[00:37] <wantE17style> hello
[00:46] <aetaric> wantE17style: just ask them
[02:53] <slide> What is getty? Im trying to remove any un needed programs on my server and i have this running "/sbin/getty 38400 tty1"
[02:57] <nawty> slide: http://www.google.co.uk/search?q=what+is+getty&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
[02:57] <nawty> slide: also, what version of ubuntu server are you running?
[02:58] <slide> i think the newest, my host just reinstalled for me so im not sure what they used
[02:58] <slide> gutsy
[02:59] <slide> according to apt sources heh
[02:59] <nawty> slide: what does /etc/issue say?
[02:59] <slide> Ubuntu 7.10
[03:00] <nawty> slide: and you'll have to bear with me for a moment here, it's 3am, and my brain's slow :P
[03:00] <slide> hehe yea, brains slow here too.. family has been over alll day
[03:00] <nawty> slide: dpkg -S /sbin/init
[03:01] <nawty> slide: what does that return?
[03:01] <nawty> slide: do you know what getty does yet?
[03:01] <slide> sysvinit: /sbin/init
[03:02] <nawty> ok, that's running the old (pre-upstart) init system.
[03:02] <slide> yea its something for termals dunno
[03:02] <nawty> slide: so getty controls the login prompts you see on your ubuntu servers
[03:02] <nawty> slide: alt-f1, alt-f2... etc...
[03:02] <nawty> tty0 is the first one, and tty1... etc... you get the idea no doubt.
[03:03] <slide> yea
[03:03] <slide> I guess thats the remove console that my host offers
[03:03] <nawty> i'm assuming because this is a server you would like to have only the first terminal available, and remove the extras ?
[03:03] <slide> remove/remote
[03:03] <nawty> slide: <editor-of-choice-here> /etc/inittab
[03:04] <nawty> go down to the lines that have tty..etc...
[03:04] <slide> 1:2345:respawn:/sbin/getty 38400 tty1
[03:04] <slide> thats the only 1
[03:04] <nawty> are you sure?
[03:04] <slide> yea
[03:05] <nawty> so in theory, you should have lines that look like this:
[03:05] <nawty> #2:23:respawn:/sbin/getty 38400 tty2
[03:05] <nawty> #3:23:respawn:/sbin/getty 38400 tty3
[03:05] <nawty> #4:23:respawn:/sbin/getty 38400 tty4
[03:05] <nawty> #5:23:respawn:/sbin/getty 38400 tty5
[03:05] <nawty> #6:23:respawn:/sbin/getty 38400 tty6
[03:05] <slide> exactly
[03:05] <nawty> well, without the #'s.
[03:05] <slide> no, with the #'s
[03:06] <nawty> well, do you have lines that resemble that at all? and if so, do they have the #'s?
[03:07] <slide> i have exactly, the line i pasted and then the lines you pasted
[03:07] <nawty> and, then when you do a ps afx you have only the one line ? or do you have all of the lines? (more than the tty1 line)
[03:08] <slide> only the 1 line
[03:08] <nawty> ah, you could remove the tty0, but i would really suggest against it!
[03:09] <slide> i think the tty1 may be how my zen host has 'remote console' that i can see the system boot up with
[03:09] <slide> hrm
[03:09] <slide> maybe not
[03:10] <nawty> bah, i'm an idiot, i mean to be talking about tty1, not tty0
[03:10] <slide> yea i figured heh
[03:10] <nawty> hehehe, yeah, you're right, tty1 is your 'console'
[03:10] <nawty> I'm pretty sure you could remove such an evil process :P
[03:10] <nawty> but i'd suggest against it.
[03:11] <slide> yea
[03:11] <slide> im not gonna ;)
[03:11] <slide> do you know of any guides or anything to help me really secure my server?
[03:12] <nawty> and on that bomb shell, i'm going to put my ass to bed.
[03:12] <slide> i got hacked recently and DONT want it to happen again
[03:12] <nawty> slide: give me a second, i'll see if i can find you something
[03:12] <slide> thanks! :)
[03:12] <nawty> slide: ah, so there's a few things you can do off the bat.
[03:12] <nawty> slide: ssh no root logins, iptables unused incoming ports
[03:12] <nawty> slide: daemons listening on localhost
[03:12] <nawty> slide: do you run php of any flavour?
[03:12] <slide> yes
[03:13] <nawty> slide: running hardened php
[03:13] <nawty> slide: do you run it as the apache user?
[03:14] <nawty> slide: if so, you should investigate running it as a su-php configuration
[03:14] <slide> apache runs as www
[03:14] <nawty> www-data
[03:14] <nawty> that's flavour dependant unfortunately
[03:14] <slide> no heh
[03:14] <slide> i changed it to www
[03:15] <nawty> which ever and all, no doubt you do mass virtual hosting of some sort or another ?
[03:16] <slide> yea
[03:16] <nawty> slide: suphp + hardenedphp
[03:17] <nawty> slide: and try get your users to have non-generic uid's
[03:17] <nawty> slide: and, then that of course runs straight out the box from apt
[03:17] <slide> i have no real users
[03:17] <nawty> slide: make sure your /tmp is mounted with noexec
[03:18] <nawty> slide: i was more thinking create some at least semi-non-generic uid groups
[03:18] <nawty> so for client x, all his sites get a uid, and then client y, all her sites get a uid
[03:18] <nawty> more to avoid one clients bad code to be able to affect another users.
[03:18] <nawty> if you're paranoid you can look at something like portsentry
[03:19] <nawty> 8.04 is going to include apparmour
[03:19] <slide> cool cool :)
[03:21] <nawty> slide: unfortunately, i can't be of much help right this second.
[03:21] <slide> thats cool
[03:21] <slide> go to sleep
[03:21] <slide> hehe
[03:22] <nawty> slide: heheh, remind me in about 12 hours and i'll give you a run down of exactly what i've done to some of my mass virtual hosting boxen to avoid them getting hacked
[03:22] <slide> sweet!
[03:22] <slide> thanks :)
[03:22] <nawty> slide: i've had a total of 3 compromised servers in about 8 years, and over 7500 websites at one point :)
[03:22] <slide> dang
[03:22] <slide> how do you handle them when they get compromised?
[03:23] <nawty> 2 of said servers were not actually running anything :P but stupid ass me forgot they were on the network.
[03:23] <nawty> slide: pull ethernet, work back through logs and such, and once i can verify that the data isn't dodgy, use that data, else use backup restored data to restore post reinstall.
[03:24] <slide> yea im having a hard time figuring out how they got in
[03:24] <nawty> slide: i doubt anyone i know would be comfortable with a compromised server even after cleanup, over a clean new install.
[03:24] <slide> i got my host to backup server and reinstal and let me view the backup
[03:24] <nawty> slide: error log not have anything at all?
[03:24] <nawty> slide: and, did you check /tmp ?
[03:24] <slide> nawty, well not that I could see
[03:24] <slide> but im no expert so
[03:25] <slide> nawty, nothing at all in there
[03:25] <nawty> slide: if you could find something in /tmp, or some shared place tha they'd have placed their uploaded files
[03:25] <nawty> slide: ah, but it's been rebooted :9
[03:25] <nawty> :(
[03:25] <slide> nawty, i did get a report about some phising pages on one of the sites
[03:25] <slide> and my host deleted those files though
[03:25] <nawty> slide: could be a result of the hack.
[03:25] <slide> right
[03:26] <slide> and i think they were sending spam
[03:26] <nawty> slide: also, could've been 2 separate hacks, one for spam, one for phishing.
[03:26] <slide> which is why i took it down without really letting my users know
[03:26] <slide> b/c didnt want to get their emails blacklisted
[03:26] <nawty> slide: eeek. good idea, but in future try organise a kvm and pull the network
[03:26] <slide> kvm?
[03:26] <nawty> slide: from there you can work your way back without rebooting the box and loosing iformation
[03:26] <nawty> slide: access to the keyboard and mouse.
[03:26] <slide> ah
[03:27] <nawty> slide: and video, but over the network
[03:27] <nawty> well, to be technically correct, it'd be an IPKVM, or IP Based Management Console
[03:28] <nawty> slide: running processes, memory filesystems, and logs should all be kept as pristine as possible to work your way back.
[03:28] <slide> yea
[03:28] <nawty> slide: cissp has a bit on how to forensically analyze a server, see if you can find some information on that.
[03:28] <slide> k
[03:28] <nawty> slide: but it's been years since i last looked at the cissp course material.
[03:29] <nawty> slide: anyway, goin to get some sleep, nite nite :)
[03:29] <nawty> *wave*
[03:29] <slide> nite
[03:29] <slide> thanks
[03:29] <slide> ttyl
=== freeflyi1g is now known as freeflying
[06:52] <J-_> When using ddclient, it says, "Enter the interface which is used for using dynamic DNS service. Interface used for dynamic DNS service:" do I put my dynamic IP in there, or router's static IP?
[06:52] <kgoetz> *interface*
[06:53] <kgoetz> usually means device, like eth0, ppp0, etc
[07:16] <J-_> !httpd
[07:16] <ubotu> Sorry, I don't know anything about httpd - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
[07:38] <J-_> I'm trying to make a Virtual host to point to http://directory.site.dyndns.org on my http://site.dyndns.org website pointing to my server. My IP always changes, how can I define the IP since I have to define the IP:80(ie. NameVirtualHost ip.address:port) in /etc/apache2/apache2.conf?
[07:38] <Kamping_Kaiser> i doubt you'll be able to do subdomains on a dyndns account
[07:39] <J-_> I can
[07:39] <Kamping_Kaiser> really?
[07:40] <J-_> I can do wildcards
[07:40] <J-_> http://www.dyndns.com/services/dns/dyndns/howto.html
[07:40] <J-_> shows how to set up the ddclient, but says something about wildcards.
[07:41] <Kamping_Kaiser> J-_, http://k-k.homelinux.net:81/~kgoetz/apache2-vhost-template.txt
[08:22] <J-_> If I can't get my server to come up with 127.0.0.1 does it mean it's not set up corrently, or is something not defined?
[08:25] <fromport> J- you're error description doesn't make sense: cannot computer
[08:25] <fromport> compute
[10:08] <J-_> Do I need to make a virtual hosting for my /var/www/ too now that I've made one for /var/www/about/?
[10:09] <J-_> virtual host*
[10:10] <J-_> It's weird. Since I made the /var/www/about/ virtual host, I go to my /var/www/ and it shows the same page.
[10:11]  * J-_ asks in apache.
[12:15] <aetaric> is it possible to port forward ssh?
[12:15] <faulkes-> yes
[12:16] <aetaric> then why won't i let me
[12:16] <aetaric> *it
[12:16] <faulkes-> there are any number of possible reasons why it won't let you do it
[12:17] <faulkes-> for instance, trying to port forward a port under <1024 as non-root
[12:17] <faulkes-> configuration options set in ssh_config, sshd_config etc..
[12:17] <faulkes-> or possible user error
[12:18] <aetaric> i don't have iptables or any firewall..and im using the default ssh configs
[12:20] <aetaric> can you help me resolve this problem?
[14:10] <AlexC_> hey,
[14:11] <AlexC_> I'm trying to setup Bind9 so that `example.com` runs on one IP, and `foobar.example.com` runs on another, this seems to work (pinging them shows the correct IP) however, I am unable to connect to it via a webbrowser
[14:12] <Kamping_Kaiser> sounds like apache is misconfigured
[14:12] <Kamping_Kaiser> btw. what guide did you follow for bind?
[14:13] <AlexC_> I haven't followed a guide, really
[14:13] <AlexC_> right, example.com should serve as a normal Apache virtual host, however foobar.example.com should connect to port 882 and it runs webmin
[14:14] <AlexC_> no, wait. https://foobar.example.com:882 runs Webmin (so seperate from Apache) *however* https://foobar.example.com runs as a virtual host
[14:18] <AlexC_> nevermind, I have it working =)
[15:09] <nxvl> mathiaz: hi!
[15:10] <zul> hey mathiaz
[16:30] <nxvl> nijaba: did you take a look at Bug #162167 ?
[16:30] <ubotu> Launchpad bug 162167 in mysql-dfsg-5.0 "mySQL password asks only once" [Wishlist,Confirmed] https://launchpad.net/bugs/162167
=== benny_lava is now known as dantalizing
[17:28] <nxvl> dendrobates: did you take a look at Bug #196778 ?
[17:28] <ubotu> Launchpad bug 196778 in likewise-open "Provide likewise-open-gui and likewise-open binaries rather than domainjoin-gui and domainjoin-cli" [Low,Confirmed] https://launchpad.net/bugs/196778
[17:30] <dendrobates> nxvl: I have merged your debdiff and some other changes and am testing now.
[17:30] <nxvl> dendrobates: :D
[17:34] <nxvl> btw
[17:34] <nxvl> dendrobates: did you check about the student program we talk about some days ago?
[17:34] <dendrobates> nxvl: not yet.
[17:34] <nxvl> ok
[17:34] <nxvl> if you know smoething please let me know
[19:19] <Sylphid> comming from a red hat background would ubuntu or debian be more up my ally for a server install?
[19:20] <sommer> Sylphid: I'd vote for Ubuntu
[19:22] <kirkland> Sylphid: do you have a preference between, say RHEL and Fedora?
[19:23] <Sylphid> i was actually using fedora
[19:23] <kirkland> Sylphid: If you prefer the speed at which Fedora tracks mainline, you'd like Ubuntu.
[19:23] <Sylphid> but it was compromised
[19:24] <kirkland> Sylphid: if you want long term or even commercial support, look at Ubuntu's LTS releases
[19:25] <Sylphid> debian does not have a kernel compiled for server optimization out of box correct?
[19:27] <Sylphid> does ubuntu default to enabling SELinux
[19:29] <sommer> Sylphid: it defaults to using AppArmor, but you can easily install SELinux
[19:30] <Sylphid> hmm never used AppArmor .... less annoying that SELinux? =D
[19:35] <sommer> I've found it easier to configure
[19:38] <Sylphid> ty sommer and kirkland for ur time... ill give ubuntu server a shot :)
[19:39] <kirkland> Sylphid: have fun
[19:39] <Sylphid> always
[19:49] <w0nder> anyone recommend a particular irc server for my small office?
[20:06] <JaxxMaxx_> Anyone here have experience with FreeRadius, and more specifically, the webadmin module  dialup_admin  for that RADIUS server?  Its documentation mentions making sure PHP4 modules are loaded into apache, but I read recently that version 4 isn't in 7.10   Would the php5 work?
[20:17] <ScottK> JaxxMaxx_: I'm not familiar with that module, but at a guess I'd say almost certainly not.
[20:23] <timboy> i'm running apache. what owner should I make my var/www/* ?
[20:34] <sommer> timboy: www-data
[20:36] <timboy> sommer, thx!
[20:40] <sommer> timboy: you're welcome
[21:24] <timboy> I have a stock apache setup on gutsy server and I wanted to get ssl working. What's the best way to do so? I already have ssl working for my email server I just want the webmail logins to be encrypted...
[21:27] <sommer> timboy: the gutsy serverguide should help: https://help.ubuntu.com/7.10/server/C/httpd.html
[21:29] <timboy> thx again sommer
[21:29] <sommer> np
=== googlah|1leepy is now known as googlah
[23:43] <lamont`> ScottK: you around?
[23:43] <lamont`> debian 3118123
[23:43] <lamont`> debian 311812
[23:43] <ubotu> Debian bug 311812 in postfix "postfix: syslog reconnection" [Grave,Open] http://bugs.debian.org/311812