/srv/irclogs.ubuntu.com/2008/03/21/#ubuntu-server.txt

J-_If I change my SSH port on my LAMP server will it affect anything in regards to SSH? I know I'll have to connect on a different port, but will it mess anything up?00:06
Kamping_Kaiserno. not unless you have something that depends on it running there00:09
J-_ I just have a basic LAMP installation going with MySQL, and PHP set up proper. Not too much.00:17
Kamping_Kaiseryou'll be fine00:28
J-_Cool, thanks. =)00:31
J-_Is it possible to stream from an external drive on a LAMP server only and just have communication with LAN? I still want the LAMP part on the WAN side of things so others and myself can go to my website. I just don't want people streaming from my ext. drive. Why do I want the ext. drive on my server? So I don't have any cords attached to my laptop, and cna move around in my house anywhere without the ext. drive attached.02:41
Centaur5I hope this question doesn't upset someone but I keep reading about people that have servers running for months without rebooting.  Does that mean they aren't updating kernels with security flaws or is there a secret I don't know about that prevents rebooting?02:53
J-_I know LVM filesystems can be live while increasing / decreasing partition size. But I don't know if that really correlates to that question. I'd figure if you're on a LVM system you want the maximum uptime possible so maybe that has something to do with it?02:56
J-_Mind you that's just a guess.02:57
J-_But I do know you can change partitions, etc.. live.02:57
Centaur5Interesting, well it's not too important as I am capable of rebooting cause it only takes a couple minutes.  I was just curious cause I know Linux is a lot more powerful than I can comprehend.  :)02:58
soneil_Centaur5, no, you're spot on .. kernel updates require reboots.   for most uses, a scheduled reboot at 3am shouldn't be a kick in the pants03:02
Centaur5I'll have to research automatic rebooting after automatic updates that require it.03:03
erniebim having issues installing 6.6-2 on dell 2450 -scsi raid03:53
erniebi tried  mylex and a perc 203:54
erniebwith perc2 installer wont initiate the controller and the mylex installs but wont boot to kernel just dumps me in busybox  -04:01
erniebis there a known work around for either of these scsi controllers04:06
rhineheart_mHello.. I'm using gutsy. My sites are running well. I just want to ask this concern. My sites are running in LAMP.  When I tried to do sudo apt-get upgrade this appear in the console: The following packages will be upgraded:  libmysqlclient15-dev libmysqlclient15off mysql-client mysql-client-5.0   mysql-common mysql-server mysql-server-5.0 unzip 8 upgraded, 0 newly installed, 0 to remove and...06:18
rhineheart_m...0 not upgraded. Need to get 43.5MB of archives. After unpacking 16.4kB of additional disk space will be used. Do you want to continue [Y/n]?. NOW.. is it alright to go ahead?06:18
Jeeves_rhineheart_m: It usually is06:24
rhineheart_mJeeves_: thanks for that.. so is it safe? won't it destroy my existing databases?06:25
Jeeves_No, that should not happen.06:25
rhineheart_mthank you..06:26
rhineheart_mIs there a bandwidth tool that could be done in the console...by which you could still do even if you're remotely connected to the box?06:33
Jeeves_rhineheart_m: bmon06:52
_rubenand iftop07:01
_rubenJeeves_: using http debmirror completed just fine it seems07:01
_rubenjust fyi ;)07:01
Jeeves__ruben: Hmm, ok07:11
keithclarkIs there a ubuntu home server project still active?07:11
_rubenkeithclark: what should such a project entail? (read: not sure what you're asking for)07:22
keithclark_ruben, a distro that is meant or the average home user to setup a simple server.  Everything graphical and easy.07:24
_rubenserver + graphical .. hmm .. that's pretty much a contradiction in my book07:27
_rubenwith the upcoming release and ebox, i think ubuntu server itself would qualify tho07:28
keithclark_ruben, I'm not sure why that would be a contradiction.  Someone like me, and they may be rare, would like to setup a simple home server without command line usage.  Just simple install point click and run.07:30
keithclark_ruben, I've tried many things and they just confuse me.  So much research and assistance needed.07:31
keithclark_ruben,do you see what I mean?07:36
rhineheart_mis bmon realtime?07:39
_rubenkeithclark: after i said that i realised that "graphical" doesnt necesarily mean having an X server installed, a web interface would qualify as being graphical as well, which is where ebox comes in07:40
keithclark_ruben, exactly!  Something simple.07:41
_rubenkeithclark: havent really looked into ebox myself, since its not much use to me, but from what i've heard/read about it, it sure looks promising07:41
keithclark_ruben, I will look into that!07:41
keithclark_ruben, thanks07:45
Jeeves_http://releases.ubuntu.com/8.04/08:08
_rubenwoohoo ;)08:09
nijabamorning09:10
_rubenmornin nijaba09:15
faulkes-yes, I'd agree, it is morning09:19
faulkes-I am none to happy about it though09:19
faulkes-nijaba: talked to the company about iscsi testing next week, they are cool with it09:20
nijabamorning _ruben, faulkes-09:21
nijabathanks a lot faulkes-09:21
faulkes-np09:21
faulkes-nijaba: sun+ubuntu press annnouncement?09:22
* faulkes- raises an eyebrow of interest09:22
nijabafaulkes-: yes?09:22
faulkes-very nice to see server edition getting some press09:22
faulkes-I forwarded it on to the upper mgmt and marketing here as well09:22
nijabaalways nice :)09:22
faulkes-that should spur them on a bit more as well09:23
_rubeni'll be playing with iscsi in the near future as well .. waiting for certain hardware to become available though .. might take a week or 2 even :(09:26
cjsstablesmorning all.  how difficult is it to setup ubuntu-server to provide network logins where network clients desktop is maintained on the server.  All clients would be ubuntu clientsand there are no windows clients at all.  Is there a document out there that someone could point me to?10:30
rhineheart_mtry to read samba server for ubuntu..google it..10:35
blue-frogcjsstables: ubuntu + ltsp, or edubuntu10:38
cjsstableshey.. thanks blue frog..  Actually I have that docloaded in my browser right now and am reading it..  thanks again..10:39
blue-frogcjsstables: if you have never played with ltsp, edubuntu will be the easiest to start with10:40
cjsstablesok..  I will look at that as well.10:51
cjsstablesbasically what I really wanted to do is to have several clients loaded with ubuntu.  have 5 network users that coulld sign into any of the client pcs but have all there info from the server.  we are currently doing this in a mac osx environment and would like to move it to a ubuntu environmnet10:53
cjsstableswe are a small company and no it resources so it would be selfdeveloped10:54
=== rhineheart_m_ is now known as rhineheart_m
Kamping_Kaisercjsstables, theres a few ways, depending on how complex you can go10:55
Kamping_Kaisercjsstables, it would be worth your while to look at the various pam modules available (apt-cache search libpam*) to see your options for authenticatin/accounting10:56
cjsstableswell right now, I have a test environment set up that followed rrcomputer consulting server setup.  We can have network users logi in to each client, but the only thing that they get to their home folder and mounts that drive, but allof their desktop settings are stored locally.  we really don't want that.10:58
cjsstableswe'dlike the desktop settings to come to be stored and maintained on the server side.  Our authentication in the test environment works pretty well.10:59
cjsstablessorry, my typingis pittyful11:00
Kamping_Kaiseryou could save that data on the server, but i havent tried myself11:01
cjsstablesThe authentication is user level though LDAP/Samba.  I think what I'm looking for is for the client side to recognize a network logon. and then based on that have it look to the server for the desktop instead of the local client.  However, the system must also be non network client aware If alocal user signs on the desktop must come from the local user configuration11:05
Kamping_Kaiserthe network stuff is entirely posible, not sure about the un-networked stuff. i know it was a 'to impliment' item a few years ago. not sure if its done ye11:07
cjsstableswe also tried sme-server but that gave us the same thing as we have from rrconsulting except that it wasn't afull ldap implementation11:07
cjsstablesand it was geared towards windows clients..  which btw,  works well and the desktopis saved on the server11:10
Kamping_Kaiseryou'll have to hang around and hope someone else can help with the specifics of your question11:11
cjsstablesok cool...11:11
faulkes-morning chuck11:32
[mbm]'lo; anybody home?11:32
[mbm]fromport: I've noticed that the packets go out the domU xen interfaces but the response never comes back into the domU11:34
fromporti totally agree. on my firewall i have "arpwatch" running and i get an email everytime a new domU is triggered.11:34
fromportyou also see Tx counting where as Rx stays 011:35
[mbm]also noticing that running gutsy the domU's occasionally crash with 100% cpu load on all cpus, completely unresponsive to console or sysrqs11:35
[mbm]trying to dig through a crash dump now to figure out why11:36
[mbm]gdb is choking on the xen core file, which is hampering my efforts11:36
fromportno core-dumps here yet <knock wood>11:36
[mbm]seem to get them mostly from the www server11:37
fromporthas anyone here succeeded in getting KVM to run with bridging for the guests ?11:37
Jeeves_fromport?11:43
fromportyep!11:43
fromporthi! long time no see/talk ;-)11:43
Jeeves_Indeed!11:43
Jeeves_You betrayed Debian as well? :)11:44
fromportshhttt.11:44
Jeeves_:P11:44
fromportit's simply not moving fast enough..11:44
fromporteven though i'm running some servers on sid allready ;-)11:44
nijabafromport: yes, I have bridging working here11:44
fromportnijaba: i followed https://wiki.ubuntu.com/KvmVirtManagerEtc  & https://wiki.ubuntu.com/KvmWithBridge11:46
fromportbut somehow i cant get the guest to get a "public" ip address.11:46
nijabafromport: and?11:46
fromportThey always seem to go through the 192.168.122.x range somehow11:47
faulkes-that sounds suspiciously like dnsmasq11:48
nijabafromport: does it work with fixed ip?11:48
fromportdnsmasq not installed :-)11:48
fromportthe br0 interface is up and running11:48
fromportbut the virt-manager doesn't seem to detect it11:49
[mbm]you're using dhcp and you get a 192.168.x.x address?11:49
[mbm]means there's a dhcp server on your network, use tcpdump to help find it11:50
=== \sh_away is now known as \sh
replicant_hi, does anyone know where i can find changes introduced in hardy heron for the server version?11:52
fromporti'm using virt-manager, and i dont get a change to really choose for dhcp, is there ?11:53
fromportyou have a choise of "virtual network" or "shared network"11:53
[mbm]oh, kvm11:53
fromporti think i need the "shared" but in the dropbox there is no "device" to choose from ;-)11:53
[mbm]belive those options roughly translate to nat or tap11:54
nijabafromport: try with virt-install instead11:55
fromportwith: kvm -m 512 -net nic -net tap  -cdrom /archive/iso/linux/ubuntu/hardy-desktop-i386-alpha6.iso -boot d12:00
fromporti do get a bridged ip !!12:00
=== MenZa_ is now known as MenZa
fromportso only thing left is to convince virt-manager to use the bridging as well ;-)12:00
nijabafromport: yes, I believe so12:02
=== MenZa_ is now known as MenZa
fromportnijaba: got it working by editting the xml files:12:25
fromport<interface type='bridge'>   <mac address='00:16:3e:3e:eb:ee'/>  <source bridge='br0'/>12:25
fromportvs12:25
fromport<interface type='network'>  <mac address='00:16:3e:00:f3:fb'/>  <source network='default'/>12:25
nijabafromport: yep, virt-install allows to create this while virt-manager does not (yet)12:26
nijabafromport: see the -w option of virt-install12:27
\shwindow 1112:29
\shgrmpf12:29
* _ruben just uses alt-q for window 11 ;)12:30
* \sh shouldn't open so much channels ;)12:35
[mbm]hmm .. not much symbol information available for the -xen kernels12:35
_rubenonly got 12 open atm12:35
Kamping_Kaiser_ruben, can i have some of your sanity?12:36
_rubenKamping_Kaiser: rather not, its already rather rare12:36
_rubenand i compensate a bit by having 60 firefox tabs open12:37
Kamping_Kaiser:(12:38
* Kamping_Kaiser has epiphany+ firefox stuffed with tabs, then two irc clients (me and kgoetz ) with lots of tabs. generally, little sanity12:39
_ruben why 2 clients?12:40
Jeeves_Kamping_Kaiser: Isn't it like 2 o'clock in the morning for you?12:40
Kamping_KaiserJeeves_, 11pm12:40
Kamping_Kaiser_ruben, because they share a base ~15-20 channels, then my home/work clients have extras on top of that12:40
_rubenah12:41
rhineheart_m /j ubuntu12:47
wo0f_ahhhh13:15
wo0f_at last13:15
wo0f_ubuntu chan with resonable amount of users ;D13:15
_rubenthe number of schizo's here make up for that13:16
wo0f_lol :P13:17
dthackerIs he talking about you, dthacker13:17
dthackerNo, he's talking about *you* dthacker13:18
wo0f_:O13:18
wo0f_so why do you guys use ubuntu server rather than debian?13:20
_rubenfast and fixed release cycle13:20
_rubendebian takes ages to get new releases out13:20
_rubenwe used debian in the past .. then switched to suse since we needed a 2.6 kernel based os and sarge was getting delayed over and over .. currently we're transitioning from suse to ubuntu13:21
fromportif i need something simple, but stable i'll go for debian. cutting edge -> ubuntu13:21
wo0f_good points13:23
wo0f_im finding the no-root su-do malarkly annoying atm13:24
wo0f_can i just enable root?13:24
_rubeni see it as an improvement13:24
wo0f_id rather use su13:24
_rubenon our suse machines we pretty do everything as root, which is far from recommended13:24
wo0f_and screen13:24
_rubensudo passwd .. enter passwd twice .. and you can su13:25
wo0f_rather than typing sudo infront of every single operation13:25
wo0f_:D13:25
wo0f_cheers _ruben13:25
_rubeni like the idea of sudo actions being logged13:28
ScottKwo0f_: You can.  It takes about a minute.  Do note that the default ssh config for Debian/Ubuntu allows ssh root access.  You'll want to change that.13:28
\sh_ruben: well, then you should take a look on sudosh2 :) http://freshmeat.net/projects/sudosh2/13:29
wo0f_lol ScottK13:29
wo0f_why would i want to do that?13:29
ScottKwo0f_: Why would you want to do which?13:30
wo0f_oh sry13:30
wo0f_misread that sry13:30
\shwo0f_: because an opened root account is evil...and most entries to machines are coming via brute force attacks on sshd's with PermitRootLogin yes settings13:31
_ruben\sh: nice ;) .. but rather stick to the ubuntu-way13:31
wo0f_neg13:31
wo0f_ill just diable root access13:31
\sh_ruben: well, you can add this the ubuntu way...the only change: it logs everything you type, too ;)13:31
wo0f_i just wanted su ;]13:32
\shsudo su - is not enoug?13:32
\shalias su="sudo su -" is also a solution ;)13:32
wo0f_pardon?13:32
\shenough even13:32
wo0f_rofl13:32
_ruben\sh: thats an approach i hadnt thought of13:32
ScottK\sh: Actually you'd rather do sudo -i in that case than sudo su.13:32
wo0f_innit!13:32
\shScottK: yepp13:33
_rubenin fact what i do here is give root a passwd, and have sudo require the root pw, this because we log on using ssh keys13:33
rhineheart_mwhat's the difference between su and -i?13:33
ScottKThe environment variables are slightly different13:33
wo0f_nothing i guess13:33
_rubenand i create a global alias 'su=echo "do not use su, use sudo instead!"' :p13:33
wo0f_both make the shell root13:33
ScottKMost of the time sudo su will work, but sudo -i will give you a saner result in a few corner cases.13:34
rhineheart_m_ruben: I guess its not a good practice to give password to root13:34
nijabafromport: I have update https://wiki.ubuntu.com/KvmVirtManagerEtc with instruction for bridging13:34
ScottKPeople argue about root versus sudo all the time.13:34
ScottKPersonally, I think the main benifit of sudo is that it goes away after a while and you have to retype sudo so you don't stay root.  Personally, I think it's a crutch for sloppy admins.13:35
ScottKYMMV of course.13:35
wo0f_lol13:36
\shthe only usage for root: If your server doesn't respond anymore and you need to boot into a root shell which is secured by a password...e.g. via iLO or another remote insight board13:36
rhineheart_mbut once you've used it already and you entered your password as admin.. it won't ask for a password anymore.. meaning you have the root access13:36
ScottKrhineheart_m: That's about 98% right.  There are a few differences that almost never matter.13:37
nijabawo0f_: I believe sudo is essential as it brings role based tracable admin13:37
nijabaUbuntu also implements a role-based administration model with no default root access. Other Linux distributions typically provide this root access but role-based administration allows for better security, error prevention and auditing. This is particularly useful on systems where more than one user might have been given root access, as in a traditional model. This default can be reversed once the user is confident that root access will be secure13:37
nijabain their particular situation.13:37
ScottKFor me the biggest difference is that to get root via ssh with sudo you need one user name and one password.  With a root password you need one user name and two passwords (assuming you disable ssh root access).13:38
rhineheart_mBut I can't still the point.. why you should not be using root account well in fact root privilege is there with sudo.... :)13:38
rhineheart_m*get13:38
ScottKIt's mostly because people get root and stay root, forget, and do something silly.13:39
\shrhineheart_m: the fun part: on a single user machine you are able to do whatever you want...even as root :)13:39
ScottKsudo reverts itself automatically.13:39
_rubenrhineheart_m: i know its not perfect .. but giving the users a local passwd without resorting to using ldap or smth because it wouldnt be maintainable otherwise13:39
nijabarhineheart_m: because: 1/ you will not know who does a modification if multiple admin have access to the machine13:39
ScottKThat's another difference that can be significant.13:40
nijaba2/ because it is dangerous to always be root if you leave the machine or type a bad command inavertantly13:40
rhineheart_mhow about if only one person has the access to the box? is it still a good choice?13:40
\shrhineheart_m: the serious part: in companies you have several admins doing different admin tasks...you don't want to give them root access, because they could destroy something which is not their area..so sudo can be configured to give other admins more rights to do tasks as root, but not to destroy other things...(this is the ideal idee behind it)13:40
wo0f_anyways, glad to see iv sparked off this convo:P13:41
nijabarhineheart_m: that's really up to you to do a su passwd to have a root account13:41
wo0f_just wanted to use su :)13:41
nijababut it should not be default13:41
nijabawo0f_: then sudo su will work13:41
rhineheart_mhonestly.. I gave root a pass before.. but when I encountered this issue.. I then reverse it to default... (without even knowing why did I reverse it.. for what reason or purpose LOL)13:42
nijabaI must admit that I sudo su quit often, if I need to walk in a hierarchy my normal user does not have visibilty on13:42
_rubeni already told my co-admins that they better have damn good reason ready when i see a sudo su - or sudo -i or smth similar in the logs ;)13:43
_rubenthen again, sudosh2 would make that less an issue, but still13:44
nijabarhineheart_m: having a root password is not "bad", encouraging the users to log in as root by default is, as it would be to have a simple password for root or for an account with sudo power13:44
rhineheart_mScottK: I got your point actually.. so.. it is possible to configure level of root privileges to an environment where more than I admin? Like there are superadmin (could modify the system) admin (less privilege) user (very limited)?13:45
nijaba_ruben: the good thing with sudo su is that it is logged as well :)13:45
_rubennijaba: but the commands after that arent, right?13:45
nijaba_ruben: in history of root only13:45
_rubennijaba: ah ok, im talking syslog here13:45
rhineheart_m" as it would be to have a simple password for root or for an account with sudo power" <<<< what do you mean with this?13:46
nijaba_ruben: yes, but I have been able to trace what a sudo su did through bash_history13:46
_rubennijaba: true enough13:46
nijabarhineheart_m: if you have an account in the admin group with an easy password, it is as bad as having a root account with a simple pssword13:47
nijabarhineheart_m: meaning it can and will be cracked by any dictionary attack13:48
nijabarhineheart_m: personally I disable password login on ssh on all my machine connected to the internet13:49
_rubensame here13:49
rhineheart_mso what did you do instead?13:49
nijabarhineheart_m: ssh keys13:49
rhineheart_mssh keys? mmm.... can you explain a little info about it?13:49
nijabarhineheart_m: and it is so much faster to logon :)13:49
rhineheart_mis it secured?13:50
nijabarhineheart_m: take a look at ssh-keygen, ssh-copy-id13:50
rhineheart_mI mean.. m sure it is... in fact you chose it.. I mean.. where that ssh keys saved?13:50
nijabarhineheart_m: yes, as long a the id file is kept secured and has a good passwor13:51
_rubenpublic/private key authentication .. public key on server you want to logon to .. private key you keep secure and is protected with a passphrase13:51
nijabarhineheart_m: only on my laptop, that is always with me13:51
nijabarhineheart_m: some people store it on a crypted USB key13:51
nijabarhineheart_m: and you should never be reluctant to change it if you think it can have been compromised13:52
rhineheart_mwhat if somebody can gain access in the USB..let's say.. it's lost...and you didn'y know it is lost promptly...13:52
nijabarhineheart_m: he needs one password to access the crypted file system and a second one to unlock the key13:53
nijabarhineheart_m: but that would constitute a potential compromise any way, so i'd change the key ASAP anyway13:53
rhineheart_muhuh! that's great.. honestly.. I've been using pass to gain access to the box remotely..13:53
nijabarhineheart_m: have you looked in your log how many connection attempt you get on ssh?13:54
rhineheart_myeah.. I could as well review the logs of incoming connections in my router...13:54
nijabarhineheart_m: it is really scary how many zombies are trying dictionary attacks these days13:54
nijabarhineheart_m: I'd say that a machine connected on the net with root root login would survive less than 10 min13:55
rhineheart_mreally? ows!horrible13:55
rhineheart_mso.. where in the world I can get a guide the way you set up your ssh server to accept incoming connections?13:56
nijabarhineheart_m: man sshd ?13:58
nijabarhineheart_m: that's for limiting to key auth only13:58
nijabarhineheart_m: man ssh-keygen and man ssh-copy-id for creating and deploying the key (you should do that part first ;))13:59
nijabarhineheart_m: actually man sshd_config is more what ou need to look at14:00
rhineheart_mcan you point me to somewhere else with a guide on this matter?14:01
nijabarhineheart_m: I could write one or look for one, but I do not know one from the top of my head14:02
Schiz0|SDHey, I'm having an odd problems I can't seem to solve. I have an ubuntu 7.10 server running a few php/mysql websites. I've been having some problems with packet loss and the website timeing out A LOT. So it seems there's an etworking problem with our host. However, connecting to lcoalhost still has issues. For example, I run a caching BIND and a memcache daemon. Often, both DNS lookups say "no servers found" and memcached clients say ...14:03
nijabarhineheart_m: found this, looks good : https://help.ubuntu.com/community/AdvancedOpenSSH14:03
Schiz0|SD... "connection timeout to 127.0.0.1"14:03
rhineheart_mokay. so what are the key terms here? so that I could find it myself?14:03
Schiz0|SDwhat would cause connections to localhost time out all of a sudden? It was working perfectly a week ago, and nothing changed. I'm guessing some sort of ip stack corruption due to the packet loss issue or somethign? But I really have no idea14:04
nijabaSchiz0|SD: when you do an ifconfig, do you see interface lo ?14:04
Schiz0|SDyep, it's there14:04
Schiz0|SDit does connect to lcoalhost, but only randomly. As in, it doesn't work all the time14:05
nijabaSchiz0|SD: can you ping localhost?14:05
Schiz0|SDYeah, I just tried and it works fine14:05
Schiz0|SDalthoguh, I'm getting packet loss on localhost14:06
nijabaSchiz0|SD: when you say "fail to connect" what service/command are you talking about14:06
nijaba?14:06
nijabaSchiz0|SD: Packet loss on localhost?  really?  that is new to me !14:06
Schiz0|SD--- localhost ping statistics ---14:07
Schiz0|SD30 packets transmitted, 12 received, 60% packet loss, time 29000ms14:07
Schiz0|SDrtt min/avg/max/mdev = 0.036/0.052/0.060/0.011 ms14:07
rhineheart_mhow to review again the ssh logs?14:07
nijabarhineheart_m: /var/log/auth.log14:08
Schiz0|SDnijaba: As for other connections, when I run "host www.google.com" it occasionally says "Server not found" The only thing in my /etc/resolv.conf is 127.0.0.114:08
nijabaSchiz0|SD: something is really wrong with your network14:08
Schiz0|SD:-\14:09
_rubenpacketloss on localhost sure is new to me as well14:09
Schiz0|SDcould it be some sort of ip stack corruption or something?14:10
Schiz0|SD$ host efnet.org14:10
Schiz0|SD;; connection timed out; no servers could be reached14:10
Schiz0|SDit hsould be able to connect to bind on localhost :-\14:10
Schiz0|SDI really have no idea what to do. I'm more of a php coder than a tcp/ip network tech :-X14:11
_rubenSchiz0|SD: well .. it *could* also mean that you can reach your own dns server, but your dns server cant reach the actual dns server14:11
Schiz0|SDah14:11
rhineheart_mis it possible to just allow ssh access to a range of IP? like I want it to be accessible by IP in our locality?14:11
Schiz0|SDthat makes sense14:11
_rubenrhineheart_m: thats what packet filters are for14:11
rhineheart_mpacket filters? where would I configure it?14:12
rhineheart_mip tables?14:12
nijabaSchiz0|SD: I would first try to find why you have packet loos on localhost, as it sounds like a much more fundamental problem14:12
kirklandSchiz0|SD: out of curiosity, what is your MTU on localhost?14:13
Schiz0|SDCould it be a duplex issue between some routing hardware at our host?14:13
Schiz0|SDkirkland:14:13
Schiz0|SDUP LOOPBACK RUNNING  MTU:16436  Metric:114:13
kirklandSchiz0|SD: it clearly a problem, that you have packet loss on loopback, but you might try narrowing it down by adjusting ping's packet size14:14
nijabaSchiz0|SD: localhost is not going through the hw, so it should not be related14:14
rhineheart_mows.. I guess MTU should be somewhere 1300 -1500.. correct? mmm a newbie here. L)14:14
kirklandSchiz0|SD: ping -s 10 localhost, ping -s 100 localhost, ping -s 1000 localhost, ping -s 10000 localhost, ping -s 65000 localhost14:14
kirklandrhineheart_m: not on localhost, it can be much bigger14:14
kirklandrhineheart_m: my MTU on localhost is also 1643614:15
rhineheart_mokay.. that's for etho?14:15
Schiz0|SDI'm getting a some of these errors during the pings:      ping: sendmsg: Operation not permitted14:15
kirklandrhineheart_m: yeah, eth is usually more in the 1400-1500 range14:15
nijabarhineheart_m: yes, the value you gave are for ethernet14:15
Schiz0|SDthat would be the firewall, right?14:15
kirklandSchiz0|SD: are you using any other parameters to ping?14:15
Schiz0|SDAlthough, our firewall shouldn't touch localhost14:15
Schiz0|SDnope, I just ran what you told me above, the first one14:16
rhineheart_mthey're of the same machine...right? lo and eth?14:16
kirklandSchiz0|SD: and are you running as root, or unpriv user?  are you using sudo?14:16
Schiz0|SDAs root14:16
rhineheart_mso.. it might be a hardware problem.. just don't know... :)14:16
kirklandSchiz0|SD: "Operation not permitted" is emitted by ping, if perhaps you try and ping flood as an unpriv user14:16
nijabakirkland: I guess yo would know about flooding ;)14:17
Schiz0|SDI can pastebin some output...gimmie a minute or two14:17
kirklandnijaba: learned a bit about it this week, nijaba ;-)14:17
Jeeves_Schiz0|SD: Try iptables -F14:17
Schiz0|SDuhh.14:17
Schiz0|SDwhat's that do Jeeves_?14:17
kirklandSchiz0|SD: one other thing that could cause packet loss on localhost is if localhost is getting HAMMERED by something else at the same time14:18
Schiz0|SDI think my ssh connection just died14:18
_rubencould run a tcpdump -nvi lo as well to see that14:18
Jeeves_Schiz0|SD: That flushes your firewall14:19
Schiz0|SDyeah, it's not responding to anything now :-X14:20
_rubeniptables -F can be rather harmful when performed remotely with policies set to DROP14:20
Schiz0|SDOh. Damn.14:20
* Schiz0|SD just got in trouble14:20
Jeeves__ruben: That's true ...14:21
Jeeves_Schiz0|SD: Should I feel guilty?14:21
Schiz0|SDWell. How can I fix it? or rather, how can our host fix it?14:21
_rubendepending on ur host, reload the firewall ruleset should do the trick14:22
Jeeves_Schiz0|SD: If you're policy is indeed DROP, you need te login locally and reload the firewall14:22
_rubenthen again, your connectivity problems *might* be caused by that very ruleset14:22
Jeeves_And sorry for missing out on this step ..14:22
Schiz0|SDWell considering I'm in the US, and the server is in Sweden :-X14:22
Schiz0|SDIt's fine Jeeves_...I should've looked up the manpage before running it anyway :-X14:23
Jeeves_:/14:24
Schiz0|SDAnyway, our firewall script is here: http://silenceisdefeat.org/~schiz0/iptables.rules14:25
Schiz0|SDWe've been using it for a while, and it's been ok14:25
Schiz0|SDso I don't think that's the problem14:25
Jeeves_echo "Setting default DROP policies ..."14:25
Jeeves_# Set default policies14:25
Jeeves_$IPT -P INPUT DROP14:25
Jeeves_$IPT -P OUTPUT DROP14:25
Jeeves_$IPT -P FORWARD DROP14:25
Jeeves_Jup, that's dropping everything...14:25
_rubeneven output filtering .. hardcore ;)14:34
_rubenhmm .. 'scary' :15:05
_ruben[271085.238264] EDAC e752x: Non-Fatal Error DRAM Controler15:05
_ruben[271085.238276] EDAC MC0: CE page 0xa279a, offset 0x640, grain 4096, syndrome 0x2, row 2, channel 0, label "": e752x CE15:05
_rubenlets run a memtest86+15:06
ivokshello15:11
mathiazhi ivoks !15:11
ivokshi, sorry for meeting :/15:11
ivokshow ugly would be to add new system group (sasl) and configure dovecot to provide sasl socket by default for that group15:12
mathiazivoks: np - the earth is still round and the sun came back this morning :)15:12
ivoksthen, have an additional binary package (from dovecot source), which, when installed, would move that socket to postfix chroot and link old path to new path15:12
ivoksand add postfix to sasl group15:13
ivoksno configs would get changed15:13
ivoksbut it would be ugly to have /var/run/dovecot/sasl/socket linked to /var/spool/postfix/private//something15:14
ivokswhat say you? :)15:14
mathiazivoks: that's seems complicated.15:15
mathiazivoks: I've had a quick glance at the dovecot source code15:15
mathiazivoks: and it seems that's it should be easy to modify dovecot to not break if the sasl socket doesn't exists15:15
mathiazivoks: or better - if the directory to create the sasl socket doesn't exists15:16
ivokswell, i'm not programmer :/15:16
ivoksi tried changing code so that it doesn't fail; and it didn't, but it failed with another error, at glance, unrelated to non-existing directory15:17
ferric84I have a ssh connection going that looks like this:  ssh -l <username> -L 8088:192.168.0.100:80 lan.mysite.com.  I'm trying to make sites on this lan local so I can work on them, by adding "hostname 127.0.0.1" to my hosts file, but I cannot get these to resolve in the browser... any ideas?15:17
ivoksbut, once i reverted those changes, it started normaly15:17
ivoksferric84: hosts is 'IP hostname', not 'hostname IP'15:17
ferric84hmmm15:18
ferric84arg15:21
ferric84now it's a cannot find server erro15:21
ferric84r15:21
=== gregory is now known as tuxbox
J-_does the normal LAMP install have wake on LAN installed or something? I just logged into the server from where it is, and it sounded like it did a fast boot up, almost like when you boot up a pc, just much more faster16:07
ivoks_wol is bios thing16:08
J-_hmm16:08
J-_not sure what's wrong with this server. I shall restart and see if it works.16:09
ivoks_bbl16:09
J-_In dmesg, I see: "Call Trace" is that normal?16:11
=== nijaba is now known as nijaba[away]
=== nijaba[away] is now known as nijaba
Schiz0|SDTo those who were helping me earlier today: Our host rebooted the server and reloaded the iptables script, so all is well.16:38
Schiz0|SDAs for the networking issues, the reboot seemed to help A LOT. Everything seems to be running fine now, and there's no packet loss as far as I can see16:39
Schiz0|SDSo I'm still not sure what the problem was :-\16:39
J-_In dmesg, I see: "Call Trace" is that normal for a server? It's quite repeatative.16:45
nijabaSchiz0|SD: thanks for the follow up16:48
J-_bleh16:56
fromportcould some operator mayby ban the pumpernickle ?17:01
themimeah ok thanks, ill do that.  is there a way i can confirmed i did install the server version though?17:39
themimeoops17:39
themimei just installed (what was supposedly ubuntu server 7.1), doesn't have sshd, apache...really any server stuff. anyway, regardless, im trying to install the server stuff i need, and this is my first time using ubuntu.  i installed apache using synaptic package manager, and i thought i also installed phpBB2, but i can't find it anywhere.  my past experience with phpBB2 was a tar, untaring in the appropriate folder, and configurin17:39
themimealso, is there a way to confirm i installed the server edition of ubuntu?17:40
fromportall the other version start with a graphical login after bootup ;-)17:40
fromportso if you have the text login: -> server version17:41
themimei burned the right cd, and downloaded the right cd...hmm17:41
themimecause i do have a graphical login.  and no server stuff installed17:41
fromportwhat does "dpkg -l ubuntu-desktop" show ? only confirm if has an "i" at the beginnen of the line17:42
themimeok, i typed in the command, what am i looking for in the response?17:43
ivoksany objections for upload of new bacula (closes 3-4 bugs)17:54
ivoks:)17:54
fromportthemime: there should be 1 line and at the beginning there is probably an "i" or an "u"17:58
themimetheres no ssh so i can't c/p but its more than 1 line, it looks like there was some sort of error.  let me get on irc on the box itself so i can c/p17:59
themimeer, sshd17:59
fromportapt-get install ssh18:01
fromporta server (and desktop as well) never is installed  with ssh. always have to install that seperately18:01
themimeah ok18:05
themimeim epic failing to get pidgin to work with irc haha18:05
themimetheres no way this is the server edition, theres no server software on here at all18:10
themimeand it has a gui18:10
themimeDesired=Unknown/Install/Remove/Purge/Hold18:13
themime| Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend18:13
themime|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)18:13
themime||/ Name           Version        Description18:13
themime+++-==============-==============-============================================18:13
themimeii  ubuntu-desktop 1.79           The Ubuntu desktop system18:13
themimeafter running the dpkg -l ubuntu-desktop18:13
fromportehh.. you're not supposed to use cut&paste. they will warn/ban you on certain channels :-)18:15
fromportjust the "i" at the beginnen of the line would have been suffciant18:15
themimeheh yea sorry, i should have used a pastebin18:15
themimethe other stuff seemed important too18:16
themimeso do i have desktop installed then?18:16
fromportcould be: OR during install it has asked you to install "desktop" . if you answered yes it installed the whole ....18:17
themimei never remember it asking me if i wanted to install desktop18:17
themimeis there a way to install the server and uninstall the desktop without reinstalling via cd?18:18
fromportjust delete the graphical stuff: eg  aptitude purge ubuntu-desktop18:20
themimedid i mess up package stuff by using synaptic manager?18:21
themimesudo apt-get install apache didn't work, said the package didn't exist18:21
fromportno !18:21
fromportit's apache2 nowadays18:22
fromportapt-cache search apache218:22
themimeah ok18:22
themimeshould i unstall using synaptic and reinstall with apt?18:22
themimethe mixed managers bothers me haha18:22
fromportaptitude is just a graphical way to access the package system. apt-get/aptitude is from the command line.18:23
fromportthe effects are the same, you can mix&match.18:23
themimewhy, when prompted for the "admin" password, i have to enter my user password and not the root password (like to install stuff?18:26
peterdvthemime: The password is for sudo.18:31
themimewhich i thought was the root password18:33
peterdvsudo(8): ...  Otherwise, sudo requires that users authenticate18:35
peterdv       themselves with a password by default (NOTE: in the default configura‐18:35
peterdv       tion this is the user’s password, not the root password). ...18:35
jnkqis ubuntu capable to be stable server?18:35
themimeah, man sudo, im dumb haha18:37
* themime goes and rtfm18:37
J-_http://pastebin.ca/951848 any ideas? What can I do to fix this?18:38
J-_http://pastebin.ca/951851 Here is my syslog18:41
ivoksJ-_: did you check if /var/run/mysqld/mysqld.sock exist?18:41
J-_ivoks: I just cd /var/run/mysqld, typed ls, and mysqld.sock doesn't exist.18:43
J-_ivoks: what can I do to fix it?18:44
ivoksJ-_: can you start mysql?18:44
J-_no18:44
J-_I just tried to restart mysql, would that make it start?18:44
ivoks /etc/init.d/mysql start18:44
J-_ivoks: http://pastebin.ca/951848 shows still18:45
ivoksstart i said18:46
J-_sane thing18:46
J-_same*18:46
ivoksand syslog?18:46
J-_http://pastebin.ca/951851 syslog18:47
ivoksyou already pasted that link18:47
J-_yes18:47
J-_that was syslog says.18:47
ivoksi asked you to start mysql and paste syslog after that18:47
ivoksnot something you did 15 minutes ago18:47
ivoksand there's more in syslog than 10 lines, so please, paste more than 10 lines18:48
J-_ivoks: How can I show more than 10 lines?18:49
ivokstail -n 20 /var/log/syslog18:49
J-_ivoks: http://pastebin.ca/95188718:56
J-_Sorry about that. I was waiting for a reply, and didn't realize you typed something after I did, "/names" Pumpernickle is ghosting a lot.18:57
ivoksCan't start server: Bind on TCP/IP port: Cannot assign requested address18:57
J-_ivoks: What do I need to do to fix that?18:57
ivokscan you 'telnet localhost mysql'18:58
ivoksdoes it connect?18:58
J-_Trying 127.0.0.1, and it hasn't connected yet.18:59
ivoksok18:59
ivokspaste content of /etc/hosts on pastebin18:59
J-_ivoks: http://pastebin.ca/95189319:01
ivoksdo you start mysql with sudo?19:01
ivokssudo /etc/init.d/mysql start19:02
ivokswhat did you do before it stoped working?19:02
J-_ivoks: Yes I tried to start mysql with start. I was trying to configure my hosts, and connect from a static IP. I have the static IP configured I think, not sure if it's proper. But, I can ping google.19:04
J-_I also configured SSl for apache19:05
J-_I also installed phpmyadmin19:06
ivoksi'm not sure what you mean with configure your hosts19:06
ivoksubuntu is basicaly plug and play when it comes to LAMP stack19:06
J-_I tried configuring /etc/resolv.conf, and /etc/network/interfaces19:07
J-_want me to pastebin both of those configs?19:07
ivokspaste those files19:08
J-_okay19:08
J-_ivoks: http://pastebin.ca/95190219:12
ivoksnetwork is 192.168.1.019:14
ivoksnot 1.119:14
J-_ivoks: Why the change?19:15
J-_My router's IP address isn't 192.168.1.019:16
ivoksnetwork isn't IP of your ruter19:16
ivoksthat's gateway19:16
J-_k19:16
ivokschange to 019:17
ivoks /etc/init.d/networking restart19:17
J-_Okay, I restarted networking, mysql doesn't start still.19:19
J-_Nothing when I telnet 127.0.0.119:20
ivoksoh...19:20
J-_err, when I telnet mysql sorry19:20
ivoksyou  don't have loopback in interfaces?19:21
J-_What do I need to put in loopback?19:21
ivokshttp://pastebin.ca/95190819:21
ivoksafter you fix it, restart your computer, there are even more services that doesn't work19:23
ivoksdon't work19:23
J-_Okay19:24
J-_Just heard the server beep, it's restarting. =D I'm in another room.19:25
J-_Okay it's restarted I'm SSH'd into it.19:26
J-_ivoks: It says mysql already running it after trying to start it.19:27
ivoksthen it works19:27
ivokstry restarting19:28
J-_After trying to telnet to mysql it says, http://pastebin.ca/951914 Is that normal?19:29
J-_ivoks: Restarting what? the server, or networking?19:29
ivoksmysql19:29
J-_k19:29
ivoksthat's normal19:30
ivoksyes, it's working19:30
J-_Awesome, it restarted.19:30
ivoksleason learned? unix machines need loopback; never remove it19:30
J-_ivoks: Thank you very much dude. You have the patients of a saint. =)19:30
ivoksheh19:32
J-_ivoks: Much appreciated.19:32
ivoksnp19:32
=== blue-frog_ is now known as blue-frog
miteshhi i want to make a webserver with minimum configuration20:09
miteshand no additional package20:10
miteshhow can i start20:10
miteshalso can the appliance develop using Ubuntu JeOs be deployed on a real machine?20:11
miteshanyone there??20:12
fromportmitesh: install ubuntu server , no extra's (graphical desktop etc) and add on demand what you want/need (eg aptitude install apache2 etc)20:14
miteshis ubuntu server a bare minimum20:15
miteshor it can still be futher stripped of20:15
miteshoff20:15
fromportjeos == normal ubuntu but only without all overhead. any application you generate/develop will run on any "real" other ubuntu (given cpu architecture etc etch_20:16
fromportit's a bare minimum20:16
miteshfromport: ubuntu server is different from jeos20:17
miteshis JeOs only for Virtual appliance?20:17
fromportjeos is meant for bare minumum under virtual environments (if i'm correct)20:17
fromportso only has the drivers needed for that environment where as ubuntu-serverhas _all_ drivers (you dont know what hardware it will run on)20:18
miteshok ... so is there a way we can stip off ubuntu-server so it may become similar to jeos20:19
mitesh?20:19
fromporthow minumum would you like to go ?20:19
fromportwhy ?20:19
miteshi was actually going through this link http://www.ubuntu.com/products/whatisubuntu/serveredition/jeos and then later went and read this tutorial http://www.linux-mag.com/id/4829... so i am confused as can i use feos to make a webserver which can be deployed on a machine20:22
miteshas everywhere they are mentioning virtual appliance only20:22
fromportlet me read it real quick (still working too ;-)20:22
fromportyou cannot "copy" jeos from a virtual machine and expect it to run on a "real"machine20:24
themimeok, i reburned the server install, so i _know_ its the right one.  how can i completely format the disk, boot disk and all20:25
fromportbut if you develope a website (some cms & database) you could transfer that information to another machine installed with ubuntu-server20:25
fromportuse guided partioning from the cd, it will wipe your hd clean ;-)20:25
themimeawesome, thanks20:26
themimeactually, before i go through with the install, is there a way to confirm the cd is the server install while booted into the livecd part20:26
Nafallothe server install doesn't have a live part? :-)20:27
themimehaha, that should have been my first flag that went up.  haha so fromport, i think i burned the desktop install and labeled it "server install"20:28
themimeok, so let me rephrase then: how do i wipe the drive clean from the server install =)20:28
fromportjust boot the server image20:29
themimeso a normal install20:30
miteshfromport: any suggestion for my problem20:31
fromportthemime: http://howtoforge.org/perfect_server_ubuntu7.10 looks a lot like hardy ;-)20:31
themimebadass, thanks20:32
miteshcan i make a real appliance using jeos20:32
fromportdescribe " real appliance" ?20:32
fromportjeos is _not_ meant to run on hardware directly20:32
fromportonly in a virtual environment20:33
fromportso it doenst know about 100.000 different kinds of hardware.20:33
fromportubuntu-server does know a lot of different hardware and hence it's much larger/more complex that jeos20:33
fromportonce it's running applications like apache/databases etc dont know the difference20:34
fromportyou lost me, what are you trying to achieve ?20:34
miteshreal appliance one which i can thn copy on a cd and boot another machine from that cd20:34
miteshi got it thats what i need to know that jeos cant be run on hardware directly20:36
miteshdo you have any idea about GNAP = Gentoo Network Appliance20:36
fromportno knowledge of gentoo* whatsoever ...20:37
miteshok thanks for the help20:38
fromportgood luck! ;-)20:38
mitesh:)20:40
themimeheh, i used to have gentoo on this laptop, never did get the wireless to connect20:42
themimei think the install took a full night for the _base_ install20:44
themimeopen office took like 8 hours20:44
miteshyaa gentoo 1st compile everything firefox takes 48 mins to install20:45
themimefromport: this "perfect server" link is awesome20:47
fromportno other distro is so "tailor cut" for your system as gentoo. But it's not my "taste"20:57
fromport*bsd people who want to switch to linux are probably delighted ... :-)20:58
fromportemerge [this/that]20:58
miteshemerge world :P21:03
fromport:-)21:03
[mbm]anyone using xen under hardy?21:56
nxvlwhy is ubuntu a partner of zimbra and zimbra isn't included on ubuntu?22:20
fooIsn't Zimbra paid?22:21
nxvlsoren: around?22:24
sommernxvl: he's on vacation until tues22:30
nxvloh ok22:31
nxvldid you know something about small-bussiness-server?22:32
nxvlwhat's the state of it22:32
nxvli hvae just saw it was aproved on sevilla22:32
sommerit's too small, and not enought businessy :-)22:32
nxvlheh22:32
sommerare you talking about a blueprint?22:33
nxvlyup22:33
nxvlhttps://blueprints.edge.launchpad.net/ubuntu/+spec/ubuntu-easy-business-server22:33
sommerah... my opinion, the whole small business, enterprise, etc doesn't really make much sense22:34
sommerin the end you're really just talking about services :)22:34
sommeris one service small business and another enterprise?22:34
sommernxvl: thinking of brining it up at UDS?22:35
sommerthe blue print that is22:35
sommernxvl: I had a thought about a LDAP management "something" would really be needed22:38
\shsommer: apache directory studio, eclipse based...;)23:09
sommermmm... that's interesting23:10
\shsommer: and works actually23:10
sommerheh, that's always a plus23:10
\shsommer: serious, I'm using it for ldap management ( not the apache package but the eclipse plugin in my normal eclipse setup)23:11
\shyou can edit all stuff you want and add new ldap objects etc.23:11
sommercool... I really like the php/web plugins for eclipse23:12
sommerand the python, perl, ruby plugins :-)23:12
\shit was build when they started to work on an apache directory server, which works too..but not so known as openldap23:12
\shand full java power ;)23:12
rhineheart_mhello.. is modsecurity2 in the repo? is it alright to install it in gutsy?23:13
sommer\sh: thanks, I'll look into that23:13
\shsommer: you're welcome23:14
=== \sh is now known as \sh_away
rhineheart_mcan anybody suggest here if it is safe to follow this tutorial? http://www.howtoforge.com/apache_mod_security23:24
dthackerrhineheart_m: what are your concerns?23:44
rhineheart_mdthacker: thanks for that.. I just want to mask my http header information something like to Apache (unix)..23:45
dthackerrhineheart_m: I'm not sure if that tutorial will help you do that.  My concern with it is that it's using 2 year old versions.23:49
rhineheart_mdthacker: Yeah.. I noticed it...that's why I didn't do it.. owss... are you using modsecurity2?23:50
dthackerrhineheart_m: no I have a low traffic site and my config is very plain.23:51
rhineheart_mdthacker: okay.. did you modify the way apache2 gives info in the http header request?23:52
dthackerrhineheart_m: no23:52
rhineheart_mCan anybody here tell me if this bug has been alreadu fixed and added to the repo? Bug #15674823:54
ubotuLaunchpad bug 156748 in iperf "Thread library bug for kernel >= 2.6.21" [Unknown,Fix released] https://launchpad.net/bugs/15674823:54
J-_Hello, I'm having a problem with no-ip in the Dapper installation. I already set it up but, when I want to run it, "sudo no-ip -C" it says "file '/etc/no-ip.conf' is in the use of process 3723. Ending!" Can I kill -9 the process and reconfigure it?23:56
J-_Nevermind, I just sudo killed the process. It worked.23:58

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!