uvirtbot | New bug: #303835 in openssh (main) "Typo in ssh_config man page" [Undecided,New] https://launchpad.net/bugs/303835 | 01:56 |
---|---|---|
vertx | Hi, I have this ubuntu server which still does not route packets across its 2 NICs, eventhough I have enabled net.ipv4.ip_forward=1 in /etc/sysctl.conf. Routing on both gateway and clients are as shown at http://paste.ubuntu.com/78524/ . Can anyone help? Thanks. | 01:59 |
jmarsden | vertx: Did you sudo sysctl -p after editing sysctl.conf? | 02:02 |
vertx | Hi, I have this ubuntu server which still does not route packets across its 2 NICs, eventhough I have enabled net.ipv4.ip_forward=1 in /etc/sysctl.conf. Routing on both gateway and clients are as shown at http://paste.ubuntu.com/78524/ . Can anyone help? Thanks. | 02:08 |
hads | 15:02:36 < jmarsden> vertx: Did you sudo sysctl -p after editing sysctl.conf? | 02:10 |
jmarsden | vertx: If you ask questions, it is recommended practice to then listen for answers :) | 02:13 |
vertx | jmarsden: Sorry for the late reply. I had left my computer for a moment, then the network just went bust on me :( | 02:28 |
vertx | hads: I had restarted the server and done what you recommended beforehand. This is the output http://paste.ubuntu.com/78535/ | 02:28 |
vertx | hads: As you can see, both subnets are private. Should I do a masquerade through iptables? | 02:29 |
jmarsden | vertx: Routing doesn't care about private or not IPs, it routes the way you tell it to... | 02:31 |
vertx | So, did I do anything wrong with the routing? the subnets are 192.168.0.0/24 and 192.168.1.0/24. What do you suggest I do, for client and server? | 02:33 |
jmarsden | The server has eth0 as 192.168.0.1 and eth1 as 192.168.1.1, right? | 02:36 |
ball | on two separate ethernets? | 02:37 |
jmarsden | vertx: No firewalls of any kind active? ufw disabled? No rules visible in sudo /sbin/iptables -L output? | 02:40 |
vertx | jmarsden: The server has 192.168.0.2 on eth0 and 192.168.1.1 on eth1. They are physically separate NICs. No iptables rules currently applied | 02:40 |
jmarsden | Sure looks like it should be routing packets between those NICs to me. So at present a client on the 192.168.0.0/24 can ping 182.168.0.2 but not 192.168.1.1 or anything else on that 192.168.1.0/24 subnet? | 02:42 |
ball | Do you want it be routing frames between the networks? | 02:43 |
ball | (or datagrams?) | 02:44 |
jmarsden | ball: I'd say yes... the original q was: "I have this ubuntu server which still does not route packets across its 2 NICs, eventhough I have enabled net.ipv4.ip_forward=1 ..." | 02:44 |
vertx | jmarsden: at the moment the client (192.168.1.243) can ping 192.168.1.1 and 192.168.0.2, but cannot ping 192.168.0.3 and others :( | 02:45 |
ball | Ah okay. I missed that. | 02:45 |
ball | I need to add a NIC or two to this server, but I don't want routing or bridging. | 02:45 |
jmarsden | vertx: This is odd. Anything being logged in /var/log/messages that could be relevant? | 02:46 |
L1NUX_1NS1DE | hello | 02:46 |
vertx | jmarsden: let me check ... | 02:46 |
L1NUX_1NS1DE | does anyone know how to access a hostname that is on a dhcp network | 02:47 |
ball | yes | 02:48 |
ball | sort of. | 02:48 |
ball | L1NUX_1NS1DE: from outside, or from the LAN? | 02:48 |
L1NUX_1NS1DE | from a lan | 02:48 |
L1NUX_1NS1DE | I setup a computer that I want to access | 02:48 |
L1NUX_1NS1DE | I setup eth0 connection to get a dhcp address | 02:49 |
ball | L1NUX_1NS1DE: Easiest way may be to tell your DHCP server to give that machine the same IP address every time. That's what I do. | 02:49 |
L1NUX_1NS1DE | hmm. | 02:49 |
L1NUX_1NS1DE | oko | 02:49 |
L1NUX_1NS1DE | cul | 02:49 |
L1NUX_1NS1DE | I'll try it | 02:49 |
ball | good luck | 02:50 |
L1NUX_1NS1DE | danke | 02:50 |
L1NUX_1NS1DE | thanks for the the help | 02:50 |
L1NUX_1NS1DE | ;) | 02:50 |
ball | bitte. | 02:50 |
vertx | jmarsden: there is only some dhcp related messages that i can see :( | 02:50 |
jmarsden | It sounds like the kernel really is not forwarding your packets. | 02:51 |
ball | I think you should hit it with a hammer | 02:51 |
vertx | jmarsden: yes that seems to be the problem. weird huh? | 02:52 |
ball | Does Ubuntu Server come with any power management functionality? | 02:53 |
vertx | ball: that would be a great idea :) | 02:53 |
vertx | Sorry, got to go for a moment. BRB | 02:53 |
jmarsden | OK... when you get back try cat /proc/sys/net/ipv4/ip_forward and tell us what it says | 02:54 |
jmarsden | ball: I'm sure it does... sudo apt-get install powertop is one way to find out how your system is doing in that regard | 02:58 |
ball | Thanks | 02:58 |
jmarsden | I've not tried that on a Ubuntu Server, only desktop -- but I can't imagine they would have removed all the power mgmt from server kernels... | 02:58 |
ball | I'm tinkering and I wanted to take measurements with a Wattmeter in "suspend" and "hibernate" | 02:58 |
ball | jmarsden: I can see why they might, but if it's there I don't know how to access it. | 02:59 |
nemoego | I'm not sure if this is a client or server problem, but I am trying to run a PXE client with an NFS root and I can get to a login prompt but when I try to login i get the error "nfs: server [ip] not responding, still trying" | 03:00 |
jmarsden | nemoego: Can you mount that NFS share from another (non PXE) client machine OK? | 03:00 |
nemoego | jmarsden: yeah, and watching syslog, i can see the client mount the share during the init process, but I'm not sure that it's getting mounted properly as / later.. | 03:02 |
ball | Is there a command-line way to invoke suspend or hibernate? | 03:02 |
jmarsden | http://ubuntuforums.org/showthread.php?t=329902 | 03:02 |
jmarsden | nemoego: Hmm. I'm not a PXE/thin client kind of person... sounds like you need one... | 03:04 |
nemoego | jmarsden: lol, yeah been working on this all day, suprised my FF hasn't crashed with the number of tabs i have open.. | 03:05 |
jmarsden | nemoego: OK... NFS I'm fairly comfortable with, but not the whole thin client thing. Not needed it (yet)... | 03:06 |
ball | I seem to lack /etc/acpi | 03:07 |
jmarsden | ball: Maybe the machine concerned doesn't support ACPI? | 03:08 |
ball | jmarsden: that's possible | 03:08 |
jmarsden | CAn you play with apmd and maybe find out?? APM is older, ACPI is newer, I think... | 03:09 |
hads | sudo aptitude install acpid | 03:09 |
ball | Ah, dmesg tells me that ACPI interpreter was disabled due to an error of some sort. | 03:10 |
jmarsden | vertx: Are you back here yet? | 03:13 |
nomingzi | how can I download all the Ubuntu Server Guide files from (https://help.ubuntu.com/8.10/serverguide/C/index.html) for OFFLINE Viewing ? | 03:14 |
ball | Bah, can't ACPI and can't apm. | 03:14 |
ball | I'll have to go back to this project on a desktop machine | 03:14 |
jmarsden | nomingzi: I think there is a package ubuntu-serverguide ? | 03:17 |
nemoego | nomingzi: failing that, you can always use wget | 03:17 |
jmarsden | So you can install that: sudo apt-get install ubuntu-serverguide | 03:17 |
nomingzi | jmarsden: many thanks, I am newbie | 03:21 |
jmarsden | nomingzi: No problem. After installing that package the files are all under /usr/share/ubuntu-serverguide/ | 03:21 |
nomingzi | jmarsden: can u assist me how do I share this folder so that I can view it from other Ubuntu-Desktop ? | 03:23 |
jmarsden | nomingzi: That's more work... easy way is to just install it on each desktop machine? Is that workable for you, or are we talking abut hundreds of desktops? | 03:24 |
ScottK | If you have openssh-server set up on the machine already and you are accessing it from a user that has shell access to the server, just use sftp. No more setup needed. | 03:27 |
ScottK | At least in Dolphin (the KDE file manager) you can make a persistent link to it so you don't have to remember it. | 03:27 |
nomingzi | jmarsden: I m just trying to learn Ubuntu-Server | 03:27 |
ScottK | Dunno about Gnome, but I assume you can do something similar. | 03:27 |
jmarsden | nomingzi: OK, then go through the guide about networking, and then learn about Samba or NFS for file sharing. | 03:28 |
ball | I have to go anyway. | 03:29 |
nomingzi | I am newbie, and expecting more CLI (after I switch from Ubuntu-Desktop), may b you can provide me a better start/guide to learn Ubuntu-Server :P thanks | 03:30 |
nemoego | jmarsden: do you know the proper fstab entry for a NFS root? I have "/dev/nfs / nfs 1 1 " per https://help.ubuntu.com/community/DisklessUbuntuHowto#Creating%20your%20NFS%20installation | 03:34 |
jmarsden | nemoego: Looks reasonably sane to me. But I'm more commonly using NFS for /home or other (non-root) partitions. | 03:36 |
jmarsden | nemoego: You left out a column? /dev/nfs / nfs defaults 1 1 | 03:39 |
nemoego | ah, forgot to type, it's there | 03:40 |
jmarsden | OK. | 03:40 |
nemoego | jmarsden: is there a way i can get more verbose log output from nfs-kernel-server ? maybe filenames as they are accessed? | 03:40 |
jmarsden | Yow! Probably... might be as easy to run wireshark and look at the network traffic though? | 03:41 |
nemoego | jmarsden: good point. Just commented out NFS root fstab line, no change. Either it never mounted or fstab has nothing to do with it... | 03:43 |
jmarsden | If you want to try it your way, I think rpcdebug may turn on some extra debugging output from the kernel for you. But... I've never used it. | 03:44 |
jmarsden | nomingzi: For basic command line stuff, try http://tldp.org/LDP/intro-linux/html/intro-linux.html | 03:45 |
nemoego | jmarsden: that helped a lot "sudo rpcdebug -m nfsd -s fileop" logs all acessed files to syslog, client seems to have nfs access when i try to log in (access to shadow) but after i type the password there is access to faillog and then nothing. I checked faillog but it is empty. any ideas? | 03:56 |
jmarsden | Sounds like an authentication issue... the login is failing? | 03:57 |
nemoego | in that case I should get kicked back to a login prompt, yes? | 03:58 |
nemoego | i mean, would a bad login attempt break the connection to the NFS server? | 03:59 |
jmarsden | Not sure... as root, if there are existing NFS shares mounted as root? Maybe. man 5 faillog and mail 8 faillog really suggest the login is failing to me. | 04:00 |
nemoego | created new user, same error. I think I'll try again later using a full install as a base for my nfs root instead of using debootstrap... | 04:09 |
nemoego | thanks for the help tho | 04:09 |
jmarsden | OK... at least you made some progress... | 04:09 |
nemoego | yeah, gotta appriciate what you got | 04:10 |
ball | aside from dmesg, is there an easy way to tell whether an Ubuntu server has sound hardware? | 05:51 |
jmarsden | ball: Try aplay -l ? | 06:05 |
hads | lspci | 06:05 |
=== jussio1 is now known as jussi01 | ||
nomingzi | I am newbie, I use OpenSSH & remote logon to ubuntu-server. HOW DO i use wget to download a folder into my PC ? | 08:12 |
Jeeves_ | You would need a web/ftp-server to do so | 08:13 |
Jeeves_ | Then: wget (http|ftp)://URL/FOLDER | 08:13 |
nomingzi | Jeeves_: should i install web/ftp service into my remote ubuntu-server ? | 08:21 |
hads | Or just use scp | 08:22 |
philsf | better to use rsync | 08:24 |
hads | Or scp | 08:25 |
Jeeves_ | nomingzi: scp or rsync will work as well | 08:25 |
nomingzi | many thanks Jeeves_ philsf hads | 08:26 |
kraut | moin | 08:30 |
vertx | jmarsden: Whew, didn't realize that the meeting took hours. Sorry. FYI, cat /proc/sys/net/ipv4/ip_forward yields a 1. | 08:35 |
_ruben | hmm .. apt-listchanges can hook into apt at install time, tho i'd rather generate a changelog-overview for packages that would be install by apt-get (dist-)upgrade, any hints on performing such a task? | 09:40 |
_ruben | using the --download-only option to apt-get might do the trick | 09:41 |
_ruben | shame, it doenst | 10:01 |
ivoks | zul: ping | 11:54 |
=== lamont` is now known as lamont | ||
* \sh needs some advise...php + upload file size + post_max_size == works with sizes <= 2G...everything above the magic 2GB frontier doesn't work (hardy/intrepid + amd64 server) | 12:24 | |
ivoks | what client are you using? | 12:25 |
ivoks | for example, at some point in history, wget couldn't download files bigger than 2GB | 12:25 |
\sh | ivoks: it's not a download thing...it's that firefox, ie, safari and opera are uploading the whole 3.5GB file without any problems...but php dies :) | 12:26 |
\sh | ivoks: well, not exactly dieing...it just throws the upload away | 12:26 |
\sh | ivoks: simple <input type="file"...> form in a html gives you that :) | 12:27 |
ivoks | on which filesystem? | 12:27 |
\sh | ivoks: choose one...I use ext3 and xfs here :) | 12:28 |
\sh | ivoks: and tmp location for tmp upload crap..is big enough...I think 1TB is enough :) | 12:28 |
maswan | filesystems on linux haven't been an issue for quite some time. is it apache 2.2? | 12:28 |
\sh | maswan: more php itself...really... | 12:29 |
\sh | maswan: and yes..apache2.2 + php5 | 12:29 |
maswan | \sh: Ok. Well, php is crap, don't use it? ;) | 12:29 |
\sh | maswan: grmpf..can't development needs it :) | 12:29 |
maswan | \sh: Well, you better get started at fixing php then. :) | 12:31 |
\sh | maswan: looks like :) | 12:33 |
\sh | maswan: btw..what about your visit to Karlsruhe? any news? :) | 12:33 |
* \sh needs to plan his birthday party ,) | 12:34 | |
maswan | Oh, right. Let me see when that ended up. | 12:37 |
maswan | January 14/15 2009 | 12:40 |
\sh | maswan: that's wed + thu after the 11th ... are you in .de before that? :) well, actually those days are also quite ok...for having a beer or two in the evening :) | 12:40 |
lukehasnoname | PHP isn't THAT bad, is it? I have some qualms with it, but meh... I guess Python is the hot new web scripting platform | 12:44 |
zul | yarp yarp | 13:03 |
\sh | maswan / ivoks: http://bugs.php.net/bug.php?id=44522 <- there it is :) yay | 13:05 |
\sh | and reading the php source, both variables who could be the cause are already "long" ... which means the bug is somewhere else | 13:10 |
stefg | Hi, i'm trying to get the ebox platform running on top of a Jeos 8.04.1 install in virtualbox in oder to set up a virtual fileserver. Unfortunately the ebox network module doesn't seem to like jeos , the network module won't run. google doesn't turn up anything useful, can anyone point me to some specialized support forum or irc channel? | 13:11 |
ivoks | \sh: oh, nice :D | 13:14 |
\sh | ivoks: looks like I found the real bugger in rfc1867.c | 13:14 |
\sh | I'll try to proof my guess and rebuild with a patch which should fix it...and then...let's see :) | 13:15 |
zul | \sh: er...what? | 13:27 |
\sh | zul: http://bugs.php.net/bug.php?id=44522 | 13:27 |
zul | ah ok | 13:27 |
\sh | zul: if you set post_max_size and max_upload_filesize to >2GB it doesn't work in php5 ... but sourcewise: post_max_size and max_upload_filesize are already defined as long...but not max_file_size in rfc1867.c which helds later on the max_upload_filesize ;-) | 13:28 |
zul | sounds like fun | 13:29 |
\sh | zul: but to be sure, I'm rebuilding hardy php5 with a "guessed" fix and test it if I'm right | 13:29 |
zul | k | 13:29 |
\sh | zul: if I'm right, I'll file a bug on LP...with debdiffs and fixes...for hardy, intrepid and jaunty...hopefully someone can sponsor at least for jaunty...and for {hardy,intrepid}-proposed | 13:30 |
zul | \sh: yep no problem just remember to add the test case for the SRU | 13:34 |
\sh | zul: hmm...can I upload >2GB files to LP? ,-) | 13:34 |
zul | well no just how to reproduce it :) | 13:35 |
ivoks | \sh: so, find a big p0rn movie for test case :) | 13:38 |
jevangelo | hi, how would i be able to get a date that is exactly 6 weeks in the past, using the date command | 13:48 |
zul | check google | 13:49 |
jevangelo | oh, i just got it | 13:50 |
jevangelo | date -d "6 weeks ago" | 13:50 |
Koon | zul: the fix for bug 286828 is marked "Fix committed", but i couldn't find it in the Changelog... do you know in which update we can expect to find it ? | 13:56 |
uvirtbot | Launchpad bug 286828 in linux "Access to samba 3.0.24-3.0.25 shares using CIFS is broken on 8.10" [High,Fix committed] https://launchpad.net/bugs/286828 | 13:56 |
zul | Koon: thats the kernel bug isnt it? | 13:57 |
zul | the nodfs one | 13:57 |
Koon | zul: yes, should i ping rtg about it ? | 13:57 |
zul | gimme a sec.. | 13:57 |
zul | yeah | 13:58 |
zul | bug him | 13:58 |
nijaba | bug who? | 14:01 |
nijaba | poor rtg, he's too nice | 14:01 |
zul | Koon: its sitting in the git tree though maybe there is an update coming soonish | 14:02 |
Koon | zul: yeah, I'm just trying to calm down the "where is the fix that is due to us" lousy MAS owners. | 14:02 |
Koon | NAS | 14:03 |
ivoks | take care guys | 14:03 |
zul | yeah I saw | 14:03 |
Koon | Steve's reposnse was obviously a little too complicated for them. | 14:03 |
zul | meh.. | 14:04 |
Koon | I simplified it: "your stuff is broken, but since we are extremely nice, we'll help you" | 14:04 |
Koon | now I'm trying to counter the "when?" answer | 14:05 |
ivoks | what's the problem? | 14:06 |
Koon | ivoks: the fix is marked 'Fix committed' and a few impatient guys are apt-get-updating every minute to see if there is a new kernel coming up with the fix. | 14:08 |
ivoks | :) | 14:09 |
ivoks | someone should tell then that it's easy to git clone kernel tree and build kernel | 14:10 |
zul | Koon: ping where you doing any merges today so we dont duplicate the work? | 14:44 |
Koon | zul: nope | 14:45 |
Koon | I just pushed a sync this morning (syslog-ng) | 14:45 |
zul | Koon: cool beans Im just doing the samba merge now | 14:46 |
mathiaz | soren: did you get a chance to review the open-iscsi package? | 15:25 |
L1NUX_1NS1DE | hello | 15:41 |
L1NUX_1NS1DE | Does anyone know how to setup ssh between a server and client computer | 15:42 |
ScottK | L1NUX_1NS1DE: Lots of us do. Please ask your specific question. | 15:42 |
ScottK | L1NUX_1NS1DE: It'd also be nice if you could manage a nick that wasn't all caps. | 15:43 |
jmedina | and less l33t :D | 15:45 |
Ahmuck | *shurgs* ... i always see nicks as personal names. do you really want to change your personal name for someone else's perference? | 15:45 |
jmedina | L1NUX_1NS1DE: install and run openssh | 15:46 |
L1NUX_1NS1DE | I'll do some googling on the matter | 15:48 |
L1NUX_1NS1DE | if I run into some trouble I'll know who to ask | 15:48 |
L1NUX_1NS1DE | I'l just idle | 15:48 |
jmedina | L1NUX_1NS1DE: why not read the officlal ubuntu documentation about the topic? | 15:48 |
L1NUX_1NS1DE | I'm reading a tutorial on setting up shared keys | 15:49 |
L1NUX_1NS1DE | but I'll try that to | 15:49 |
L1NUX_1NS1DE | thanks | 15:49 |
jmedina | L1NUX_1NS1DE: that is another topic than your first question | 15:49 |
L1NUX_1NS1DE | hmmm.... | 15:50 |
jmedina | you never ask about setting up key autentication beween client and server | 15:50 |
jmedina | by default you atenticate againts the ssh server using a user and password | 15:50 |
L1NUX_1NS1DE | yes | 15:51 |
L1NUX_1NS1DE | well I was able to ssh to the server | 15:51 |
L1NUX_1NS1DE | but I did not have the correct password | 15:51 |
L1NUX_1NS1DE | I'm reading this: | 15:52 |
L1NUX_1NS1DE | http://inside.mines.edu/~gmurray/HowTo/sshNotes.html | 15:52 |
jmedina | https://help.ubuntu.com/community/SSHHowto | 15:53 |
L1NUX_1NS1DE | haha! | 16:14 |
L1NUX_1NS1DE | it works! | 16:14 |
L1NUX_1NS1DE | I setup a paired key ssh login | 16:14 |
cumulus007 | does te host file support ports? | 16:16 |
cumulus007 | like localhost:1234 | 16:16 |
L1NUX_1NS1DE | ports | 16:16 |
L1NUX_1NS1DE | I'm not sure | 16:16 |
L1NUX_1NS1DE | I just used the default user@servername.org | 16:17 |
cumulus007 | that's a very useful answer | 16:17 |
L1NUX_1NS1DE | well I'm sort of a noob with servers | 16:17 |
jmedina | cumulus007: which host file? | 16:18 |
cumulus007 | jmedina: /etc/hosts | 16:18 |
L1NUX_1NS1DE | I don't know... | 16:19 |
jmedina | cumulus007: that is, that file it is useful to resolve host names not ports | 16:20 |
jmedina | cumulus007: why you want to do that? | 16:20 |
L1NUX_1NS1DE | thanks jmedina | 16:20 |
cumulus007 | jmedina: I want to configure my PC so: when I go to localhost:portnumber, a web page on a server opens | 16:20 |
L1NUX_1NS1DE | oh | 16:20 |
L1NUX_1NS1DE | I think you'll have to configure the web server | 16:21 |
jmedina | you mean with a browser? | 16:21 |
L1NUX_1NS1DE | no the webserver | 16:21 |
L1NUX_1NS1DE | you'll have to configure the port that apache listens to | 16:21 |
L1NUX_1NS1DE | I think the default is 8080 | 16:21 |
cumulus007 | jmedina: yes | 16:21 |
cumulus007 | never mind, I have already ficed it. | 16:23 |
L1NUX_1NS1DE | what is a good ftp server to use | 16:27 |
L1NUX_1NS1DE | ? | 16:27 |
jmedina | I like pure-ftpd | 16:31 |
L1NUX_1NS1DE | pure-ftpd | 16:32 |
L1NUX_1NS1DE | hmm.. | 16:32 |
L1NUX_1NS1DE | right now I'm using vsftd | 16:33 |
ScottK | mathiaz: Are we having a server team meeting tomorrow? | 16:41 |
mathiaz | ScottK: AFICT yes | 16:41 |
ScottK | mathiaz: OK. I'll upate the agenda then (just added an item). | 16:41 |
katakaio | Hey everyone, I just joined the team and I'm still finding my way around | 16:55 |
katakaio | Could you tell me where the agenda is located? Is it on the team wiki? | 16:56 |
katakaio | Nevermind - I got it on a lucky guess | 16:58 |
uvirtbot | New bug: #304047 in samba (main) "package samba 2:3.2.3-1ubuntu3.3 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/304047 | 17:22 |
=== L1NUX_1NS1DE is now known as cathode | ||
=== cathode is now known as kizer | ||
kizer | hello again | 17:38 |
kizer | I was wondering what actions I should take to secure a server | 17:38 |
kizer | What port I should turn of | 17:39 |
kizer | or change | 17:39 |
kizer | which firewall to use | 17:39 |
kizer | etc.. | 17:39 |
ScottK | kizer: What Ubuntu version are you running? | 17:40 |
kizer | I guess it's not the smartest thing to do but I'm running 810 | 17:41 |
kizer | why | 17:41 |
kizer | just how hacked can a linux server get? | 17:42 |
kizer | and could it compromise an entire network | 17:42 |
kizer | ?> | 17:42 |
kizer | currently I'm running web, torrentflux and pure-ftp (with username/password login) on my server | 17:44 |
kizer | *webmin | 17:44 |
Faust-C | kizer, heh 'hacked' | 17:45 |
ScottK | Well 8.10 is fine to be running. Webmin, not so much. | 17:45 |
Faust-C | a system is only as secure as the person who administers it | 17:45 |
ScottK | kizer: 8.10 comes with ufw (stands for uncomplicated firewall) installed already, you just need to configure it. | 17:46 |
ScottK | Ubuntu Server by default does not have any ports open, so nothing to close. Additional stuff you've added will change that, of course. | 17:46 |
Faust-C | kizer, and linux has only one fw that i know of | 17:47 |
kizer | ok | 17:49 |
kizer | that's a relief | 17:50 |
ScottK | kizer: I have no idea what webmin opened up though. You've installed that from a 3rd party repository, so we know nothing about what that package does. | 17:51 |
kizer | so would it be good practice to change password ever month or so | 17:51 |
kizer | with webmin I changed to default port | 17:51 |
ScottK | Faust-C: That's true, but for someone just starting, writing iptables rules themselves by hand is probably not the best idea. | 17:51 |
Faust-C | ScottK, i was gonna refer to ufw which is just a frontend to iptabes | 17:52 |
Faust-C | from what i read ufw's syntax is similar to pf | 17:52 |
kizer | webmin comes with a webgui interface for changing ip rule conveniently enough | 17:52 |
Faust-C | i like that | 17:52 |
ScottK | Faust-C: yes, I already mentioned ufw to him. | 17:52 |
Faust-C | kizer, imo i wouldnt get to comfy w/ webmin | 17:52 |
kizer | well it's certainly a handy way of admin'ing a server | 17:54 |
kizer | well I'll see what I could do with ufw | 17:54 |
kizer | oh | 17:54 |
kizer | what are some useful commands for seeing open ports on and proccesses that or running on certain ip's or ports? | 17:55 |
ScottK | kizer: see man ufw. | 17:56 |
erik78se | kizer: netstat -pant | 17:56 |
kizer | thanks | 17:56 |
erik78se | kizer: Shows you open TCP sockets, ans their application names. Use "sudo" with that as the -p switch is restricted.... "sudo netstat -pant" | 17:57 |
kizer | yeah that command is really helpfull | 17:58 |
kizer | it shows that I'm connected via ssh to the server | 17:58 |
kizer | but, there's another port that's open | 17:58 |
erik78se | you can also do "sudo netstat -panu" (shows UDP ports) | 17:59 |
kizer | I don't know what service is running from there | 17:59 |
kizer | thanks | 17:59 |
erik78se | Whats the port ? | 17:59 |
kizer | for tcp it's 139 | 18:00 |
erik78se | Open services are usually in the "LISTEN" state, and the address will give you a hint of what interface is allocated to it. 0.0.0.0 means "all" interfaces. | 18:00 |
Deeps | grep 139/tcp /etc/services? | 18:00 |
kizer | ohh.... | 18:00 |
Deeps | probably linked to samba | 18:00 |
kizer | hmm... | 18:01 |
kizer | there are at least ten ports that are listening | 18:01 |
erik78se | In some cases you can use "telnet <address> <port>" to investigate the nature of the service running on a certain port. try it with some web-server and you'll see.... just type "GET" once connected to a port 80... | 18:01 |
Deeps | s/telnet/nc/ | 18:01 |
kizer | k | 18:01 |
* jmedina also likes to use lsof to check for open ports | 18:02 | |
jmedina | lsof -i | 18:02 |
kizer | oh | 18:03 |
kizer | ok all these port make sense | 18:03 |
erik78se | Simply using "netstat" wont show you firewalls, since the firewall is "above" the OS service layer. That means that even if you can see the open ports in a LISTEN state - the firewall might block those ports. Test that by trying to connect to the ports with - for example - telnet. | 18:04 |
kizer | I recognize the port afiliated with there services | 18:04 |
ball | nmap? | 18:04 |
kizer | I should change ssh from it's default port | 18:04 |
kizer | rich? | 18:04 |
kizer | right? | 18:04 |
erik78se | No need. | 18:05 |
kizer | it's ok the way it is | 18:05 |
kizer | ? | 18:05 |
erik78se | Yes. | 18:05 |
uvirtbot | New bug: #303458 in samba (main) "segfault in pam_smbpass.so" [Undecided,New] https://launchpad.net/bugs/303458 | 18:05 |
kizer | thanks ball nmap is the right tool for the job | 18:05 |
ball | I use it every day. It's a handy thing. | 18:06 |
erik78se | kizer: By changing ports for the ssh-service, you will not achieve much security wise. A determined hacker will be able to detect a running ssh-service regarless of port-mapping. | 18:06 |
kizer | right... | 18:06 |
kizer | ok | 18:06 |
erik78se | ... however, ssh is rather secure if you keep it at a good patch-level. | 18:07 |
kizer | noted! | 18:07 |
* ball tends to describe ssh as "less insecure than Telnet" ;-) | 18:07 | |
kizer | well I think I'm just about ready to deploy my server for ready use | 18:08 |
ball | kizer: what are you using it for? | 18:08 |
kizer | ftp server and remote torrent box | 18:08 |
erik78se | If you are really anal about networking security, you could change it to a really high port, lets say, 63040. I don't know why you would do that tho and how much it would add to security. | 18:08 |
kizer | hmmm... | 18:08 |
Deeps | would protect you against generic scans | 18:09 |
Deeps | casual hackers looking for easily exploitable machines | 18:09 |
Nafallo | port knocking? ;-) | 18:09 |
ball | rtorrent? | 18:09 |
erik78se | Deeps: yes. but the scan itself is nothing to worry about. | 18:09 |
kizer | well unless my server burst into flames I guess I'll be ok with the security for now | 18:09 |
Deeps | disabling root logins also helps (stupid that it's enabled by default) | 18:09 |
ScottK | kizer: If you care about security, pick something other than ftp. | 18:09 |
kizer | nafallo: torrentflux! | 18:09 |
Nafallo | what about it? | 18:10 |
ball | sftp | 18:10 |
kizer | torrent flux has a webgui | 18:10 |
Nafallo | been there, contributed code, gone back | 18:10 |
ball | I would like some alternative to nfs that was less insecure. | 18:10 |
kizer | and it's quit usable | 18:10 |
Deeps | ball: nfs over vpn? ;) | 18:11 |
erik78se | kizer: disable root-login, keep a good patchlevel, use passwords that has no real words in it and use a rudimentary firewall and your server will be mega-hard to "hack/break". | 18:11 |
Deeps | ..via ssh | 18:11 |
kizer | sweet | 18:11 |
erik78se | ... via a network. | 18:11 |
kizer | thanks for all you help guys! | 18:11 |
ball | Deeps: Yeah, I suppose that could work at a push. | 18:11 |
Deeps | if you're running any other internet visible services that aren't firewalled off, they're also exploitable | 18:11 |
Nafallo | kizer: it's not as usable as the fork, tf-b4rt. | 18:11 |
Nafallo | kizer: also, I don't think tflux ever committed my patches for IPv6 support. | 18:12 |
kizer | k | 18:12 |
jmedina | ball: nfs is insecure, do you want something really secure, you can use AFS :D | 18:12 |
* ball suspects jmedina is joking | 18:12 | |
erik78se | Deeps: yeah, however a simple DROP default rule in the firewall will provide all the security needed. | 18:12 |
kizer | so I should just set firewall rules to restict access to those services to a select pool of Ip's | 18:12 |
kizer | with the ftp | 18:13 |
jmedina | http://www.openafs.org/ | 18:13 |
kizer | I have user name and pasword login enabled | 18:13 |
jmedina | ball: http://www.openafs.org/ | 18:13 |
erik78se | kizer: you configure your firewall with ALLOW for only those services you want to expose. Lets say SSH. ALL other protocols are DROP. | 18:13 |
kizer | ok | 18:13 |
Deeps | erik78se: i know that, and you know that, not everyone in here may know that though ;) | 18:13 |
erik78se | Deeps: cheers =) | 18:14 |
kizer | but I could still access the services via the local network? | 18:14 |
kizer | just not through the internet gateway? | 18:14 |
erik78se | kizer: Thats in total 2 rules. <1> from * allow SSH <2> from * deny * | 18:14 |
ball | back shortly | 18:14 |
ball | I saw afs and thought it was part of AppleTalk btw. | 18:15 |
kizer | ok | 18:15 |
erik78se | Then you can refine those rules... | 18:15 |
kizer | so I won't be able to access the ssh? | 18:15 |
erik78se | <1> from internal_network allow SSH <2> from * deny * | 18:15 |
kizer | I'm a bit confused | 18:15 |
kizer | where would I edit this setting | 18:16 |
Deeps | !ufw | kizer | 18:16 |
kizer | through ufw | 18:16 |
ubottu | Sorry, I don't know anything about ufw | 18:16 |
Deeps | ubottu: fail | 18:16 |
ubottu | Sorry, I don't know anything about fail | 18:16 |
kizer | k | 18:16 |
Deeps | lies | 18:16 |
erik78se | kizer: Yes. The first rule tells you "who" can access ssh. The second rule say "nobody can access anything". The rules are allied from top to bottom.... | 18:16 |
kizer | thanks erik | 18:16 |
kizer | oh ohh oh | 18:17 |
kizer | sorry you had to explain that | 18:17 |
kizer | I understand now | 18:17 |
erik78se | kizer: good, happy to help. | 18:17 |
erik78se | iptables is really easy to configure, once you understand that the rules are "applied" from top to bottom and that in the bottom you should ALWAYS have "from * drop *" (the syntax is different ofc). From there, you can create super-safe firewalls. | 18:19 |
erik78se | You can "practice" iptables by trying out "fwbuilder" and try create a simple firewall. | 18:20 |
erik78se | Start by doing that "from * drop *". That will effectively shut out everything. Then add one rule at the time until your firewall works as you intend. | 18:21 |
erik78se | Helpful to debug is to do : "from * drop * log" .... that will show you what is acctually dropped by the firewall. | 18:22 |
kizer | I changed to default app policy to "DENY" | 18:24 |
kizer | hello again | 18:46 |
kizer | has anyone had any experience with setting up wakeup-on-lan | 18:46 |
kizer | I reading some documentation on it but it seems abit complicated | 18:47 |
ball | yes | 18:50 |
ball | it works for me | 18:50 |
ball | (at least, to an extent) | 18:50 |
ball | kizer: what are you trying to do? | 18:57 |
kizer | I'm trying to setup server to wakeup on LAN | 19:05 |
kizer | So I could turn the computer on from anywhere | 19:05 |
ball | kizer: I was going to try that, but couldn't get my Ubuntu Server box to suspend or hibernate. | 19:06 |
ball | Realistically servers are usually on 24/7 anyway, but I have to test these things. | 19:06 |
kizer | yeah but I'm sorta on a budget as far as power consumption and wouldn't mind shutting do the system when I know it's not going to be used | 19:08 |
ball | kizer: that's fair enough. | 19:08 |
kizer | yup green is good | 19:08 |
ball | make sure you wake it up in time to do its cron jobs though | 19:09 |
kizer | I'm reading a tutorial on how to set it up | 19:09 |
ball | (backup etc.) | 19:09 |
kizer | here | 19:09 |
kizer | http://ubuntuforums.org/showthread.php?t=234588 | 19:09 |
kizer | cron can also wake up the machine? | 19:09 |
ball | That said, my current Ubuntu Server box is burning 33W. | 19:09 |
kizer | that's pretty decent | 19:10 |
ball | kizer: cron on another machine might be able to wake your server. I've never tried the rtc alarm clock thing, but that might be another option. | 19:10 |
kizer | right | 19:10 |
kizer | but I would just want to have the server to be able to wakeup on LAN regardless of the computer that's waking it up | 19:11 |
kizer | All I have to do is know the mac address of the NIC | 19:11 |
ball | Usually I have the server up 24/7 and the users switch off their workstations when they're done. | 19:11 |
ball | I can turn those on from the server | 19:11 |
ball | (via ssh) | 19:12 |
kizer | nice... | 19:12 |
ball | ...do some remote admin, then turn them back off | 19:12 |
ball | That works if they Hibernate too, but not if they "suspend". | 19:12 |
kizer | but if a how can you turn them on... remotely | 19:12 |
ball | I suspect shoddy firmware. | 19:12 |
kizer | oh oh | 19:12 |
ball | kizer: I run "wakeup" on the server. | 19:13 |
kizer | ok | 19:13 |
tadeu_ | guys, how can i edit the boot runlevel ? | 19:13 |
kizer | while there in suspend mode | 19:13 |
kizer | ? | 19:13 |
ball | kizer: while they're switched off, or in hibernate. | 19:14 |
ball | If it's just suspended, I can't revive it. | 19:14 |
ball | (pet peeve) | 19:14 |
tadeu_ | it isn't a easy thing in ubuntu... | 19:14 |
kizer | oh | 19:14 |
ball | Hmm... I need to fix my Ubuntu Server box. Perhaps its CMOS setting for WoL is wrong. | 19:15 |
kizer | so is there an alternate way of setting up a server to boot remotely even if it's turned off | 19:16 |
kizer | besided WOL | 19:16 |
kizer | or is WOL the only way to go | 19:16 |
ball | short of a hardware solution, WoL seems the most likely candidate. | 19:16 |
kizer | ok then WOL it is | 19:17 |
ball | of course, then you need some way to connect to a workstation or VPN in. | 19:17 |
kizer | could you explain how WOL could be setup | 19:17 |
kizer | I've been reading some things on the net | 19:17 |
ball | kizer: on the machine to be woken, I go in and make sure the CMOS setup program ("BIOS") is configured to allow WoL. | 19:18 |
kizer | yes, I believe I did that | 19:18 |
ball | ...then on the machine that's doing the waking, I make sure I have the wakeup program. | 19:18 |
kizer | I'll check to repos | 19:18 |
kizer | ok | 19:18 |
ball | In practice I have a shell script on the server | 19:18 |
ball | I just type "wake" | 19:18 |
ball | ...and the workstations all wake up | 19:18 |
kizer | nice, nice | 19:18 |
kizer | I have to make a script eventually as well | 19:19 |
ball | my script is incredibly simple | 19:19 |
kizer | yeah I made a script to easy the long command I use for logging into the server via ssh | 19:19 |
kizer | ok | 19:20 |
ball | each machine has two lines: the first is just a comment with the machine's name, the second is "wakeup {macaddr}" | 19:20 |
kizer | ok | 19:20 |
ball | e.g. "wakeup 00:02:a5:97:88:b2" | 19:20 |
ball | (without the quotes ;-) | 19:20 |
kizer | and you just input that to the prog to wake up the remote system | 19:20 |
kizer | ok | 19:21 |
kizer | I think I understand the setup now | 19:21 |
kizer | I'll get started on it | 19:21 |
ball | kizer: well, just having that line in the shellscript calls wakeup (which is the WoL program) and provides it with a MAC address to wake up. | 19:21 |
kizer | thanks for your help | 19:21 |
ball | No problem. I hope it works for you. I see too many offices filled with machines left on all night. | 19:22 |
ball | With screensavers that don't. | 19:22 |
kizer | yeah let's save some coal | 19:22 |
ball | ...and the monitors left switched on and DPMS turned off. | 19:22 |
ball | :-( | 19:22 |
ball | Wish I could fix that Suspend issue though | 19:25 |
ball | Standby, whatever | 19:25 |
kizer | what program did you use to execute remote wakeup | 19:27 |
kizer | I found this program called etherwake | 19:29 |
ball | kizer: it may be the same program, let me check | 19:30 |
kizer | most likely... | 19:31 |
ball | kizer: all it does is generate the "magic packet" anyway. | 19:37 |
kizer | ball: did you have to install anything on the remote machines you wanted woken up or just set the BIOS to have WOL enabled | 19:38 |
ball | just set the BIOS | 19:38 |
ball | (and perhaps the O.S. ...depends what you're running) | 19:38 |
kizer | the OS? | 19:39 |
* ball nods | 19:39 | |
kizer | how so? | 19:40 |
kizer | what needs to be set for the OS | 19:40 |
kizer | FYI I'm running ubuntu | 19:40 |
ball | Ah okay. I imagine that will "just work" then. | 19:40 |
kizer | sweet | 19:41 |
ball | I know last time I tried it I got similar results: Off and Hibernate will WoL. Suspend won't. | 19:41 |
ball | I suspect the firmware is at fault. | 19:41 |
kizer | hmm... can help you there | 19:42 |
kizer | have to tried google your issue | 19:42 |
yann2 | hello folks... I want to enable root account on my servers... but to allow people to connect from ttys *only* - ie no su - root from ssh | 19:43 |
yann2 | I tried many many things... got nothing to work.. any suggestion? | 19:43 |
yann2 | I tried /etc/security/access.conf... /etc/securetty... /etc/login.defs... enabling it in pam... it seems to be possible to restrict this in 10 different ways but none works :( | 19:44 |
=== jdstrand_ is now known as jdstrand | ||
stefg | I've spend the day trying to get ebox working inside a virtualbox virtual machine (hardy host & guest). Neither a jeos install nor a virtual install of the ebox-installer iso gave me a working result. i'm using ubuntu hardy as host and guest. I'm able to login to the virtual ebox-machine but if i try to access the network configuration or the system module all i get is "Page not found" or... | 19:51 |
stefg | ..."Really nasty bug..." Is ebox currently broken? | 19:51 |
LoveGuru | stefg: hay may i know "ebox" what for? what is the purpose to using ebox/ | 19:57 |
ScottK | !ebox | LoveGuru | 19:58 |
ubottu | LoveGuru: ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox | 19:58 |
LoveGuru | ScottK: thx. | 19:58 |
zoopster | stefg: ebox works fine on hardy...have not run it in a vm. Do you receive anything in syslog or messages? | 19:59 |
LoveGuru | ahh "warning" for 8.10 | 19:59 |
zoopster | stefg: other than your 404 error | 20:00 |
stefg | zoopster, LoveGuru : nothing particular. I started doing a jeos install, then adding the ppa-repo for the latest stabel ebox packages and installed ebox-samba ... didn't work, could not enable the firewall & network module, thus NO SAMBA | 20:02 |
stefg | tehn i thought: ok, jeos might be a bit too stripped down and tried the ebox installer (hardy-server with post installation script)... same result. At the moment i'm not even sure wether i'm looking at an ebox- or a virtualbox problem | 20:03 |
kizer | wow that was automagical! | 20:04 |
kizer | I used etherboot and the server started up!Q | 20:05 |
kizer | awsome | 20:05 |
stefg | there is a (debian-based) live CD which i could run in virtualbox... that one worked, so i guess is an ebox problem and some package might be missing | 20:05 |
kizer | it's just wonderful when something just works | 20:05 |
stefg | kizer: in turn it's just frustrating if something does not, and you don't get a clue why | 20:06 |
* ball returns, avec hot chocolate. | 20:06 | |
zoopster | stefg: assume you have ebox-firewall and ebox-network installed, correct? | 20:09 |
zoopster | seeing as samba requires them..you must have | 20:10 |
stefg | zoopster: right... plain server/jeos install and a simple apt-get install ebox-samba (trusting that the dependencies will pull in everything that's needed) | 20:10 |
stefg | so this is actually a straight forward thing... and i have ebox running on real hardware, so i know it works there. But inside a VM i can't get it to work | 20:11 |
stefg | i tried ther -server and -virtual kernel, tried the stock hardy version of ebox (0.11.something) and the ppa-repo version (0.12.3) ... doesn't make any difference | 20:13 |
stefg | ATM i'm not even considering a bug report, because that 'doesn't work' type of reposrts don't help anybody | 20:16 |
stefg | so let me ask the other way 'round: did anyone in here succed in getting ubuntu-server with ebox on top to run inside a virtualbox vm? | 20:21 |
LoveGuru | stefg: i never tried "ebox" well will try it. inside the VMware | 20:53 |
=== liberfiasco is now known as libervisco | ||
stefg | LoveGuru: would be nice... i suspect that the virtual network adapters in vm's confuse the ebox network conf module. If vmware works, but virtualbox doesn't we found something out ... | 20:57 |
didrocks | jdstrand: I thing this merge is still pending for ufw: https://code.edge.launchpad.net/~didrocks/ufw/case-insensitive-app/+merges :) | 21:01 |
jdstrand | didrocks: yes it still is :( | 21:01 |
jdstrand | didrocks: however, I have not broken my promise to you-- it will be the first thing I do when I get back to ufw | 21:01 |
jdstrand | didrocks: I hope to get back to it soonish | 21:02 |
didrocks | jdstrand: no problem. It was just a reminder to not break the merge ;) | 21:02 |
didrocks | jdstrand: take your time. You have an UDS to prepare :D | 21:03 |
jdstrand | :) | 21:03 |
\sh | opennms + ejabberd + mail + opennms dashboard on ubuntu ==> rock hard management compatible tool | 21:05 |
\sh | especially when the dashboard is displayed on a very big, very full hd flat screen | 21:06 |
=== bdmurray_ is now known as bdmurray | ||
AlexC_ | morning all | 21:18 |
AlexC_ | I'm getting some weird entries in my /var/log/mail.log regarding Dovecot: Dec 1 19:00:11 foobar dovecot: pop3-login: Disconnected: user=<shop>, method=PLAIN, rip=200.219.227.216, lip=72.14.177.56 | 21:19 |
\sh | hmm...what is the best way to see the filecache memory on the CLI? | 21:19 |
=== liberfiasco is now known as libervsico | ||
AlexC_ | I have at least 100 of those entries, all with different usernames. Is this someone just trying to connect - or have they actually connected, and disconnected (it's the wording' disconnected' that is worrying me!) | 21:19 |
=== libervsico is now known as libervisco | ||
jmarsden|work | AlexC_: Sounds like someone is trying a small scale dictionary attack. if you see entries with "dovecot: pop3-login: Login: user=<someuser>" from that same remote IP, then you should be worried -- it means they guessed a password correctly. | 21:37 |
jmarsden|work | If you see all the "unwanted" login attempts are from the same IP or same subnet, you can block them with an iptables rule or similar filtering. | 21:38 |
AlexC_ | jmarsden|work, awesome, at least they are not successful logins then | 21:40 |
jmarsden|work | Correct. | 21:40 |
jmarsden|work | You can verify you manually connecting (telnet servername 110) and doing user foo and then pass bar and then quit... and look at your resulting log entries. | 21:41 |
AlexC_ | thanks =) | 21:41 |
AlexC_ | jmarsden|work, ah, good idea | 21:41 |
Deeps | s/telnet/nc/ ! | 21:41 |
Deeps | netcat, not telnet! | 21:41 |
jmarsden|work | Deeps: Both work equally well :) | 21:42 |
Deeps | untrue, telnet process can block and not allow you to ^C exit in some cases | 21:42 |
jmarsden|work | Deeps: Give me a way to duplicate that. when connecting to a POP3 server... | 21:43 |
jmarsden|work | BTW you would usually ctrl-] close in telnet, not ctrl-c... | 21:43 |
Deeps | non-standard approach, most programs will respond to ctrl+c, like netcat ;) | 21:44 |
* jmarsden|work has been telnetting to POP3 and SMTP servers for testing since at least 1994. Read the telnet man page. | 21:44 | |
Deeps | telnet pop3.telefonica.net 110 | 21:44 |
Deeps | +OK POP3 PROXY server ready (7.2.078) | 21:44 |
Deeps | at which point ctrl+c fails, ctrl+] works fine mind | 21:45 |
jmarsden|work | why would you ctrl-c at that point, you can type quit ... you just need to know the POP3 commands... | 21:45 |
Deeps | well you're specifying to pop3 servers now, i was generalising when i recommended nc over telnet | 21:46 |
jmarsden|work | No.you were responding to a specific suggestion to telnet to a POP3 server. | 21:46 |
jmarsden|work | Oh well. | 21:46 |
Deeps | although if there are 2 solutions to a problem, one uses a more commonly used approach, the other uses a special syntax and requires knowledge of the protocol + man page reading to get right, which would be the preferred approach for newbies? ;) | 21:46 |
AlexC_ | jmarsden|work, tailing the logs, and doing what you said - I see no such message when an auth fails | 21:47 |
AlexC_ | I get '-ERR Authentication failed.' within telnet, though nothing in the logs | 21:48 |
jmarsden|work | AlexC_: Hmm, and when you then quit the telnet session... still no disconnect?? | 21:48 |
AlexC_ | jmarsden|work, ah, when quiting I get: pop3-login: Aborted login (1 authentication attempts): user=<lolcake>, method=PLAIN, | 21:48 |
jmarsden|work | AlexC_: Well, that's close... I suspect you didn't exit the session cleanly or something, to get that. | 21:49 |
AlexC_ | jmarsden|work, I typed 'quit' | 21:49 |
AlexC_ | is there another way of closing it? | 21:50 |
jmarsden|work | AlexC_: OK, go it... it is the other way around... telnet servername 110 then user foo pass bar, then ctrl- and then ctrl-c and you'll get the "disconnected" message. | 21:53 |
jmarsden|work | So whoever is trying passwords is not typing the quit command, apparently. | 21:53 |
AlexC_ | ctrl- ? Missing a letter out there? | 21:54 |
jmarsden|work | * should have been "then ctrl-] and then ctrl-c ..." above | 21:54 |
AlexC_ | jmarsden|work, ahh I see. Awesome, also just closing the terminal gets the same | 21:55 |
jmarsden|work | OK. Anyway, that confirms the diagnosis. | 21:55 |
AlexC_ | Is there anyway I can up the log even, so it actually says failed attempt (so I can get Fail2Ban picking it up and blocking them) | 21:55 |
jmarsden|work | I don't know. I have a daily script that greps through my maillogs and uses sort and uniq to show me any probably offenders doing this, then I block them by hand... there's probably a way to automate that further. | 21:56 |
AlexC_ | ok, well I'll look into it later on - at least I know what these messages are now =) Thanks for all the help, put my mind at rest! | 21:57 |
jmarsden|work | No problem. | 21:57 |
dana_good | i'm trying to set up ndoutils-nagios2-mysql, but it keeps on getting stalled saying "dbconfig-common: flushing administrative password" | 22:04 |
axisys | i have a sun x4100 which supports 64 bit | 22:18 |
axisys | should I install 64-bit ubuntu server 8.10 ? | 22:18 |
axisys | if there are lots of issue with pkgs I rather not | 22:19 |
=== jare_ is now known as Jare | ||
dana_good | axisys: what application are you running? | 23:05 |
axisys | dana_good: it will be mainly lamp | 23:12 |
dana_good | should work fine 64bit | 23:12 |
axisys | also I have two disks in this x4100 amd opteron server.. how do I install in using mirror raid ? | 23:13 |
yann2 | soft or hard? which version of ubuntu? | 23:13 |
axisys | yann2: soft | 23:15 |
axisys | yann2: intrepid | 23:15 |
yann2 | you can get hard raid with x4100 , why use a soft raid? | 23:15 |
axisys | yann2: ofcourse still deciding if I sh'd go with 64 bit or 32 bit and alternate or regular server iso | 23:16 |
yann2 | why not use 64bits? its a 64bits server :) | 23:16 |
axisys | yann2: so get the 64bit alternate iso ? | 23:16 |
dana_good | axisys: if you're using SAS drives do HW raid | 23:16 |
yann2 | yeah | 23:16 |
yann2 | how many disks do you have? | 23:17 |
yann2 | dana_good > I had a bug using soft + hard raid on a x4100 not longer than a week ago, very annoying | 23:17 |
axisys | ok how do I do it w/ hard raid? i have two SAS disks | 23:18 |
dana_good | yann2: i have very little experience with those sort of issues. 99% of my linux boxes are vms. | 23:18 |
yann2 | how many disks do you have? | 23:18 |
axisys | yann2: 2 | 23:19 |
yann2 | it was quite specific to my install.. maybe you won't run into it | 23:19 |
yann2 | right so you won't :) my bug was with 4 disks, 2 raid 1, grub was installing on the wrong virtual disk | 23:19 |
axisys | do I get the alternate iso or regular server iso? | 23:19 |
yann2 | i didnt know there was a server alternate :) | 23:20 |
yann2 | but go for hardware raid | 23:20 |
yann2 | where did you get that x4100? :P | 23:20 |
axisys | yann2: ok how do I do the hardware raid ? | 23:20 |
axisys | yann2: work | 23:20 |
yann2 | during the boot, it will tell you "to configure blah press ctrl+key" | 23:20 |
yann2 | ctrl-a or ctrl-q | 23:20 |
yann2 | not sure | 23:20 |
yann2 | boot it it tells you at some point :) | 23:21 |
axisys | yann2: tnx | 23:21 |
axisys | yann2: i am solaris guy.. thsi will be my first ubuntu 64bit server | 23:22 |
yann2 | good luck... I had a hard time getting my hands on solaris 10 on my t1000 :) | 23:22 |
axisys | i have been using ubuntu since 5.04 | 23:22 |
axisys | yann2: solaris is joke for me | 23:23 |
axisys | yann2: but hopefully this will be fun too | 23:23 |
axisys | in my laptop i am using ubuntu | 23:23 |
yann2 | you can't run vms on x4100 you know that :) | 23:23 |
axisys | yann2: not planning to | 23:24 |
axisys | yann2: should I be able to install it from console? | 23:29 |
axisys | yann2: i dont have any gui | 23:29 |
axisys | yann2: connected to it thru SP | 23:29 |
yann2 | yes | 23:31 |
yann2 | normal debian-installer | 23:31 |
yann2 | SP should be fine | 23:31 |
yann2 | but there is a VGA port :) | 23:32 |
axisys | yann2: i know.. but i am doing the installtion remotely | 23:33 |
uvirtbot | New bug: #304194 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.0.67-0ubuntu6 failed to install/upgrade: el subproceso post-installation script devolvi? el c?digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/304194 | 23:51 |
=== boshhead_ is now known as moreon | ||
=== moreon is now known as boshhead |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!