[00:00] <rhineheart_m> mathiaz: what do you mean with * Reloading web server config apache2   5904  OK after doing the given tutorial?
[00:13] <zul> soren: xen-utils has the qemu bits
[00:32] <musashi> after setting up raid 1, my computer no longer boots. it hangs for a while, resumes and then dumps to (initramfs). my system worked fine with raid set up but not mirroring. last night i did "mdadm /dev/md1 -G -n 2" or order to get it mirror. That's all i did. now it doesn't boot. any help?
[00:33] <musashi> also added the mirror drives with "mdadm --add /dev/md1 /dev/sdb2"
[00:35] <musashi> if i try to exit busybox I get "target filesystem doesn't have /sbin/init"
[00:35] <rhineheart_m> is it possible to set SSL redirection to local IP using apache2? Example.. the router can be accessed at this add: 192.168.1.20..can I configure apache2 modSSL to allow redirection to local  192.168.1.20?
[01:00] <ScottK> Someone who's in Canada go wake up zul so he can upload ebox.
[01:02] <faulkes-> depends where zul is and how much you're gonna pay me ;)
[01:02] <faulkes-> zul in mtl?
[01:08] <zul> ScottK: there is always tomorrow
[01:09] <faulkes-> heh
[01:09] <faulkes-> zul: where in .ca?
[01:09] <zul> ottawa
[01:09] <faulkes-> ah
[01:09] <faulkes-> toronto here, well, outside of toronto, but still
[01:36] <zul> ah how unfortunate ;)
[01:41] <rhineheart_m> can anyone here recommend commodo firewall for ubuntu server ed gutsy?
[01:50] <ScottK> zul: I was thinking it'd be cool to be able to tout ebox in the alpha 6 release notes.
[02:13] <slide23> I think my server may have been compromised but I can not take it offline immediately to reinstall. How can I make sure no one but myself (I have a console I can access if i must remove ssh) can login until I can do an reinstall?
[02:13] <ScottK> If it's been seriously compromised you can't.
[02:14] <sommer> what if you changed the shell option for users in /etc/passwd?
[02:14] <slide23> im not sure how seriously but i wont be able to reinstall for a day or so and at least want to minimize anything i can
[02:15] <slide23> well, i only had 1 becides myself and it was actually set to root (which im not sure if i did that a LONG time ago and just forgot or not)
[02:15] <sommer> you could also monitor for proceses that shouldn't be there
[02:16] <sommer> not 100% fool proof though
[02:17] <slide23> ugh
[02:17] <slide23> stupid hackers
[02:17] <faulkes-> zul: heh
[02:19] <faulkes-> slide23: determine the vector by which you were comprimised, seal it off, that isn't a garrauntee of other things but it's a start
[02:19] <faulkes-> depending what or who, it could be something as simple as a bot exploit
[02:19] <slide23> i think it was probably a forum exploit that got them in
[02:20] <faulkes-> then it is likely just a bot
[02:20] <slide23> how do i tell, and what is a bot lol
[02:21] <faulkes-> a bot is just automated software which probes and exploits when it finds a vulnerability, usually adding itself to an irc network
[02:21] <slide23> actually, they had a phising page setup on one of my site
[02:21] <faulkes-> you could just run tcpdump and look for port 6667 traffic
[02:22] <faulkes-> yes, but they need a control medium, that is usually done via irc
[02:22] <slide23> ah
[02:22] <sommer> slide23: did you have extra apache processes running?
[02:22] <faulkes-> so if you aren't irc'ing from the server itself and see port 6667 traffic, that would indicate the general level of infection
[02:23] <slide23> what do you mean extra?
[02:23] <faulkes-> as it's more virus than actual human at a prompt
[02:23] <sommer> extra as in from a different httpd binary somewhere else in the file system
[02:23] <slide23> how can I tell
[02:23] <faulkes-> slide23: processes owned by the www-data user, that are not httpd
[02:23] <ScottK> Personally I'm still getting over "I think it's compromised, but can't turn it off".
[02:23] <sommer> ps -ef should show the binary path
[02:24] <sommer> ScottK: heh... sometimes it happens
[02:24]  * ScottK would suggest the long term consequences of having one of your IPs being used for bad stuff probably outweigh whatever short term risks there are with pulling the plug.
[02:24] <faulkes-> ScottK: have had that happen recently to a box that was 700 clicks from me with no useful DC support
[02:24] <faulkes-> takes awhile for things like that to get added to lists though, so if he caught it in time
[02:24] <faulkes-> he should be good
[02:25] <faulkes-> and the only way he can prevent that, is to track down the attack and figure out what it did
[02:26] <faulkes-> slide23: look through /var/log/apache2/access.log, heck, even "cat /var/log/apache2/access.log | grep -i bot"
[02:27] <faulkes-> if that shows up a url, use wget to download a copy of the bot from the url, you can then see what process it think it should hide as and move from there
[02:27] <faulkes-> usually, this form of attack is against phpbb
[02:29] <slide23> i see tons of google bot and msn bot
[02:29] <slide23> lol
[02:29] <sommer> you were hacked by google!
[02:29] <slide23> lol
[02:29] <faulkes-> heh
[02:30] <faulkes-> try grep -i "=bot" instead
[02:30] <faulkes-> with quotes around the "=bot"
[02:30] <slide23> nope
[02:30] <slide23> nothing now heh
[02:30] <faulkes-> then you have to look through line by line ;)
[02:31] <faulkes-> look for anything which includes your url, attempting to call another url
[02:32] <musashi> after setting up raid 1, my computer no longer boots. it hangs for a while, resumes and then dumps to (initramfs). my system worked fine with raid set up but not mirroring. last night i did "mdadm /dev/md1 -G -n 2" or order to get it mirror. That's all i did. now it doesn't boot. any help?
[02:32] <faulkes-> i.e. /path/to/myphp.file.php?=http://some.server.somewhere.com
[02:32] <faulkes-> or something like that
[02:32] <musashi> well I also added the mirror drives with "mdadm --add /dev/md1 /dev/sdb2" and goofed up so removed it and then added again.
[02:32] <faulkes-> again, that is just a common attack vector, it could be something else entirely
[02:33] <faulkes-> define "goofed up"
[02:34] <musashi> me?
[02:34] <faulkes-> yep
[02:34] <musashi> by goofed up i did "mdadm --add /dev/md1 /dev/sdb1" when it should have been sdb2 to match
[02:35] <musashi> md1 = sda2 and sdb2
[02:35] <musashi> so i did mdadm --remove /dev/md1 /dev/sdb1 and then re-added with with sdb2
[02:36] <musashi> md1 holds the / partition
[02:36] <faulkes-> my first instinct says to search the official server forum at http://ubuntuforums.org/forumdisplay.php?f=7 as I believe others have had this issue
[02:37] <faulkes-> I'm not sufficiently versed enough beyond this point to really be of much assistance
[02:37] <musashi> okay. looking...
[02:37] <musashi> any particular keyword a good choice for searching?
[02:37] <faulkes-> I would search for mdadm (I believe there was a recent post) and also raid
[02:38] <rhineheart_m> faulkes: this might be off topic here.. but may I ask you? Do you have background on joomla CMS?
[02:38] <faulkes-> rhineheart: no, I do not use joomla nor have a background with it
[02:39] <faulkes-> the last CMS I touched would probably have been drupal and I despised every minute of working with it ;)
[02:39] <slide23> ok i ran chkrootkit and got this, "Checking `bindshell'... INFECTED (PORTS:  465)"
[02:40] <faulkes-> port 465 is ssl over smtp
[02:40] <faulkes-> I would check with chrootkit folks to see if it is a known false positive
[02:41] <faulkes-> as both chrootkit and rkhunter are capable of giving off false positives
[02:42] <faulkes-> err, smtp over ssl
[02:42] <faulkes-> I think I just ip over avian carrier'd myself there
[02:43] <faulkes-> and in the very next step, dated myself incredibly
[02:45] <faulkes-> of course, if you know your installed mail system in/out, it would also tell you if it's valid or not
[02:46] <slide23> yea no... lol i set it  up a long time ago and dont do this as a business just personal
[02:46] <slide23> bbl
[02:49] <musashi> I have scanned the 110 posts that match but none seemed to address my issue (of course I'm not sure what I'm looking for). my system boots to busybox and trying to exit busybox I get "target filesystem doesn't have /sbin/init"
[02:49] <musashi> i found lots googlilng that error but nothing useful yet
[02:50] <musashi> except a suggestion to reinstall udev which i did without effect
[02:51] <faulkes-> serach for "raid initramfs" then
[02:51] <faulkes-> as that is particular to your case
[02:51] <faulkes-> within the forums that is
[02:52] <musashi> searching...
[02:55] <rhineheart_m> faulkes: where is wget extracted folder could be found?
[02:56] <faulkes-> musashi: which server version are you using
[02:57] <faulkes-> rhineheart: huh?
[02:57] <rhineheart_m> I got it.. in the root.. thanks.. m using 7.10
[02:58] <musashi> it's not a server. just my desktop. i'm running 7.10. installed from alternate cd and set up raid. it wasn't mirroring so i did the mdadm add stuff and finally got it to mirror. i'm betting my problem is because the --remove bit did more than i expected.
[03:00] <musashi> this looks promising but not sure what i need to do http://ubuntuforums.org/showpost.php?p=4012098&postcount=6
[03:07] <faulkes-> #ubuntu-desktop may have encountered similar issues before
[03:07] <faulkes-> however, I also found
[03:07] <faulkes-> http://ubuntuforums.org/showthread.php?t=651110&highlight=fail+boot+raid+device
[03:08] <faulkes-> which seems to describe some of what you are seeing but that is about all I can really offer, not having a box to test it out on here right now
[03:08] <musashi> what does this mean "It looks like you may not have loaded the raid1 module in your initramfs. "
[03:09] <musashi> could it have been removed as i was setting it up? it used to boot just fine.
[03:10] <faulkes-> iirc if you modify your initramfs you need to update-initramfs -u
[03:10] <musashi> well i never modified anything intentionally. i can boot a live cd and try that
[03:11] <musashi> i don't even know what initramfs is
[03:12] <musashi> maybe ram file system?
[03:12] <faulkes-> initramfs basicly tells the kernel which stuff to load at boot
[03:13] <musashi> so will "sudo update-initramfs -u" update it?
[03:13] <faulkes-> however, if you can boot off a live cd, I mount and check /etc/fstab /etc/initramfs-tools/modules
[03:14] <faulkes-> hrmmmm, I smell burnt IC
[03:14]  * faulkes- eyes his laptop
[03:14] <musashi> oh, literally
[03:14] <musashi> lol
[03:15] <musashi> yeah, i can boot live cd but kind of a pain to get the raid volume to mount
[03:15] <faulkes-> yes, literally
[03:15] <faulkes-> this laptop has been dying a slow death the last week
[03:15] <faulkes-> I have a new one on order
[03:16] <faulkes-> kb dead, dvd dead, hdd making sqawking noises
[03:16] <musashi> well new computers are always fun
[03:16] <faulkes-> eh, it'll be nice to have a current machine
[03:17] <faulkes-> 3x the ram, 5x the drive space, alot more cpu and alot more vram
[03:18] <faulkes-> I'll get it all sparkly and pretty with desktop effects
[03:18] <faulkes-> maybe add in some flowers and a throw pillow or two
[03:18] <musashi> okay looking at /etc/initramfs...
[03:18] <musashi> lol
[03:18] <musashi> nothing but commented lines
[03:19] <faulkes-> commented lines such as #raid0 #raid1?
[03:19] <musashi> yeah
[03:19] <musashi> says #examples:
[03:19] <musashi> # raid1
[03:19] <musashi> # sd_mod
[03:19] <musashi> and some other stuff before that
[03:19] <faulkes-> that could possibly be an issue as iirc the -generic kernel isn't built with raid support
[03:20] <musashi> well, i did install from the alternate cd and specifically set up raid at install. i would hope that would cover it
[03:20] <musashi> it was booting fine too
[03:20] <musashi> until i made the changes to get it to mirror
[03:21] <faulkes-> yes, damnable changes
[03:22] <faulkes-> what about /etc/fstab
[03:22] <musashi> okay, did the update-initramfs bit.
[03:22] <faulkes-> do the UUID of the disks match for your raid mirror?
[03:23] <musashi> not sure, how do i check
[03:23] <faulkes-> cat /etc/fstab?
[03:23] <musashi> update didn't seem to do much
[03:23] <musashi> yes, i'm looking at fstab
[03:23] <faulkes-> musashi: I'm not sure what output it would give if you ran it, although you would have to make changes to the modules file (such as uncommenting those options)
[03:23] <musashi> but don't know if the uuids are right. it does say /dev/md0 and /dev/md1 and then gives the uuids
[03:24] <faulkes-> md0 representing which disk?
[03:24] <faulkes-> or set of disks (as appropriate) or mount point
[03:24] <musashi> md0 is hd0 or sda1
[03:25] <musashi> i think this is correct as it does start to boot. just errors out later
[03:25] <faulkes-> I would comment out the raid1 and sd_mod modules in /etc/initramfs-tools/modules and do the update-initramfs -u
[03:26] <faulkes-> s/comment/uncomment
[03:26] <faulkes-> then give it a reboot, who knows, might just fix it
[03:26] <musashi> okay, trying
[03:27] <musashi> update says "cat: /proc/cmdline: no such file or directory" mean anything?
[03:27] <musashi> well rebooting. lets see what happens
[03:28] <musashi> no go
[03:29] <musashi> it says md0 stopped and md1 stopped and then hangs
[03:29] <musashi> why is it stopping them
[03:33] <faulkes-> that would be the $5 mil question, wouldn't it ;)
[03:34] <musashi> well, i was hoping you might have an idea :)
[03:35] <faulkes-> when it says "stopped" is that the full message it gives?
[03:35] <musashi> before going to busybox it says "trying o resume from /dev/disk/by-uuid" and then no resume, doing normal boot...done. some modprobe lines then cannot read /etc/fstab and some more failed mounts.
[03:36] <mralphabet> do you have the boot disk mirrored with mdadm?
[03:36] <musashi> yes, but not the boot partition
[03:36] <musashi> just / and /home
[03:36] <musashi> for stopped it just says md0 stopped
[03:37] <musashi> the rest of the info is off screen now. how can i scroll up?
[03:37] <faulkes-> well, at the point where it says it can't read /etc/fstab, we have an issue already
[03:38] <faulkes-> probably even before that
[03:38] <faulkes-> you *do* take regular system backups *don't* you? ;)
[03:38] <musashi> right. i think it's because it's stopping the array and then can't reay anything
[03:38] <musashi> yeah, i have a full backup of /home
[03:38] <musashi> the data is good though
[03:38] <musashi> i can read it from a live cd
[03:39] <musashi> i didn't backup / though
[03:39] <musashi> it's easy to reinstall that
[03:41] <faulkes-> wow, I feel like I won the lottery, I found a user who takes backups
[03:41] <musashi> lol
[03:41] <musashi> what? doesn't everyone?
[03:42] <faulkes-> given the lottery feeling, the general answer would probably be no ;)
[03:42] <musashi> the whole point of doing the raid was to give me another backup
[03:43] <musashi> i help on launchpad answers a lot and it seems like a lot of people manage to overwrite windows when installing and never made a backup before install. now that's crazy
[03:44] <faulkes-> the only thing I can think of is that it either doesn't think the raid1 array is fully populated/created (which seems to be a known bug) or that something is wrong with the boot sequence but thats about all I have and it's just from googling
[03:44] <faulkes-> and LP entries
[03:45] <faulkes-> and I do need to head off to bed
[03:45] <musashi> i'm guessing something similar but no idea how to fix
[03:45] <musashi> well, thanks for the help.
[03:45] <musashi> i'm installing on a new drive so i can have something to work from
[03:47] <ScottK> lamont: You can add the Postfix backport you did to Gutsy to the how the heck did that work list since DB 4.6 was in Universe at Gutsy release.
[03:58] <nealmcb> mathiaz, sommer - I wasn't at the meeting today since I'm at the idtrust2008 symposium.  but I did notice the 'servergui' request.  I'll get to it later.  But for now I'd suggest talking about guis other than x11 and linking to ebox from the servergui web page, and perhaps recommending in the ebox wiki page that it is not quite ready for prime time in gutsy and is/will be much better in hardy.
[03:59]  * musashi waves at nealmcb 
[04:00] <nealmcb> :-)
[04:01] <sommer> hey nealmcb
[04:01] <sommer> sounds good to me
[04:01] <sommer> I'll update the servergui page
[04:02] <sommer> nealmcb: I'm also using the ebox wiki page to rough draft the documentation, so if you have anything to add ;-)
[04:04] <sommer> nealmcb: are you going to UDS Prague?
[04:05] <lamont> ScottK: heh
[04:05] <ScottK> If someone would be up for testing we could backport ebox to gutsy once zul uploads his updates.
[04:05] <sommer> ScottK: I'm up for testing
[04:05] <sommer> from my hardy ebox testing there's still some issues though :\
[04:06] <ScottK> Well if it works reasonably well it might be worth it to get more testing.
[04:06] <sommer> to be honest I think there are some design decisions with ebox that aren't "the best"
[04:07] <sommer> to manage users and groups you have to install slapd for instance
[04:07] <sommer> what if I like /etc/passwd
[04:07] <nealmcb> sommer: thanks!
[04:07] <sommer> nealmcb: welcome
[04:08] <nealmcb> sommer: yes I'm going to Prague - woot!
[04:08] <nealmcb> ouch - slapd huh....
[04:08] <sommer> cool, do you know if americans need a special visa thing?
[04:08] <nealmcb> I haven't checked.  or even czeched....
[04:08] <ScottK> sommer: My understanding is not (I'm going too).
[04:08] <sommer> heh... I looked through the czech embassy page and didn't see anything
[04:08] <nealmcb> :-)
[04:09] <sommer> ScottK: cool, good news
[04:09] <sommer> it'll be great to meet everyone in RL... heh
[04:12] <ScottK> Personally I won't use it, but I understand it (ebox) is an important issue for the distro.
[04:14] <musashi> nealmcb, i went to to prague about 13-14 years ago and no visa needed. things may have changed though
[04:16] <sommer> ScottK: same here, but I work with some windows admins that would like to have that functionality :-)
[04:16]  * sommer thinking about delving into eBox development
[04:26] <nealmcb> sommer: I haven't really found time to look in depth at ebox yet, but yeah, my sense is that it would be very helpful,  though it needs to be done right....  so I hope it looks appealing
[04:26] <nealmcb> musashi: thanks.  I hear it is a great place to visit
[04:27] <sommer> nealmcb: I like the interface, looks great
[04:27] <slide23> is there anyway I can backup a remote server to my computer?
[04:27] <sommer> nealmcb: I think the overall design is a little "heavy"
[04:27] <sommer> at least for my taste
[04:28]  * nealmcb isn't fond of perl
[04:28] <sommer> slide23: are they both linux machines?
[04:28] <slide23> no =\ my local computer is windows
[04:28] <sommer> slide23: one way would be to use rsync... I believe there's a windows client, but you might double check
[04:29] <ScottK> slide23: Install cygwin on the Windows box and use rsync
[04:29] <ScottK> sommer: ^^^ is the windows client
[04:29] <sommer> ah
[04:30] <slide23> hrm well I also want to preserve permissions and date info, is there anyway to do that too? like put it into an archive
[04:30] <ScottK> slide23: IIRC you can do that with the right swicthes on rsync.  Read the man page
[04:31] <sommer> slide23: also bacula might be a good option... haven't done linux > win myself though
[04:32] <ScottK> I use the cygwin rsync approach to back up my wife's computer (her transition is on the TODO).
[04:32] <slide23> hehe
[04:36] <ow1> I need some help. I've just created a fix for the ntp bug. Using https://wiki.ubuntu.com/PackagingGuide/Recipes/Debdiff as my recipe I've made a debdiff, but it's huge. I've just noticed that the changelog shows 'feisty' in my change entry, rather than 'hardy', which I suspect is the cause. Without building a hardy machine or a pbuilder environment for hardy, how do I make a debdiff with a single line fix in a bash script?
[04:38] <sommer> debchroot?
[04:38] <ow1> sommer: Doesn't that mean that I still need to have a gig of space to make a virtual hardy machine?
[04:38] <sommer> ow1: you'll need some space yep
[04:39] <ow1> Crap.
[04:39] <ow1> Sigh.
[04:39] <sommer> ow1: to be honest I'm not 100% sure, probably a good idea to ask in #ubuntu-motu, they should know
[04:40] <ow1> Cool, I'll ask, tah.
[04:40] <sommer> though someone here probably knows better than me here as well
[05:06] <ow1> Well in the end I created a debdiff with diff -ruN which seemed to create what I needed.
[05:34] <sommer> when using a serial console to a linux machine is it the same as using vga without X11 ?
[05:41] <owh> sommer: AFAIK yes - actually, a TTY, but yes.
[05:42] <sommer> owh: cool thanks... that's the way I understood it, but have never actually set one up
[05:42] <sommer> probably a good project for the weekend
[05:45] <owh> sommer: I created a debdiff with diff -ruN in the end.
[05:46] <owh> s/with/using/
[05:46] <owh> For my next project I'll create a JEOS vm to do patching in :)
[05:47] <sommer> owh: sweet, jeos is pretty cool
[05:47] <sommer> good news on the debdiff :-)
[05:48] <owh> I'm down to 48 seconds on a jeos build :)
[05:48] <owh> Mind you, that's not on my workstation, but on a big server :)
[05:49] <sommer> heh... I've only used with qemu, but worked well for me
[06:52] <pnukeid> i want share internet connection my ubuntu with xp, and i have problem ?
[06:52] <pnukeid> anybody can help ?
[06:54] <pnukeid> my ubuntu connect have 2 lan card, one connect to adsl modem, one in laptop xp..
[06:55] <pnukeid> when i ping google.com from laptop, it just "request time out"..
[07:08] <rhineheart_m> Anybody here who knows the poppass daemon default port for courier and how to configure it?
[07:08] <soren> I'm guesssing it's 106.
[07:09] <soren> No idea where to configure it.
[07:09] <soren> Never used it.
[07:13] <rhineheart_m> thanks...  How I wish somebody here knows about it..
[07:37] <rhineheart_m> hello.. I got this error: Warning: fsockopen() [function.fsockopen]: unable to connect to localhost:106 (Connection refused) in /usr/share/squirrelmail/plugins/change_pass/options.php on line 140. Any idea?
[07:37] <soren> I'm no expert, but I'm guessing options.php is trying to connect to port 106 on localhost, and it can't.
[07:39] <MenZa> Morning, soren
[07:40] <soren> Hi, MenZa  :)
[07:44] <rhineheart_m> hello soren..
[07:44] <soren> Hi.
[07:46] <rhineheart_m> actually m trying to configure to be able to change password in squirrelmail..but it needs poppass to accept incoming requests  at port 106.The router is alraedy open at 106 though.  Just don't know where to configure it..
[07:49] <soren> It's trying to connect to localhost. Unless your network setup is *seriously* messed up, that shouldn't involve a router.
[07:50] <soren> You probably just haven't start the poppass daemon.
[07:51] <rhineheart_m> I'm using here courierpasswd. The plugin says I could use it instead of poppass
[07:51] <soren> Then courierpasswd is your poppass daemon.
[08:03] <rhineheart_m> I just forgot how did I set it up... how to know what authentication method courier is using?
[08:08] <freeflying> rhineheart_m: what plugin r u using?
[08:08] <rhineheart_m> plugin for squirrelmail...to let users change their own passwords..
[08:13] <freeflying> rhineheart_m: no idea, never used this plugin
[08:14] <rhineheart_m> freeflying: do you user squirrelmail?
[08:14] <freeflying> rhineheart_m: yes
[08:15] <rhineheart_m> freeflying: did you allow your users to change their own password?
[08:15] <freeflying> rhineheart_m: no :P
[08:15] <rhineheart_m> okay.. why ?
[08:16] <rhineheart_m> freeflying: are they virtual users
[08:16] <freeflying> rhineheart_m: yes, they don't wanna :P
[08:17] <rhineheart_m> uhuh! what guide you use to make virtual users?
[08:17] <freeflying> rhineheart_m: no guide :)
[08:18] <rhineheart_m> freeflying: that's great..
[08:18] <freeflying> rhineheart_m: u will not make it run just follow some guides :P
[08:55] <nijaba> morning
[09:01] <\sh> does the php5-cgi package supports fcgi mode (e.g. for lighty/apache)?
[09:04] <\sh> forget the question..i found the answer :)
[09:04] <rhineheart_m> its afternoon here..
[09:19] <kraut> moin
[10:06] <mok0> I have an amd64 running the latest hardy kernel (2.6.24-11-generic) but it seems to be running full throttle. How can I tell if dynticks are enabled?
[11:02] <faulkes-> morning nijaba
[11:03] <nijaba> hello faulkes- first day at your new job today, right?
[11:03] <faulkes-> something like that
[11:03] <faulkes-> only have meeting scheduled today, but that'll probably last like 3 hours
[11:04] <nijaba> faulkes-: hey, good luck on this.
[11:04] <faulkes-> get stuff setup, see what kind of hideous mess I've walked into  ;)
[11:04] <nijaba> I read the log from the meeting yesterday
[11:04]  * faulkes- nods
[11:04] <nijaba> did you get to talk with owh?
[11:04] <faulkes-> yes
[11:05] <faulkes-> we spoke at length on a number of topics
[11:05] <nijaba> I don't quite get his remark "going all over the place", could you shed some light on tis for me?
[11:05] <faulkes-> and then we took a step back because there were some obvious differences, put things apples to apples, so to speak
[11:05] <nijaba> (if you don't have time now, we can do this later)
[11:05] <henkjan> hmm, server-meeting is a bit late
[11:06] <faulkes-> nah, I have time
[11:06] <henkjan> in GMT+1 thats 22:00
[11:06] <nijaba> henkjan: yeah, I know, I am based in paris
[11:06] <nijaba> same time zone as you, it seems
[11:08] <henkjan> i would like to follow the meetings, but also need my sleep
[12:32] <tmadsen> If I enter a wrong password on an ubuntu server, that password will not be saved anywhere in cleartext, right?
[12:38] <freeflying> tmadsen: should be
[12:38] <tmadsen> where?
[12:39] <tmadsen> I entered a qrong password, and I don't want anyone to be able to see it
[12:39] <henkjan> you entered a wrong password at a password prompt?
[12:39] <henkjan> then it wil not be saved
[12:39] <tmadsen> yes, while doing a sudo'
[12:39] <zul> sommer: around?
[12:39] <henkjan> tmadsen: don't worry
[12:39] <tmadsen> henkjan: not saved?
[12:40] <henkjan> if you typed it in stead of an command like 'ls' it would be saved in .bash_history
[12:40] <freeflying> tmadsen: i mean it will be saved
[12:40] <henkjan> tmadsen: i won't be saved if you typed a wrong password while doing sudo
[12:40] <tmadsen> henkjan: thank you
[12:41] <tmadsen> freeflying: if you think its saved, where do you think then=
[12:41] <sommer> zul: just getting ready for work ;-)
[12:41] <freeflying> tmadsen: sorry, will not be :)
[12:41] <tmadsen> good, thank you both
[12:41]  * tmadsen is relieved
[12:42] <zul> sommer: ok talk later then :)
[12:42] <henkjan> last week i received a shipment of ubuntu-servers cds. I decided to drop them at the reception, so customers could get one to try ubuntu.
[12:42] <sommer> zul: give me like 30min... I'll ping you in a bit
[12:42] <henkjan> today i noticed that the last cd was gone
[12:43] <henkjan> would canonical ship more free cds to promote ubuntu ?
[12:45] <freeflying> henkjan: u may apply from shipit
[12:47] <henkjan> freeflying: shipit has no ubuntu-server cds
[12:48] <zul> sommer: sure
[12:51] <henkjan> we just ordered two sun t1000's for the coming hardy release (we run nl.archive.ubuntu.com )
[12:55] <henkjan> lets see how that runs (1 proc, 8 cores, 4threads p/core
[12:55] <henkjan> threaded apache, 2x 10G AMSIX connection
[13:26] <sommer> zul: I'm back
[13:26] <zul> sommer: cool I fixed that problem with the logger
[13:27] <zul> sommer: for the userandgroups stuff it looks like you have to configure ldap
[13:27] <sommer> ah, so eBox doesn't handle it for you?
[13:27] <zul> no
[13:27] <zul> unfortunately
[13:28] <sommer> ya, that's kind of limiting if you have to use ldap, but need to configure it yourself
[13:29] <zul> oh I agree
[13:29] <sommer> but I guess if it's documented should be okay
[13:29] <zul> thanks for all your testing
[13:29] <sommer> I'll be able to do more testing this evening
[13:29] <sommer> np
[13:30] <henkjan> hmm, proper setup of ldap is not that easy, especially for the people who want to use a webbased panel
[13:30] <ScottK> sommer: Someone ought to add something to the Alpha 6 release notes about ebox...
[13:30] <zul> ScottK: not yet..
[13:30] <sommer> ScottK: sounds good to me, not sure how that process is handled though
[13:31] <ScottK> zul: No?
[13:31] <zul> ScottK: still uploading it to universe and it has to get out of binary new
[13:31] <ScottK> sommer: Not if zul says no, but the usual way is to whine to slangesek
[13:31] <zul> and source new
[13:31] <ScottK> Right.
[13:32] <sommer> ScottK: ah,
[13:34] <rhineheart_m> ScottK: when will be hardy be officially released?
[13:35]  * ScottK hands rhineheart_m wiki.ubuntu.com/HardyReleaseSchedule
[13:35] <rhineheart_m> ScottK: thanks... are you one of its core developers?
[13:35] <henkjan> half april, so we have a month to make a superfast nl.archive mirror
[13:36] <ScottK> rhineheart_m: I'm a core-dev, yes.
[13:36]  * ScottK is not a Canonical employee, however.
[13:37] <rhineheart_m> ScottK: That's great!  Are you the founder of this channel?
[13:37] <ScottK> Not at all.
[13:39] <rhineheart_m> ScottK: where can the ubuntu headquarters be located?
[13:39] <mralphabet> rhineheart_m: there is a wiki page about the server team (and a page for all the ubuntu teams) if you are looking for some history.
[13:39] <ScottK> Ubuntu developers are from all over the world.
[13:41] <rhineheart_m> what's the correct pronunciation of ubuntu? is it yubuntu or obunto?
[13:42] <henkjan> obunto afaik
[13:42] <mralphabet> ewwbuntu
[13:43] <rhineheart_m> the final one please.. what's the right one?
[13:48] <ScottK> Dear zul: Please abandon your obsolete dependency on python-xml in xen-3.2.  Please see Bug 199014 for details.  kthnkxbye.
[13:48] <ubotu> Launchpad bug 199014 in eric "python-xml removal: please drop/replace (build) dependencies" [Medium,In progress] https://launchpad.net/bugs/199014
[13:48] <zul> Dear ScottK: okiely dokiely kthnkxbye
[14:33] <Rayn> Hey all, any solutions for mysql overflowing varrun?
[14:35] <henkjan> what do you mean?
[14:35] <Rayn> the binary logs on my slave are filling /var/run/mysqld and creating problems
[14:35] <henkjan> are you using mysql replication?
[14:36] <henkjan> no? then disable binary logging
[14:36] <Rayn> the server only has 2G of ram and that's quickly filled with the amount of activity I get
[14:36] <Rayn> yeah I am
[14:36] <Rayn> and these are the slave logs anyway, not the master logs
[14:37] <Rayn> I suppose it's only a problem for as long as the slave is behind the master, they'd be purged as soon as they're done with, maybe if I decrease the size of the logs that would help, but still, putting this stuff in a ramdisk seems like a bad idea
[15:29] <zul> there ebox uploaded to universe so now we just sit and wait
[15:29] <sommer> party!
[15:49] <brewmaster> i'm having trouble connecting to my local apache webserver from the internet
[15:49] <brewmaster> not sure what's wrong, i have my router forwarding port 80 to the proper machine...
[15:50] <brewmaster> is there any setting i'm missing on the server machine to allow connections on port 80?
[15:50] <brewmaster> a telnet IP_ADDRESS 80 yields "connection timed out"
[15:50] <Rayn> can you load it ok internally?
[15:52] <Rayn> if so, then it's your router
[15:52] <brewmaster> yeah, internally it's fine
[15:52] <brewmaster> it's odd with my router...
[15:53] <brewmaster> I forward SVN requests the same way
[15:53] <brewmaster> works fine
[15:53] <Rayn> huh, must be something you missed in the config
[15:53] <brewmaster> i have a linksys wrt54g for what that's worth
[15:53] <Rayn> are you using the openwrt stuff?
[15:53] <brewmaster> router config or server config
[15:53] <brewmaster> openwrt?
[15:53] <brewmaster> never heard of it
[15:54] <Rayn> on the router, guess not :) it's a linux implementation for linksys wrt54g's
[15:54] <Rayn> there's a really nice version I use at home.. lemme see if I can find it for you
[15:55] <Rayn> ah, http://x-wrt.org/ but you need to check your serial against this list before you can know if you can use it http://wiki.openwrt.org/TableOfHardware
[15:56] <Rayn> otherwise, you're stuck with linksys's OS, which is ok I guess :)
[15:56] <brewmaster> hmm
[15:56] <mruiz> hi all
[15:56] <brewmaster> i'm at work
[15:56] <brewmaster> worried that I'll take down the net for everyone...
[15:56] <Rayn> heh, yeah better to do that while it's not busy
[15:59] <brewmaster> is there anyway to tell it my connection attempt actually gets to the machine?
[15:59] <brewmaster> or can i safely assume it doesn't (connection timed out)?
[16:00] <mathiaz> mruiz: hi !
[16:01] <mathiaz> brewmaster: are you sure that your ISP doesn't block port 80 ?
[16:01] <Rayn> brewmaster: you can watch netstat, it should show some kind of connection
[16:01] <Rayn> mathiaz: also a good point
[16:02] <Rayn> brewmaster: 'netstat -na|grep 80|grep tcp' will list http connections
[16:02] <brewmaster> mathiaz, i think you're right
[16:03] <brewmaster> i guess i'll try on a different port in apache?
[16:03] <mathiaz> brewmaster: you could setup your router to forward port 8080 to your server port 80
[16:03] <brewmaster> ah
[16:03] <brewmaster> good call
[16:03] <brewmaster> lemme try
[16:03] <mathiaz> brewmaster: and then connect to http://router_ip:8080/
[16:05] <Rayn> 8080 is occasionally blocked too, as is 81 if you're especially unlucky
[16:06] <henkjan> hmm, sun asking why we didnt order an 5120 in stead of t1000 for ubuntu release
[16:06] <henkjan> this might getting interesting
[16:07] <Rayn> oh that reminds me of a question: is there a java for ubuntu/sparc?
[16:08] <Rayn> a sun-java I mean, I don't think gcj will cut it
[16:08] <brewmaster> can i use some arbitrary port?
[16:08] <brewmaster> 5167 or something?
[16:08] <Rayn> brewmaster: sure
[16:08] <brewmaster> so for forwarding on my router, it's 5167 to 80?
[16:08] <brewmaster> or the other way around?
[16:08] <Rayn> first way
[16:09] <Rayn> if it doesn't work try it the other way ;)
[16:09] <brewmaster> damn router
[16:09] <brewmaster> automatically switches them around...
[16:09] <Rayn> and if that doesn't work still, you can have apache listen on that port internally too
[16:10] <brewmaster> yeah
[16:10] <brewmaster> that was my next question :)
[16:10] <brewmaster> apache2.conf?
[16:10] <brewmaster> or the site's file?
[16:10] <Rayn> ports.conf, add a Listen 5167 at the end
[16:11] <Rayn> unless you've got Listen statements somewhere else
[16:12] <brewmaster> okay
[16:12] <brewmaster> sec
[16:15] <brewmaster> awesome
[16:15] <brewmaster> works
[16:15] <brewmaster> (i think)
[16:15] <brewmaster> telnet connects
[16:15] <brewmaster> so I assume it's all good
[16:15] <brewmaster> famous last words
[16:15] <Rayn> hehe
[16:15] <brewmaster> thanks a lot
[16:16] <Rayn> np, enjoy
[16:16] <brewmaster> now my boss can connect to trac and see my little progress ;)
[16:16] <zul> mathiaz: samba patch from last night applied
[16:16] <Rayn> brewmaster: careful giving too many measurements to management, if they slip even a little you'll catch hell about it ;)
[16:18] <brewmaster> rayn, i'm not too worried
[16:18] <brewmaster> small company
[16:18] <brewmaster> i'm the only tech guy
[16:18] <brewmaster> and i manage so many different things that i'd be hard to replace
[16:19] <brewmaster> php, mysql, trac, svn, css, javascript, linux server admin, etc.
[16:20] <brewmaster> if i ever catch hell: "rm -rf /" is the answer :)
[16:21] <Rayn> hehe right on
[16:21] <Rayn> I'm in the same position, but I still hear about it when the numbers slip ;)
[16:24] <methods> whats that program that you use to make sure links are in place for startup scripts ?
[16:24] <Rayn> I use sysv-rc-conf, but it's an addon and I'm not sure what the reccomended one is
[16:24] <Rayn> but it's in apt
[16:25] <henkjan> update-rc.d
[16:26] <Nicke> (probably missing something obvious): Where do I configure postgresql? I have the package installed, but /etc/postgresql/ is empty
[16:28] <Nicke> (this is on hardy, btw)
[16:28] <sommer> Nicke: should be /etc/postgresql/8.3
[16:31] <Nicke> sommer: Well, /etc/postgresql/ is completely empty for me...
[16:31] <sommer> which postgresql packages do you have installed?
[16:32] <lamont> ScottK: gutsty???? :-)
[16:32] <Nicke> atleast postgresql, postgresql-8.3 and postgresql-common
[16:33] <sommer> Nicke: and there weren't any errors when you installed them?
[16:33] <Nicke> sommer: Not that I know, I used the tasksel in the installer
[16:33] <Nicke> I can try to reinstall them ofcourse..
[16:33] <sommer> Nicke: what's the output of dpkg -l | grep postgres
[16:35] <Nicke> sommer: http://paste.ubuntu.com/5364/
[16:37] <sommer> Nicke: looks good to me... you might try reinstalling, I guess
[16:37] <Nicke> sommer: Then I will try that, thanks : ) Just got a bit confused since this if my first time dealing with postgres
[16:37] <Nicke> is*
[16:38] <Nicke> (and the init script just exists silently, but not starting any daemon)
[16:38] <sommer> Nicke: np, there should be a /etc/postgresql/8.3/main directory with the config files
[16:38] <sommer> but for whatever reason you don't have one ;-)
[16:39] <sommer> I haven't done the tasksel for postgresql on hardy yet, but apt-get install postgresql has worked for me
[16:40] <Nicke> sommer: Yeah, reinstalling gave me the config files and a running server.. thanks again : )
[16:40] <sommer> welcome
[16:42] <ScottK> lamont: I uploaded a source backport for gutsy to switch back to libdb4.3 and avoid the whole main/universe problem
[16:42] <lamont> ScottK: yeah
[16:50] <mathiaz> soren: is it possible to grow a gcow2 file ?
[17:13] <soren> mathiaz: Hm.. It should be.
[17:15] <soren> mathiaz: I'm not sure how, though.
[17:15] <mathiaz> soren: I'm trying to figure out if I should gcow2 files or lv for my vms.
[17:15] <mathiaz> soren: I can easily grow lv
[17:16] <soren> Well, the beauty of qcow2 files is that you can create them at any size you want. They just grow as you use the space.
[17:16] <mathiaz> soren: now I wonder if I could resize the root filesystem of a vm
[17:16] <soren> mathiaz: Depends on your filesystem inside the vm.
[17:16] <mathiaz> soren: right
[17:17] <mathiaz> soren: IIRC there is a max size set for each gcow2 file
[17:17] <mathiaz> soren: I think online resizing of ext3 is support now, in hardy
[17:18] <mathiaz> soren: does ubuntu-vm-builder support lv ?
[17:19] <soren> mathiaz: I don't understand the question, I think.
[17:19] <soren> keescook: danpb's patch is fine. Please apply.
[17:20] <soren> mathiaz: I'm not familiar with an upper limit of qcow2 images.
[17:20] <soren> That does not mean there isn't one, though :)
[17:21] <mathiaz> soren: Is it possible to say that the root.gcow2 file shouldn't be bigger than 2Gb ?
[17:22] <soren> mathiaz: Sure. --rootsize
[17:22] <mathiaz> soren: ok.
[17:23] <mathiaz> soren:  so it seems that gcow2 files and logical volumes provide the same functionalities.
[17:24] <soren> mathiaz: lv's give slightly better performance, but need to be allocated ahead of time.
[17:25] <mathiaz> soren: ok. If you use --rootsize for gcow2, you'd also allocate ahead of time - in the sense you'd set a limit to the gcow2 file
[17:26] <soren> mathiaz: Right. But that could by a million TB and then you wouldn't need to worry about resizing. Ever.
[17:26] <mathiaz> soren: Right - I'm actually thinking about setting limits to the root devices.
[17:27] <soren> Alright.
[17:27] <mathiaz> soren: think about hosting provides with VPS
[17:27] <soren> Oh.
[17:27] <soren> Yeah, then you probably want LV's.
[17:28] <mathiaz> soren: you sell a package with only 4 Gb of space
[17:28] <mathiaz> soren: and you want to make sure it won't grow to more than that
[17:28] <mathiaz> soren: and when a customer upgrades a plan, you can just add more space and resize the root fs online if possible
[17:28] <soren> Right.
[17:29] <mathiaz> soren: it seems that both lvs and gcow2 can be used in that scenario
[17:30] <soren> YEah, but you don't want to shove 10 qcow2's with a max size of 4GB onto a 20 GB partition just to "save space" to begin with.
[17:30] <soren> If the qcow2 can't grow, it's not pretty.
[17:30] <soren> and then there's no point in using qcows.
[17:58] <keescook> morning
[17:58] <zul> morning keescook
[17:58]  * keescook waves
[18:02] <jdstrand> hi keescook!
[18:03] <jdstrand> keescook: when you get a chance can you look at bug #199181
[18:03] <ubotu> Launchpad bug 199181 in ubuntu-dev-tools "mk-sbuild-lvm should provide --personailty option" [Undecided,In progress] https://launchpad.net/bugs/199181
[18:10] <mathiaz> soren: I've generated a qcow2 file with ubuntu-vm-builder. However when I boot it using libvirt, I get a grub shell
[18:11] <keescook> zul: the diff you sent (Qeny?) is based on danpb or ian's patch?
[18:11] <zul> danpb
[18:12] <keescook> zul: sweet
[18:20] <sommer>  
[18:20] <sommer> woops
[18:27] <keescook> soren: in vmware I can click 'suspend VM' and reboot my host, then unsuspend a VM.  is there anything like that for kvm?
[18:33] <soren> keescook: Yeah, it's called save.
[18:34] <soren> I'm running out now, but I'll be back later to help out.
[18:34] <soren> keescook: Don't use save now.
[18:34] <soren> It'll hang the process.
[18:34] <soren> You need an updated kernel modules.
[18:34]  * soren runs
[19:02] <AtomicSpark> protip: if you can't ssh into your KVM virtual server, install openssh.
[19:03] <good_dan1> okay i just moved one virtual machine to a new host and now its saying it doesnt have a network card
[19:07] <AtomicSpark> what vm software?
[19:07] <good_dana> microsoft virtual server 2005 r2
[19:08] <good_dana> it was working on a different host machine with the same configuration
[19:09] <AtomicSpark> ...
[19:10] <AtomicSpark> i've never used it. i recommend you vmware server though.
[19:10] <mathiaz> good_dana: the mac address of the network card has probably changed.
[19:10] <mathiaz> good_dana: check in /etc/udev/rules.d/70-persistent-net.rules
[19:11] <good_dana> the mac has definitely changed because it was bound to the physical network card of the old host machine
[19:13] <good_dana> and etc/udev/rules.d/70-persistant-net.rules doesnt exist
[19:14] <mathiaz> good_dana: which version of ubuntu are you running in the vm ?
[19:14] <good_dana> 6.06
[19:14] <good_dana> LTS
[19:25] <AtomicSpark> !paste
[19:25] <ubotu> pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu-nl.org (make sure you give us the URL for your paste - see also the channel topic)
[19:26] <AtomicSpark> I set up a DHCP and DNS server a few days ago, and now my xp hosts can't see eachother in the same workgroup. My DCHP file is here: http://paste.ubuntu-nl.org/58661/
[19:27] <AtomicSpark> My instructor said that I needed to enable netbios option 2, to get them to broadcast. What do you think?
[19:31] <good_dana> AtomicSpark: are you trying to ping via name or ip?
[19:32] <AtomicSpark> It's when I use network neighborhood to browse for network shares or printers. None display after server install.
[19:36] <AtomicSpark> I was using my router for DHCP before.
[19:39] <mruiz> hey zul
[19:39] <zul> hi mralphabet
[19:39] <zul> grr..mruiz
[19:41] <mruiz> I started to work on libdb transition. mathiaz sponsored my work on nss-updatedb and I want to continue :-)
[19:43] <zul> ok sounds great!
[19:43] <mathiaz> mruiz: could you also forward your patch to debian ?
[19:44] <mathiaz> mruiz: don't forward the debdiff as it is.
[19:48] <ScottK> Just keep in mind if it's a ruby related on that Debian doesn't have libdb4.6-ruby.
[19:49] <zul> ruby has been taken care of
[19:49] <zul> kind of...
[19:49] <mruiz> zul, I want to work on reprepro. Which packages are you working on?
[19:49] <zul> the ones listed on the wiki are the ones im not working on
[19:54] <mruiz> zul, ok
[19:54] <mruiz> mathiaz, how is the procedure to forward the patch to debian?
[20:00] <Rayn> hey, anyone with experience PXE installing ubuntu server? Do you know if it communicates via serial ok?
[20:02] <good_dana> Rayn: you're going to transfer an install over serial?
[20:02] <good_dana> that seems like a bad idea
[20:03] <Rayn> good_dana: no, just communicate with the installer via that
[20:03] <Rayn> good_dana: I don't fancy sitting in this datacenter for hours, and I don't have KVM to these machines
[20:03] <Rayn> but I do have serial
[20:03] <good_dana> so you're just going to use console redirection? that should work fine
[20:04] <Rayn> ok cool, just making sure before I leave here :)
[20:04] <Rayn> thanks
[20:04] <good_dana> good luck
[20:05] <Rayn> thanks
[20:51] <mathiaz> Rayn: have a look in the netboot directory on the ubuntu-server iso - there is a example file for pxelinux.cfg with serial console enabled.
[20:52] <mathiaz> Rayn: use the following parameter on the kernel command line: -- console=ttyS0,9600n8
[20:52] <mathiaz> mruiz: Have a look at http://www.debian.org/Bugs/ to see how to report bugs in Debian
[20:53] <mathiaz> mruiz: have also a look at https://wiki.ubuntu.com/Bugs/ReportingToDebian
[20:53] <mruiz> thanks mathiaz
[21:18] <soulc> yo
[21:18] <soulc> ah
[21:19] <soulc> I need some help limiting a user from logging in
[21:19] <soulc> via ssh
[21:19] <Nafallo> DenyUsers IIRC
[21:19] <Nafallo> check man sshd_config
[21:19] <soulc> thanks
[21:25] <owh> faulkes-: Ping
[21:38] <soulc> ok I screwed up and left a user account with an eazy password
[21:39] <soulc> someone logged in and installed wzd
[21:39] <soulc> I need help quick to reinstall screen, ssh
[21:55] <mindframe-> soulc, what
[21:55] <mindframe-> what's wzd?
[21:55] <soulc> http://blackpearl.drivehq.com/wzd.tgz
[21:55] <soulc> that is what they dl'd
[21:58] <soulc> I hate hacker a**holes
[21:58] <mindframe-> looks like you need to redo your whole box
[21:58] <mindframe-> backup the essentials and reinstall
[21:58] <soulc> well screen wasn't installed
[22:00] <mindframe-> it just looks like an ssh brute force script
[22:00] <mindframe-> he was probly using your host for scanning others for some amount of time
[22:00] <mindframe-> when did the compromise occur?
[22:00] <soulc> http://paste.ubuntu-nl.org/58680/
[22:00] <soulc> today
[22:01] <soulc> I restarted and restricted user blog
[22:01] <mindframe-> how secure are the passwords for the other accounts on the box/
[22:01] <soulc> very
[22:02] <owh> If a user has gained unauthorised access you need to assume that they gained further access. Just locking out one user is unlikely to be enough.
[22:02] <mindframe-> what owh said
[22:02] <soulc> shit
[22:02] <soulc> shit shit
[22:02] <soulc> shit
[22:02] <owh> Depending on what your intentions are, I'd personally start with disconnecting it from the 'net.
[22:04] <owh> For starters, don't panic, it's already happened, take a breath and talk through the process first.
[22:04] <owh> Do you have a full system back up?
[22:04] <soulc> yeah but I got stuff all set and now I have to start over
[22:04] <soulc> no
[22:04] <owh> How much data is on the server?
[22:05] <soulc> but this guy was stupid enough not to 0 out the bash_history file
[22:05] <soulc> webserver it is personal not a production server by no means
[22:05] <mindframe-> he could have a backdoor installed :)
[22:05] <owh> Perhaps so, perhaps not. It's possible that they left that for you to find. Using the 'blog' user lock out as a trip.
[22:05] <ScottK> soulc: Then definitely nuke it.
[22:06] <ScottK> Since it's not in production.
[22:06] <soulc> crap
[22:06] <owh> Oh, it's not in production?
[22:06] <soulc> no this is my own thing..... in my house
[22:06] <mindframe-> tuh oh
[22:06] <ScottK> soulc: Just suck it up and do it.
[22:07] <soulc> arg!
[22:07] <mindframe-> soulc, might want to check any other boxes you have there for intrusion
[22:07] <mindframe-> fire up wireshark on everything and watch
[22:07] <owh> Then learn from your mistake, don't do it again, start from scratch. If you documented what you did to build the machine then re-creating it might not be so complicated.
[22:08] <owh> I agree with mindframe-, there is an opportunity for an unauthorised user to gain further access to other systems in your network.
[22:08] <owh> It's also possible that you only detected the login much later than it really happened.
[22:08] <mindframe-> correct
[22:08] <soulc> 2 win xp boxes and this ubuntu desktop
[22:08] <mindframe-> soulc, are those xp boxes fully patched?
[22:08] <owh> (Depending on when you built the server.)
[22:08] <soulc> yeah
[22:09] <owh> Security is a process, not a thing.
[22:09] <mindframe-> are there any remote login services with weak passwords on those boxes?
[22:09] <soulc> don't really know
[22:09] <owh> Things like guest level file sharing etc.
[22:13] <soulc> no that is off
[22:13] <mindframe-> soulc, a couple of tips for internet ssh hosting: use AllowUsers to restrict logins to certain users, run sshd on a high, non standard port, use pubkey authentication if possible
[22:13] <owh> I have a daily cron job that isn't running for some unfathomable reason. If I run the script from a terminal, it all works as expected. The script permissions are the same as the others in the cron.daily, the script name is vmware-backup. Until yesterday it was marked as #!/bin/bash, but all the others were #!/bin/sh, so even after changing that it still doesn't run. Ideas?
[22:14]  * Nafallo never use non-standard ports :-)
[22:14]  * owh neither.
[22:15] <mindframe-> well it keeps the kiddies from even finding your ssh port.  they usually dont scan 1-65535
[22:15] <owh> :)
[22:15] <soulc> yeah
[22:15] <mindframe-> of course you should have an IPS of some sort that blocks after a certain number of failures
[22:16] <soulc> so allowusers restricts to the ones listed?
[22:16] <mindframe-> yes
[22:16] <soulc> better that denyusers
[22:16] <Nafallo> there is also allowgroups if that would be more simple.
[22:16] <soulc> too broad
[22:17] <soulc> only 1 or 2 ppl have access to my server
[22:17] <soulc> I installed fail2ban but nothing has been baned
[22:17] <owh> soulc: No, you add users to the "ssh-allowed" (or what ever you decide to call it) group, then allow that group to ssh in. It gives you control by adding and removing users from a group without needing to change configuration files.
[22:17] <mindframe-> soulc, just out of curiosity... will you run chkrootkit and rkhunter on that box to see if they detect anything?
[22:17] <mindframe-> chkrootkit and rkhunter can be installed via apt-get
[22:18] <soulc> ok
[22:19] <soulc> did you look at the bash_history file?
[22:19] <soulc> http://paste.ubuntu-nl.org/58680/
[22:19] <mindframe-> yes
[22:20] <mindframe-> like owh said they could have left what they wanted you to see
[22:20] <soulc> true
[22:20] <owh> Just because it's there doesn't mean it's real.
[22:20] <soulc> ok
[22:21] <mindframe-> that copy of screen could be modified to create a tunnel to a system he runs and he could still have control
[22:22] <mindframe-> soulc: what ip address was the connection made from?
[22:23] <owh> keescook: ping
[22:26] <keescook> owh: hi!  I saw your new debdiff -- it looks good.  due to the alpha6 freeze I can't upload it until friday, but it's on my list of things to do tomorrow.  :)
[22:26] <owh> Cool, just checking :)
[22:27] <soulc> yeah can't use apt-get anymore
[22:27] <owh> nijaba: Had a discussion yesterday with faulkes- about the survey. Have you got some time to talk?
[22:27] <mindframe-> heh
[22:27] <mindframe-> fry that installation asap
[22:27] <soulc> 58.61.157.6
[22:27] <nijaba> owh: yes, I spoke with him for an hour today
[22:28] <owh> soulc: Is that because it's no longer connected to the net perhaps?
[22:28] <owh> nijaba: PM?
[22:28] <soulc> nope
[22:28] <nijaba> owh: this morning (EST)
[22:28] <soulc> it my be a bad dvd ron but I doubt it
[22:28] <soulc> er rom
[22:29] <owh> nijaba: I started making a very rough categorisation of the questions and emailed it to him. I'll send you a copy.
[22:29] <soulc> what is razor-agent.log
[22:29] <mindframe-> soulc: seriously disconnect it and do the forensics if youre interested...  it could be sending incriminating malicious traffic all over the net as you sit there.
[22:30] <soulc> ok
[22:30] <nijaba> owh: ok please do
[22:30] <soulc>  /root/.pyzor/servers contents 82.94.255.100:24441
[22:31] <mindframe-> oh yeah
[22:31] <mindframe-> he got you good
[22:32] <soulc> what is that?
[22:32] <mindframe-> pyzor is something for spam filtering.  should it be there?
[22:32] <owh> nijaba: You should have two emails shortly.
[22:33] <soulc> yeah I am running a spam fliter
[22:33] <soulc> works great
[22:33] <nijaba> owh: got them, thanks
[22:33] <owh> nijaba: I added an extra column to the questions.
[22:34] <owh> soulc: That IP address belongs to XS4ALL Internet in Holland.
[22:35] <soulc> which?
[22:35] <owh> Uh, s/Holland/The Netherlands/ (or if you prefer, Nederland)
[22:35] <owh> soulc: 82.94.255.100
[22:35] <owh> soulc: Likely another compromised machine.
[22:35] <mindframe-> nothing on dshield about either of those
[22:35] <soulc> how about 58.61.157.6
[22:36] <nijaba> owh: ok, I see.  Thanks :)
[22:36] <owh> soulc: CHINANET Guangdong province network
[22:36] <mindframe-> what a surprise
[22:36] <owh> :)
[22:37] <owh> nijaba: I'm sure we can clean up the categories I suggested, but the idea is that questions of the same category are asked at the same time.
[22:37] <soulc> why do you say that?
[22:38] <owh> soulc: You need to preface your responses with someone's nick, otherwise we'll have no idea what you're talking about or to whom.
[22:38] <mindframe-> soulc, china is one of the most common sources for malicious traffic
[22:38] <soulc> ha ha hah a ok
[22:38] <owh> mindframe-: Before or after the USA :)
[22:39] <soulc> mindframe oh really I didn't know that
[22:39] <mindframe-> before i think
[22:39] <mindframe-> usa has all the botnets
[22:39] <mindframe-> or thats where they run
[22:39] <mindframe-> heh
[22:40] <soulc> ok mindframe I finally got those root kit apts to install it is the rom that is flaky
[22:40] <mindframe-> ah
[22:40] <mindframe-> comment out that junk :)
[22:41] <mindframe-> soulc: those will only detect known rootkits... just curious if they will detect anything because ive never gotten a positive detection
[22:41] <soulc> where do I look for rkhunter's log?
[22:42] <soulc> got it
[22:44] <owh> nijaba: So, what do you think about the categories?
[22:44] <mindframe-> owh: i know a bunch of people who filter all traffic from china since they dont conduct business with them
[22:45] <owh> mindframe-: I understand the sentiment, but ultimately it's futile. All it does is encourage traffic to be routed via an alternative - non-blocked - route.
[22:46] <soulc> ok so rkhunter should have been installed at setup
[22:46] <mindframe-> soulc i think you need to run it
[22:46] <soulc> and chkrootkit comes back all not infected
[22:47] <mindframe-> rkhunter --update && rkhunter --check
[22:47] <owh> soulc: Standard Operating Procedure is to visit /usr/share/doc/{package} and RTFM.
[22:47] <mindframe-> rkhunter puts an entry in cron to check once a day
[22:48] <owh> soulc: If that fails, "man {package}" and RTFM.
[22:48] <owh> soulc: If that fails, Google is your friend :)
[22:48] <soulc> pretty much learn as I go type not too good in reading something and interpeting it
[22:48] <owh> soulc: Well, if you're going to administer a server then you're going to have to hone your reading/interpretation skills.
[22:49] <owh> soulc: Learn as you type is a good recipe for disaster.
[22:49] <soulc> owh: this is "my" server I don't get paid
[22:50] <soulc> believe that if I was working at this I would have tested and had others review before the box was put into production
[22:50] <owh> soulc: It's not about who "owns" the server or if you get paid, it's about procedures and methodology. At some point you're going to be fiddling on a server owned by someone else. If you learn as you type, it could cost lots of money.
[22:51] <soulc> true
[22:51] <owh> soulc: If you use the learn as you type method, then you're not working in any structured process. A review by a peer is extremely likely to miss something. Which is why there is the Ubuntu/Debian way of doing stuff.
[22:52] <soulc> ok I have had an fc server for years and no problems because I had been a rh user and knew how that worked
[22:52] <Nafallo> also, people get spammed even from home servers
[22:52] <soulc> I switched to Ubuntu cause I didn't want to install EVERYTHING when setting up a server
[22:53] <owh> soulc: Just because it worked, doesn't mean it will continue to. Let me give you an actual example.
[22:53] <good_dana> owh: i think you mis-read what soulc had typed he said he is the type of person to "learn he goes" not "learn as he type[s]"
[22:53] <soulc> thanks gd
[22:55] <owh> soulc: One of my colleagues was building an application which controlled a container crane in Rotterdam harbour. It used a Novell file-server to store data. I asked him what would happen if the Novell server ran out of disk space. He never thought of the problem. There was no process in place to even contemplate such an issue - this is in 1989.
[22:55] <owh> good_dana: Yes, I did misread that.
[22:55] <soulc> how do I refresh the paste webpage to get a clear page I always have to backspace over the id number then reload
[22:56] <soulc> owh that was when 80 meg was all you would ever need for storage space...|-)
[22:57] <Nafallo> hehehehe
[22:57] <owh> soulc: In the above example, my point is that if there is a procedure to do something, then follow that procedure. If you don't like the procedure, write a new one, then use that. I realise that sounds pretty anal, but then it means that clients don't loose data as a result of your negligence.
[22:58] <owh> soulc: 80 meg, try 20.
[22:58] <Nafallo> hmm
[22:58] <soulc> yeah I was referencing my first hd
[22:58] <soulc> 1991
[22:58] <Nafallo> think I still have one of those harddrives in storage somewhere...
[22:58] <owh> soulc: Three years is a long time in storage systems :)
[22:59] <soulc> yeah in 3 years we maybe using ss hd's
[22:59] <owh> soulc: No "maybe" about it.
[22:59] <soulc> chkrootkit output http://paste.ubuntu-nl.org/58693/
[22:59] <Nafallo> ah
[22:59] <Nafallo> ssd
[23:00] <soulc> well for me price will have something to do with it
[23:03] <owh> soulc: I visited the IBM Almaden research centre in 1997 and at the time we discussed the difference between HDD and SSD. At the time, all the technology was in the HDD head and in the SSD cells. We postulated that over time we would see more and more processing on the HDD platter which had already begun at the time. We postulated that it would reach a point where the processing on the platter would be analogous to the process
[23:03] <soulc> wow rkhunter is quite extensive
[23:08] <owh> Meanwhile, anyone got any suggestions on how to track down a cron.daily job that isn't running. run-parts --test shows my script as going to be run, but it never is.
[23:08] <owh> The syslog shows the entry for cron.daily.
[23:08] <owh> Hmm, I wonder if the other jobs run.
[23:12] <soulc> the only thing in rkhunter is http://paste.ubuntu-nl.org/58694/
[23:14] <owh> Well well well. On a standard ubuntu-server install, it appears that cron.daily isn't running.
[23:14] <soulc> -rw-r--r-- 1 root root   0 2008-03-06 16:12 \x2fdevices\x2fpci0000:00\x2f0000:00:01.0
[23:14] <soulc> ha ha ha
[23:16] <soulc> drwxr-xr-x  2 root    root          60 2008-03-06 16:12 .initramfs
[23:16] <soulc> is this something that is created at boot?  I rebooted the system at this time
[23:21] <soulc> ok well thanks for you help I guess I need to start working again
[23:22] <mruiz> bye ...
[23:28] <mathiaz> owh: which release ?
[23:29] <owh> mathiaz: gutsy
[23:30] <owh> mathiaz: I've determined that hour/weekly/monthly *appear* to be running properly.
[23:30] <mathiaz> owh: you've got nothing mailed to root ?
[23:30] <owh> mathiaz: None of the daily ones run at all.
[23:30] <owh> mathiaz: I'll have a squiz.
[23:30] <mathiaz> owh: see bug 164281
[23:30] <mathiaz> owh: see bug 194281
[23:30] <ubotu> Launchpad bug 194281 in apt "/etc/cron.daily/apt uses gconftool" [Medium,Fix released] https://launchpad.net/bugs/194281
[23:31] <mathiaz> owh: although it may only apply to hardy
[23:31] <owh> mathiaz: No mail on the system that I could find.
[23:34] <mathiaz> owh: do you have specific cron jobs in cron.daily ?
[23:34] <owh> mathiaz: The standard ones and a vmware-backup script.
[23:34] <owh> mathiaz: That patch appears to patch /etc/cron.daily/apt
[23:34] <owh> mathiaz: I don't have that code in that file.
[23:34] <owh> s/have/appear to have/
[23:35] <mathiaz> owh: yes - that's what I thought - it's only a problem with hardy
[23:35] <mathiaz> owh: if you remove vmware-backup, does it run ?
[23:35] <owh> mathiaz: As far as I can tell, they've never run at all, even before the vmware-backup script was installed.
[23:36] <owh> mathiaz: As in, I'm not seeing rotated logs or apt time stamps.
[23:37] <owh> mathiaz: It's possible that it's related to the vmware-backup script being installed, but until yesterday it was a sym-link, which I replaced with a hard-link yesterday. I suspected that the sym-link would never run at all.
[23:38] <owh> mathiaz: Hmm, a run-parts --test picks up the sym-link with no problems.
[23:39] <owh> mathiaz: Would you expect no scripts to run if one fails?
[23:41] <mathiaz> owh: it seems that if one script fails, then the ones that should follow aren't run.
[23:42] <owh> mathiaz: I understood it to be in alphabetical order. If that's true, then this is the last script to run.
[23:43] <owh> mathiaz: Yeah, the man page says: Files are run in the lexical sort  order  of  their  names
[23:46] <owh> mathiaz: I suppose I can remove the vmware-backup script and check again tomorrow. That will at least tell us if it's caused by my script :(
[23:46] <mathiaz> owh: well - I don't think so.
[23:47] <mathiaz> owh: I'd make sure that the mail system is setup correctly
[23:47] <owh> mathiaz: That makes two of us, but stranger things have happened.
[23:47] <mathiaz> owh: and then setup the cronjob to mail output to root and specific user
[23:47] <owh> mathiaz: Even if it isn't then why are all the other jobs running normally?
[23:48] <mathiaz> owh: may be on the cron job in daily fails
[23:48] <mathiaz> owh: but the cron job is not in weekly or monthly
[23:49] <owh> mathiaz: Hmm.
[23:51] <owh> mathiaz: The only thing in your argument that is possible is that if output is generated it barfs. Seeing that my vmware-backup script is pretty chatty, that's possible. I'm still unsure why other daily jobs wouldn't run though.
[23:53] <mathiaz> owh: if output is generated, it should be mailed to root by default
[23:53] <mathiaz> owh: and root is aliased to the user created during the install
[23:54] <owh> mathiaz: pHONE
[23:58] <owh> mathiaz: This was a standard gutsy server install. I don't recall answering any Debian-like questions about email. I looked in /var/spool/mail/* and found nothing.
[23:59] <mathiaz> owh: did you install an mail server on it ?
[23:59] <owh> mathiaz: Nope.
[23:59] <mathiaz> owh: hum - that's why the output of the cronjobs are not available