/srv/irclogs.ubuntu.com/2008/03/06/#ubuntu-server.txt

rhineheart_mmathiaz: what do you mean with * Reloading web server config apache2   5904  OK after doing the given tutorial?00:00
=== c_schmitz is now known as c_schmitz|away
zulsoren: xen-utils has the qemu bits00:13
musashiafter setting up raid 1, my computer no longer boots. it hangs for a while, resumes and then dumps to (initramfs). my system worked fine with raid set up but not mirroring. last night i did "mdadm /dev/md1 -G -n 2" or order to get it mirror. That's all i did. now it doesn't boot. any help?00:32
musashialso added the mirror drives with "mdadm --add /dev/md1 /dev/sdb2"00:33
musashiif i try to exit busybox I get "target filesystem doesn't have /sbin/init"00:35
rhineheart_mis it possible to set SSL redirection to local IP using apache2? Example.. the router can be accessed at this add: 192.168.1.20..can I configure apache2 modSSL to allow redirection to local  192.168.1.20?00:35
ScottKSomeone who's in Canada go wake up zul so he can upload ebox.01:00
faulkes-depends where zul is and how much you're gonna pay me ;)01:02
faulkes-zul in mtl?01:02
zulScottK: there is always tomorrow01:08
faulkes-heh01:09
faulkes-zul: where in .ca?01:09
zulottawa01:09
faulkes-ah01:09
faulkes-toronto here, well, outside of toronto, but still01:09
zulah how unfortunate ;)01:36
rhineheart_mcan anyone here recommend commodo firewall for ubuntu server ed gutsy?01:41
ScottKzul: I was thinking it'd be cool to be able to tout ebox in the alpha 6 release notes.01:50
slide23I think my server may have been compromised but I can not take it offline immediately to reinstall. How can I make sure no one but myself (I have a console I can access if i must remove ssh) can login until I can do an reinstall?02:13
ScottKIf it's been seriously compromised you can't.02:13
sommerwhat if you changed the shell option for users in /etc/passwd?02:14
slide23im not sure how seriously but i wont be able to reinstall for a day or so and at least want to minimize anything i can02:14
slide23well, i only had 1 becides myself and it was actually set to root (which im not sure if i did that a LONG time ago and just forgot or not)02:15
sommeryou could also monitor for proceses that shouldn't be there02:15
sommernot 100% fool proof though02:16
slide23ugh02:17
slide23stupid hackers02:17
faulkes-zul: heh02:17
faulkes-slide23: determine the vector by which you were comprimised, seal it off, that isn't a garrauntee of other things but it's a start02:19
faulkes-depending what or who, it could be something as simple as a bot exploit02:19
slide23i think it was probably a forum exploit that got them in02:19
faulkes-then it is likely just a bot02:20
slide23how do i tell, and what is a bot lol02:20
faulkes-a bot is just automated software which probes and exploits when it finds a vulnerability, usually adding itself to an irc network02:21
slide23actually, they had a phising page setup on one of my site02:21
faulkes-you could just run tcpdump and look for port 6667 traffic02:21
faulkes-yes, but they need a control medium, that is usually done via irc02:22
slide23ah02:22
sommerslide23: did you have extra apache processes running?02:22
faulkes-so if you aren't irc'ing from the server itself and see port 6667 traffic, that would indicate the general level of infection02:22
slide23what do you mean extra?02:23
faulkes-as it's more virus than actual human at a prompt02:23
sommerextra as in from a different httpd binary somewhere else in the file system02:23
slide23how can I tell02:23
faulkes-slide23: processes owned by the www-data user, that are not httpd02:23
ScottKPersonally I'm still getting over "I think it's compromised, but can't turn it off".02:23
sommerps -ef should show the binary path02:23
sommerScottK: heh... sometimes it happens02:24
* ScottK would suggest the long term consequences of having one of your IPs being used for bad stuff probably outweigh whatever short term risks there are with pulling the plug.02:24
faulkes-ScottK: have had that happen recently to a box that was 700 clicks from me with no useful DC support02:24
faulkes-takes awhile for things like that to get added to lists though, so if he caught it in time02:24
faulkes-he should be good02:24
faulkes-and the only way he can prevent that, is to track down the attack and figure out what it did02:25
faulkes-slide23: look through /var/log/apache2/access.log, heck, even "cat /var/log/apache2/access.log | grep -i bot"02:26
faulkes-if that shows up a url, use wget to download a copy of the bot from the url, you can then see what process it think it should hide as and move from there02:27
faulkes-usually, this form of attack is against phpbb02:27
slide23i see tons of google bot and msn bot02:29
slide23lol02:29
sommeryou were hacked by google!02:29
slide23lol02:29
faulkes-heh02:29
faulkes-try grep -i "=bot" instead02:30
faulkes-with quotes around the "=bot"02:30
slide23nope02:30
slide23nothing now heh02:30
faulkes-then you have to look through line by line ;)02:30
faulkes-look for anything which includes your url, attempting to call another url02:31
musashiafter setting up raid 1, my computer no longer boots. it hangs for a while, resumes and then dumps to (initramfs). my system worked fine with raid set up but not mirroring. last night i did "mdadm /dev/md1 -G -n 2" or order to get it mirror. That's all i did. now it doesn't boot. any help?02:32
faulkes-i.e. /path/to/myphp.file.php?=http://some.server.somewhere.com02:32
faulkes-or something like that02:32
musashiwell I also added the mirror drives with "mdadm --add /dev/md1 /dev/sdb2" and goofed up so removed it and then added again.02:32
faulkes-again, that is just a common attack vector, it could be something else entirely02:32
faulkes-define "goofed up"02:33
musashime?02:34
faulkes-yep02:34
musashiby goofed up i did "mdadm --add /dev/md1 /dev/sdb1" when it should have been sdb2 to match02:34
musashimd1 = sda2 and sdb202:35
musashiso i did mdadm --remove /dev/md1 /dev/sdb1 and then re-added with with sdb202:35
musashimd1 holds the / partition02:36
faulkes-my first instinct says to search the official server forum at http://ubuntuforums.org/forumdisplay.php?f=7 as I believe others have had this issue02:36
faulkes-I'm not sufficiently versed enough beyond this point to really be of much assistance02:37
musashiokay. looking...02:37
musashiany particular keyword a good choice for searching?02:37
faulkes-I would search for mdadm (I believe there was a recent post) and also raid02:37
rhineheart_mfaulkes: this might be off topic here.. but may I ask you? Do you have background on joomla CMS?02:38
faulkes-rhineheart: no, I do not use joomla nor have a background with it02:38
faulkes-the last CMS I touched would probably have been drupal and I despised every minute of working with it ;)02:39
slide23ok i ran chkrootkit and got this, "Checking `bindshell'... INFECTED (PORTS:  465)"02:39
faulkes-port 465 is ssl over smtp02:40
faulkes-I would check with chrootkit folks to see if it is a known false positive02:40
faulkes-as both chrootkit and rkhunter are capable of giving off false positives02:41
faulkes-err, smtp over ssl02:42
faulkes-I think I just ip over avian carrier'd myself there02:42
faulkes-and in the very next step, dated myself incredibly02:43
faulkes-of course, if you know your installed mail system in/out, it would also tell you if it's valid or not02:45
slide23yea no... lol i set it  up a long time ago and dont do this as a business just personal02:46
slide23bbl02:46
musashiI have scanned the 110 posts that match but none seemed to address my issue (of course I'm not sure what I'm looking for). my system boots to busybox and trying to exit busybox I get "target filesystem doesn't have /sbin/init"02:49
musashii found lots googlilng that error but nothing useful yet02:49
musashiexcept a suggestion to reinstall udev which i did without effect02:50
faulkes-serach for "raid initramfs" then02:51
faulkes-as that is particular to your case02:51
faulkes-within the forums that is02:51
musashisearching...02:52
rhineheart_mfaulkes: where is wget extracted folder could be found?02:55
faulkes-musashi: which server version are you using02:56
faulkes-rhineheart: huh?02:57
rhineheart_mI got it.. in the root.. thanks.. m using 7.1002:57
musashiit's not a server. just my desktop. i'm running 7.10. installed from alternate cd and set up raid. it wasn't mirroring so i did the mdadm add stuff and finally got it to mirror. i'm betting my problem is because the --remove bit did more than i expected.02:58
musashithis looks promising but not sure what i need to do http://ubuntuforums.org/showpost.php?p=4012098&postcount=603:00
faulkes-#ubuntu-desktop may have encountered similar issues before03:07
faulkes-however, I also found03:07
faulkes-http://ubuntuforums.org/showthread.php?t=651110&highlight=fail+boot+raid+device03:07
faulkes-which seems to describe some of what you are seeing but that is about all I can really offer, not having a box to test it out on here right now03:08
musashiwhat does this mean "It looks like you may not have loaded the raid1 module in your initramfs. "03:08
musashicould it have been removed as i was setting it up? it used to boot just fine.03:09
faulkes-iirc if you modify your initramfs you need to update-initramfs -u03:10
musashiwell i never modified anything intentionally. i can boot a live cd and try that03:10
musashii don't even know what initramfs is03:11
musashimaybe ram file system?03:12
faulkes-initramfs basicly tells the kernel which stuff to load at boot03:12
musashiso will "sudo update-initramfs -u" update it?03:13
faulkes-however, if you can boot off a live cd, I mount and check /etc/fstab /etc/initramfs-tools/modules03:13
faulkes-hrmmmm, I smell burnt IC03:14
* faulkes- eyes his laptop03:14
musashioh, literally03:14
musashilol03:14
musashiyeah, i can boot live cd but kind of a pain to get the raid volume to mount03:15
faulkes-yes, literally03:15
faulkes-this laptop has been dying a slow death the last week03:15
faulkes-I have a new one on order03:15
faulkes-kb dead, dvd dead, hdd making sqawking noises03:16
musashiwell new computers are always fun03:16
faulkes-eh, it'll be nice to have a current machine03:16
faulkes-3x the ram, 5x the drive space, alot more cpu and alot more vram03:17
faulkes-I'll get it all sparkly and pretty with desktop effects03:18
faulkes-maybe add in some flowers and a throw pillow or two03:18
musashiokay looking at /etc/initramfs...03:18
musashilol03:18
musashinothing but commented lines03:18
faulkes-commented lines such as #raid0 #raid1?03:19
musashiyeah03:19
musashisays #examples:03:19
musashi# raid103:19
musashi# sd_mod03:19
musashiand some other stuff before that03:19
faulkes-that could possibly be an issue as iirc the -generic kernel isn't built with raid support03:19
musashiwell, i did install from the alternate cd and specifically set up raid at install. i would hope that would cover it03:20
musashiit was booting fine too03:20
musashiuntil i made the changes to get it to mirror03:20
faulkes-yes, damnable changes03:21
faulkes-what about /etc/fstab03:22
musashiokay, did the update-initramfs bit.03:22
faulkes-do the UUID of the disks match for your raid mirror?03:22
musashinot sure, how do i check03:23
faulkes-cat /etc/fstab?03:23
musashiupdate didn't seem to do much03:23
musashiyes, i'm looking at fstab03:23
faulkes-musashi: I'm not sure what output it would give if you ran it, although you would have to make changes to the modules file (such as uncommenting those options)03:23
musashibut don't know if the uuids are right. it does say /dev/md0 and /dev/md1 and then gives the uuids03:23
faulkes-md0 representing which disk?03:24
faulkes-or set of disks (as appropriate) or mount point03:24
musashimd0 is hd0 or sda103:24
musashii think this is correct as it does start to boot. just errors out later03:25
faulkes-I would comment out the raid1 and sd_mod modules in /etc/initramfs-tools/modules and do the update-initramfs -u03:25
faulkes-s/comment/uncomment03:26
faulkes-then give it a reboot, who knows, might just fix it03:26
musashiokay, trying03:26
musashiupdate says "cat: /proc/cmdline: no such file or directory" mean anything?03:27
musashiwell rebooting. lets see what happens03:27
musashino go03:28
musashiit says md0 stopped and md1 stopped and then hangs03:29
musashiwhy is it stopping them03:29
faulkes-that would be the $5 mil question, wouldn't it ;)03:33
musashiwell, i was hoping you might have an idea :)03:34
faulkes-when it says "stopped" is that the full message it gives?03:35
musashibefore going to busybox it says "trying o resume from /dev/disk/by-uuid" and then no resume, doing normal boot...done. some modprobe lines then cannot read /etc/fstab and some more failed mounts.03:35
mralphabetdo you have the boot disk mirrored with mdadm?03:36
musashiyes, but not the boot partition03:36
musashijust / and /home03:36
musashifor stopped it just says md0 stopped03:36
musashithe rest of the info is off screen now. how can i scroll up?03:37
faulkes-well, at the point where it says it can't read /etc/fstab, we have an issue already03:37
faulkes-probably even before that03:38
faulkes-you *do* take regular system backups *don't* you? ;)03:38
musashiright. i think it's because it's stopping the array and then can't reay anything03:38
musashiyeah, i have a full backup of /home03:38
musashithe data is good though03:38
musashii can read it from a live cd03:38
musashii didn't backup / though03:39
musashiit's easy to reinstall that03:39
faulkes-wow, I feel like I won the lottery, I found a user who takes backups03:41
musashilol03:41
musashiwhat? doesn't everyone?03:41
faulkes-given the lottery feeling, the general answer would probably be no ;)03:42
musashithe whole point of doing the raid was to give me another backup03:42
musashii help on launchpad answers a lot and it seems like a lot of people manage to overwrite windows when installing and never made a backup before install. now that's crazy03:43
faulkes-the only thing I can think of is that it either doesn't think the raid1 array is fully populated/created (which seems to be a known bug) or that something is wrong with the boot sequence but thats about all I have and it's just from googling03:44
faulkes-and LP entries03:44
faulkes-and I do need to head off to bed03:45
musashii'm guessing something similar but no idea how to fix03:45
musashiwell, thanks for the help.03:45
musashii'm installing on a new drive so i can have something to work from03:45
ScottKlamont: You can add the Postfix backport you did to Gutsy to the how the heck did that work list since DB 4.6 was in Universe at Gutsy release.03:47
nealmcbmathiaz, sommer - I wasn't at the meeting today since I'm at the idtrust2008 symposium.  but I did notice the 'servergui' request.  I'll get to it later.  But for now I'd suggest talking about guis other than x11 and linking to ebox from the servergui web page, and perhaps recommending in the ebox wiki page that it is not quite ready for prime time in gutsy and is/will be much better in hardy.03:58
* musashi waves at nealmcb 03:59
nealmcb:-)04:00
sommerhey nealmcb04:01
sommersounds good to me04:01
sommerI'll update the servergui page04:01
sommernealmcb: I'm also using the ebox wiki page to rough draft the documentation, so if you have anything to add ;-)04:02
sommernealmcb: are you going to UDS Prague?04:04
lamontScottK: heh04:05
ScottKIf someone would be up for testing we could backport ebox to gutsy once zul uploads his updates.04:05
sommerScottK: I'm up for testing04:05
sommerfrom my hardy ebox testing there's still some issues though :\04:05
ScottKWell if it works reasonably well it might be worth it to get more testing.04:06
sommerto be honest I think there are some design decisions with ebox that aren't "the best"04:06
sommerto manage users and groups you have to install slapd for instance04:07
sommerwhat if I like /etc/passwd04:07
nealmcbsommer: thanks!04:07
sommernealmcb: welcome04:07
nealmcbsommer: yes I'm going to Prague - woot!04:08
nealmcbouch - slapd huh....04:08
sommercool, do you know if americans need a special visa thing?04:08
nealmcbI haven't checked.  or even czeched....04:08
ScottKsommer: My understanding is not (I'm going too).04:08
sommerheh... I looked through the czech embassy page and didn't see anything04:08
nealmcb:-)04:08
sommerScottK: cool, good news04:09
sommerit'll be great to meet everyone in RL... heh04:09
ScottKPersonally I won't use it, but I understand it (ebox) is an important issue for the distro.04:12
musashinealmcb, i went to to prague about 13-14 years ago and no visa needed. things may have changed though04:14
sommerScottK: same here, but I work with some windows admins that would like to have that functionality :-)04:16
* sommer thinking about delving into eBox development04:16
nealmcbsommer: I haven't really found time to look in depth at ebox yet, but yeah, my sense is that it would be very helpful,  though it needs to be done right....  so I hope it looks appealing04:26
nealmcbmusashi: thanks.  I hear it is a great place to visit04:26
sommernealmcb: I like the interface, looks great04:27
slide23is there anyway I can backup a remote server to my computer?04:27
sommernealmcb: I think the overall design is a little "heavy"04:27
sommerat least for my taste04:27
* nealmcb isn't fond of perl04:28
sommerslide23: are they both linux machines?04:28
slide23no =\ my local computer is windows04:28
sommerslide23: one way would be to use rsync... I believe there's a windows client, but you might double check04:28
ScottKslide23: Install cygwin on the Windows box and use rsync04:29
ScottKsommer: ^^^ is the windows client04:29
=== keescook_ is now known as keescook
sommerah04:29
slide23hrm well I also want to preserve permissions and date info, is there anyway to do that too? like put it into an archive04:30
ScottKslide23: IIRC you can do that with the right swicthes on rsync.  Read the man page04:30
sommerslide23: also bacula might be a good option... haven't done linux > win myself though04:31
ScottKI use the cygwin rsync approach to back up my wife's computer (her transition is on the TODO).04:32
slide23hehe04:32
ow1I need some help. I've just created a fix for the ntp bug. Using https://wiki.ubuntu.com/PackagingGuide/Recipes/Debdiff as my recipe I've made a debdiff, but it's huge. I've just noticed that the changelog shows 'feisty' in my change entry, rather than 'hardy', which I suspect is the cause. Without building a hardy machine or a pbuilder environment for hardy, how do I make a debdiff with a single line fix in a bash script?04:36
sommerdebchroot?04:38
ow1sommer: Doesn't that mean that I still need to have a gig of space to make a virtual hardy machine?04:38
sommerow1: you'll need some space yep04:38
ow1Crap.04:39
ow1Sigh.04:39
sommerow1: to be honest I'm not 100% sure, probably a good idea to ask in #ubuntu-motu, they should know04:39
ow1Cool, I'll ask, tah.04:40
sommerthough someone here probably knows better than me here as well04:40
ow1Well in the end I created a debdiff with diff -ruN which seemed to create what I needed.05:06
sommerwhen using a serial console to a linux machine is it the same as using vga without X11 ?05:34
owhsommer: AFAIK yes - actually, a TTY, but yes.05:41
sommerowh: cool thanks... that's the way I understood it, but have never actually set one up05:42
sommerprobably a good project for the weekend05:42
owhsommer: I created a debdiff with diff -ruN in the end.05:45
owhs/with/using/05:46
owhFor my next project I'll create a JEOS vm to do patching in :)05:46
sommerowh: sweet, jeos is pretty cool05:47
sommergood news on the debdiff :-)05:47
owhI'm down to 48 seconds on a jeos build :)05:48
owhMind you, that's not on my workstation, but on a big server :)05:48
sommerheh... I've only used with qemu, but worked well for me05:49
=== AnRkey_ is now known as AnRkey
pnukeidi want share internet connection my ubuntu with xp, and i have problem ?06:52
pnukeidanybody can help ?06:52
pnukeidmy ubuntu connect have 2 lan card, one connect to adsl modem, one in laptop xp..06:54
pnukeidwhen i ping google.com from laptop, it just "request time out"..06:55
rhineheart_mAnybody here who knows the poppass daemon default port for courier and how to configure it?07:08
sorenI'm guesssing it's 106.07:08
sorenNo idea where to configure it.07:09
sorenNever used it.07:09
rhineheart_mthanks...  How I wish somebody here knows about it..07:13
rhineheart_mhello.. I got this error: Warning: fsockopen() [function.fsockopen]: unable to connect to localhost:106 (Connection refused) in /usr/share/squirrelmail/plugins/change_pass/options.php on line 140. Any idea?07:37
sorenI'm no expert, but I'm guessing options.php is trying to connect to port 106 on localhost, and it can't.07:37
MenZaMorning, soren07:39
sorenHi, MenZa  :)07:40
rhineheart_mhello soren..07:44
sorenHi.07:44
rhineheart_mactually m trying to configure to be able to change password in squirrelmail..but it needs poppass to accept incoming requests  at port 106.The router is alraedy open at 106 though.  Just don't know where to configure it..07:46
sorenIt's trying to connect to localhost. Unless your network setup is *seriously* messed up, that shouldn't involve a router.07:49
sorenYou probably just haven't start the poppass daemon.07:50
rhineheart_mI'm using here courierpasswd. The plugin says I could use it instead of poppass07:51
=== \sh_away is now known as \sh
sorenThen courierpasswd is your poppass daemon.07:51
rhineheart_mI just forgot how did I set it up... how to know what authentication method courier is using?08:03
freeflyingrhineheart_m: what plugin r u using?08:08
rhineheart_mplugin for squirrelmail...to let users change their own passwords..08:08
freeflyingrhineheart_m: no idea, never used this plugin08:13
rhineheart_mfreeflying: do you user squirrelmail?08:14
freeflyingrhineheart_m: yes08:14
rhineheart_mfreeflying: did you allow your users to change their own password?08:15
freeflyingrhineheart_m: no :P08:15
rhineheart_mokay.. why ?08:15
rhineheart_mfreeflying: are they virtual users08:16
freeflyingrhineheart_m: yes, they don't wanna :P08:16
rhineheart_muhuh! what guide you use to make virtual users?08:17
freeflyingrhineheart_m: no guide :)08:17
rhineheart_mfreeflying: that's great..08:18
freeflyingrhineheart_m: u will not make it run just follow some guides :P08:18
nijabamorning08:55
\shdoes the php5-cgi package supports fcgi mode (e.g. for lighty/apache)?09:01
\shforget the question..i found the answer :)09:04
rhineheart_mits afternoon here..09:04
=== \sh is now known as \sh_away
=== \sh_away is now known as \sh
krautmoin09:19
mok0I have an amd64 running the latest hardy kernel (2.6.24-11-generic) but it seems to be running full throttle. How can I tell if dynticks are enabled?10:06
faulkes-morning nijaba11:02
nijabahello faulkes- first day at your new job today, right?11:03
faulkes-something like that11:03
faulkes-only have meeting scheduled today, but that'll probably last like 3 hours11:03
nijabafaulkes-: hey, good luck on this.11:04
faulkes-get stuff setup, see what kind of hideous mess I've walked into  ;)11:04
nijabaI read the log from the meeting yesterday11:04
* faulkes- nods11:04
nijabadid you get to talk with owh?11:04
faulkes-yes11:04
faulkes-we spoke at length on a number of topics11:05
nijabaI don't quite get his remark "going all over the place", could you shed some light on tis for me?11:05
faulkes-and then we took a step back because there were some obvious differences, put things apples to apples, so to speak11:05
nijaba(if you don't have time now, we can do this later)11:05
henkjanhmm, server-meeting is a bit late11:05
faulkes-nah, I have time11:06
henkjanin GMT+1 thats 22:0011:06
nijabahenkjan: yeah, I know, I am based in paris11:06
nijabasame time zone as you, it seems11:06
henkjani would like to follow the meetings, but also need my sleep11:08
=== \sh is now known as \sh_away
=== \sh_away is now known as \sh
tmadsenIf I enter a wrong password on an ubuntu server, that password will not be saved anywhere in cleartext, right?12:32
freeflyingtmadsen: should be12:38
tmadsenwhere?12:38
tmadsenI entered a qrong password, and I don't want anyone to be able to see it12:39
henkjanyou entered a wrong password at a password prompt?12:39
henkjanthen it wil not be saved12:39
tmadsenyes, while doing a sudo'12:39
zulsommer: around?12:39
henkjantmadsen: don't worry12:39
tmadsenhenkjan: not saved?12:39
henkjanif you typed it in stead of an command like 'ls' it would be saved in .bash_history12:40
freeflyingtmadsen: i mean it will be saved12:40
henkjantmadsen: i won't be saved if you typed a wrong password while doing sudo12:40
tmadsenhenkjan: thank you12:40
tmadsenfreeflying: if you think its saved, where do you think then=12:41
sommerzul: just getting ready for work ;-)12:41
freeflyingtmadsen: sorry, will not be :)12:41
tmadsengood, thank you both12:41
* tmadsen is relieved12:41
zulsommer: ok talk later then :)12:42
henkjanlast week i received a shipment of ubuntu-servers cds. I decided to drop them at the reception, so customers could get one to try ubuntu.12:42
sommerzul: give me like 30min... I'll ping you in a bit12:42
henkjantoday i noticed that the last cd was gone12:42
henkjanwould canonical ship more free cds to promote ubuntu ?12:43
freeflyinghenkjan: u may apply from shipit12:45
henkjanfreeflying: shipit has no ubuntu-server cds12:47
zulsommer: sure12:48
henkjanwe just ordered two sun t1000's for the coming hardy release (we run nl.archive.ubuntu.com )12:51
henkjanlets see how that runs (1 proc, 8 cores, 4threads p/core12:55
henkjanthreaded apache, 2x 10G AMSIX connection12:55
sommerzul: I'm back13:26
zulsommer: cool I fixed that problem with the logger13:26
zulsommer: for the userandgroups stuff it looks like you have to configure ldap13:27
sommerah, so eBox doesn't handle it for you?13:27
zulno13:27
zulunfortunately13:27
sommerya, that's kind of limiting if you have to use ldap, but need to configure it yourself13:28
zuloh I agree13:29
sommerbut I guess if it's documented should be okay13:29
zulthanks for all your testing13:29
sommerI'll be able to do more testing this evening13:29
sommernp13:29
henkjanhmm, proper setup of ldap is not that easy, especially for the people who want to use a webbased panel13:30
ScottKsommer: Someone ought to add something to the Alpha 6 release notes about ebox...13:30
zulScottK: not yet..13:30
sommerScottK: sounds good to me, not sure how that process is handled though13:30
ScottKzul: No?13:31
zulScottK: still uploading it to universe and it has to get out of binary new13:31
ScottKsommer: Not if zul says no, but the usual way is to whine to slangesek13:31
zuland source new13:31
ScottKRight.13:31
sommerScottK: ah,13:32
rhineheart_mScottK: when will be hardy be officially released?13:34
* ScottK hands rhineheart_m wiki.ubuntu.com/HardyReleaseSchedule13:35
rhineheart_mScottK: thanks... are you one of its core developers?13:35
henkjanhalf april, so we have a month to make a superfast nl.archive mirror13:35
ScottKrhineheart_m: I'm a core-dev, yes.13:36
* ScottK is not a Canonical employee, however.13:36
rhineheart_mScottK: That's great!  Are you the founder of this channel?13:37
ScottKNot at all.13:37
rhineheart_mScottK: where can the ubuntu headquarters be located?13:39
mralphabetrhineheart_m: there is a wiki page about the server team (and a page for all the ubuntu teams) if you are looking for some history.13:39
ScottKUbuntu developers are from all over the world.13:39
rhineheart_mwhat's the correct pronunciation of ubuntu? is it yubuntu or obunto?13:41
henkjanobunto afaik13:42
mralphabetewwbuntu13:42
rhineheart_mthe final one please.. what's the right one?13:43
ScottKDear zul: Please abandon your obsolete dependency on python-xml in xen-3.2.  Please see Bug 199014 for details.  kthnkxbye.13:48
ubotuLaunchpad bug 199014 in eric "python-xml removal: please drop/replace (build) dependencies" [Medium,In progress] https://launchpad.net/bugs/19901413:48
zulDear ScottK: okiely dokiely kthnkxbye13:48
RaynHey all, any solutions for mysql overflowing varrun?14:33
henkjanwhat do you mean?14:35
Raynthe binary logs on my slave are filling /var/run/mysqld and creating problems14:35
henkjanare you using mysql replication?14:35
henkjanno? then disable binary logging14:36
Raynthe server only has 2G of ram and that's quickly filled with the amount of activity I get14:36
Raynyeah I am14:36
Raynand these are the slave logs anyway, not the master logs14:36
RaynI suppose it's only a problem for as long as the slave is behind the master, they'd be purged as soon as they're done with, maybe if I decrease the size of the logs that would help, but still, putting this stuff in a ramdisk seems like a bad idea14:37
=== \sh is now known as \sh_away
zulthere ebox uploaded to universe so now we just sit and wait15:29
sommerparty!15:29
brewmasteri'm having trouble connecting to my local apache webserver from the internet15:49
brewmasternot sure what's wrong, i have my router forwarding port 80 to the proper machine...15:49
brewmasteris there any setting i'm missing on the server machine to allow connections on port 80?15:50
brewmastera telnet IP_ADDRESS 80 yields "connection timed out"15:50
Rayncan you load it ok internally?15:50
Raynif so, then it's your router15:52
brewmasteryeah, internally it's fine15:52
brewmasterit's odd with my router...15:52
brewmasterI forward SVN requests the same way15:53
brewmasterworks fine15:53
Raynhuh, must be something you missed in the config15:53
brewmasteri have a linksys wrt54g for what that's worth15:53
Raynare you using the openwrt stuff?15:53
brewmasterrouter config or server config15:53
brewmasteropenwrt?15:53
brewmasternever heard of it15:53
Raynon the router, guess not :) it's a linux implementation for linksys wrt54g's15:54
Raynthere's a really nice version I use at home.. lemme see if I can find it for you15:54
Raynah, http://x-wrt.org/ but you need to check your serial against this list before you can know if you can use it http://wiki.openwrt.org/TableOfHardware15:55
Raynotherwise, you're stuck with linksys's OS, which is ok I guess :)15:56
brewmasterhmm15:56
mruizhi all15:56
brewmasteri'm at work15:56
brewmasterworried that I'll take down the net for everyone...15:56
Raynheh, yeah better to do that while it's not busy15:56
brewmasteris there anyway to tell it my connection attempt actually gets to the machine?15:59
brewmasteror can i safely assume it doesn't (connection timed out)?15:59
mathiazmruiz: hi !16:00
mathiazbrewmaster: are you sure that your ISP doesn't block port 80 ?16:01
Raynbrewmaster: you can watch netstat, it should show some kind of connection16:01
Raynmathiaz: also a good point16:01
Raynbrewmaster: 'netstat -na|grep 80|grep tcp' will list http connections16:02
brewmastermathiaz, i think you're right16:02
brewmasteri guess i'll try on a different port in apache?16:03
mathiazbrewmaster: you could setup your router to forward port 8080 to your server port 8016:03
brewmasterah16:03
brewmastergood call16:03
brewmasterlemme try16:03
mathiazbrewmaster: and then connect to http://router_ip:8080/16:03
Rayn8080 is occasionally blocked too, as is 81 if you're especially unlucky16:05
henkjanhmm, sun asking why we didnt order an 5120 in stead of t1000 for ubuntu release16:06
henkjanthis might getting interesting16:06
Raynoh that reminds me of a question: is there a java for ubuntu/sparc?16:07
Rayna sun-java I mean, I don't think gcj will cut it16:08
brewmastercan i use some arbitrary port?16:08
brewmaster5167 or something?16:08
Raynbrewmaster: sure16:08
brewmasterso for forwarding on my router, it's 5167 to 80?16:08
brewmasteror the other way around?16:08
Raynfirst way16:08
Raynif it doesn't work try it the other way ;)16:09
brewmasterdamn router16:09
brewmasterautomatically switches them around...16:09
Raynand if that doesn't work still, you can have apache listen on that port internally too16:09
brewmasteryeah16:10
brewmasterthat was my next question :)16:10
brewmasterapache2.conf?16:10
brewmasteror the site's file?16:10
Raynports.conf, add a Listen 5167 at the end16:10
Raynunless you've got Listen statements somewhere else16:11
brewmasterokay16:12
brewmastersec16:12
brewmasterawesome16:15
brewmasterworks16:15
brewmaster(i think)16:15
brewmastertelnet connects16:15
brewmasterso I assume it's all good16:15
brewmasterfamous last words16:15
Raynhehe16:15
brewmasterthanks a lot16:15
Raynnp, enjoy16:16
brewmasternow my boss can connect to trac and see my little progress ;)16:16
zulmathiaz: samba patch from last night applied16:16
Raynbrewmaster: careful giving too many measurements to management, if they slip even a little you'll catch hell about it ;)16:16
brewmasterrayn, i'm not too worried16:18
brewmastersmall company16:18
brewmasteri'm the only tech guy16:18
brewmasterand i manage so many different things that i'd be hard to replace16:18
brewmasterphp, mysql, trac, svn, css, javascript, linux server admin, etc.16:19
brewmasterif i ever catch hell: "rm -rf /" is the answer :)16:20
Raynhehe right on16:21
RaynI'm in the same position, but I still hear about it when the numbers slip ;)16:21
methodswhats that program that you use to make sure links are in place for startup scripts ?16:24
RaynI use sysv-rc-conf, but it's an addon and I'm not sure what the reccomended one is16:24
Raynbut it's in apt16:24
henkjanupdate-rc.d16:25
=== MajorP is now known as MajorP47
Nicke(probably missing something obvious): Where do I configure postgresql? I have the package installed, but /etc/postgresql/ is empty16:26
Nicke(this is on hardy, btw)16:28
sommerNicke: should be /etc/postgresql/8.316:28
Nickesommer: Well, /etc/postgresql/ is completely empty for me...16:31
sommerwhich postgresql packages do you have installed?16:31
lamontScottK: gutsty???? :-)16:32
Nickeatleast postgresql, postgresql-8.3 and postgresql-common16:32
sommerNicke: and there weren't any errors when you installed them?16:33
Nickesommer: Not that I know, I used the tasksel in the installer16:33
NickeI can try to reinstall them ofcourse..16:33
sommerNicke: what's the output of dpkg -l | grep postgres16:33
Nickesommer: http://paste.ubuntu.com/5364/16:35
sommerNicke: looks good to me... you might try reinstalling, I guess16:37
Nickesommer: Then I will try that, thanks : ) Just got a bit confused since this if my first time dealing with postgres16:37
Nickeis*16:37
Nicke(and the init script just exists silently, but not starting any daemon)16:38
sommerNicke: np, there should be a /etc/postgresql/8.3/main directory with the config files16:38
sommerbut for whatever reason you don't have one ;-)16:38
sommerI haven't done the tasksel for postgresql on hardy yet, but apt-get install postgresql has worked for me16:39
=== dantalizing_work is now known as dantalizing
Nickesommer: Yeah, reinstalling gave me the config files and a running server.. thanks again : )16:40
sommerwelcome16:40
ScottKlamont: I uploaded a source backport for gutsy to switch back to libdb4.3 and avoid the whole main/universe problem16:42
lamontScottK: yeah16:42
mathiazsoren: is it possible to grow a gcow2 file ?16:50
sorenmathiaz: Hm.. It should be.17:13
sorenmathiaz: I'm not sure how, though.17:15
mathiazsoren: I'm trying to figure out if I should gcow2 files or lv for my vms.17:15
mathiazsoren: I can easily grow lv17:15
sorenWell, the beauty of qcow2 files is that you can create them at any size you want. They just grow as you use the space.17:16
mathiazsoren: now I wonder if I could resize the root filesystem of a vm17:16
sorenmathiaz: Depends on your filesystem inside the vm.17:16
mathiazsoren: right17:16
mathiazsoren: IIRC there is a max size set for each gcow2 file17:17
mathiazsoren: I think online resizing of ext3 is support now, in hardy17:17
mathiazsoren: does ubuntu-vm-builder support lv ?17:18
sorenmathiaz: I don't understand the question, I think.17:19
sorenkeescook: danpb's patch is fine. Please apply.17:19
sorenmathiaz: I'm not familiar with an upper limit of qcow2 images.17:20
sorenThat does not mean there isn't one, though :)17:20
mathiazsoren: Is it possible to say that the root.gcow2 file shouldn't be bigger than 2Gb ?17:21
sorenmathiaz: Sure. --rootsize17:22
mathiazsoren: ok.17:22
mathiazsoren:  so it seems that gcow2 files and logical volumes provide the same functionalities.17:23
sorenmathiaz: lv's give slightly better performance, but need to be allocated ahead of time.17:24
mathiazsoren: ok. If you use --rootsize for gcow2, you'd also allocate ahead of time - in the sense you'd set a limit to the gcow2 file17:25
sorenmathiaz: Right. But that could by a million TB and then you wouldn't need to worry about resizing. Ever.17:26
mathiazsoren: Right - I'm actually thinking about setting limits to the root devices.17:26
sorenAlright.17:27
mathiazsoren: think about hosting provides with VPS17:27
sorenOh.17:27
sorenYeah, then you probably want LV's.17:27
mathiazsoren: you sell a package with only 4 Gb of space17:28
mathiazsoren: and you want to make sure it won't grow to more than that17:28
mathiazsoren: and when a customer upgrades a plan, you can just add more space and resize the root fs online if possible17:28
sorenRight.17:28
mathiazsoren: it seems that both lvs and gcow2 can be used in that scenario17:29
sorenYEah, but you don't want to shove 10 qcow2's with a max size of 4GB onto a 20 GB partition just to "save space" to begin with.17:30
sorenIf the qcow2 can't grow, it's not pretty.17:30
sorenand then there's no point in using qcows.17:30
keescookmorning17:58
zulmorning keescook17:58
* keescook waves17:58
jdstrandhi keescook!18:02
jdstrandkeescook: when you get a chance can you look at bug #19918118:03
ubotuLaunchpad bug 199181 in ubuntu-dev-tools "mk-sbuild-lvm should provide --personailty option" [Undecided,In progress] https://launchpad.net/bugs/19918118:03
mathiazsoren: I've generated a qcow2 file with ubuntu-vm-builder. However when I boot it using libvirt, I get a grub shell18:10
keescookzul: the diff you sent (Qeny?) is based on danpb or ian's patch?18:11
zuldanpb18:11
keescookzul: sweet18:12
sommer 18:20
sommerwoops18:20
=== \sh_away is now known as \sh
keescooksoren: in vmware I can click 'suspend VM' and reboot my host, then unsuspend a VM.  is there anything like that for kvm?18:27
sorenkeescook: Yeah, it's called save.18:33
sorenI'm running out now, but I'll be back later to help out.18:34
sorenkeescook: Don't use save now.18:34
sorenIt'll hang the process.18:34
sorenYou need an updated kernel modules.18:34
* soren runs18:34
AtomicSparkprotip: if you can't ssh into your KVM virtual server, install openssh.19:02
good_dan1okay i just moved one virtual machine to a new host and now its saying it doesnt have a network card19:03
=== good_dan1 is now known as good_dana
AtomicSparkwhat vm software?19:07
good_danamicrosoft virtual server 2005 r219:07
good_danait was working on a different host machine with the same configuration19:08
AtomicSpark...19:09
AtomicSparki've never used it. i recommend you vmware server though.19:10
mathiazgood_dana: the mac address of the network card has probably changed.19:10
mathiazgood_dana: check in /etc/udev/rules.d/70-persistent-net.rules19:10
good_danathe mac has definitely changed because it was bound to the physical network card of the old host machine19:11
good_danaand etc/udev/rules.d/70-persistant-net.rules doesnt exist19:13
mathiazgood_dana: which version of ubuntu are you running in the vm ?19:14
good_dana6.0619:14
good_danaLTS19:14
AtomicSpark!paste19:25
ubotupastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu-nl.org (make sure you give us the URL for your paste - see also the channel topic)19:25
AtomicSparkI set up a DHCP and DNS server a few days ago, and now my xp hosts can't see eachother in the same workgroup. My DCHP file is here: http://paste.ubuntu-nl.org/58661/19:26
AtomicSparkMy instructor said that I needed to enable netbios option 2, to get them to broadcast. What do you think?19:27
good_danaAtomicSpark: are you trying to ping via name or ip?19:31
AtomicSparkIt's when I use network neighborhood to browse for network shares or printers. None display after server install.19:32
AtomicSparkI was using my router for DHCP before.19:36
mruizhey zul19:39
zulhi mralphabet19:39
zulgrr..mruiz19:39
mruizI started to work on libdb transition. mathiaz sponsored my work on nss-updatedb and I want to continue :-)19:41
zulok sounds great!19:43
mathiazmruiz: could you also forward your patch to debian ?19:43
mathiazmruiz: don't forward the debdiff as it is.19:44
ScottKJust keep in mind if it's a ruby related on that Debian doesn't have libdb4.6-ruby.19:48
zulruby has been taken care of19:49
zulkind of...19:49
mruizzul, I want to work on reprepro. Which packages are you working on?19:49
zulthe ones listed on the wiki are the ones im not working on19:49
mruizzul, ok19:54
mruizmathiaz, how is the procedure to forward the patch to debian?19:54
Raynhey, anyone with experience PXE installing ubuntu server? Do you know if it communicates via serial ok?20:00
good_danaRayn: you're going to transfer an install over serial?20:02
good_danathat seems like a bad idea20:02
Rayngood_dana: no, just communicate with the installer via that20:03
Rayngood_dana: I don't fancy sitting in this datacenter for hours, and I don't have KVM to these machines20:03
Raynbut I do have serial20:03
good_danaso you're just going to use console redirection? that should work fine20:03
Raynok cool, just making sure before I leave here :)20:04
Raynthanks20:04
good_danagood luck20:04
Raynthanks20:05
mathiazRayn: have a look in the netboot directory on the ubuntu-server iso - there is a example file for pxelinux.cfg with serial console enabled.20:51
mathiazRayn: use the following parameter on the kernel command line: -- console=ttyS0,9600n820:52
mathiazmruiz: Have a look at http://www.debian.org/Bugs/ to see how to report bugs in Debian20:52
mathiazmruiz: have also a look at https://wiki.ubuntu.com/Bugs/ReportingToDebian20:53
mruizthanks mathiaz20:53
=== \sh is now known as \sh_away
=== c_schmitz|away is now known as c_schmitz
soulcyo21:18
soulcah21:18
soulcI need some help limiting a user from logging in21:19
soulcvia ssh21:19
NafalloDenyUsers IIRC21:19
Nafallocheck man sshd_config21:19
soulcthanks21:19
owhfaulkes-: Ping21:25
soulcok I screwed up and left a user account with an eazy password21:38
soulcsomeone logged in and installed wzd21:39
soulcI need help quick to reinstall screen, ssh21:39
mindframe-soulc, what21:55
mindframe-what's wzd?21:55
soulchttp://blackpearl.drivehq.com/wzd.tgz21:55
soulcthat is what they dl'd21:55
soulcI hate hacker a**holes21:58
mindframe-looks like you need to redo your whole box21:58
mindframe-backup the essentials and reinstall21:58
soulcwell screen wasn't installed21:58
mindframe-it just looks like an ssh brute force script22:00
mindframe-he was probly using your host for scanning others for some amount of time22:00
mindframe-when did the compromise occur?22:00
soulchttp://paste.ubuntu-nl.org/58680/22:00
soulctoday22:00
soulcI restarted and restricted user blog22:01
mindframe-how secure are the passwords for the other accounts on the box/22:01
soulcvery22:01
owhIf a user has gained unauthorised access you need to assume that they gained further access. Just locking out one user is unlikely to be enough.22:02
mindframe-what owh said22:02
soulcshit22:02
soulcshit shit22:02
soulcshit22:02
owhDepending on what your intentions are, I'd personally start with disconnecting it from the 'net.22:02
owhFor starters, don't panic, it's already happened, take a breath and talk through the process first.22:04
owhDo you have a full system back up?22:04
soulcyeah but I got stuff all set and now I have to start over22:04
soulcno22:04
owhHow much data is on the server?22:04
soulcbut this guy was stupid enough not to 0 out the bash_history file22:05
soulcwebserver it is personal not a production server by no means22:05
mindframe-he could have a backdoor installed :)22:05
owhPerhaps so, perhaps not. It's possible that they left that for you to find. Using the 'blog' user lock out as a trip.22:05
ScottKsoulc: Then definitely nuke it.22:05
ScottKSince it's not in production.22:06
soulccrap22:06
owhOh, it's not in production?22:06
soulcno this is my own thing..... in my house22:06
mindframe-tuh oh22:06
ScottKsoulc: Just suck it up and do it.22:06
soulcarg!22:07
mindframe-soulc, might want to check any other boxes you have there for intrusion22:07
mindframe-fire up wireshark on everything and watch22:07
owhThen learn from your mistake, don't do it again, start from scratch. If you documented what you did to build the machine then re-creating it might not be so complicated.22:07
owhI agree with mindframe-, there is an opportunity for an unauthorised user to gain further access to other systems in your network.22:08
owhIt's also possible that you only detected the login much later than it really happened.22:08
mindframe-correct22:08
soulc2 win xp boxes and this ubuntu desktop22:08
mindframe-soulc, are those xp boxes fully patched?22:08
owh(Depending on when you built the server.)22:08
soulcyeah22:08
owhSecurity is a process, not a thing.22:09
mindframe-are there any remote login services with weak passwords on those boxes?22:09
soulcdon't really know22:09
owhThings like guest level file sharing etc.22:09
soulcno that is off22:13
mindframe-soulc, a couple of tips for internet ssh hosting: use AllowUsers to restrict logins to certain users, run sshd on a high, non standard port, use pubkey authentication if possible22:13
owhI have a daily cron job that isn't running for some unfathomable reason. If I run the script from a terminal, it all works as expected. The script permissions are the same as the others in the cron.daily, the script name is vmware-backup. Until yesterday it was marked as #!/bin/bash, but all the others were #!/bin/sh, so even after changing that it still doesn't run. Ideas?22:13
* Nafallo never use non-standard ports :-)22:14
* owh neither.22:14
mindframe-well it keeps the kiddies from even finding your ssh port.  they usually dont scan 1-6553522:15
owh:)22:15
soulcyeah22:15
mindframe-of course you should have an IPS of some sort that blocks after a certain number of failures22:15
soulcso allowusers restricts to the ones listed?22:16
mindframe-yes22:16
soulcbetter that denyusers22:16
Nafallothere is also allowgroups if that would be more simple.22:16
soulctoo broad22:16
soulconly 1 or 2 ppl have access to my server22:17
soulcI installed fail2ban but nothing has been baned22:17
owhsoulc: No, you add users to the "ssh-allowed" (or what ever you decide to call it) group, then allow that group to ssh in. It gives you control by adding and removing users from a group without needing to change configuration files.22:17
mindframe-soulc, just out of curiosity... will you run chkrootkit and rkhunter on that box to see if they detect anything?22:17
mindframe-chkrootkit and rkhunter can be installed via apt-get22:17
soulcok22:18
soulcdid you look at the bash_history file?22:19
soulchttp://paste.ubuntu-nl.org/58680/22:19
mindframe-yes22:19
mindframe-like owh said they could have left what they wanted you to see22:20
soulctrue22:20
owhJust because it's there doesn't mean it's real.22:20
soulcok22:20
mindframe-that copy of screen could be modified to create a tunnel to a system he runs and he could still have control22:21
mindframe-soulc: what ip address was the connection made from?22:22
=== nijaba is now known as nijaba[away]
owhkeescook: ping22:23
=== nijaba[away] is now known as nijaba
keescookowh: hi!  I saw your new debdiff -- it looks good.  due to the alpha6 freeze I can't upload it until friday, but it's on my list of things to do tomorrow.  :)22:26
owhCool, just checking :)22:26
soulcyeah can't use apt-get anymore22:27
owhnijaba: Had a discussion yesterday with faulkes- about the survey. Have you got some time to talk?22:27
mindframe-heh22:27
mindframe-fry that installation asap22:27
soulc58.61.157.622:27
nijabaowh: yes, I spoke with him for an hour today22:27
owhsoulc: Is that because it's no longer connected to the net perhaps?22:28
owhnijaba: PM?22:28
soulcnope22:28
nijabaowh: this morning (EST)22:28
soulcit my be a bad dvd ron but I doubt it22:28
soulcer rom22:28
owhnijaba: I started making a very rough categorisation of the questions and emailed it to him. I'll send you a copy.22:29
soulcwhat is razor-agent.log22:29
mindframe-soulc: seriously disconnect it and do the forensics if youre interested...  it could be sending incriminating malicious traffic all over the net as you sit there.22:29
soulcok22:30
nijabaowh: ok please do22:30
soulc /root/.pyzor/servers contents 82.94.255.100:2444122:30
mindframe-oh yeah22:31
mindframe-he got you good22:31
soulcwhat is that?22:32
mindframe-pyzor is something for spam filtering.  should it be there?22:32
owhnijaba: You should have two emails shortly.22:32
soulcyeah I am running a spam fliter22:33
soulcworks great22:33
nijabaowh: got them, thanks22:33
owhnijaba: I added an extra column to the questions.22:33
owhsoulc: That IP address belongs to XS4ALL Internet in Holland.22:34
soulcwhich?22:35
owhUh, s/Holland/The Netherlands/ (or if you prefer, Nederland)22:35
owhsoulc: 82.94.255.10022:35
owhsoulc: Likely another compromised machine.22:35
mindframe-nothing on dshield about either of those22:35
soulchow about 58.61.157.622:35
nijabaowh: ok, I see.  Thanks :)22:36
owhsoulc: CHINANET Guangdong province network22:36
mindframe-what a surprise22:36
owh:)22:36
owhnijaba: I'm sure we can clean up the categories I suggested, but the idea is that questions of the same category are asked at the same time.22:37
soulcwhy do you say that?22:37
owhsoulc: You need to preface your responses with someone's nick, otherwise we'll have no idea what you're talking about or to whom.22:38
mindframe-soulc, china is one of the most common sources for malicious traffic22:38
soulcha ha hah a ok22:38
owhmindframe-: Before or after the USA :)22:38
soulcmindframe oh really I didn't know that22:39
mindframe-before i think22:39
mindframe-usa has all the botnets22:39
mindframe-or thats where they run22:39
mindframe-heh22:39
soulcok mindframe I finally got those root kit apts to install it is the rom that is flaky22:40
mindframe-ah22:40
mindframe-comment out that junk :)22:40
mindframe-soulc: those will only detect known rootkits... just curious if they will detect anything because ive never gotten a positive detection22:41
soulcwhere do I look for rkhunter's log?22:41
soulcgot it22:42
owhnijaba: So, what do you think about the categories?22:44
mindframe-owh: i know a bunch of people who filter all traffic from china since they dont conduct business with them22:44
owhmindframe-: I understand the sentiment, but ultimately it's futile. All it does is encourage traffic to be routed via an alternative - non-blocked - route.22:45
soulcok so rkhunter should have been installed at setup22:46
mindframe-soulc i think you need to run it22:46
soulcand chkrootkit comes back all not infected22:46
mindframe-rkhunter --update && rkhunter --check22:47
owhsoulc: Standard Operating Procedure is to visit /usr/share/doc/{package} and RTFM.22:47
mindframe-rkhunter puts an entry in cron to check once a day22:47
owhsoulc: If that fails, "man {package}" and RTFM.22:48
owhsoulc: If that fails, Google is your friend :)22:48
soulcpretty much learn as I go type not too good in reading something and interpeting it22:48
owhsoulc: Well, if you're going to administer a server then you're going to have to hone your reading/interpretation skills.22:48
=== nijaba is now known as nijaba[away]
owhsoulc: Learn as you type is a good recipe for disaster.22:49
soulcowh: this is "my" server I don't get paid22:49
soulcbelieve that if I was working at this I would have tested and had others review before the box was put into production22:50
owhsoulc: It's not about who "owns" the server or if you get paid, it's about procedures and methodology. At some point you're going to be fiddling on a server owned by someone else. If you learn as you type, it could cost lots of money.22:50
soulctrue22:51
owhsoulc: If you use the learn as you type method, then you're not working in any structured process. A review by a peer is extremely likely to miss something. Which is why there is the Ubuntu/Debian way of doing stuff.22:51
soulcok I have had an fc server for years and no problems because I had been a rh user and knew how that worked22:52
Nafalloalso, people get spammed even from home servers22:52
soulcI switched to Ubuntu cause I didn't want to install EVERYTHING when setting up a server22:52
owhsoulc: Just because it worked, doesn't mean it will continue to. Let me give you an actual example.22:53
good_danaowh: i think you mis-read what soulc had typed he said he is the type of person to "learn he goes" not "learn as he type[s]"22:53
soulcthanks gd22:53
owhsoulc: One of my colleagues was building an application which controlled a container crane in Rotterdam harbour. It used a Novell file-server to store data. I asked him what would happen if the Novell server ran out of disk space. He never thought of the problem. There was no process in place to even contemplate such an issue - this is in 1989.22:55
owhgood_dana: Yes, I did misread that.22:55
soulchow do I refresh the paste webpage to get a clear page I always have to backspace over the id number then reload22:55
soulcowh that was when 80 meg was all you would ever need for storage space...|-)22:56
Nafallohehehehe22:57
owhsoulc: In the above example, my point is that if there is a procedure to do something, then follow that procedure. If you don't like the procedure, write a new one, then use that. I realise that sounds pretty anal, but then it means that clients don't loose data as a result of your negligence.22:57
owhsoulc: 80 meg, try 20.22:58
Nafallohmm22:58
soulcyeah I was referencing my first hd22:58
soulc199122:58
Nafallothink I still have one of those harddrives in storage somewhere...22:58
owhsoulc: Three years is a long time in storage systems :)22:58
soulcyeah in 3 years we maybe using ss hd's22:59
owhsoulc: No "maybe" about it.22:59
soulcchkrootkit output http://paste.ubuntu-nl.org/58693/22:59
Nafalloah22:59
Nafallossd22:59
soulcwell for me price will have something to do with it23:00
owhsoulc: I visited the IBM Almaden research centre in 1997 and at the time we discussed the difference between HDD and SSD. At the time, all the technology was in the HDD head and in the SSD cells. We postulated that over time we would see more and more processing on the HDD platter which had already begun at the time. We postulated that it would reach a point where the processing on the platter would be analogous to the process23:03
soulcwow rkhunter is quite extensive23:03
owhMeanwhile, anyone got any suggestions on how to track down a cron.daily job that isn't running. run-parts --test shows my script as going to be run, but it never is.23:08
owhThe syslog shows the entry for cron.daily.23:08
owhHmm, I wonder if the other jobs run.23:08
soulcthe only thing in rkhunter is http://paste.ubuntu-nl.org/58694/23:12
owhWell well well. On a standard ubuntu-server install, it appears that cron.daily isn't running.23:14
soulc-rw-r--r-- 1 root root   0 2008-03-06 16:12 \x2fdevices\x2fpci0000:00\x2f0000:00:01.023:14
soulcha ha ha23:14
soulcdrwxr-xr-x  2 root    root          60 2008-03-06 16:12 .initramfs23:16
soulcis this something that is created at boot?  I rebooted the system at this time23:16
soulcok well thanks for you help I guess I need to start working again23:21
mruizbye ...23:22
mathiazowh: which release ?23:28
owhmathiaz: gutsy23:29
owhmathiaz: I've determined that hour/weekly/monthly *appear* to be running properly.23:30
mathiazowh: you've got nothing mailed to root ?23:30
owhmathiaz: None of the daily ones run at all.23:30
owhmathiaz: I'll have a squiz.23:30
mathiazowh: see bug 16428123:30
mathiazowh: see bug 19428123:30
ubotuLaunchpad bug 194281 in apt "/etc/cron.daily/apt uses gconftool" [Medium,Fix released] https://launchpad.net/bugs/19428123:30
mathiazowh: although it may only apply to hardy23:31
owhmathiaz: No mail on the system that I could find.23:31
mathiazowh: do you have specific cron jobs in cron.daily ?23:34
owhmathiaz: The standard ones and a vmware-backup script.23:34
owhmathiaz: That patch appears to patch /etc/cron.daily/apt23:34
owhmathiaz: I don't have that code in that file.23:34
owhs/have/appear to have/23:34
mathiazowh: yes - that's what I thought - it's only a problem with hardy23:35
mathiazowh: if you remove vmware-backup, does it run ?23:35
owhmathiaz: As far as I can tell, they've never run at all, even before the vmware-backup script was installed.23:35
owhmathiaz: As in, I'm not seeing rotated logs or apt time stamps.23:36
owhmathiaz: It's possible that it's related to the vmware-backup script being installed, but until yesterday it was a sym-link, which I replaced with a hard-link yesterday. I suspected that the sym-link would never run at all.23:37
owhmathiaz: Hmm, a run-parts --test picks up the sym-link with no problems.23:38
owhmathiaz: Would you expect no scripts to run if one fails?23:39
mathiazowh: it seems that if one script fails, then the ones that should follow aren't run.23:41
owhmathiaz: I understood it to be in alphabetical order. If that's true, then this is the last script to run.23:42
owhmathiaz: Yeah, the man page says: Files are run in the lexical sort  order  of  their  names23:43
owhmathiaz: I suppose I can remove the vmware-backup script and check again tomorrow. That will at least tell us if it's caused by my script :(23:46
mathiazowh: well - I don't think so.23:46
mathiazowh: I'd make sure that the mail system is setup correctly23:47
owhmathiaz: That makes two of us, but stranger things have happened.23:47
mathiazowh: and then setup the cronjob to mail output to root and specific user23:47
owhmathiaz: Even if it isn't then why are all the other jobs running normally?23:47
mathiazowh: may be on the cron job in daily fails23:48
mathiazowh: but the cron job is not in weekly or monthly23:48
owhmathiaz: Hmm.23:49
owhmathiaz: The only thing in your argument that is possible is that if output is generated it barfs. Seeing that my vmware-backup script is pretty chatty, that's possible. I'm still unsure why other daily jobs wouldn't run though.23:51
mathiazowh: if output is generated, it should be mailed to root by default23:53
mathiazowh: and root is aliased to the user created during the install23:53
owhmathiaz: pHONE23:54
owhmathiaz: This was a standard gutsy server install. I don't recall answering any Debian-like questions about email. I looked in /var/spool/mail/* and found nothing.23:58
mathiazowh: did you install an mail server on it ?23:59
owhmathiaz: Nope.23:59
mathiazowh: hum - that's why the output of the cronjobs are not available23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!