| wantE17style | hello | 00:37 |
|---|---|---|
| aetaric | wantE17style: just ask them | 00:46 |
| slide | What is getty? Im trying to remove any un needed programs on my server and i have this running "/sbin/getty 38400 tty1" | 02:53 |
| nawty | slide: http://www.google.co.uk/search?q=what+is+getty&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a | 02:57 |
| nawty | slide: also, what version of ubuntu server are you running? | 02:57 |
| slide | i think the newest, my host just reinstalled for me so im not sure what they used | 02:58 |
| slide | gutsy | 02:58 |
| slide | according to apt sources heh | 02:59 |
| nawty | slide: what does /etc/issue say? | 02:59 |
| slide | Ubuntu 7.10 | 02:59 |
| nawty | slide: and you'll have to bear with me for a moment here, it's 3am, and my brain's slow :P | 03:00 |
| slide | hehe yea, brains slow here too.. family has been over alll day | 03:00 |
| nawty | slide: dpkg -S /sbin/init | 03:00 |
| nawty | slide: what does that return? | 03:01 |
| nawty | slide: do you know what getty does yet? | 03:01 |
| slide | sysvinit: /sbin/init | 03:01 |
| nawty | ok, that's running the old (pre-upstart) init system. | 03:02 |
| slide | yea its something for termals dunno | 03:02 |
| nawty | slide: so getty controls the login prompts you see on your ubuntu servers | 03:02 |
| nawty | slide: alt-f1, alt-f2... etc... | 03:02 |
| nawty | tty0 is the first one, and tty1... etc... you get the idea no doubt. | 03:02 |
| slide | yea | 03:03 |
| slide | I guess thats the remove console that my host offers | 03:03 |
| nawty | i'm assuming because this is a server you would like to have only the first terminal available, and remove the extras ? | 03:03 |
| slide | remove/remote | 03:03 |
| nawty | slide: <editor-of-choice-here> /etc/inittab | 03:03 |
| nawty | go down to the lines that have tty..etc... | 03:04 |
| slide | 1:2345:respawn:/sbin/getty 38400 tty1 | 03:04 |
| slide | thats the only 1 | 03:04 |
| nawty | are you sure? | 03:04 |
| slide | yea | 03:04 |
| nawty | so in theory, you should have lines that look like this: | 03:05 |
| nawty | #2:23:respawn:/sbin/getty 38400 tty2 | 03:05 |
| nawty | #3:23:respawn:/sbin/getty 38400 tty3 | 03:05 |
| nawty | #4:23:respawn:/sbin/getty 38400 tty4 | 03:05 |
| nawty | #5:23:respawn:/sbin/getty 38400 tty5 | 03:05 |
| nawty | #6:23:respawn:/sbin/getty 38400 tty6 | 03:05 |
| slide | exactly | 03:05 |
| nawty | well, without the #'s. | 03:05 |
| slide | no, with the #'s | 03:05 |
| nawty | well, do you have lines that resemble that at all? and if so, do they have the #'s? | 03:06 |
| slide | i have exactly, the line i pasted and then the lines you pasted | 03:07 |
| nawty | and, then when you do a ps afx you have only the one line ? or do you have all of the lines? (more than the tty1 line) | 03:07 |
| slide | only the 1 line | 03:08 |
| nawty | ah, you could remove the tty0, but i would really suggest against it! | 03:08 |
| slide | i think the tty1 may be how my zen host has 'remote console' that i can see the system boot up with | 03:09 |
| slide | hrm | 03:09 |
| slide | maybe not | 03:09 |
| nawty | bah, i'm an idiot, i mean to be talking about tty1, not tty0 | 03:10 |
| slide | yea i figured heh | 03:10 |
| nawty | hehehe, yeah, you're right, tty1 is your 'console' | 03:10 |
| nawty | I'm pretty sure you could remove such an evil process :P | 03:10 |
| nawty | but i'd suggest against it. | 03:10 |
| slide | yea | 03:11 |
| slide | im not gonna ;) | 03:11 |
| slide | do you know of any guides or anything to help me really secure my server? | 03:11 |
| nawty | and on that bomb shell, i'm going to put my ass to bed. | 03:12 |
| slide | i got hacked recently and DONT want it to happen again | 03:12 |
| nawty | slide: give me a second, i'll see if i can find you something | 03:12 |
| slide | thanks! :) | 03:12 |
| nawty | slide: ah, so there's a few things you can do off the bat. | 03:12 |
| nawty | slide: ssh no root logins, iptables unused incoming ports | 03:12 |
| nawty | slide: daemons listening on localhost | 03:12 |
| nawty | slide: do you run php of any flavour? | 03:12 |
| slide | yes | 03:12 |
| nawty | slide: running hardened php | 03:13 |
| nawty | slide: do you run it as the apache user? | 03:13 |
| nawty | slide: if so, you should investigate running it as a su-php configuration | 03:14 |
| slide | apache runs as www | 03:14 |
| nawty | www-data | 03:14 |
| nawty | that's flavour dependant unfortunately | 03:14 |
| slide | no heh | 03:14 |
| slide | i changed it to www | 03:14 |
| nawty | which ever and all, no doubt you do mass virtual hosting of some sort or another ? | 03:15 |
| slide | yea | 03:16 |
| nawty | slide: suphp + hardenedphp | 03:16 |
| nawty | slide: and try get your users to have non-generic uid's | 03:17 |
| nawty | slide: and, then that of course runs straight out the box from apt | 03:17 |
| slide | i have no real users | 03:17 |
| nawty | slide: make sure your /tmp is mounted with noexec | 03:17 |
| nawty | slide: i was more thinking create some at least semi-non-generic uid groups | 03:18 |
| nawty | so for client x, all his sites get a uid, and then client y, all her sites get a uid | 03:18 |
| nawty | more to avoid one clients bad code to be able to affect another users. | 03:18 |
| nawty | if you're paranoid you can look at something like portsentry | 03:18 |
| nawty | 8.04 is going to include apparmour | 03:19 |
| slide | cool cool :) | 03:19 |
| nawty | slide: unfortunately, i can't be of much help right this second. | 03:21 |
| slide | thats cool | 03:21 |
| slide | go to sleep | 03:21 |
| slide | hehe | 03:21 |
| nawty | slide: heheh, remind me in about 12 hours and i'll give you a run down of exactly what i've done to some of my mass virtual hosting boxen to avoid them getting hacked | 03:22 |
| slide | sweet! | 03:22 |
| slide | thanks :) | 03:22 |
| nawty | slide: i've had a total of 3 compromised servers in about 8 years, and over 7500 websites at one point :) | 03:22 |
| slide | dang | 03:22 |
| slide | how do you handle them when they get compromised? | 03:22 |
| nawty | 2 of said servers were not actually running anything :P but stupid ass me forgot they were on the network. | 03:23 |
| nawty | slide: pull ethernet, work back through logs and such, and once i can verify that the data isn't dodgy, use that data, else use backup restored data to restore post reinstall. | 03:23 |
| slide | yea im having a hard time figuring out how they got in | 03:24 |
| nawty | slide: i doubt anyone i know would be comfortable with a compromised server even after cleanup, over a clean new install. | 03:24 |
| slide | i got my host to backup server and reinstal and let me view the backup | 03:24 |
| nawty | slide: error log not have anything at all? | 03:24 |
| nawty | slide: and, did you check /tmp ? | 03:24 |
| slide | nawty, well not that I could see | 03:24 |
| slide | but im no expert so | 03:24 |
| slide | nawty, nothing at all in there | 03:25 |
| nawty | slide: if you could find something in /tmp, or some shared place tha they'd have placed their uploaded files | 03:25 |
| nawty | slide: ah, but it's been rebooted :9 | 03:25 |
| nawty | :( | 03:25 |
| slide | nawty, i did get a report about some phising pages on one of the sites | 03:25 |
| slide | and my host deleted those files though | 03:25 |
| nawty | slide: could be a result of the hack. | 03:25 |
| slide | right | 03:25 |
| slide | and i think they were sending spam | 03:26 |
| nawty | slide: also, could've been 2 separate hacks, one for spam, one for phishing. | 03:26 |
| slide | which is why i took it down without really letting my users know | 03:26 |
| slide | b/c didnt want to get their emails blacklisted | 03:26 |
| nawty | slide: eeek. good idea, but in future try organise a kvm and pull the network | 03:26 |
| slide | kvm? | 03:26 |
| nawty | slide: from there you can work your way back without rebooting the box and loosing iformation | 03:26 |
| nawty | slide: access to the keyboard and mouse. | 03:26 |
| slide | ah | 03:26 |
| nawty | slide: and video, but over the network | 03:27 |
| nawty | well, to be technically correct, it'd be an IPKVM, or IP Based Management Console | 03:27 |
| nawty | slide: running processes, memory filesystems, and logs should all be kept as pristine as possible to work your way back. | 03:28 |
| slide | yea | 03:28 |
| nawty | slide: cissp has a bit on how to forensically analyze a server, see if you can find some information on that. | 03:28 |
| slide | k | 03:28 |
| nawty | slide: but it's been years since i last looked at the cissp course material. | 03:28 |
| nawty | slide: anyway, goin to get some sleep, nite nite :) | 03:29 |
| nawty | *wave* | 03:29 |
| slide | nite | 03:29 |
| slide | thanks | 03:29 |
| slide | ttyl | 03:29 |
| === freeflyi1g is now known as freeflying | ||
| J-_ | When using ddclient, it says, "Enter the interface which is used for using dynamic DNS service. Interface used for dynamic DNS service:" do I put my dynamic IP in there, or router's static IP? | 06:52 |
| kgoetz | *interface* | 06:52 |
| kgoetz | usually means device, like eth0, ppp0, etc | 06:53 |
| J-_ | !httpd | 07:16 |
| ubotu | Sorry, I don't know anything about httpd - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi | 07:16 |
| J-_ | I'm trying to make a Virtual host to point to http://directory.site.dyndns.org on my http://site.dyndns.org website pointing to my server. My IP always changes, how can I define the IP since I have to define the IP:80(ie. NameVirtualHost ip.address:port) in /etc/apache2/apache2.conf? | 07:38 |
| Kamping_Kaiser | i doubt you'll be able to do subdomains on a dyndns account | 07:38 |
| J-_ | I can | 07:39 |
| Kamping_Kaiser | really? | 07:39 |
| J-_ | I can do wildcards | 07:40 |
| J-_ | http://www.dyndns.com/services/dns/dyndns/howto.html | 07:40 |
| J-_ | shows how to set up the ddclient, but says something about wildcards. | 07:40 |
| Kamping_Kaiser | J-_, http://k-k.homelinux.net:81/~kgoetz/apache2-vhost-template.txt | 07:41 |
| J-_ | If I can't get my server to come up with 127.0.0.1 does it mean it's not set up corrently, or is something not defined? | 08:22 |
| fromport | J- you're error description doesn't make sense: cannot computer | 08:25 |
| fromport | compute | 08:25 |
| J-_ | Do I need to make a virtual hosting for my /var/www/ too now that I've made one for /var/www/about/? | 10:08 |
| J-_ | virtual host* | 10:09 |
| J-_ | It's weird. Since I made the /var/www/about/ virtual host, I go to my /var/www/ and it shows the same page. | 10:10 |
| * J-_ asks in apache. | 10:11 | |
| aetaric | is it possible to port forward ssh? | 12:15 |
| faulkes- | yes | 12:15 |
| aetaric | then why won't i let me | 12:16 |
| aetaric | *it | 12:16 |
| faulkes- | there are any number of possible reasons why it won't let you do it | 12:16 |
| faulkes- | for instance, trying to port forward a port under <1024 as non-root | 12:17 |
| faulkes- | configuration options set in ssh_config, sshd_config etc.. | 12:17 |
| faulkes- | or possible user error | 12:17 |
| aetaric | i don't have iptables or any firewall..and im using the default ssh configs | 12:18 |
| aetaric | can you help me resolve this problem? | 12:20 |
| AlexC_ | hey, | 14:10 |
| AlexC_ | I'm trying to setup Bind9 so that `example.com` runs on one IP, and `foobar.example.com` runs on another, this seems to work (pinging them shows the correct IP) however, I am unable to connect to it via a webbrowser | 14:11 |
| Kamping_Kaiser | sounds like apache is misconfigured | 14:12 |
| Kamping_Kaiser | btw. what guide did you follow for bind? | 14:12 |
| AlexC_ | I haven't followed a guide, really | 14:13 |
| AlexC_ | right, example.com should serve as a normal Apache virtual host, however foobar.example.com should connect to port 882 and it runs webmin | 14:13 |
| AlexC_ | no, wait. https://foobar.example.com:882 runs Webmin (so seperate from Apache) *however* https://foobar.example.com runs as a virtual host | 14:14 |
| AlexC_ | nevermind, I have it working =) | 14:18 |
| nxvl | mathiaz: hi! | 15:09 |
| zul | hey mathiaz | 15:10 |
| nxvl | nijaba: did you take a look at Bug #162167 ? | 16:30 |
| ubotu | Launchpad bug 162167 in mysql-dfsg-5.0 "mySQL password asks only once" [Wishlist,Confirmed] https://launchpad.net/bugs/162167 | 16:30 |
| === benny_lava is now known as dantalizing | ||
| nxvl | dendrobates: did you take a look at Bug #196778 ? | 17:28 |
| ubotu | Launchpad bug 196778 in likewise-open "Provide likewise-open-gui and likewise-open binaries rather than domainjoin-gui and domainjoin-cli" [Low,Confirmed] https://launchpad.net/bugs/196778 | 17:28 |
| dendrobates | nxvl: I have merged your debdiff and some other changes and am testing now. | 17:30 |
| nxvl | dendrobates: :D | 17:30 |
| nxvl | btw | 17:34 |
| nxvl | dendrobates: did you check about the student program we talk about some days ago? | 17:34 |
| dendrobates | nxvl: not yet. | 17:34 |
| nxvl | ok | 17:34 |
| nxvl | if you know smoething please let me know | 17:34 |
| Sylphid | comming from a red hat background would ubuntu or debian be more up my ally for a server install? | 19:19 |
| sommer | Sylphid: I'd vote for Ubuntu | 19:20 |
| kirkland | Sylphid: do you have a preference between, say RHEL and Fedora? | 19:22 |
| Sylphid | i was actually using fedora | 19:23 |
| kirkland | Sylphid: If you prefer the speed at which Fedora tracks mainline, you'd like Ubuntu. | 19:23 |
| Sylphid | but it was compromised | 19:23 |
| kirkland | Sylphid: if you want long term or even commercial support, look at Ubuntu's LTS releases | 19:24 |
| Sylphid | debian does not have a kernel compiled for server optimization out of box correct? | 19:25 |
| Sylphid | does ubuntu default to enabling SELinux | 19:27 |
| sommer | Sylphid: it defaults to using AppArmor, but you can easily install SELinux | 19:29 |
| Sylphid | hmm never used AppArmor .... less annoying that SELinux? =D | 19:30 |
| sommer | I've found it easier to configure | 19:35 |
| Sylphid | ty sommer and kirkland for ur time... ill give ubuntu server a shot :) | 19:38 |
| kirkland | Sylphid: have fun | 19:39 |
| Sylphid | always | 19:39 |
| w0nder | anyone recommend a particular irc server for my small office? | 19:49 |
| JaxxMaxx_ | Anyone here have experience with FreeRadius, and more specifically, the webadmin module dialup_admin for that RADIUS server? Its documentation mentions making sure PHP4 modules are loaded into apache, but I read recently that version 4 isn't in 7.10 Would the php5 work? | 20:06 |
| ScottK | JaxxMaxx_: I'm not familiar with that module, but at a guess I'd say almost certainly not. | 20:17 |
| timboy | i'm running apache. what owner should I make my var/www/* ? | 20:23 |
| sommer | timboy: www-data | 20:34 |
| timboy | sommer, thx! | 20:36 |
| sommer | timboy: you're welcome | 20:40 |
| timboy | I have a stock apache setup on gutsy server and I wanted to get ssl working. What's the best way to do so? I already have ssl working for my email server I just want the webmail logins to be encrypted... | 21:24 |
| sommer | timboy: the gutsy serverguide should help: https://help.ubuntu.com/7.10/server/C/httpd.html | 21:27 |
| timboy | thx again sommer | 21:29 |
| sommer | np | 21:29 |
| === googlah|1leepy is now known as googlah | ||
| lamont` | ScottK: you around? | 23:43 |
| lamont` | debian 3118123 | 23:43 |
| lamont` | debian 311812 | 23:43 |
| ubotu | Debian bug 311812 in postfix "postfix: syslog reconnection" [Grave,Open] http://bugs.debian.org/311812 | 23:43 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!