardy+1
[20:37] <jdstrand> (or more)
[20:38] <jdstrand> the backend is not much more than iptables-retore stype stuff
[20:38] <ScottK> I was thinking iptables type stuff.
[20:38] <jdstrand> there is software that already does a lot of this other stuff
[20:38] <jdstrand> (eg shorewall)
[20:38] <jdstrand> but that software is itself not super easy to get going
[20:39] <jdstrand> so I wrote ufw in such a way that switching out the backend would not be too difficult, if a more fully featured backend that existed could be used
[20:39] <ScottK> http://paste.ubuntu-nl.org/55267/ is what I use to keep ssh dictionary attackers from knocking on my door for to long
[20:40] <ScottK> I think that's sensible without the rest of the script.
[20:40] <jdstrand> sure
[20:41] <jdstrand> drop that into /etc/ufw/before.rules (adjust the -A INPUT) and voila
[20:41] <incorrect> i am debating if i should build myself a custom kernel for my game server using pre-emptive and high res timer
[20:41] <ScottK> Obviously that doesn't scale for boxes that lots of people have shell access to, but for the case where it's a small number of admins, it's an easy win.
[20:41] <incorrect> i am also debating about using the 2.6.24 kernel
[20:46] <faulkes-> ScottK: have you considered denyhosts?
[20:46] <faulkes-> although it's more general purpose in nature, it's what I use for dictionary based stuff
[20:47] <ScottK> faulkes-: I did.  For my purposes 4 lines in iptables did what I needed, so no need to actually install an entire package and add low level complexit.
[20:47]  * faulkes- nods
[20:48] <leonel> ScottK: I have that too  but I've added  fail2ban  to block the  smtp auth  attempts
[20:49] <ScottK> I rate limit smtp auth attempts in postfix.
[20:50] <ScottK> heya leonel.  Thanks again for all your help on clamav.  We'd not have Dapper up to date now without your help.
[20:51] <incorrect> anyone know where i can get the server config from without having to install?
[20:52] <leonel> ScottK:  no, thank you !
[20:55] <mathiaz> incorrect: it should be in the git tree on kernel.ubuntu.com
[20:56] <mathiaz> incorrect: you can also install the binary package and the config will be under /boot
[20:56] <incorrect> without having to install :)
[20:56] <mathiaz> incorrect: there isn't any need to download the source deb.
[20:56] <mathiaz> incorrect: well - you can get the deb and extract the config file from it
[20:56] <incorrect> i am looking at building a 2.6.24 kernel
[20:56] <incorrect> seems to have some good features
[20:57] <incorrect> just wanted to make sure i don't spend hours tweaking
[21:01] <leonel> ScottK: was a great job with clamav  thank you
[21:03] <ScottK> leonel: You're welcome.
[21:05] <incorrect> linux-image-server_2.6.22.14.21_amd64.deb doesn't contain a kernel
[21:58] <danp> is it possible to cross-compile packages for amd64 on an i386 xen guest?
=== antdedye1_ is now known as antdedyet
[22:15] <ivoks> zul: here?
[22:15] <ivoks> zul: i'm already rewriting bacula's make_catalog_backup
[22:17] <ScottK> ivoks: Did you see my mail to the server ML about amavisd-new?
[22:17]  * antdedyet wonders if he will ever find reason to use anything other then backuppc for backups
[22:17] <danp> hmm, i guess not
[22:17] <danp> my test didn't go so well
[22:17] <ivoks> ScottK: yes
[22:17] <ScottK> ivoks: OK.  Over to you now then for tasksel update.
[22:17] <danp> it seems i would need to be able to run x86_64-linux-gnu-gcc
[22:17] <ivoks> antdedyet: backup of 15TB of data
[22:18] <ivoks> backuppc is just a fancy name for rsync script every unix admin already has :D
[22:19] <ivoks> ScottK: i'll update it during this week
[22:19] <danp> i tried "RESTORE" the other day. it took 30 minutes to copy 400M
[22:19] <ScottK> ivoks: Great.
[22:19] <antdedyet> ivoks: what about bacula allows you to do 15TB where backuppc would not?
[22:19] <ivoks> antdedyet: it stores on tapes
[22:20] <faulkes-> and tapes can be taken off-site, stored in a safe place in case of emergency
[22:21] <ScottK> antdedyet: ivoks has 6 days until feature freeze.  Please distract him after that. ;-)
[22:21] <antdedyet> ivoks: oh, yuck. :( I had enough of tape storage with StorageTEK PowderHorns :(
[22:21] <antdedyet> ScottK: ah, ok :)
[22:21] <faulkes-> or, if you are the goverment, lost with all your information on them
[22:21] <antdedyet> faulkes-: nothing wrong with storing an on-disk backup server off-site.
[22:22] <faulkes-> if you have the bandwidth to regularly backup 15TB, go for it
[22:22] <antdedyet> faulkes-: incremental backups!
[22:22] <antdedyet> Anyway. :)
[22:22] <antdedyet> I will try out bacula when someone forks over tape drive.
[22:23] <antdedyet> I am interested in the mentoring program when you guys get something set in stone, btw
[22:24] <ScottK> faulkes-: Did you mean for your reply to my forums message to go to me or the ML?
[22:25] <faulkes-> hmmm, I may have just hit reply, i did mean for it to go to the ML
[22:26] <ScottK> It didn't go there.
[22:26]  * faulkes- nods
[22:26]  * faulkes- will fix
[22:27] <mathiaz> antdedyet: I'd love to here what you'd expect from such a program (if you reply to my email that would be great as I'm heading soon)
[22:27] <faulkes-> thanks for the headsup
[22:27] <antdedyet> mathiaz: sure thing; I will convert from lurker into activist. :)
[22:28]  * ScottK is a huge fan of mail clients with "Reply to List".
[22:37] <faulkes-> well, I keep mail seperated for a number of things
[22:38] <faulkes-> normally I just use mutt
[22:38] <ScottK> Right, I keep mine separate too.  If I'm in the ML folders, I always hit reply to list (except of course when I don't).
[22:39] <ivoks> man... i love python
[22:39] <ivoks> best thing since wheel
[22:39] <nxvl_work> ScottK: which mail client did you use?
[22:39] <ScottK> Kmail
[22:39] <nxvl_work> mm
[22:39] <nxvl_work> not a big fan of qt
[22:39] <nxvl_work> :P
[22:39]  * ScottK is not a fan at all of Gnome. So there you are.
[22:40] <ivoks> mathiaz: i'll rewrite make_catalog_backup, new script will read bacula's config and wound't need to get username and password as arguments
[22:41] <ivoks> only name of catalog
[22:43] <mathiaz> ivoks: seems like a good option to me.
[22:45] <ivoks> it kind of pita to setup cause bacula's config can have multiple catalogs and spaces make no differens (nor do lower/uper casse latters), but it should be done in couple of hours
[23:36] <zul> ivoks: sweet
[23:46] <ivoks> i got it! :)