/srv/irclogs.ubuntu.com/2008/07/24/#ubuntu-server.txt

hadsbitsbam: That would depend on the POP/IMAP server. I'm not sure if they would have a defined order though they may.00:01
hadsAt a guess you'd probably either need to read the source of the particular server of test it and see to find out.00:02
bitsbamwe are running a pop server. now if i make a request to fetch all unread emails, they come in order that they hit the server?00:02
bitsbamyeah00:02
bitsbamis cool00:02
bitsbamthans00:02
hadsYou'd think it would be FIFO but I guess that depends on the POP server.00:02
bitsbamyeah, i am reading the site docs for our pop server now.00:08
bitsbamwill let you know00:08
mathiazsommer: I've written some instructions about updating the Ubuntu Server Guide : https://wiki.ubuntu.com/ServerTeam/KnowledgeBase#serverguide00:48
mathiazsommer: let me know what you think about it00:48
kirklandmathiaz: hey, i did a few more init script patches00:48
kirklandmathiaz: the list is up to date on https://wiki.ubuntu.com/InitScriptStatusActions00:48
kirklandmathiaz: any of those you'd like to review/sponsor?  :-)00:49
mathiazkirkland: noticed a couple of bugs you've filed coming in :)00:49
kirklandmathiaz: yessir00:49
mathiazkirkland: will take a look at it - but we have to wait until alpha3 is out as we're in a soft freeze for the archive for now00:49
kirklandmathiaz: i understand that00:50
kirklandmathiaz: i decided to go ahead and do the services that i personally run and want status on :-)00:50
kirklandmathiaz: and the ones in universe are not frozen, right?00:51
mathiazkirkland: nope - universe is open for business00:52
mathiazkirkland: the soft freeze only applies to packages that are included on cds00:52
kirklandmathiaz: right00:52
kirklandmathiaz: can MOTU upload to multiverse?00:52
mathiazkirkland: yes00:52
kirklandmathiaz: ie, who do I subscribe to a patch against a multiverse package?00:52
kirklandubuntu-universe-sponsors?00:52
mathiazkirkland: multiverse is the same thing as restricted for main00:52
mathiazkirkland: correct - ubuntu-universe-sponsors is the correct team to subscribe00:53
kirklandmathiaz: perfect00:53
uvirtbotNew bug: #231882 in openldap (main) "slapd syncrepl from 2.3 to 2.4 fails" [Undecided,New] https://launchpad.net/bugs/23188201:31
sommermathiaz: awesome, the page looks good to me01:57
sommermathiaz: I really need to learn some more bzr... I didn't know you can use it to send emails, that's really cool01:57
mathiazsommer: yes - and the good part is that you don't an LP account to do so02:05
mathiazsommer: you can even the email adress to send merge request to in the public branch02:05
mathiazsommer: so the last step can be reduced to : bzr send02:06
sommercool, the doc team really isn't using bzr to it's fullest potential :-)02:06
sommerbut then again there aren't that many commits02:06
sommerit would be better if there were though, heh02:07
RoAkSoAxkirkland, ping03:31
unewbiehas anyone copy DVD repo to HDD?04:13
=== c1|freaky is now known as fReAkY[t]
=== fReAkY[t] is now known as c1|freaky
=== RoAk is now known as RoAkSoAx
krautmoin08:05
unewbiehas anyone copy DVD repo to HDD?08:23
afiefHow can I configure NetworkManager to work on a static IP?08:34
uvirtbotNew bug: #251433 in postfix (main) "dpkg-reconfigure postfix partly broken" [Undecided,New] https://launchpad.net/bugs/25143310:31
uvirtbotNew bug: #251469 in samba (main) "samba nightmare" [Undecided,New] https://launchpad.net/bugs/25146913:10
sommermorning all13:14
=== jjesse_ is now known as jjesse
frippzis there anyone else who suddenly has gotten into permission problems with apache after the latest update?13:48
frippzall my websites that uses password protection suddenly spits out "Permission denied: Could not open password file"13:48
sommerfrippz: I haven't noticed any issues... are the permissions on the password files correct?13:51
frippzsommer: they haven't changed. everything worked just fine this morning. the after the latest Ubuntu Security Notice, I ran a safe-upgrade with aptitude13:52
sommerfrippz: have you restarted apache?  also is "Permission denied: Could not open password file" that from the apache log or a prompt?13:53
sommerfrippz: apache should be restarted with the update but...13:54
frippzsommer: yes, I have restarted apache and the error message is from one of the website logs13:54
frippzactually, any website that uses password protection would be spitting this out in the log13:54
frippzit would take a tremendous amount of time to track down what has changed, so I was hoping that someone here would be familiar with the situation13:55
sommerfrippz: someone else may know, but I haven't heard of a similar issue13:56
sommerfrippz: what are the permissions of the password files?13:56
frippzsommer: they are owned by a regular user and have permissions 64413:57
frippzthe folders containing them has permission 75513:57
sommerfrippz: I'd try changing the ownership to www-data user, at least for a test13:58
frippzsommer: wow, I really hope I don't have to move all those files to another place where www-data can access them. we're talking about over 50 websites :/13:59
frippzbut I will give this a try13:59
frippzoh, I see the problem now13:59
frippzfor some reason the regular users home folder has gotten a permission setting of 70014:00
sommerfrippz: heh, that'd probably cause an issue :)14:00
frippzyes, since both the password files and the document roots reside in there, that was the whole cause :D14:01
sommerparty!14:01
frippzI really need my vacation now...14:02
lukehasnonamesudo chmod -R 777 /14:03
frippzlukehasnoname: a windows user would solve the issue that way :P14:04
lukehasnonametrue.14:05
lukehasnonamehttp://www.iht.com/articles/ap/2008/07/24/america/Road-Rage-Killing.php14:12
lukehasnonameI know it's off topic, just think about it.14:12
=== piti_ is now known as piti
goukiDoes anyone know of a solution like MS Terminal Server, but for Ubuntu?16:02
lukehasnonameLTSP16:03
lukehasnoname?16:04
lukehasnonameLooks like Terminal server is MS's version of thin clients16:04
goukilukehasnoname, I have no idea. I never worked with Terminal Server. But a friend of mine just asked me if there is an alternative to MS TS for ~10 users (on a MS Windows) network.16:06
lukehasnonameI know nothing about MS TS either, I just googled it16:06
* gouki does the same16:07
sorenmdz: The bug from yesterday, by the way: https://bugs.edge.launchpad.net/ubuntu/+source/kvm/+bug/25148016:13
uvirtbotLaunchpad bug 251480 in kvm "X hangs in Intrepid in KVM" [High,Confirmed]16:13
sorenmathiaz: Hi!16:33
sorenmathiaz: I figured out why you couldn't use virtio in the installer. The virtio_pci and virtio_ring drivers have been moved to different udeb's and are not available by default in the installer. I'm trying to get it worked uot.16:34
mathiazsoren: great - I guess it won't be fixed for alpha3 then16:34
sorenUnlikely.16:35
leucosanyone has done tests with the bind9 update to verify that VU#800113 is fixed ? (https://www.kb.cert.org/CERT_WEB\services\vul-notes.nsf/id/800113)16:43
leucosI did, and it seems that port randomization is not working16:44
leucosif anyone can confirm this (I've found a workaroud with iptables though)16:44
sorenleucos: Tell me about this workaround. It sounds fascinating.16:44
leucossee http://cipherdyne.org/blog/2008/07/mitigating-dns-cache-poisoning-attacks-with-iptables.html16:45
sorenI'm not convinced that'll work.16:50
leucosit seems to work16:51
leucostcpdump output says so16:51
leucoswhile without it, the sourport for queries never changes16:51
leucossource port*16:51
sorenI don't see how iptables can know when it's ok to change it and when it's not.16:52
leucosit does it for all traffic16:52
sorenthese are UDP connetions. They have no state.16:52
sorenSo how does iptables know that a given packet is part of a new DNS request?16:52
leucosconntrack16:53
leucosbut as the guys says on his site16:53
sorenconntrack inspects dns requests?16:53
leucosmmmm, dunno, but I don't think so16:54
sorenThen it can't know.16:54
leucossrc ip/port/dst port/dst ip + timing16:54
soren..and then it can't randomize the source port without risking breaking connections.16:54
sorenSo what if the "timing" thing changes in between your sending your request and the server responding?16:55
leucosit times out conntrack entries16:55
ScottKDepending on timing in UDP replies seems pretty broken by design.16:55
ScottKParticularly in DNS where some legit servers can be REALLY slow.16:56
leucosyeah but timings are pretty long16:56
ScottKHow long?16:56
sorenleucos: I don't know how long UDP "connections" live in iptables' conntrack, but I doubt it's less than a few minutes.16:56
leucosthis is why for some entrys with the same key you'll get the same source port for 30 seconds16:56
leucosbut for the bind9 problem, anyone checked port randomization in the update ?16:57
sorenThis might be sufficient, though. I don't know the details of the vulnerability.16:57
leucossince the fix is released for the DNS flaw reported by Kaminsky, I'm surprised that PR doesn't work16:57
leucossoren: the timing things and mitigation solution requires some indepth analysis that I am not really able to produce as of now :p16:58
keessoren: the attack is generating queries that result in an NXDOMAIN reply, and then racing those replies with additional RRs for the same domain.  It only really takes a few thousand packets.16:59
keessince it's an NXDOMAIN, there's no upper limit to the attempts.  and as soon as one wins, the extra RRs are added to the local cache.16:59
kees(since the domain matches)17:00
sorenkees: How is the source port of any significance?17:00
keessoren: by randomizing src port, the race becomes several orders of magnitude more difficult to win.17:00
leucosit's harder to spoof replies17:00
sorenkees: Um... /me doesn't get it17:01
keeswithout src port randomization, you just send 1000 packets with guessed TXIDs for each request that you make.17:01
sorenkees: I send out a request to my ISP's nameserver..17:01
ScottKkees: Do you have a recommendation on a Python native source of randomization that would be sufficient for that?17:01
keesScottK: I don't -- I haven't looked closedly at how python handles it.17:02
sorenkees: Er.. No, I can't even finish my sentence. :)17:02
ScottKkees: OK.17:02
keessoren: here's the attack:17:02
keeswhile not winnar:17:02
leucosguys, ty for listening, gtg17:02
kees  send request for a12345.cnn.com to a recurssive name server17:02
kees  send 1000 forged replies that contain NXDOMAIN as the answer plus additional RR for www.cnn.com at 1.3.3.717:03
keesnext time through, request a123456, then 7, 8, 9, etc17:03
keeskeep cycling until you win the txid guessing game.17:03
keeswhen you win the race, the name server will also add your additional RR to it's cache, overwritting prior information.17:04
sorenSo even though the responses come from me, the recursive nameserver accepts them as coming from its "upstream"?17:04
* delcoyote hi17:04
keeswell, that's just a matter of sending the right UDP packets with a matching TXID.17:04
keesit has no idea where the packet actually came from.17:05
sorenHmm.. Right, I suppose it is.17:05
keesand the only thing (prior to srcport randomization) protecting the communication is the txid.17:05
sorenRight. This seems very simple. I'm surprised noone thought of it.17:06
keesif you wanted to be really slow, you just hold your txid at a single value and wait for the 16 bits to run out.  ;)17:06
soren..until now.17:06
* kees nods17:06
keesno one was thinking about the additional RR part, and no one was thinking about NXDOMAIN replies.17:06
sorenOk, so again... I don't think I get the significance of the source port.17:09
sorenAre we changing from a static to a random souce port, or from a predictabe to a random source port?17:10
sorenpredictable, even.17:10
sorenkees: ^ ?17:13
sorenTjah..17:13
sorenWhoops17:13
keessoren: changing from static to random.17:17
keeswithout the correct srcport, the UDP packet will just be ignored.17:17
sorenSure, sure.17:17
sorenI just thought the source port changed now, but according to what the kernel hands you (which is usually use previously_handed_out_portnr+1).17:18
sorenand you just kept firing until you were lucky enough to hit it.17:18
sorenIf that was the case, I just wanted to hit someone over the head with my "Statistics and probability theory" book :)17:19
keesthey were basically static in most implementations.17:21
sorenLovely.17:21
soren--17:21
keesas soon as it's random, we can hit them with your book.  :)17:22
* soren calls it a day17:22
sorenBye all.17:22
ScottKMy question still is how random is random enough?17:22
henosoren: could you look at bug 251473 ? It's making CD testing difficult17:33
uvirtbotLaunchpad bug 251473 in qemu "Mouse stuck in lower right corner in Intrepid installs in qemu on hardy" [Undecided,Confirmed] https://launchpad.net/bugs/25147317:33
=== chuck_ is now known as zul
=== kirkland` is now known as kirkland
ScottKlamont: Do you have an opinion on "How random is random enough" for the DNS cache poisoning attack?20:16
lamontScottK: I know what the patch did for bind920:19
lamontin terms of what algo they switched to20:19
fujincripes it's hard to get an answer in #ubuntu. I've got an Edgy server which I need to upgrade, preferably to LTS. do-release-upgrade won't take me to feisty20:19
lamontrather, that's clear from the source - dunno off the top of my head20:19
fujinas the feisty source appears dead, too20:19
lamontfujin: sure it will.20:19
lamontyou just have to beat it hard20:19
fujinoh?20:20
ScottKfujin: With the exception of when software RAID was involved, I've never had manually changing sources.list to the next release and then apt-get update && apt-get dist-upgrade cause any problems.20:21
ScottKIt's totally unsupported however.20:21
fujinmm, was hoping to avoid that20:21
fujinScottK: it's also worth nothign that the Edgy /and/ Feisty apt sources are dead now20:21
ScottKFeisty should still be fine.20:21
lamont1) with old-releases.ubuntu.com in sources.list, wait until it asks you the question about "couldn't find any mirrors, do you want me to pretend yours are real?", then switch to another window and point sources.list at archive.u.c20:22
fujingetting a 40420:22
fujinbecause do-release-upgrade wants to munge my sources.list and puts in the default feisty ones, instead of old-releases feisty ones20:22
* lamont sees feisty on archive.u.c20:23
lamontand I expect to keep seeing them until october20:23
fujinlamont: http://pastie.org/24053720:23
lamontright.  that's the point where you go change old-releases.u.c -> archive.u.c in sources.list in another window20:24
fujinah.20:24
kirklandmathiaz: looks like we got an init script volunteer :-)  RoAkSoAx patched gdm20:24
lamontand before you run do-r-u, you make it be old-releases.u.c edgy20:24
fujinsorry, missed the "do that manually" step20:25
fujinthanks20:25
fujinthat's pretty magical20:27
fujingod damn the previous sysadmin20:27
fujininstalling point releases on boxes that should have lts20:27
RoAkSoAxkirkland, yes indeed!! my first contribution for the Server Team :)20:28
RoAkSoAxs/for/to20:29
fujinlamont: thanks a bunch dude, got it upgradin'20:29
mathiazwell - gdm is not really used on server....20:30
* mathiaz is picky20:30
mathiazRoAkSoAx: thanks for the help ! :)20:30
kirklandmathiaz: true, but the patch looks good, and is useful, though not a server package20:31
RoAkSoAxmathiaz, yeah i know is not used in server... but at least i've found something where i can contribute with th server team20:32
kirklandRoAkSoAx: right, fixing these init scripts is a Server Team initiative20:32
kirklandRoAkSoAx: perhaps you can ask mathiaz to choose his favorite server init script from the wiki page, and you can work on that one next?20:33
RoAkSoAxsure20:33
RoAkSoAxsince i just started my MOTU Mentoring process is good to have easy things to do :)20:34
mathiazRoAkSoAx: any init script will do - server or not ;)20:36
RoAkSoAxmathiaz, i'm already working on openvpn :)20:45
RoAkSoAxkirkland, got one question, openvpn seems to create multiple pid files for each VPN. Should the status action be added for each VPN or just to know if the service is running?20:47
kirklandRoAkSoAx: good question20:48
kirklandi wonder if anyone here is an openvpn expert....20:48
* kirkland pulls the source20:48
mathiazIIRC there will be multiple openvpn daemons for each config20:48
mathiazbut the init script supports starting multiple daemons20:49
mathiazsince the init script is supposed to start multiple services, using status should report if all of the daemons are running20:49
kirklandRoAkSoAx: right, i suggest looping over the set of pid's20:49
RoAkSoAxok cool, will do :)20:50
kirklandRoAkSoAx: elsewhere in that init script, there's a loop over all pids20:50
RoAkSoAxkirkland, yeah, i was thinking to do something similar to this: http://pastebin.ubuntu.com/30066/ but i'll have to set a couple of configs and try it out20:54
kirklandRoAkSoAx: consider something more like http://pastebin.ubuntu.com/30067/20:56
kirklandRoAkSoAx: 2 changes....20:56
kirklandRoAkSoAx: awk instead of cut20:57
kirklandRoAkSoAx: and, more importantly, set status=$? if the return is not 020:57
kirklandsuch that you continue over all pids20:57
kirklandand not exit immediately20:57
nhandlerI am interested in helping to add a status functino to init scripts. Is there an updated list that shows what packages still need this function added? I know there is a wiki page as well as a LP bug. But I don't know which of these I should be looking at20:57
kirklandnhandler: the wiki page20:58
kirklandhttps://wiki.ubuntu.com/InitScriptStatusActions20:58
RoAkSoAxnhandler, https://wiki.ubuntu.com/InitScriptStatusActions20:58
RoAkSoAxkirkland, ok will do thanks :)20:58
RoAkSoAxkirkland, one more question (i'm also working on dhcdbd) and i was wondering why it shows the open: Permission denied: http://pastebin.ubuntu.com/30071/ (of course it doesn't when using sudo)21:11
kirklandRoAkSoAx: I've seen this in several places21:12
nhandlerWhen running the tests on the wiki page, after we run the 'sudo sh debian/FOO.init start' (replacing FOO.init with the actual file) script, shouldn't the status action return 1?21:12
kirklandRoAkSoAx: elsewhere in the init script a file is being read that the current user doesn't have permission to read21:12
kirklandlet me grab the source...21:12
RoAkSoAxkirkland, becuase, i believe this also happens with openssh-server (im doing it on intrepid alpha2) downloaded openssh-server source and tried it.. and it shows that aswell21:14
kirklandyes21:14
kirklandRoAkSoAx: ah, it has to do with permissions on the pidfile21:15
RoAkSoAxkirkland, so i just don't pay attention to it21:16
RoAkSoAx?21:16
kirklandRoAkSoAx: you can use "sh -x" when testing21:16
kirklandRoAkSoAx: that'll print every line to the screen as it executes, in a debug mode21:16
kirklandRoAkSoAx: yes, non-root users will just have to cope with the error message21:17
RoAkSoAxkirkland, ok cool, I was just intrigued by that :)21:17
kirklandRoAkSoAx: it's a good question21:18
kirklandRoAkSoAx: and it would be nice if we could silence it21:18
RoAkSoAxkirkland, yeah, but we will limit the status action only for root users... right?21:19
kirklandi disagree.... i think anyone should be able to check the status of a service21:19
kirklandthey just might have to endure other messages related to their not being root :-)21:19
kirklandRoAkSoAx: ultimately, status is just a really clean way of ps -ef | grep FOO21:20
RoAkSoAxkirkland, yes indeed, but may be kinda annoying having that message all the time... I wouldn't be surprised if someone files a bug related to that21:22
RoAkSoAx:)21:22
kirklandRoAkSoAx: actually, i'm seeing the bug right now....21:22
kirklandit's in /etc/lsb-base-logging.sh21:22
uvirtbotNew bug: #251620 in openssh (main) "openssh-server is unable to receive connections on some ports" [Undecided,New] https://launchpad.net/bugs/25162021:22
nhandlerCould someone review this patch for brltty? I want to make sure I am actually patching this before I upload it to LP. Here is my debdiff: http://paste.ubuntu.com/30075/21:23
kirklandnhandler: why the Standards-Version: 3.8.0 bump?21:23
nhandlerkirkland, Because 3.7.3 is outdated. Since we are already making a change to the package, I've been told we should bump the standards-version21:25
kirklandnhandler: interesting, okay, that's news to me21:25
mathiaznhandler: did you check that the package complies to the 3.8.0 policy ?21:25
ScottKnhandler and kirkland: Only bump the standards version if you comply with the newer version of the policy.21:26
nhandlerScottK: By any chance do you have a list of changes between 3.7.3 and 3.8.0?21:26
mathiaznhandler: ie that all changes that have been added in 3.8.0 version of the policy have been implemented in the package ?21:26
mathiaznhandler: it's in the changelog usually21:26
ScottKThe biggest one is the requirement for README.source in most cases if you've patched the upstream code.21:27
kirklandnhandler: fwiw, your patch looks good, minus the standards version bit.  i'll let ScottK and mathiaz advise you on that one...21:27
nhandlerkirkland: Could you maybe explain what the tests on the wiki page are meant to output?21:27
nhandlerScottK: By that, do you mean that the source package must provide a readme?21:28
kirklandnhandler: one sec, i'll add them to the wiki page21:28
nhandlerThanks kirkland21:28
ScottKIn most cases if there's a patch system in use, but read Debian Policy for details.21:29
RoAkSoAxkirkland, could you please take a look at: https://bugs.launchpad.net/ubuntu/+source/dhcdbd/+bug/251624 ? thanks! :)21:29
uvirtbotLaunchpad bug 251624 in dhcdbd "dhcdbd init script should support the 'status' action" [Undecided,Confirmed]21:29
mathiaznhandler: http://lists.debian.org/debian-devel-announce/2008/06/msg00001.html - for an overview of the changes in 3.8.021:30
mathiaznhandler: there is also a upgrading-checklist.txt.gz file in the debian-policy package21:32
nhandlerThanks a lot mathiaz. After reading through the changes, it looks to me like this package complies with the 3.8.0 policy.21:36
kirklandnhandler: done.  refresh that wiki page21:37
nhandlerWell, I guess I did something wrong. I get no output when I run the start/stop commands. When I run 'sh debian/FOO.init status; echo $?', I get '0' as output21:39
RoAkSoAxnhandler, change FOO.init with the app init script name21:40
nhandlerI did RoAkSoAx21:40
kirklandRoAkSoAx: btw, I have a fix for the open: error21:46
kirklandRoAkSoAx: it's in lsb21:46
kirklandRoAkSoAx: I'll file a bug and try to get it accepted21:46
RoAkSoAxkirkland, ok cool :) so no more annoying open: error :D21:47
kirklandnah, we'll get it fixed ;-)21:47
RoAkSoAxkirkland, i just suscribed dhcdbd to you and ubuntu-main-sponsors and updated the wikipage aswell. I'll work on openvpn later on.. now i gtg.. Thanks for your help :)21:51
kirklandRoAkSoAx: cool, thanks!21:51
uvirtbotNew bug: #251625 in php5 (main) "PHP5-CLI doesn't print floats properly" [Undecided,New] https://launchpad.net/bugs/25162521:51
RoAkSoAxnp, I'm glad i finally had the change to contribute with the Server Team :)21:52
RoAkSoAxlater21:52
nhandlerSo, any ideas why the tests are failing for me?21:52
n-iCehello, I am installing ubuntu server, is there anyway to protect a ssh login? I mean to add the userlogin in a group and give him just access in one directory?22:01
n-iCeI don't want them to surf in the whole system22:01
n-iCenobody?22:08
ScottKn-iCe: The short anwser to your question is yes.  The long answer of how, I don't have time to answer (and I'd have to research it in any case).22:11
KirillI need to connect two locked down offices with Ubuntu servers through a Wide Area Network and allow file sharing -> Any ideas?22:11
goukiKirill, VPN22:12
Kirillgouki -> Can you be on multiple VPNs at once?22:12
goukiKirill, yes22:13
n-iCeScottK: or any tutorial, or name, something? :D22:13
Kirillgouki -> Thank you, I'll go read up on that :)22:14
ScottKn-iCe: No.  Sorry.  I just know something like that can be done.22:14
n-iCeScottK:  ok22:14
n-iCethanks22:14
goukiKirill, check openvpn22:15
nhandlerShould I just upload the debdiff (http://paste.ubuntu.com/30075/) even if I can't get the tests to produce output?22:15
Kirillgouki -> Hmm, Vista support included with that one. That's +1 to Ubuntu vs. Windows SBS in the proposal22:16
goukiKirill, that's good. Never worked with SBS though, even though I heard good things about it.22:17
Kirillgouki -> Can't live without Exchange and I can't get a good argument to try and use Linux alternatives for clients22:17
goukiKirill, haven't used Exchange in 3 or 4 years. As for the clients, try 'money'. Licenses + DRM seems like a good argument.22:19
Kirillgouki -> That's always part of it but most Exchange alternatives aren't free and fall short in terms of functionality. Things like BlackBerry support for Linux (lack thereof) is also a deciding factor.22:20
KirillBlackBerry Server*22:20
goukiKirill, I understand22:21
goukiI never had specific needs that free software or open source couldn't fix.22:22
Kirillgouki -> I hope to be at that point one day (where I have a good list of polished open-source alternatives)22:25
uvirtbotNew bug: #251632 in dhcp3 (main) "DHCP client should not create temporary files in /etc" [Undecided,New] https://launchpad.net/bugs/25163222:31
taconehello, I have some question about best practices in ssh automating.23:09
taconeI am writing a program to automatically connect to an ssh server. would be acceptable, under the security profile, to generate a certificate to avoid password request when making the ssh connection ?23:11
sorenScottK: From what I understand about the vulnerability, almost *any* amount of randomness is fine. As long as it's not static, I think you'll be fine.23:12
uvirtbotNew bug: #251641 in openvpn (universe) "openvpn init script lacks the 'status' action  [edit]   " [Undecided,In progress] https://launchpad.net/bugs/25164123:15
ScottKsoren: Thanks.23:16
Kirillis it a good idea to have a firewall between a Ubuntu server and the open Internet?23:26
Kirillor can I just use the firewall in Ubuntu?23:26
hadsKirill: Yes it's a good idea to have a firewall but what's built in (IPTables) will do fine.23:29
n-iCecan anyone help me wih chroot?23:29

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!