[00:00] mathiaz: what do you mean with * Reloading web server config apache2 5904 OK after doing the given tutorial? === c_schmitz is now known as c_schmitz|away [00:13] soren: xen-utils has the qemu bits [00:32] after setting up raid 1, my computer no longer boots. it hangs for a while, resumes and then dumps to (initramfs). my system worked fine with raid set up but not mirroring. last night i did "mdadm /dev/md1 -G -n 2" or order to get it mirror. That's all i did. now it doesn't boot. any help? [00:33] also added the mirror drives with "mdadm --add /dev/md1 /dev/sdb2" [00:35] if i try to exit busybox I get "target filesystem doesn't have /sbin/init" [00:35] is it possible to set SSL redirection to local IP using apache2? Example.. the router can be accessed at this add: 192.168.1.20..can I configure apache2 modSSL to allow redirection to local 192.168.1.20? [01:00] Someone who's in Canada go wake up zul so he can upload ebox. [01:02] depends where zul is and how much you're gonna pay me ;) [01:02] zul in mtl? [01:08] ScottK: there is always tomorrow [01:09] heh [01:09] zul: where in .ca? [01:09] ottawa [01:09] ah [01:09] toronto here, well, outside of toronto, but still [01:36] ah how unfortunate ;) [01:41] can anyone here recommend commodo firewall for ubuntu server ed gutsy? [01:50] zul: I was thinking it'd be cool to be able to tout ebox in the alpha 6 release notes. [02:13] I think my server may have been compromised but I can not take it offline immediately to reinstall. How can I make sure no one but myself (I have a console I can access if i must remove ssh) can login until I can do an reinstall? [02:13] If it's been seriously compromised you can't. [02:14] what if you changed the shell option for users in /etc/passwd? [02:14] im not sure how seriously but i wont be able to reinstall for a day or so and at least want to minimize anything i can [02:15] well, i only had 1 becides myself and it was actually set to root (which im not sure if i did that a LONG time ago and just forgot or not) [02:15] you could also monitor for proceses that shouldn't be there [02:16] not 100% fool proof though [02:17] ugh [02:17] stupid hackers [02:17] zul: heh [02:19] slide23: determine the vector by which you were comprimised, seal it off, that isn't a garrauntee of other things but it's a start [02:19] depending what or who, it could be something as simple as a bot exploit [02:19] i think it was probably a forum exploit that got them in [02:20] then it is likely just a bot [02:20] how do i tell, and what is a bot lol [02:21] a bot is just automated software which probes and exploits when it finds a vulnerability, usually adding itself to an irc network [02:21] actually, they had a phising page setup on one of my site [02:21] you could just run tcpdump and look for port 6667 traffic [02:22] yes, but they need a control medium, that is usually done via irc [02:22] ah [02:22] slide23: did you have extra apache processes running? [02:22] so if you aren't irc'ing from the server itself and see port 6667 traffic, that would indicate the general level of infection [02:23] what do you mean extra? [02:23] as it's more virus than actual human at a prompt [02:23] extra as in from a different httpd binary somewhere else in the file system [02:23] how can I tell [02:23] slide23: processes owned by the www-data user, that are not httpd [02:23] Personally I'm still getting over "I think it's compromised, but can't turn it off". [02:23] ps -ef should show the binary path [02:24] ScottK: heh... sometimes it happens [02:24] * ScottK would suggest the long term consequences of having one of your IPs being used for bad stuff probably outweigh whatever short term risks there are with pulling the plug. [02:24] ScottK: have had that happen recently to a box that was 700 clicks from me with no useful DC support [02:24] takes awhile for things like that to get added to lists though, so if he caught it in time [02:24] he should be good [02:25] and the only way he can prevent that, is to track down the attack and figure out what it did [02:26] slide23: look through /var/log/apache2/access.log, heck, even "cat /var/log/apache2/access.log | grep -i bot" [02:27] if that shows up a url, use wget to download a copy of the bot from the url, you can then see what process it think it should hide as and move from there [02:27] usually, this form of attack is against phpbb [02:29] i see tons of google bot and msn bot [02:29] lol [02:29] you were hacked by google! [02:29] lol [02:29] heh [02:30] try grep -i "=bot" instead [02:30] with quotes around the "=bot" [02:30] nope [02:30] nothing now heh [02:30] then you have to look through line by line ;) [02:31] look for anything which includes your url, attempting to call another url [02:32] after setting up raid 1, my computer no longer boots. it hangs for a while, resumes and then dumps to (initramfs). my system worked fine with raid set up but not mirroring. last night i did "mdadm /dev/md1 -G -n 2" or order to get it mirror. That's all i did. now it doesn't boot. any help? [02:32] i.e. /path/to/myphp.file.php?=http://some.server.somewhere.com [02:32] or something like that [02:32] well I also added the mirror drives with "mdadm --add /dev/md1 /dev/sdb2" and goofed up so removed it and then added again. [02:32] again, that is just a common attack vector, it could be something else entirely [02:33] define "goofed up" [02:34] me? [02:34] yep [02:34] by goofed up i did "mdadm --add /dev/md1 /dev/sdb1" when it should have been sdb2 to match [02:35] md1 = sda2 and sdb2 [02:35] so i did mdadm --remove /dev/md1 /dev/sdb1 and then re-added with with sdb2 [02:36] md1 holds the / partition [02:36] my first instinct says to search the official server forum at http://ubuntuforums.org/forumdisplay.php?f=7 as I believe others have had this issue [02:37] I'm not sufficiently versed enough beyond this point to really be of much assistance [02:37] okay. looking... [02:37] any particular keyword a good choice for searching? [02:37] I would search for mdadm (I believe there was a recent post) and also raid [02:38] faulkes: this might be off topic here.. but may I ask you? Do you have background on joomla CMS? [02:38] rhineheart: no, I do not use joomla nor have a background with it [02:39] the last CMS I touched would probably have been drupal and I despised every minute of working with it ;) [02:39] ok i ran chkrootkit and got this, "Checking `bindshell'... INFECTED (PORTS: 465)" [02:40] port 465 is ssl over smtp [02:40] I would check with chrootkit folks to see if it is a known false positive [02:41] as both chrootkit and rkhunter are capable of giving off false positives [02:42] err, smtp over ssl [02:42] I think I just ip over avian carrier'd myself there [02:43] and in the very next step, dated myself incredibly [02:45] of course, if you know your installed mail system in/out, it would also tell you if it's valid or not [02:46] yea no... lol i set it up a long time ago and dont do this as a business just personal [02:46] bbl [02:49] I have scanned the 110 posts that match but none seemed to address my issue (of course I'm not sure what I'm looking for). my system boots to busybox and trying to exit busybox I get "target filesystem doesn't have /sbin/init" [02:49] i found lots googlilng that error but nothing useful yet [02:50] except a suggestion to reinstall udev which i did without effect [02:51] serach for "raid initramfs" then [02:51] as that is particular to your case [02:51] within the forums that is [02:52] searching... [02:55] faulkes: where is wget extracted folder could be found? [02:56] musashi: which server version are you using [02:57] rhineheart: huh? [02:57] I got it.. in the root.. thanks.. m using 7.10 [02:58] it's not a server. just my desktop. i'm running 7.10. installed from alternate cd and set up raid. it wasn't mirroring so i did the mdadm add stuff and finally got it to mirror. i'm betting my problem is because the --remove bit did more than i expected. [03:00] this looks promising but not sure what i need to do http://ubuntuforums.org/showpost.php?p=4012098&postcount=6 [03:07] #ubuntu-desktop may have encountered similar issues before [03:07] however, I also found [03:07] http://ubuntuforums.org/showthread.php?t=651110&highlight=fail+boot+raid+device [03:08] which seems to describe some of what you are seeing but that is about all I can really offer, not having a box to test it out on here right now [03:08] what does this mean "It looks like you may not have loaded the raid1 module in your initramfs. " [03:09] could it have been removed as i was setting it up? it used to boot just fine. [03:10] iirc if you modify your initramfs you need to update-initramfs -u [03:10] well i never modified anything intentionally. i can boot a live cd and try that [03:11] i don't even know what initramfs is [03:12] maybe ram file system? [03:12] initramfs basicly tells the kernel which stuff to load at boot [03:13] so will "sudo update-initramfs -u" update it? [03:13] however, if you can boot off a live cd, I mount and check /etc/fstab /etc/initramfs-tools/modules [03:14] hrmmmm, I smell burnt IC [03:14] * faulkes- eyes his laptop [03:14] oh, literally [03:14] lol [03:15] yeah, i can boot live cd but kind of a pain to get the raid volume to mount [03:15] yes, literally [03:15] this laptop has been dying a slow death the last week [03:15] I have a new one on order [03:16] kb dead, dvd dead, hdd making sqawking noises [03:16] well new computers are always fun [03:16] eh, it'll be nice to have a current machine [03:17] 3x the ram, 5x the drive space, alot more cpu and alot more vram [03:18] I'll get it all sparkly and pretty with desktop effects [03:18] maybe add in some flowers and a throw pillow or two [03:18] okay looking at /etc/initramfs... [03:18] lol [03:18] nothing but commented lines [03:19] commented lines such as #raid0 #raid1? [03:19] yeah [03:19] says #examples: [03:19] # raid1 [03:19] # sd_mod [03:19] and some other stuff before that [03:19] that could possibly be an issue as iirc the -generic kernel isn't built with raid support [03:20] well, i did install from the alternate cd and specifically set up raid at install. i would hope that would cover it [03:20] it was booting fine too [03:20] until i made the changes to get it to mirror [03:21] yes, damnable changes [03:22] what about /etc/fstab [03:22] okay, did the update-initramfs bit. [03:22] do the UUID of the disks match for your raid mirror? [03:23] not sure, how do i check [03:23] cat /etc/fstab? [03:23] update didn't seem to do much [03:23] yes, i'm looking at fstab [03:23] musashi: I'm not sure what output it would give if you ran it, although you would have to make changes to the modules file (such as uncommenting those options) [03:23] but don't know if the uuids are right. it does say /dev/md0 and /dev/md1 and then gives the uuids [03:24] md0 representing which disk? [03:24] or set of disks (as appropriate) or mount point [03:24] md0 is hd0 or sda1 [03:25] i think this is correct as it does start to boot. just errors out later [03:25] I would comment out the raid1 and sd_mod modules in /etc/initramfs-tools/modules and do the update-initramfs -u [03:26] s/comment/uncomment [03:26] then give it a reboot, who knows, might just fix it [03:26] okay, trying [03:27] update says "cat: /proc/cmdline: no such file or directory" mean anything? [03:27] well rebooting. lets see what happens [03:28] no go [03:29] it says md0 stopped and md1 stopped and then hangs [03:29] why is it stopping them [03:33] that would be the $5 mil question, wouldn't it ;) [03:34] well, i was hoping you might have an idea :) [03:35] when it says "stopped" is that the full message it gives? [03:35] before going to busybox it says "trying o resume from /dev/disk/by-uuid" and then no resume, doing normal boot...done. some modprobe lines then cannot read /etc/fstab and some more failed mounts. [03:36] do you have the boot disk mirrored with mdadm? [03:36] yes, but not the boot partition [03:36] just / and /home [03:36] for stopped it just says md0 stopped [03:37] the rest of the info is off screen now. how can i scroll up? [03:37] well, at the point where it says it can't read /etc/fstab, we have an issue already [03:38] probably even before that [03:38] you *do* take regular system backups *don't* you? ;) [03:38] right. i think it's because it's stopping the array and then can't reay anything [03:38] yeah, i have a full backup of /home [03:38] the data is good though [03:38] i can read it from a live cd [03:39] i didn't backup / though [03:39] it's easy to reinstall that [03:41] wow, I feel like I won the lottery, I found a user who takes backups [03:41] lol [03:41] what? doesn't everyone? [03:42] given the lottery feeling, the general answer would probably be no ;) [03:42] the whole point of doing the raid was to give me another backup [03:43] i help on launchpad answers a lot and it seems like a lot of people manage to overwrite windows when installing and never made a backup before install. now that's crazy [03:44] the only thing I can think of is that it either doesn't think the raid1 array is fully populated/created (which seems to be a known bug) or that something is wrong with the boot sequence but thats about all I have and it's just from googling [03:44] and LP entries [03:45] and I do need to head off to bed [03:45] i'm guessing something similar but no idea how to fix [03:45] well, thanks for the help. [03:45] i'm installing on a new drive so i can have something to work from [03:47] lamont: You can add the Postfix backport you did to Gutsy to the how the heck did that work list since DB 4.6 was in Universe at Gutsy release. [03:58] mathiaz, sommer - I wasn't at the meeting today since I'm at the idtrust2008 symposium. but I did notice the 'servergui' request. I'll get to it later. But for now I'd suggest talking about guis other than x11 and linking to ebox from the servergui web page, and perhaps recommending in the ebox wiki page that it is not quite ready for prime time in gutsy and is/will be much better in hardy. [03:59] * musashi waves at nealmcb [04:00] :-) [04:01] hey nealmcb [04:01] sounds good to me [04:01] I'll update the servergui page [04:02] nealmcb: I'm also using the ebox wiki page to rough draft the documentation, so if you have anything to add ;-) [04:04] nealmcb: are you going to UDS Prague? [04:05] ScottK: heh [04:05] If someone would be up for testing we could backport ebox to gutsy once zul uploads his updates. [04:05] ScottK: I'm up for testing [04:05] from my hardy ebox testing there's still some issues though :\ [04:06] Well if it works reasonably well it might be worth it to get more testing. [04:06] to be honest I think there are some design decisions with ebox that aren't "the best" [04:07] to manage users and groups you have to install slapd for instance [04:07] what if I like /etc/passwd [04:07] sommer: thanks! [04:07] nealmcb: welcome [04:08] sommer: yes I'm going to Prague - woot! [04:08] ouch - slapd huh.... [04:08] cool, do you know if americans need a special visa thing? [04:08] I haven't checked. or even czeched.... [04:08] sommer: My understanding is not (I'm going too). [04:08] heh... I looked through the czech embassy page and didn't see anything [04:08] :-) [04:09] ScottK: cool, good news [04:09] it'll be great to meet everyone in RL... heh [04:12] Personally I won't use it, but I understand it (ebox) is an important issue for the distro. [04:14] nealmcb, i went to to prague about 13-14 years ago and no visa needed. things may have changed though [04:16] ScottK: same here, but I work with some windows admins that would like to have that functionality :-) [04:16] * sommer thinking about delving into eBox development [04:26] sommer: I haven't really found time to look in depth at ebox yet, but yeah, my sense is that it would be very helpful, though it needs to be done right.... so I hope it looks appealing [04:26] musashi: thanks. I hear it is a great place to visit [04:27] nealmcb: I like the interface, looks great [04:27] is there anyway I can backup a remote server to my computer? [04:27] nealmcb: I think the overall design is a little "heavy" [04:27] at least for my taste [04:28] * nealmcb isn't fond of perl [04:28] slide23: are they both linux machines? [04:28] no =\ my local computer is windows [04:28] slide23: one way would be to use rsync... I believe there's a windows client, but you might double check [04:29] slide23: Install cygwin on the Windows box and use rsync [04:29] sommer: ^^^ is the windows client === keescook_ is now known as keescook [04:29] ah [04:30] hrm well I also want to preserve permissions and date info, is there anyway to do that too? like put it into an archive [04:30] slide23: IIRC you can do that with the right swicthes on rsync. Read the man page [04:31] slide23: also bacula might be a good option... haven't done linux > win myself though [04:32] I use the cygwin rsync approach to back up my wife's computer (her transition is on the TODO). [04:32] hehe [04:36] I need some help. I've just created a fix for the ntp bug. Using https://wiki.ubuntu.com/PackagingGuide/Recipes/Debdiff as my recipe I've made a debdiff, but it's huge. I've just noticed that the changelog shows 'feisty' in my change entry, rather than 'hardy', which I suspect is the cause. Without building a hardy machine or a pbuilder environment for hardy, how do I make a debdiff with a single line fix in a bash script? [04:38] debchroot? [04:38] sommer: Doesn't that mean that I still need to have a gig of space to make a virtual hardy machine? [04:38] ow1: you'll need some space yep [04:39] Crap. [04:39] Sigh. [04:39] ow1: to be honest I'm not 100% sure, probably a good idea to ask in #ubuntu-motu, they should know [04:40] Cool, I'll ask, tah. [04:40] though someone here probably knows better than me here as well [05:06] Well in the end I created a debdiff with diff -ruN which seemed to create what I needed. [05:34] when using a serial console to a linux machine is it the same as using vga without X11 ? [05:41] sommer: AFAIK yes - actually, a TTY, but yes. [05:42] owh: cool thanks... that's the way I understood it, but have never actually set one up [05:42] probably a good project for the weekend [05:45] sommer: I created a debdiff with diff -ruN in the end. [05:46] s/with/using/ [05:46] For my next project I'll create a JEOS vm to do patching in :) [05:47] owh: sweet, jeos is pretty cool [05:47] good news on the debdiff :-) [05:48] I'm down to 48 seconds on a jeos build :) [05:48] Mind you, that's not on my workstation, but on a big server :) [05:49] heh... I've only used with qemu, but worked well for me === AnRkey_ is now known as AnRkey [06:52] i want share internet connection my ubuntu with xp, and i have problem ? [06:52] anybody can help ? [06:54] my ubuntu connect have 2 lan card, one connect to adsl modem, one in laptop xp.. [06:55] when i ping google.com from laptop, it just "request time out".. [07:08] Anybody here who knows the poppass daemon default port for courier and how to configure it? [07:08] I'm guesssing it's 106. [07:09] No idea where to configure it. [07:09] Never used it. [07:13] thanks... How I wish somebody here knows about it.. [07:37] hello.. I got this error: Warning: fsockopen() [function.fsockopen]: unable to connect to localhost:106 (Connection refused) in /usr/share/squirrelmail/plugins/change_pass/options.php on line 140. Any idea? [07:37] I'm no expert, but I'm guessing options.php is trying to connect to port 106 on localhost, and it can't. [07:39] Morning, soren [07:40] Hi, MenZa :) [07:44] hello soren.. [07:44] Hi. [07:46] actually m trying to configure to be able to change password in squirrelmail..but it needs poppass to accept incoming requests at port 106.The router is alraedy open at 106 though. Just don't know where to configure it.. [07:49] It's trying to connect to localhost. Unless your network setup is *seriously* messed up, that shouldn't involve a router. [07:50] You probably just haven't start the poppass daemon. [07:51] I'm using here courierpasswd. The plugin says I could use it instead of poppass === \sh_away is now known as \sh [07:51] Then courierpasswd is your poppass daemon. [08:03] I just forgot how did I set it up... how to know what authentication method courier is using? [08:08] rhineheart_m: what plugin r u using? [08:08] plugin for squirrelmail...to let users change their own passwords.. [08:13] rhineheart_m: no idea, never used this plugin [08:14] freeflying: do you user squirrelmail? [08:14] rhineheart_m: yes [08:15] freeflying: did you allow your users to change their own password? [08:15] rhineheart_m: no :P [08:15] okay.. why ? [08:16] freeflying: are they virtual users [08:16] rhineheart_m: yes, they don't wanna :P [08:17] uhuh! what guide you use to make virtual users? [08:17] rhineheart_m: no guide :) [08:18] freeflying: that's great.. [08:18] rhineheart_m: u will not make it run just follow some guides :P [08:55] morning [09:01] <\sh> does the php5-cgi package supports fcgi mode (e.g. for lighty/apache)? [09:04] <\sh> forget the question..i found the answer :) [09:04] its afternoon here.. === \sh is now known as \sh_away === \sh_away is now known as \sh [09:19] moin [10:06] I have an amd64 running the latest hardy kernel (2.6.24-11-generic) but it seems to be running full throttle. How can I tell if dynticks are enabled? [11:02] morning nijaba [11:03] hello faulkes- first day at your new job today, right? [11:03] something like that [11:03] only have meeting scheduled today, but that'll probably last like 3 hours [11:04] faulkes-: hey, good luck on this. [11:04] get stuff setup, see what kind of hideous mess I've walked into ;) [11:04] I read the log from the meeting yesterday [11:04] * faulkes- nods [11:04] did you get to talk with owh? [11:04] yes [11:05] we spoke at length on a number of topics [11:05] I don't quite get his remark "going all over the place", could you shed some light on tis for me? [11:05] and then we took a step back because there were some obvious differences, put things apples to apples, so to speak [11:05] (if you don't have time now, we can do this later) [11:05] hmm, server-meeting is a bit late [11:06] nah, I have time [11:06] in GMT+1 thats 22:00 [11:06] henkjan: yeah, I know, I am based in paris [11:06] same time zone as you, it seems [11:08] i would like to follow the meetings, but also need my sleep === \sh is now known as \sh_away === \sh_away is now known as \sh [12:32] If I enter a wrong password on an ubuntu server, that password will not be saved anywhere in cleartext, right? [12:38] tmadsen: should be [12:38] where? [12:39] I entered a qrong password, and I don't want anyone to be able to see it [12:39] you entered a wrong password at a password prompt? [12:39] then it wil not be saved [12:39] yes, while doing a sudo' [12:39] sommer: around? [12:39] tmadsen: don't worry [12:39] henkjan: not saved? [12:40] if you typed it in stead of an command like 'ls' it would be saved in .bash_history [12:40] tmadsen: i mean it will be saved [12:40] tmadsen: i won't be saved if you typed a wrong password while doing sudo [12:40] henkjan: thank you [12:41] freeflying: if you think its saved, where do you think then= [12:41] zul: just getting ready for work ;-) [12:41] tmadsen: sorry, will not be :) [12:41] good, thank you both [12:41] * tmadsen is relieved [12:42] sommer: ok talk later then :) [12:42] last week i received a shipment of ubuntu-servers cds. I decided to drop them at the reception, so customers could get one to try ubuntu. [12:42] zul: give me like 30min... I'll ping you in a bit [12:42] today i noticed that the last cd was gone [12:43] would canonical ship more free cds to promote ubuntu ? [12:45] henkjan: u may apply from shipit [12:47] freeflying: shipit has no ubuntu-server cds [12:48] sommer: sure [12:51] we just ordered two sun t1000's for the coming hardy release (we run nl.archive.ubuntu.com ) [12:55] lets see how that runs (1 proc, 8 cores, 4threads p/core [12:55] threaded apache, 2x 10G AMSIX connection [13:26] zul: I'm back [13:26] sommer: cool I fixed that problem with the logger [13:27] sommer: for the userandgroups stuff it looks like you have to configure ldap [13:27] ah, so eBox doesn't handle it for you? [13:27] no [13:27] unfortunately [13:28] ya, that's kind of limiting if you have to use ldap, but need to configure it yourself [13:29] oh I agree [13:29] but I guess if it's documented should be okay [13:29] thanks for all your testing [13:29] I'll be able to do more testing this evening [13:29] np [13:30] hmm, proper setup of ldap is not that easy, especially for the people who want to use a webbased panel [13:30] sommer: Someone ought to add something to the Alpha 6 release notes about ebox... [13:30] ScottK: not yet.. [13:30] ScottK: sounds good to me, not sure how that process is handled though [13:31] zul: No? [13:31] ScottK: still uploading it to universe and it has to get out of binary new [13:31] sommer: Not if zul says no, but the usual way is to whine to slangesek [13:31] and source new [13:31] Right. [13:32] ScottK: ah, [13:34] ScottK: when will be hardy be officially released? [13:35] * ScottK hands rhineheart_m wiki.ubuntu.com/HardyReleaseSchedule [13:35] ScottK: thanks... are you one of its core developers? [13:35] half april, so we have a month to make a superfast nl.archive mirror [13:36] rhineheart_m: I'm a core-dev, yes. [13:36] * ScottK is not a Canonical employee, however. [13:37] ScottK: That's great! Are you the founder of this channel? [13:37] Not at all. [13:39] ScottK: where can the ubuntu headquarters be located? [13:39] rhineheart_m: there is a wiki page about the server team (and a page for all the ubuntu teams) if you are looking for some history. [13:39] Ubuntu developers are from all over the world. [13:41] what's the correct pronunciation of ubuntu? is it yubuntu or obunto? [13:42] obunto afaik [13:42] ewwbuntu [13:43] the final one please.. what's the right one? [13:48] Dear zul: Please abandon your obsolete dependency on python-xml in xen-3.2. Please see Bug 199014 for details. kthnkxbye. [13:48] Launchpad bug 199014 in eric "python-xml removal: please drop/replace (build) dependencies" [Medium,In progress] https://launchpad.net/bugs/199014 [13:48] Dear ScottK: okiely dokiely kthnkxbye [14:33] Hey all, any solutions for mysql overflowing varrun? [14:35] what do you mean? [14:35] the binary logs on my slave are filling /var/run/mysqld and creating problems [14:35] are you using mysql replication? [14:36] no? then disable binary logging [14:36]